Pages:
Author

Topic: Bitcoinica lost 43,554 BTC from Linode compromise, suspicious TXIDs publicized - page 2. (Read 56430 times)

hero member
Activity: 968
Merit: 515
How can you reimburse that much? Have you really made that much profit?

Yes, our historical profit is fairly sufficient to cover the loss from this incident, and we believe that it's the best interest for the community to keep running the business. We will take appropriate strategies and implement more security features to prevent this from happening ever again, even with the presence of dishonest partners or employees.
this is hard to believe. It takes MtGox around 2 months to earn that much and their volume is way larger then yours.

I am wondering why somemany bitcoin people used that hoster. There are thousands of hoster.
sr. member
Activity: 1008
Merit: 250
I remember seeing that post on SR as well.
donator
Activity: 980
Merit: 1000
Bitcoinica was also in Rackspace, right?

Well, this just in http://www.rackspace.com/knowledge_center/content/slicehost-forum-archive-migration-and-conversion

Rackspace's slicehost forum user DB compromised. They are a bit unclear on how and what exactly was compromised, and why do they know it.

This shouldn't in theory affect rackspace users but is a fair warning on not reusing passwords and also not having your passwords anywhere near "the cloud"...
hero member
Activity: 784
Merit: 1009
firstbits:1MinerQ
I cant help but know some Linode employee wont be at work tomorrow.

This all is way way way to convenient, seems like an inside job planned overtime with the knowledge of who runs worthwhile bitcoin services and on which VPS accounts.

This is alot of money, please for all of us make its your top priority to get compensation out of Linode otherwise any future losses less than this would be seen acceptable by these crappy hosting companies or other services.

Indeed. It seems rather odd that a random hacker would systematically probe linode for security flaws, and then magically find 8 customers related to bitcoin, and methodically empty their wallets. This is clearly somebody from the inside.

They could have been observing bitcoin node ip addresses and found that 8 of them belonged to linode.  Could have observed that the transaction broadcasts of bitcoinica withdrawals were originating from one of those 8.  Then concluded that bitcoinica's hot wallet was on a linode VPS.

Yes, but would it not be likely that he/they would need intimiate knowledge of the linode systems, meaning they would need to be a customer or already a sysadmin at Linode ?
No, this is exactly how hackers work. They explore and try tons of different attack vectors until they find ones that work. Whether this was an insider or not I don't know but certainly a hacker wouldn't need to be an insider. This is what they do. They find flaws and dig in deeper until they can leverage the flaws. (I'm saying hacker but a more correct term would be "cracker".)
hero member
Activity: 868
Merit: 1000
I cant help but know some Linode employee wont be at work tomorrow.

This all is way way way to convenient, seems like an inside job planned overtime with the knowledge of who runs worthwhile bitcoin services and on which VPS accounts.

This is alot of money, please for all of us make its your top priority to get compensation out of Linode otherwise any future losses less than this would be seen acceptable by these crappy hosting companies or other services.

Indeed. It seems rather odd that a random hacker would systematically probe linode for security flaws, and then magically find 8 customers related to bitcoin, and methodically empty their wallets. This is clearly somebody from the inside.

They could have been observing bitcoin node ip addresses and found that 8 of them belonged to linode.  Could have observed that the transaction broadcasts of bitcoinica withdrawals were originating from one of those 8.  Then concluded that bitcoinica's hot wallet was on a linode VPS.

Yes, but would it not be likely that he/they would need intimiate knowledge of the linode systems, meaning they would need to be a customer or already a sysadmin at Linode ?
legendary
Activity: 826
Merit: 1001
rippleFanatic
I cant help but know some Linode employee wont be at work tomorrow.

This all is way way way to convenient, seems like an inside job planned overtime with the knowledge of who runs worthwhile bitcoin services and on which VPS accounts.

This is alot of money, please for all of us make its your top priority to get compensation out of Linode otherwise any future losses less than this would be seen acceptable by these crappy hosting companies or other services.

Indeed. It seems rather odd that a random hacker would systematically probe linode for security flaws, and then magically find 8 customers related to bitcoin, and methodically empty their wallets. This is clearly somebody from the inside.

They could have been observing bitcoin node ip addresses and found that 8 of them belonged to linode.  Could have observed that the transaction broadcasts of bitcoinica withdrawals were originating from one of those 8.  Then concluded that bitcoinica's hot wallet was on a linode VPS.
hero member
Activity: 504
Merit: 502
Awesome. Hope that you guys solve this problem with a little troubles.

Thanks god I'm not mining at Bitcoinica, but i'm with you.

Bitcoinica is far from a mining pool Wink
full member
Activity: 196
Merit: 100
Awesome. Hope that you guys solve this problem with a little troubles.

Thanks god I'm not mining at Bitcoinica, but i'm with you.
legendary
Activity: 1190
Merit: 1000
www.bitcointrading.com
i pretty much saw this coming.
legendary
Activity: 980
Merit: 1008
I think insurance companies would get a lot of cases on their hands if they started insuring bitcoins. I mean, how can you insure something that can be stolen without leaving any trace?
sr. member
Activity: 309
Merit: 251
Just a thought to share with Zhou and others trying to locate the thief...

Approximately a week ago on the SR forums, there was someone who put out a $30,000 offer to anyone who would submit ID info and such to Mt Gox to enable him/her to withdraw from a large account without giving up his/her real information. Perhaps this was the hacker trying to cover his identity for his future 'endeavor'. Figured I would let people know.

Link?

Can't access from work, will try to post it later if nobody else does. It was in the discussion section on the SR forums.
legendary
Activity: 1680
Merit: 1035
Insure for a certain amount of USD/Fiat based on business risks, instead of a specific BTC value. To be safe, the Bitcoin business operator can insure for more than they actually have in case they get more. It's doable. Just stupid expensive.
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
Just a thought to share with Zhou and others trying to locate the thief...

Approximately a week ago on the SR forums, there was someone who put out a $30,000 offer to anyone who would submit ID info and such to Mt Gox to enable him/her to withdraw from a large account without giving up his/her real information. Perhaps this was the hacker trying to cover his identity for his future 'endeavor'. Figured I would let people know.

Link?
sr. member
Activity: 309
Merit: 251
Just a thought to share with Zhou and others trying to locate the thief...

Approximately a week ago on the SR forums, there was someone who put out a $30,000 offer to anyone who would submit ID info and such to Mt Gox to enable him/her to withdraw from a large account without giving up his/her real information. Perhaps this was the hacker trying to cover his identity for his future 'endeavor'. Figured I would let people know.
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
Any insurance can exist.  It is just a contract.  Of course if these thefts keeps happening then the premiums are going to be expensive.

I didn't say it won't ever exist, I said it doesn't exist. Now provide your link to the only service in the world that will insure bitcoins (because I've checked to London and back and there isn't one) or stop daydreaming outloud.

What I am saying is a person needs to call a specialist insurance company and they will figure it out.  Did you call Lloyd's?

Are you kidding? They're the first I thought of!

Given the lack of assurance to the location of the bitcoins, the fact that the keys can be copied and moved, the volatility of the market value, and the inability to hold the only physical copies in any medium, they won't insure.

If it had a fixed price, I'd imagine they would insure it for more than it's spot value in fees, but what's the point of that?
legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
Again, we would like to reassure that trading will not be in any way affected and we are already in the process of contacting Linode regarding this incident. The Bitcoinica system has not been compromised and our reserves are more than sufficient for regular trading activities.

Your writing style has improved exceptionally since the beginning! Keep it up!


Ironically, I was going to pen a similar sentiment, but you, goodlord666, beat me to it.
hero member
Activity: 532
Merit: 500
Any insurance can exist.  It is just a contract.  Of course if these thefts keeps happening then the premiums are going to be expensive.

I didn't say it won't ever exist, I said it doesn't exist. Now provide your link to the only service in the world that will insure bitcoins (because I've checked to London and back and there isn't one) or stop daydreaming outloud.

What I am saying is a person needs to call a specialist insurance company and they will figure it out.  Did you call Lloyd's?
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
Any insurance can exist.  It is just a contract.  Of course if these thefts keeps happening then the premiums are going to be expensive.

I didn't say it won't ever exist, I said it doesn't exist. Now provide your link to the only service in the world that will insure bitcoins (because I've checked to London and back and there isn't one) or stop daydreaming outloud.
hero member
Activity: 532
Merit: 500
We didn't have the opportunity to scan our whole system for suspicious transactions that were not initiated from our customers because we had to shut down the system immediately after we've discovered the huge loss. We did get a rough estimate and we published a press release to warn our users about the deposit address replacement.

However, now we have concluded that we lost 43,554 BTC from this incident and we will reimburse our customers for the full amount. For transparency, we would like to disclose all the suspicious transaction ids in this incident:

I hope you get insurance next time to account for any losses due to theft.

Doesn't exist.

You could only have the USD insured.

Any insurance can exist.  It is just a contract.  Of course if these thefts keeps happening then the premiums are going to be expensive.
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
I cant help but know some Linode employee wont be at work tomorrow.

This all is way way way to convenient, seems like an inside job planned overtime with the knowledge of who runs worthwhile bitcoin services and on which VPS accounts.

This is alot of money, please for all of us make its your top priority to get compensation out of Linode otherwise any future losses less than this would be seen acceptable by these crappy hosting companies or other services.

Indeed. It seems rather odd that a random hacker would systematically probe linode for security flaws, and then magically find 8 customers related to bitcoin, and methodically empty their wallets. This is clearly somebody from the inside.

I don't know, I hacked VizVideo's phone banks and the St. Joseph county library network both using the method you just described --stumbling upon it.
Pages:
Jump to: