Pages:
Author

Topic: Bitcoinica lost 43,554 BTC from Linode compromise, suspicious TXIDs publicized - page 6. (Read 56416 times)

rjk
sr. member
Activity: 448
Merit: 250
1ngldh
Why did you change your mind about hosting the wallet?
my bet: mtgox limitations
^This. Especially when they are upwards of 1/3rd of MtGox's transaction volume.
hero member
Activity: 896
Merit: 1000
Buy this account on March-2019. New Owner here!!
and again +200k to the op for being a man and taking care of this in a responsible way, im just trying to bring awareness on how we can secure bitcoin for the future. I have only like 80 bitcoins in my wallet right now but you can damn well better believe it is in encrypted with a completely uncrackable password.
hero member
Activity: 896
Merit: 1000
Buy this account on March-2019. New Owner here!!
i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.
why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?
You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.
am i missing something here? wouldn't that entry be exactly what the attacker would be waiting for?
Pretty sure such a random suspicious reboot would cause the poolop to review the server before entering any creds anywhere. Especially when his Linode access manager says that there was a login to his account a few minutes before, not caused by him.
+1, the idea that this hacker is sitting here watching a packet sniffer or a keylogger and the admin of the server with an encrypted wallet holding $200k+ is not going to think something suspicions is preposterous

it would take multiple fails for this scenario to be successful and the bottom line is an encrypted wallet would likely have saved this money. The problem is these web applications have not been developed to the level where they are able to interact with encrypted wallets. point blank.
hero member
Activity: 504
Merit: 502
Watch MTGOX, Im telling you someone is dumping these coins right now.

The limit for withdrawal is 10K USD for verified account, and he would need to pass fake information to MtGox's money laundering office. So the thief would need to create multiple accounts, multiple identity or compromise several mtgox accounts.

If Mark isnt aware of watching for this, he might just let this guy withdraw all the funds over a few days, Im not sure what the endgame is however some individual(yes it was way to coordinated, watch the graphs) solely dumped just over 20k BTC allready.
newbie
Activity: 20
Merit: 0
zhoutong, I do appreciate what your are doing for the community. This is a hell of responsibility your are taking, good job.

But, please, explain me - how could you be keeping the whole bunch of Bitcoins in a single wallet running on the VPS (!!!) in the wild? Having $200,000-250,000 worth customers' funds would make me invest my own money in renting dedicated server at least. Or two. Considering even this not being totally secure - it still would provide much more security at $50/month cost.

But hell, who cares about security at $50/month! Being a hero at $200 grands is much more effective!
mrb
legendary
Activity: 1512
Merit: 1028
We didn't have the opportunity to scan our whole system for suspicious transactions that were not initiated from our customers because we had to shut down the system immediately after we've discovered the huge loss. We did get a rough estimate and we published a press release to warn our users about the deposit address replacement.

However, now we have concluded that we lost 43,554 BTC from this incident and we will reimburse our customers for the full amount.

When you introduced Bitcoinica, you claimed one of your security advantages was that you "did not operate a Bitcoin wallet" and that "all your funds are stored on MtGox". Source: https://bitcointalksearch.org/topic/m.514429

However this theft makes it apparent that you changed your mind, as you lost a wallet. Why did you change your mind about hosting the wallet on your own servers? You had a great idea, you should have stuck with it.
legendary
Activity: 980
Merit: 1020
Watch MTGOX, Im telling you someone is dumping these coins right now.

The limit for withdrawal is 10K USD for verified account, and he would need to pass fake information to MtGox's money laundering office. So the thief would need to create multiple accounts, multiple identity or compromise several mtgox accounts.


IANASE, but keep in mind that AML increase barrier of entry, reducing competition and privacy of users. Keeping record of user identity is also a security liability if identity thieves get their hand on it.
rjk
sr. member
Activity: 448
Merit: 250
1ngldh
i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.
why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?
You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.
am i missing something here? wouldn't that entry be exactly what the attacker would be waiting for?
Pretty sure such a random suspicious reboot would cause the poolop to review the server before entering any creds anywhere. Especially when his Linode access manager says that there was a login to his account a few minutes before, not caused by him.
full member
Activity: 154
Merit: 102
Bitcoin!
i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.
why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?
You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.
am i missing something here? wouldn't that entry be exactly what the attacker would be waiting for?
Yes, an attack like that could also be done, although it would have to be slightly more sophisticated than today's attack. Likely you would modify bitcoind to log the passphrase to a file somewhere.
legendary
Activity: 1330
Merit: 1000
Bitcoin
Watch MTGOX, Im telling you someone is dumping these coins right now.

This is right . Why not catch the thief at this part of the chain?
sr. member
Activity: 446
Merit: 250
i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.
why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?
You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.
am i missing something here? wouldn't that entry be exactly what the attacker would be waiting for?
hero member
Activity: 504
Merit: 502
Watch MTGOX, Im telling you someone is dumping these coins right now.
full member
Activity: 154
Merit: 102
Bitcoin!
i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.
why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?
You have to enter the wallet password/passphrase after rebooting/restarting bitcoin.
legendary
Activity: 1330
Merit: 1000
Bitcoin
In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.

AND mutlisignature

AND low amount of BTC in your hot wallet in case your defense in depth got bypassed.

this ^^
sr. member
Activity: 446
Merit: 250
i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.
why would a reboot stop the attacker from seeing the wallet being unencrypted during the next use?
legendary
Activity: 980
Merit: 1020
In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.

AND mutlisignature

AND low amount of BTC in your hot wallet in case your defense in depth got bypassed.
sr. member
Activity: 446
Merit: 250
yeah .... no?

explain to me how I am wrong.
as was mentioned before, the wallet would have to be decrypted at some point in time to use it, the attacker had root access so they would see the unencrypted wallet. This means that an encrypted wallet would not have help out at all.
hero member
Activity: 504
Merit: 500
so basically the problem here is no one was using encrypted wallets because the web apps they were connected to were not compatible

damn what a shame thats a lot of money Sad props to the OP for doing the right thing.

even if the 'web apps' were compatible, they would need to know the encryption key, so anyone with access would also have the encryption key
hero member
Activity: 896
Merit: 1000
Buy this account on March-2019. New Owner here!!
i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.

thank you.
legendary
Activity: 826
Merit: 1001
rippleFanatic
i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

In this case, encryption would have protected the wallet because the attacker was only able to get root access after a reboot.
Pages:
Jump to: