Pages:
Author

Topic: Bitcoinica lost 43,554 BTC from Linode compromise, suspicious TXIDs publicized - page 3. (Read 56430 times)

donator
Activity: 296
Merit: 250
I cant help but know some Linode employee wont be at work tomorrow.

This all is way way way to convenient, seems like an inside job planned overtime with the knowledge of who runs worthwhile bitcoin services and on which VPS accounts.

This is alot of money, please for all of us make its your top priority to get compensation out of Linode otherwise any future losses less than this would be seen acceptable by these crappy hosting companies or other services.

Indeed. It seems rather odd that a random hacker would systematically probe linode for security flaws, and then magically find 8 customers related to bitcoin, and methodically empty their wallets. This is clearly somebody from the inside.
sr. member
Activity: 574
Merit: 250
As the business owner he set the volume of his hot wallet based on what he believed to be his transactional needs. Hard to fault a businessman for trying to handle his customers needs well. He got ripped off and is standing behind his reputation and his service with his own money. Hard to fault a guy for being honest and showing some backbone in adversity.

Sounds like he may be getting some valuable advice about who should be the responsible party here... absolutely inexcusable that Linode permitted this vulnerability, and the responsibility is theirs to make good on all losses, irrespective of whatever exclusionary language they might have pasted into their service agreements. It is called fiduciary responsibility, and they failed.
legendary
Activity: 1652
Merit: 1128
He has a nice little business going, eventually he can hire staff to run it while he focuses on other things, using the profits as capital. So he's definitely gonna wanna keep it going.
hero member
Activity: 756
Merit: 522
Quote
Yes, our historical profit is fairly sufficient to cover the loss from this incident

From bitcoinica right now:

Quote
73,661.62 traded (56% hedged) 1.152% equivalent fees (indicative)

73661.62 BTC * 1.152 / 100 = 848.581862400 BTC

From Thursday, 1 September 2011 to Friday, 2 March 2012: 183 days.

If bitcoinica grew linearly (unlikely, but for the sake of argument)

848.581862400 * 183 / 2 = 77645.240409600 BTC, or less than twice the 43k lost.

Basically Zhou is putting most of this revenue to cover for this loss, which shows real mettle. To all the people going "o, he's a 17 yo kid": no. He's a 17 yo man.
sr. member
Activity: 434
Merit: 250
100%
Again, we would like to reassure that trading will not be in any way affected and we are already in the process of contacting Linode regarding this incident. The Bitcoinica system has not been compromised and our reserves are more than sufficient for regular trading activities.

Your writing style has improved exceptionally since the beginning! Keep it up!



legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
Bitcoin is definitely not yet ready for prime time when it comes to large companies where several people have access to the money with no paper trail if it goes missing.
donator
Activity: 980
Merit: 1000
In reality we have one true measure regarding to security and its perception in the Bitcoin community: time passed since last big fuck-up.

It was just reset to zero yesterday. In the particular case of MtGox, we have it running at under a year still.
It's not really a "fuck-up" if the server provider is compromised. the mtgox breach was caused by a employee that had access to the db, which is totally different.

It doesn't matter who fucked up. It's a combination of things. Criminals have stashed a big amount of coins from important figureheads in the community. For the layman this translates as "BTC are insecure, even their gurus get stolen."

Notice I was talking about security and its perception.

Personally I think one should never store his private keys anywhere it can be seen in any form they can possibly be seen, so the responsibility would be shared.

True enough, VPS's are nice and cheap. I use them. But I don't put any private keys in them, or anything that can be directly stolen.

Hopefully this is a learnt lesson now.
legendary
Activity: 1680
Merit: 1035
Rassah, you are a bastion of common sense.

Common sense is just common, not sensical. What MtGox and Bitcoinica were doing before they got hacked was common sense  Cool
legendary
Activity: 2058
Merit: 1452
In reality we have one true measure regarding to security and its perception in the Bitcoin community: time passed since last big fuck-up.

It was just reset to zero yesterday. In the particular case of MtGox, we have it running at under a year still.
It's not really a "fuck-up" if the server provider is compromised. the mtgox breach was caused by a employee that had access to the db, which is totally different.
legendary
Activity: 1764
Merit: 1002
I just want to note that after MtGox got severely hacked, it became one of the most secure Bitcoin exchanges out there.
Exactly how have you made the assessment of the security of the Mt. Gox platform that allows you to make this claim?

Their word that they rewrote the code for it from scratch, closed down all access they could, and are now storing most coins in offline storage. Also them putting limits on all withdrawals, requiring some type of ID for anyone wishing to withdraw substantial funds, and being the first to use two factor authentication. Plus the part about them still being the top exchange by volume by far, and yet not being hacked since that last incident almost 9 months ago. Also, I wouldn't be surprised if a lot of the common sense ideas everyone uses now (cold storage, withdrawal limits, two factor option) were things people didn't care about until MtGox incident, and which they got from MtGox since then. I wouldn't be surprised if Bitcoinica came up with new security procedures that everyone else six months from now would look back on as a no-brainer, and at the very least this would emphasize the urgency of implementing multi-sig security, whereas without it people would have greeted the change with a "meh." In fact, I'd go as far as to say we were about due for another major security breach to get people to learn more about or invent better security measures. The more that happens during Bitcoin's development stage the better.

i agree with this.
donator
Activity: 980
Merit: 1000
I just want to note that after MtGox got severely hacked, it became one of the most secure Bitcoin exchanges out there.
Exactly how have you made the assessment of the security of the Mt. Gox platform that allows you to make this claim?

Their word that they rewrote the code for it from scratch, closed down all access they could, and are now storing most coins in offline storage. Also them putting limits on all withdrawals, requiring some type of ID for anyone wishing to withdraw substantial funds, and being the first to use two factor authentication. Plus the part about them still being the top exchange by volume by far, and yet not being hacked since that last incident almost 9 months ago. Also, I wouldn't be surprised if a lot of the common sense ideas everyone uses now (cold storage, withdrawal limits, two factor option) were things people didn't care about until MtGox incident, and which they got from MtGox since then. I wouldn't be surprised if Bitcoinica came up with new security procedures that everyone else six months from now would look back on as a no-brainer, and at the very least this would emphasize the urgency of implementing multi-sig security, whereas without it people would have greeted the change with a "meh." In fact, I'd go as far as to say we were about due for another major security breach to get people to learn more about or invent better security measures. The more that happens during Bitcoin's development stage the better.

In reality we have one true measure regarding to security and its perception in the Bitcoin community: time passed since last big fuck-up.

It was just reset to zero yesterday. In the particular case of MtGox, we have it running at under a year still.
legendary
Activity: 1680
Merit: 1035
I just want to note that after MtGox got severely hacked, it became one of the most secure Bitcoin exchanges out there.
Exactly how have you made the assessment of the security of the Mt. Gox platform that allows you to make this claim?

Their word that they rewrote the code for it from scratch, closed down all access they could, and are now storing most coins in offline storage. Also them putting limits on all withdrawals, requiring some type of ID for anyone wishing to withdraw substantial funds, and being the first to use two factor authentication. Plus the part about them still being the top exchange by volume by far, and yet not being hacked since that last incident almost 9 months ago. Also, I wouldn't be surprised if a lot of the common sense ideas everyone uses now (cold storage, withdrawal limits, two factor option) were things people didn't care about until MtGox incident, and which they got from MtGox since then. I wouldn't be surprised if Bitcoinica came up with new security procedures that everyone else six months from now would look back on as a no-brainer, and at the very least this would emphasize the urgency of implementing multi-sig security, whereas without it people would have greeted the change with a "meh." In fact, I'd go as far as to say we were about due for another major security breach to get people to learn more about or invent better security measures. The more that happens during Bitcoin's development stage the better.
legendary
Activity: 980
Merit: 1008
I just want to note that after MtGox got severely hacked, it became one of the most secure Bitcoin exchanges out there.
Exactly how have you made the assessment of the security of the Mt. Gox platform that allows you to make this claim?

Tough hit Zhou! I hope P2SH will leave major hacking incidents behind us, another great lesson learned here.
I doubt it will. It will make it harder, no doubt about that, but theft will never be prevented. All we can hope for is a reduction in these occurrences, a lower profit to work ratio (how much work the thief has to put in for a certain amount of profit). But as soon as the price of Bitcoins double, the profit to reward ratio will double as well.
legendary
Activity: 2576
Merit: 1087
@Matthew N. Wright i'm only doing this to help the robbed people out for Christ sake
You're misguided. We are already helping the 'robbed people' out by asking questions. You are making statements and asking people to break other laws just to make you happy. You're as misguided now as you were when you filed a police report because Zhou Tong didn't answer you quickly enough.

Being honest is important. I am completely honest that Zhou Tong dropped the ball by ignoring our advice to be collocated instead of using the magical cloud he loves so much. I support him and believe since he is covering the costs himself, he has learned his lesson and will move on. He's a bright kid who just needs some polishing.

I am not advocating secrecy, I am advocating common sense. What your asking for doesn't help anyone. What you think is necessary isn't even necessary. Yet, you're not listening to anyone and you can't give a good reason. Why would anyone support you? Start asking questions and giving reasons instead of making demands and statements against things.

putting my reputation in line with people like you calling me names.
Your reputation is not in line with me. You do not work with me. I had held on to you against the recommendation of every-single-participating-party in the Bitcoin Magazine because I didn't believe it was fair to judge you on a single instance of irresponsible behavior (regardless of how large and idiotic it was) for filing a worthless police report against Zhou and bragging about it on the forums. Today however, before this thread was started, I removed you from the magazine completely for continuing to be over-the-top, ignoring facts, and just pushing pushing pushing, like a wannabe cop with no jurisdiction.

Which side you on Matthew ? Gavin, SLush, Zhoutong and other bitcoiners or the robbers side ?
Slush and ZhouTong are both in the DCAO with me. Gavin might be too. Other Bitcoiners do business with me. The robber might too (who knows!). I am not on anyones side. I am on the side of common sense, as always. You are not making any sense. Your demands, even if provided, would help no one and hurt people in the process. Your continued denial of this shows your ignorance, your continued lack of self explanation and clarification shows your stubbornness and your continued self important vagaries about how you're going to help when people who are actually helping right now don't even need what you're asking for shows me that you're so out of the loop you should just be ignored.

Why am I responding to you then? Because it's in my nature to care, as obnoxious and vicious as I come across, it is in my nature to never ignore people who need a good punch in the face. I would do it to you, I would do it to my own father. Humans are humans and we all need a good check once in a while. This is your check.

That isn't much info at all and already public, you wouldn't know who deposited which coins only MtGox, but they already know that, right ?
Trust the powers that be or stop supporting them. You are not a shareholder of MtGox. You are not a recognized legal official. You are not representing anyone right now. If you are curious and want to "do your part", then start asking questions and stop asking people to do things for you like you are an all-knowing investigator, ready to file your weekly police reports!

Help me out dude, damn it.
Trust me, I am. You just don't realize it yet.

well said.

it's cliched but "keep calm and carry on" seems to be sage advice right now.

bad stuff happens all the time. its how you deal with it that counts, looks like bitcoinica/zhou is showing exactly what it/he's made of.

good work. keep it up, I'm not withdrawing anything. I don't thank anything has fundamentally changed, and if anything this is a good thing because this can only lead to more security.
hero member
Activity: 798
Merit: 1000
He said it's not a problem as the companies historical profits are high enough to cover it.  Zhou is a smart guy, smarter than leaving all his profit in bitcoins on a internet-accessible server.  If anything, it's a testament to Bitcoinica's success.  (This is assuming that Zhou does in fact stick to his word)

If he has made enough to cover it, it would certainly seem to be in his best interest to stick to his word.
full member
Activity: 219
Merit: 101

This comment is oddly prophetic.

Quote from: jerf
I'm going to pitch a different take than a few others: Yes, great initiative, please keep trying things and building things, but end this project now. There are no probable outcomes where you do not end up having to explain where thousands of dollars of other people's money went to some angry people.

I do wonder how an 18 year old is going to come up with $200,000 worth of bitcoins as reimbursement. I don't know how profitable bitcoinica has been, but that much money seems too much to overcome.

He said it's not a problem as the companies historical profits are high enough to cover it.  Zhou is a smart guy, smarter than leaving all his profit in bitcoins on a internet-accessible server.  If anything, it's a testament to Bitcoinica's success.  (This is assuming that Zhou does in fact stick to his word)
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
@Matthew N. Wright i'm only doing this to help the robbed people out for Christ sake
You're misguided. We are already helping the 'robbed people' out by asking questions. You are making statements and asking people to break other laws just to make you happy. You're as misguided now as you were when you filed a police report because Zhou Tong didn't answer you quickly enough.

Being honest is important. I am completely honest that Zhou Tong dropped the ball by ignoring our advice to be collocated instead of using the magical cloud he loves so much. I support him and believe since he is covering the costs himself, he has learned his lesson and will move on. He's a bright kid who just needs some polishing.

I am not advocating secrecy, I am advocating common sense. What your asking for doesn't help anyone. What you think is necessary isn't even necessary. Yet, you're not listening to anyone and you can't give a good reason. Why would anyone support you? Start asking questions and giving reasons instead of making demands and statements against things.

putting my reputation in line with people like you calling me names.
Your reputation is not in line with me. You do not work with me. I had held on to you against the recommendation of every-single-participating-party in the Bitcoin Magazine because I didn't believe it was fair to judge you on a single instance of irresponsible behavior (regardless of how large and idiotic it was) for filing a worthless police report against Zhou and bragging about it on the forums. Today however, before this thread was started, I removed you from the magazine completely for continuing to be over-the-top, ignoring facts, and just pushing pushing pushing, like a wannabe cop with no jurisdiction.

Which side you on Matthew ? Gavin, SLush, Zhoutong and other bitcoiners or the robbers side ?
Slush and ZhouTong are both in the DCAO with me. Gavin might be too. Other Bitcoiners do business with me. The robber might too (who knows!). I am not on anyones side. I am on the side of common sense, as always. You are not making any sense. Your demands, even if provided, would help no one and hurt people in the process. Your continued denial of this shows your ignorance, your continued lack of self explanation and clarification shows your stubbornness and your continued self important vagaries about how you're going to help when people who are actually helping right now don't even need what you're asking for shows me that you're so out of the loop you should just be ignored.

Why am I responding to you then? Because it's in my nature to care, as obnoxious and vicious as I come across, it is in my nature to never ignore people who need a good punch in the face. I would do it to you, I would do it to my own father. Humans are humans and we all need a good check once in a while. This is your check.

That isn't much info at all and already public, you wouldn't know who deposited which coins only MtGox, but they already know that, right ?
Trust the powers that be or stop supporting them. You are not a shareholder of MtGox. You are not a recognized legal official. You are not representing anyone right now. If you are curious and want to "do your part", then start asking questions and stop asking people to do things for you like you are an all-knowing investigator, ready to file your weekly police reports!

Help me out dude, damn it.
Trust me, I am. You just don't realize it yet.
donator
Activity: 980
Merit: 1000


Probably not, but none of us need to know the addresses that go through MtGox. Only MtGox needs to know. All we need to know is what MtGox is going to do about it if they find one, and that is up to them to tell us, since we agree to the user agreement when we make our accounts and we support them as a community by giving them our business.

Sure, but if we're going to have some sort of collaborative tracking of coins stolen in big hacks, that kind of information would be very useful. MtGox and other exchanges could also transfer coins to a number of accounts publicly to their name at some point (either to store them or to pass them out) and that would also help.

Since MtGox already stated publicly that the coins were not the same ones, it's very clear he's just out to cause trouble.

Since I tend to ignore Paraipan's posts I'm not sure what you're talking about here, to be frank.

It was just an idea. Probably having a public statistical tracking service would not be a great idea. After all, one would only know if the BTC he just received are significantly tainted AFTER receiving them...
legendary
Activity: 1145
Merit: 1001
legendary
Activity: 2184
Merit: 1056
Affordable Physical Bitcoins - Denarium.com
People who think the dumps at Mt. Gox is the stolen money, are absolutely clueless about everything. Gox takes money laundering more seriously than any other Bitcoin exchange. The thief would be out of his mind to try selling the coins via Gox, not now or ever.

There are better ways to do it. What we're seeing now at Gox is speculators selling because there has been serious bad news in the Bitcoin world. That's about it.
Pages:
Jump to: