ASICMINER: Entering the Future of ASIC Mining by Inventing It - page 492.

BuildTheFuture

full member

Activity: 195

Merit: 100

Quote from: ning on February 15, 2014, 01:43:53 AM

If we take a look at the numbers, we can see that:

The power consumption of the new chips (3rd gen) is 0.2~0.35 J/GHash [1];
and the power consumption of the chips about to be sold is 600 W/THash = 0.6 J/GHash [2].

The numbers are different, so are the chips, seemingly.

[1] https://bitcointalksearch.org/topic/m.4816701
[2] https://bitcointalksearch.org/topic/m.5153058

Actually I think the lower power consumption Friedcat mentioned is internal to the chips. But the 600W advertised for this new device is how much it would use at the wall. There are voltage conversions from the wall at least twice before the electricity gets into the chips, this causes the at the wall usage to be higher. It's the same on any device, for example the Bitmain Antminers, they advertise in their thread title the power is as low as 0.7 J/GH, but the actual devices take 2 J/GH from the wall.

Well I'm still curious if anyone else knows anything about this Weibo offer/page/guy.

empoweoqwj

hero member

Activity: 518

Merit: 500

Quote from: Herp on February 14, 2014, 05:41:39 AM

Quote from: minerpumpkin on February 14, 2014, 05:32:01 AM

Quote from: bitcoin.newsfeed on February 14, 2014, 05:14:06 AM

Quote from: willBTC on February 14, 2014, 04:45:20 AM

Quote from: empoweoqwj on February 14, 2014, 04:19:21 AM

Quote from: bitcoin.newsfeed on February 14, 2014, 04:16:21 AM

Damn ... shit. This is sick. Did you have 2FA backup somewhere in the same PC?

2FA key was written down on paper as "backup".

I am just wondering how could that happened? it seems impossible if you have 2FA

Maybe 2FA on rooted/jailbroken device ... and attacker infected both devices pc and smartphone/tablet via same router.

EDIT : I assume you're in Thailand ... 90% of smartphones there are rooted.

EDIT2 : Damn, from today I'll login to Havelock only from TailsOS ...

Probably jailbroken at MBK?
I have to chime in, I'm also really sorry to hear that. I can only try and fathom how that feels. This makes me truly sad and angry!
Just to address other questions/vulnerabilities: When was the last time you changed your password? Is it unique? Did you at some point land on a phishing site, i.e. a Havelock-copy (I guess you may not have noticed it)?

I'd like a comment from Havelock. I guess you guys have already contacted them? I'm, just pointing them to this problem, as well.

In many of the cases it's actually a person close to the victim, probably living in your own house or a friend or someone with actual physical access to your computer and phone. There were many such cases. Might even be your wife or lover.

Also there might be another possibility no one here discussed and that is the possibility of this guy lying to prop up another exchange. I'm not saying it's the case but it's possible.

I live on my own. Nobody has access to my computer or phone. I don't have wife or lover. I understand the theory, no problem, but its not what happened in this case.

empoweoqwj

hero member

Activity: 518

Merit: 500

Quote from: bitcoin.newsfeed on February 14, 2014, 05:14:06 AM

Quote from: willBTC on February 14, 2014, 04:45:20 AM

Quote from: empoweoqwj on February 14, 2014, 04:19:21 AM

Quote from: bitcoin.newsfeed on February 14, 2014, 04:16:21 AM

Damn ... shit. This is sick. Did you have 2FA backup somewhere in the same PC?

2FA key was written down on paper as "backup".

I am just wondering how could that happened? it seems impossible if you have 2FA

Maybe 2FA on rooted/jailbroken device ... and attacker infected both devices pc and smartphone/tablet via same router.

EDIT : I assume you're in Thailand ... 90% of smartphones there are rooted.

EDIT2 : Damn, from today I'll login to Havelock only from TailsOS ... I feel sorry for your lose mate, its really devastating. I wish we could do something about it.

My iphone is not jailbroken. I bought it from UK direct from Apple. Never attempted to get it jailbroken.

empoweoqwj

hero member

Activity: 518

Merit: 500

Quote from: havelock on February 14, 2014, 01:48:12 PM

Thank you for all of your quick replies,

We will start to work on the following security implementations:

1. The option to Lock your account to a specific IP

2. Required 2FA for withdrawal / optional for order execution

3. Once 2FA is enabled, you will be required to enter your 2FA to view the private key or to disable 2FA on your account.

Once again thank you for all of your support,

Havelock Investments

Good ideas. But I have lost everything. Too late for me. I knew the risks coming in. But I have just lost $50,000 + even though i had 2FA enabled

I won't bother posting again. You didn't reply to my support email so I will safely assume you aren't going to do anything to help me out.

Time to move on, out of bitcoins. The risk was always obvious. Its only when it hits you in the face your realise how real the risk is.

To repeat, I don't believe I was keylogged. Nothing else has been stolen such as other coins or paypal or bank stuff. No check I have run on my Mac suggest I have keylogging software installed. This was a very professional job from people that knew exactly how havelock worked. Not havelock employees, why would they do that? But hackers very intimate with how havelock worked.

I don't know what to say now. Its been the worst 48 hrs of my life. I'll leave it at that. Peace.

empoweoqwj

hero member

Activity: 518

Merit: 500

Quote from: jimmothy on February 14, 2014, 11:56:02 AM

Quote from: havelock on February 14, 2014, 11:50:22 AM

Here at Havelock we take security issues very seriously.

We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.

Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.

So we turn to you, our valued customers, what features would like us to add to our platform?

1. Confirmation email before any action is taken; some but not all actions.

2. Pending withdrawal of your Bitcoins; time lock?

3. Lock account by IP address?

We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.

Also we can assure everyone that it was not an "inside rogue employee"

Thank you,

Support Team
Havelock Investments

Yes to every one of those. (Instant bitcoin withdrawals worries me a bit)

Also maybe requiring a pin before placing orders/doing anything like btct.co would be nice.

The sad thing was someone took 80BTC or whatever ...... and there was no delay. He was just allowed to keep withdrawing. He must have withdrawn about 20 times in an hour.

empoweoqwj

hero member

Activity: 518

Merit: 500

Quote from: jimmothy on February 14, 2014, 04:21:59 AM

Quote from: HeRetiK on February 14, 2014, 04:15:50 AM

That's pretty scary. Not sure what other attack vectors there might be except for some Havelock employee gone rogue or a security breach at their servers. Maybe your email account is compromised and they used it for some social engineering shenanigans (which would also be hard with you noticing).

Why would a rogue havelock employee sell his shares instead of just the bitcoins from one of the guys with a buy order?

Anyways I would try to contact havelock and see if they can dig up any further info. If it is a security breach on their end then that would be very serious.

Not sure about how 2fa can be breached along with your password. My guess would be an infected pc (keylogger or something).

I don't believe it was an employee. I have no reason to believe Havelock did this internally. But also, I don't believe it was a keylogger. All my other accounts are intact (banks, paypal etc) and not even been touched.

Would have been nice if havelock responded to my support email though !

Lohoris

hero member

Activity: 630

Merit: 500

Bitgoblin

Quote from: havelock on February 14, 2014, 11:50:22 AM

Here at Havelock we take security issues very seriously.

We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.

Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.

So we turn to you, our valued customers, what features would like us to add to our platform?

1. Confirmation email before any action is taken; some but not all actions.

2. Pending withdrawal of your Bitcoins; time lock?

3. Lock account by IP address?

We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.

Also we can assure everyone that it was not an "inside rogue employee"

Thank you,

Support Team
Havelock Investments

Since apparently the email is the weak link, how about adding an optional extra layer via SMS?

Lohoris

hero member

Activity: 630

Merit: 500

Bitgoblin

Quote from: Caesium on February 14, 2014, 11:54:02 AM

How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. It can be unlocked, but upon doing so an email is sent notifying me that it's been unlocked and it takes a further 7 days or so before a new address can be entered?

It won't help if your email is compromised, since you might also easily miss the confirmation email (the attacker would delete it).

romerun

legendary

Activity: 1078

Merit: 1002

Bitcoin is new, makes sense to hodl.

sounds like another pump attempt from chinese again

ning

full member

Activity: 173

Merit: 100

If we take a look at the numbers, we can see that:

The power consumption of the new chips (3rd gen) is 0.2~0.35 J/GHash [1];
and the power consumption of the chips about to be sold is 600 W/THash = 0.6 J/GHash [2].

The numbers are different, so are the chips, seemingly.

[1] https://bitcointalksearch.org/topic/m.4816701
[2] https://bitcointalksearch.org/topic/m.5153058

bitcoin.newsfeed

sr. member

Activity: 378

Merit: 250

Quote from: Caesium on February 14, 2014, 11:54:02 AM

Quote from: havelock on February 14, 2014, 11:50:22 AM

2. Pending withdrawal of your Bitcoins; time lock?

How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. It can be unlocked, but upon doing so an email is sent notifying me that it's been unlocked and it takes a further 7 days or so before a new address can be entered?

^^ THIS. + yubikey

BuildTheFuture

full member

Activity: 195

Merit: 100

Interesting, anyone know if this first batch of Gen 3 hardware will be sold in the US as well? Or only to the Chinese?

noah1987

newbie

Activity: 24

Merit: 0

A miner which use asicminer gen3 chip now on pre-sale, the poster is very famous in Chinese Bitcoin circle. This is the translation of the weibo post:

Miner presale Details:
Miner price :11000 RMB/T (1813 USD/T), full payment in advance.
Power consumption: 600W/T.
If a single miner's speed doesn't meet the design requirements, or beyond the design requirements, in accordance 11000RMB / T price, refund for any overpayment or a supplemental payment for any deficiency.
If you order more than 10T , it is 10000RMB/T.
April 20 is the deadline, if not shipped on time, we'll give you a full refund!
Tel: 13581816335 Zhao Dong's QQ group: 326548639

In the weibo below, one people replys:
So cheap, is it Asicminer's chip?
Zhao replys:"Yes"
Then he ask again:
Asicminer's gen3 haven't tapeout yet, can it mass production in April?
Zhao replys:"Almost"

Sorry for my poor English translation, the original weibo can be found here:
http://weibo.com/1658066713/AwIw85hLy

I have snapshoted the weibo and the chat.

minerpumpkin

hero member

Activity: 686

Merit: 500

A pumpkin mines 27 hours a night

Some sort of address locking seems to be the sweet spot.
The other proposals are nice to have, but a compromised mail account won't help against mail confirmations and may not help against 2FA. Keep your 2FA separate (phone and unrelated email address)!

lunarboy

hero member

Activity: 544

Merit: 500

Quote from: havelock on February 14, 2014, 11:50:22 AM

Here at Havelock we take security issues very seriously.

We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.

Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.

So we turn to you, our valued customers, what features would like us to add to our platform?

1. Confirmation email before any action is taken; some but not all actions.

2. Pending withdrawal of your Bitcoins; time lock?

3. Lock account by IP address?

We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.

Also we can assure everyone that it was not an "inside rogue employee"

Thank you,

Support Team
Havelock Investments

This is the Asciminer thread so we should probably move this discussion over to havelock exchange, although if you remember Havelock suggestions have been made in the past, had these been implemented this sort of thing could not so easily happen
https://bitcointalksearch.org/topic/m.3661143

withdrawals should be locked to a specific BTC address and multisig should be signed for share transfer. This would at least stop funds leaving the accounts. YOU WERE WARNED.

runam0k

legendary

Activity: 1092

Merit: 1001

Touchdown

Quote from: havelock on February 14, 2014, 01:48:12 PM

Thank you for all of your quick replies,

We will start to work on the following security implementations:

1. The option to Lock your account to a specific IP

2. Required 2FA for withdrawal / optional for order execution

3. Once 2FA is enabled, you will be required to enter your 2FA to view the private key or to disable 2FA on your account.

Once again thank you for all of your support,

Havelock Investments

No locking the BTC withdraw address (which seemed to be the most popular suggestion here)?

shawshankinmate37927

hero member

Activity: 854

Merit: 1000

Bitcoin: The People's Bailout

Quote from: electerium on February 14, 2014, 02:06:41 PM

2fa on withdraw is a decent roadblock to mitm attacks that can circumvent the initial 2fa sign in. Additionally I think the 2fa email is also a decent idea but less robust for obvious reasons

I like 2FA via e-mail because my e-mail account is set up with 2FA via a text message to my cell phone. With 2FA via e-mail, a hacker would have to hack my e-mail account in order to access my Havelock account. In order to hack my e-mail account, he would also have to hack my cell phone.

electerium

full member

Activity: 179

Merit: 100

2fa on withdraw is a decent roadblock to mitm attacks that can circumvent the initial 2fa sign in. Additionally I think the 2fa email is also a decent idea but less robust for obvious reasons

havelock

sr. member

Activity: 328

Merit: 250

Thank you for all of your quick replies,

We will start to work on the following security implementations:

1. The option to Lock your account to a specific IP

2. Required 2FA for withdrawal / optional for order execution

3. Once 2FA is enabled, you will be required to enter your 2FA to view the private key or to disable 2FA on your account.

Once again thank you for all of your support,

Havelock Investments

twentyseventy

legendary

Activity: 1386

Merit: 1000

Quote from: runam0k on February 14, 2014, 12:18:28 PM

Quote from: havelock on February 14, 2014, 11:50:22 AM

Here at Havelock we take security issues very seriously.

We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.

Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.

So we turn to you, our valued customers, what features would like us to add to our platform?

1. Confirmation email before any action is taken; some but not all actions.

2. Pending withdrawal of your Bitcoins; time lock?

3. Lock account by IP address?

We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.

Also we can assure everyone that it was not an "inside rogue employee"

Thank you,

Support Team
Havelock Investments

PIN for orders or withdrawals, perhaps, or lock the BTC withrawal address for x days.

Instant BTC withdrawals to any old BTC address is a problem.

I like that idea - PIN for withdrawals, BTC withdrawal address can only be changed after 7-day waiting period. You could even make the second part optional.

Topic: ASICMINER: Entering the Future of ASIC Mining by Inventing It - page 492. (Read 3917543 times)