Topic: Bitcoinica lost 43,554 BTC from Linode compromise, suspicious TXIDs publicized - page 3. (Read 56416 times)

Indeed. It seems rather odd that a random hacker would systematically probe linode for security flaws, and then magically find 8 customers related to bitcoin, and methodically empty their wallets. This is clearly somebody from the inside.

As the business owner he set the volume of his hot wallet based on what he believed to be his transactional needs. Hard to fault a businessman for trying to handle his customers needs well. He got ripped off and is standing behind his reputation and his service with his own money. Hard to fault a guy for being honest and showing some backbone in adversity.

Sounds like he may be getting some valuable advice about who should be the responsible party here... absolutely inexcusable that Linode permitted this vulnerability, and the responsibility is theirs to make good on all losses, irrespective of whatever exclusionary language they might have pasted into their service agreements. It is called fiduciary responsibility, and they failed.

He has a nice little business going, eventually he can hire staff to run it while he focuses on other things, using the profits as capital. So he's definitely gonna wanna keep it going.

From bitcoinica right now:


73661.62 BTC * 1.152 / 100 = 848.581862400 BTC

From Thursday, 1 September 2011 to Friday, 2 March 2012: 183 days.

If bitcoinica grew linearly (unlikely, but for the sake of argument)

848.581862400 * 183 / 2 = 77645.240409600 BTC, or less than twice the 43k lost.

Basically Zhou is putting most of this revenue to cover for this loss, which shows real mettle. To all the people going "o, he's a 17 yo kid": no. He's a 17 yo man.

Your writing style has improved exceptionally since the beginning! Keep it up!

Bitcoin is definitely not yet ready for prime time when it comes to large companies where several people have access to the money with no paper trail if it goes missing.

It doesn't matter who fucked up. It's a combination of things. Criminals have stashed a big amount of coins from important figureheads in the community. For the layman this translates as "BTC are insecure, even their gurus get stolen."

Notice I was talking about security and its perception.

Personally I think one should never store his private keys anywhere it can be seen in any form they can possibly be seen, so the responsibility would be shared.

True enough, VPS's are nice and cheap. I use them. But I don't put any private keys in them, or anything that can be directly stolen.

Hopefully this is a learnt lesson now.

Common sense is just common, not sensical. What MtGox and Bitcoinica were doing before they got hacked was common sense  

It's not really a "fuck-up" if the server provider is compromised. the mtgox breach was caused by a employee that had access to the db, which is totally different.

i agree with this.

In reality we have one true measure regarding to security and its perception in the Bitcoin community: time passed since last big fuck-up.

It was just reset to zero yesterday. In the particular case of MtGox, we have it running at under a year still.

Their word that they rewrote the code for it from scratch, closed down all access they could, and are now storing most coins in offline storage. Also them putting limits on all withdrawals, requiring some type of ID for anyone wishing to withdraw substantial funds, and being the first to use two factor authentication. Plus the part about them still being the top exchange by volume by far, and yet not being hacked since that last incident almost 9 months ago. Also, I wouldn't be surprised if a lot of the common sense ideas everyone uses now (cold storage, withdrawal limits, two factor option) were things people didn't care about until MtGox incident, and which they got from MtGox since then. I wouldn't be surprised if Bitcoinica came up with new security procedures that everyone else six months from now would look back on as a no-brainer, and at the very least this would emphasize the urgency of implementing multi-sig security, whereas without it people would have greeted the change with a "meh." In fact, I'd go as far as to say we were about due for another major security breach to get people to learn more about or invent better security measures. The more that happens during Bitcoin's development stage the better.

Exactly how have you made the assessment of the security of the Mt. Gox platform that allows you to make this claim?

I doubt it will. It will make it harder, no doubt about that, but theft will never be prevented. All we can hope for is a reduction in these occurrences, a lower profit to work ratio (how much work the thief has to put in for a certain amount of profit). But as soon as the price of Bitcoins double, the profit to reward ratio will double as well.

well said.

it's cliched but "keep calm and carry on" seems to be sage advice right now.

bad stuff happens all the time. its how you deal with it that counts, looks like bitcoinica/zhou is showing exactly what it/he's made of.

good work. keep it up, I'm not withdrawing anything. I don't thank anything has fundamentally changed, and if anything this is a good thing because this can only lead to more security.

If he has made enough to cover it, it would certainly seem to be in his best interest to stick to his word.

He said it's not a problem as the companies historical profits are high enough to cover it.  Zhou is a smart guy, smarter than leaving all his profit in bitcoins on a internet-accessible server.  If anything, it's a testament to Bitcoinica's success.  (This is assuming that Zhou does in fact stick to his word)

You're misguided. We are already helping the 'robbed people' out by asking questions. You are making statements and asking people to break other laws just to make you happy. You're as misguided now as you were when you filed a police report because Zhou Tong didn't answer you quickly enough.

Being honest is important. I am completely honest that Zhou Tong dropped the ball by ignoring our advice to be collocated instead of using the magical cloud he loves so much. I support him and believe since he is covering the costs himself, he has learned his lesson and will move on. He's a bright kid who just needs some polishing.

I am not advocating secrecy, I am advocating common sense. What your asking for doesn't help anyone. What you think is necessary isn't even necessary. Yet, you're not listening to anyone and you can't give a good reason. Why would anyone support you? Start asking questions and giving reasons instead of making demands and statements against things.

Your reputation is not in line with me. You do not work with me. I had held on to you against the recommendation of every-single-participating-party in the Bitcoin Magazine because I didn't believe it was fair to judge you on a single instance of irresponsible behavior (regardless of how large and idiotic it was) for filing a worthless police report against Zhou and bragging about it on the forums. Today however, before this thread was started, I removed you from the magazine completely for continuing to be over-the-top, ignoring facts, and just pushing pushing pushing, like a wannabe cop with no jurisdiction.

Slush and ZhouTong are both in the DCAO with me. Gavin might be too. Other Bitcoiners do business with me. The robber might too (who knows!). I am not on anyones side. I am on the side of common sense, as always. You are not making any sense. Your demands, even if provided, would help no one and hurt people in the process. Your continued denial of this shows your ignorance, your continued lack of self explanation and clarification shows your stubbornness and your continued self important vagaries about how you're going to help when people who are actually helping right now don't even need what you're asking for shows me that you're so out of the loop you should just be ignored.

Why am I responding to you then? Because it's in my nature to care, as obnoxious and vicious as I come across, it is in my nature to never ignore people who need a good punch in the face. I would do it to you, I would do it to my own father. Humans are humans and we all need a good check once in a while. This is your check.

Trust the powers that be or stop supporting them. You are not a shareholder of MtGox. You are not a recognized legal official. You are not representing anyone right now. If you are curious and want to "do your part", then start asking questions and stop asking people to do things for you like you are an all-knowing investigator, ready to file your weekly police reports!

Trust me, I am. You just don't realize it yet.

Sure, but if we're going to have some sort of collaborative tracking of coins stolen in big hacks, that kind of information would be very useful. MtGox and other exchanges could also transfer coins to a number of accounts publicly to their name at some point (either to store them or to pass them out) and that would also help.


Since I tend to ignore Paraipan's posts I'm not sure what you're talking about here, to be frank.

It was just an idea. Probably having a public statistical tracking service would not be a great idea. After all, one would only know if the BTC he just received are significantly tainted AFTER receiving them...

Good work, Zhou.
 

People who think the dumps at Mt. Gox is the stolen money, are absolutely clueless about everything. Gox takes money laundering more seriously than any other Bitcoin exchange. The thief would be out of his mind to try selling the coins via Gox, not now or ever.

There are better ways to do it. What we're seeing now at Gox is speculators selling because there has been serious bad news in the Bitcoin world. That's about it.