Pages:
Author

Topic: Bitcoinica lost 43,554 BTC from Linode compromise, suspicious TXIDs publicized - page 7. (Read 56430 times)

hero member
Activity: 896
Merit: 1000
Buy this account on March-2019. New Owner here!!
yeah .... no?

explain to me how I am wrong.
hero member
Activity: 504
Merit: 502
Not trying to heat up the waves but whats the chances the recent dump is related to these coins.

As much as I hate regulation of any kind, I hope Mark can look at the person(s) dumping right now and see if the coins they moved is part of the coins stolen.
sr. member
Activity: 446
Merit: 250
so basically the problem here is no one was using encrypted wallets because the web apps they were connected to were not compatible
yeah... no
hero member
Activity: 896
Merit: 1000
Buy this account on March-2019. New Owner here!!
so basically the problem here is no one was using encrypted wallets because the web apps they were connected to were not compatible

damn what a shame thats a lot of money Sad props to the OP for doing the right thing.
legendary
Activity: 980
Merit: 1020
Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.

Zhou could have reduced his loss significantly by reducing the amount of bitcoin that were in the hot wallet. It could be 10,000 bitcoin, for example.
sr. member
Activity: 316
Merit: 250
i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.

Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.
hero member
Activity: 496
Merit: 500
i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

you would think so  Roll Eyes

whats the excuse for not doing this?

If payments were automated, it would have to decrypt the keys at some point...

What may have prevented this is multi sig transactions.
legendary
Activity: 980
Merit: 1020
Looks like Linode is just a hosting company.  Link: http://en.wikipedia.org/wiki/Linode

I heard from Slush's thread that the Super Admin at Linode can login to any of the virtual server/websites, including Slush's mining pool and Bitcoinica.

I think MtGox should take note... possibly migrate to a non-US server??  

I bet there's a team of people, be it insider or outsider, poppin' toasting champagne right now, as this is a concerted effort to bring down bitcoins.

This doesn't hurt bitcoin. It makes bitcoin stronger. What doesn't kill us makes us stronger, more aware of the danger.
vip
Activity: 490
Merit: 502
You’re a class act for standing behind your business and accepting the burden of loss yourself.

Your losses can be decreased substantially if you wait to reimburse your clients until after the associated market drop that will follow this event.


+1

but I have to ask, is there something I am missing here, why was this wallet with over $200k worth of bitcoins not encrypted with a strong password?

The root password has been changed via the customer service interface at Linode. The ruby gem we were using to process Bitcoin withdrawals did not support encrypted wallets. We have already migrated to a secure hosting with only intranet incoming access.
sr. member
Activity: 372
Merit: 250
Wow that's one heck of an attack.  Terribly sorry to hear about the loss but hopefully you can recouperate in some way with the company or community.  

Is Linode like a version of Linux or server software, or just a hosting company such as 1&1, Dreamhost, GoDaddy etc.?  I suppose whether it is Windows, Linux, or Mac, if someone knows what they are doing it doesn't matter what software runs the wallet.  A user could get to the right files if they know.  

Looks like Linode is just a hosting company.  Link: http://en.wikipedia.org/wiki/Linode

I heard from Slush's thread that the Super Admin at Linode can login to any of the virtual server/websites, including Slush's mining pool and Bitcoinica.

I think MtGox should take note... possibly migrate to a non-US server??  

I bet there's a team of people, be it insider or outsider, poppin' toasting champagne right now, as this is a concerted effort to bring down bitcoins.

legendary
Activity: 1764
Merit: 1002
i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?

you would think so  Roll Eyes

whats the excuse for not doing this?
hero member
Activity: 896
Merit: 1000
Buy this account on March-2019. New Owner here!!
i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?
legendary
Activity: 980
Merit: 1020
Maybe you should consider reducing your hot wallet? A little inconvenience is a lot better than losing that much money.
hero member
Activity: 896
Merit: 1000
Buy this account on March-2019. New Owner here!!
You’re a class act for standing behind your business and accepting the burden of loss yourself.

Your losses can be decreased substantially if you wait to reimburse your clients until after the associated market drop that will follow this event.


+1

but I have to ask, is there something I am missing here, why was this wallet with over $200k worth of bitcoins not encrypted with a strong password?
legendary
Activity: 1764
Merit: 1002
Zhou, talk to Mark at mtgox.  i bet there's something he can do to intercept at least some of these coins as the thief tries to cash out on mtgox.
hero member
Activity: 533
Merit: 500
Wow that's one heck of an attack.  Terribly sorry to hear about the loss but hopefully you can recouperate in some way with the company or community.  

Is Linode like a version of Linux or server software, or just a hosting company such as 1&1, Dreamhost, GoDaddy etc.?  I suppose whether it is Windows, Linux, or Mac, if someone knows what they are doing it doesn't matter what software runs the wallet.  A user could get to the right files if they know.  
sr. member
Activity: 372
Merit: 250
Thanks Bitcoinica for keeping cool and maintain your integrity.

But, wtf @ Linode?!!!  Where's that Vice President?!!!  We need him to get on the forum ASAP!!!!!!  This has to be an inside/co-ordinated job.  All these happened at the same time.
donator
Activity: 29
Merit: 252
we will reimburse our customers for the full amount.

Very nice of you. Hope you are some day able to recoup this and extract compensation from the responsible party (insecure host, and of course, the thief.)

 
legendary
Activity: 1680
Merit: 1035
I just want to note that after MtGox got severely hacked, it became one of the most secure Bitcoin exchanges out there.
legendary
Activity: 1304
Merit: 1015
zhoutong, thx for being part of the bitcoin community and being a class act.  I hope Linode provides you with all of the compensation.
Pages:
Jump to: