yeah .... no?
explain to me how I am wrong.
Topic: Bitcoinica lost 43,554 BTC from Linode compromise, suspicious TXIDs publicized - page 7. (Read 56416 times)
March 01, 2012, 11:33:41 PM
March 01, 2012, 11:33:32 PM
Not trying to heat up the waves but whats the chances the recent dump is related to these coins.
As much as I hate regulation of any kind, I hope Mark can look at the person(s) dumping right now and see if the coins they moved is part of the coins stolen.
As much as I hate regulation of any kind, I hope Mark can look at the person(s) dumping right now and see if the coins they moved is part of the coins stolen.
March 01, 2012, 11:31:49 PM
so basically the problem here is no one was using encrypted wallets because the web apps they were connected to were not compatible
yeah... no March 01, 2012, 11:27:59 PM
so basically the problem here is no one was using encrypted wallets because the web apps they were connected to were not compatible
damn what a shame thats a lot of money
props to the OP for doing the right thing.
damn what a shame thats a lot of money
props to the OP for doing the right thing. 
March 01, 2012, 11:27:43 PM
Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.
Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.
Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.
Zhou could have reduced his loss significantly by reducing the amount of bitcoin that were in the hot wallet. It could be 10,000 bitcoin, for example.
March 01, 2012, 11:26:43 PM
i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?
Obviously the software running against the hot wallet has to have access to it. This means that if someone roots the server, they'll be able to have the same access to the hot wallet. Encryption would not have entered into it.
Zhou, good on you for covering this! I'm having a hard enough time covering the BTCinch theft; I can only imagine how pissed you are at linode.
March 01, 2012, 11:26:12 PM
i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?
you would think so
whats the excuse for not doing this?
If payments were automated, it would have to decrypt the keys at some point...
What may have prevented this is multi sig transactions.
March 01, 2012, 11:26:04 PM
Looks like Linode is just a hosting company. Link: http://en.wikipedia.org/wiki/Linode
I heard from Slush's thread that the Super Admin at Linode can login to any of the virtual server/websites, including Slush's mining pool and Bitcoinica.
I think MtGox should take note... possibly migrate to a non-US server??
I bet there's a team of people, be it insider or outsider, poppin' toasting champagne right now, as this is a concerted effort to bring down bitcoins.
I heard from Slush's thread that the Super Admin at Linode can login to any of the virtual server/websites, including Slush's mining pool and Bitcoinica.
I think MtGox should take note... possibly migrate to a non-US server??
I bet there's a team of people, be it insider or outsider, poppin' toasting champagne right now, as this is a concerted effort to bring down bitcoins.
This doesn't hurt bitcoin. It makes bitcoin stronger. What doesn't kill us makes us stronger, more aware of the danger.
March 01, 2012, 11:24:49 PM
You’re a class act for standing behind your business and accepting the burden of loss yourself.
Your losses can be decreased substantially if you wait to reimburse your clients until after the associated market drop that will follow this event.
Your losses can be decreased substantially if you wait to reimburse your clients until after the associated market drop that will follow this event.
+1
but I have to ask, is there something I am missing here, why was this wallet with over $200k worth of bitcoins not encrypted with a strong password?
The root password has been changed via the customer service interface at Linode. The ruby gem we were using to process Bitcoin withdrawals did not support encrypted wallets. We have already migrated to a secure hosting with only intranet incoming access.
March 01, 2012, 11:24:42 PM
Wow that's one heck of an attack. Terribly sorry to hear about the loss but hopefully you can recouperate in some way with the company or community.
Is Linode like a version of Linux or server software, or just a hosting company such as 1&1, Dreamhost, GoDaddy etc.? I suppose whether it is Windows, Linux, or Mac, if someone knows what they are doing it doesn't matter what software runs the wallet. A user could get to the right files if they know.
Is Linode like a version of Linux or server software, or just a hosting company such as 1&1, Dreamhost, GoDaddy etc.? I suppose whether it is Windows, Linux, or Mac, if someone knows what they are doing it doesn't matter what software runs the wallet. A user could get to the right files if they know.
Looks like Linode is just a hosting company. Link: http://en.wikipedia.org/wiki/Linode
I heard from Slush's thread that the Super Admin at Linode can login to any of the virtual server/websites, including Slush's mining pool and Bitcoinica.
I think MtGox should take note... possibly migrate to a non-US server??
I bet there's a team of people, be it insider or outsider, poppin' toasting champagne right now, as this is a concerted effort to bring down bitcoins.
March 01, 2012, 11:24:26 PM
i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?
you would think so
whats the excuse for not doing this?
March 01, 2012, 11:23:08 PM
i mean seriously, could not this whole thing been prevented if the wallet was just encrypted?
March 01, 2012, 11:22:05 PM
Maybe you should consider reducing your hot wallet? A little inconvenience is a lot better than losing that much money.
March 01, 2012, 11:21:39 PM
You’re a class act for standing behind your business and accepting the burden of loss yourself.
Your losses can be decreased substantially if you wait to reimburse your clients until after the associated market drop that will follow this event.
Your losses can be decreased substantially if you wait to reimburse your clients until after the associated market drop that will follow this event.
+1
but I have to ask, is there something I am missing here, why was this wallet with over $200k worth of bitcoins not encrypted with a strong password?
March 01, 2012, 11:13:50 PM
Zhou, talk to Mark at mtgox. i bet there's something he can do to intercept at least some of these coins as the thief tries to cash out on mtgox.
March 01, 2012, 11:12:03 PM
Wow that's one heck of an attack. Terribly sorry to hear about the loss but hopefully you can recouperate in some way with the company or community.
Is Linode like a version of Linux or server software, or just a hosting company such as 1&1, Dreamhost, GoDaddy etc.? I suppose whether it is Windows, Linux, or Mac, if someone knows what they are doing it doesn't matter what software runs the wallet. A user could get to the right files if they know.
Is Linode like a version of Linux or server software, or just a hosting company such as 1&1, Dreamhost, GoDaddy etc.? I suppose whether it is Windows, Linux, or Mac, if someone knows what they are doing it doesn't matter what software runs the wallet. A user could get to the right files if they know.
March 01, 2012, 11:11:21 PM
Thanks Bitcoinica for keeping cool and maintain your integrity.
But, wtf @ Linode?!!! Where's that Vice President?!!! We need him to get on the forum ASAP!!!!!! This has to be an inside/co-ordinated job. All these happened at the same time.
But, wtf @ Linode?!!! Where's that Vice President?!!! We need him to get on the forum ASAP!!!!!! This has to be an inside/co-ordinated job. All these happened at the same time.
March 01, 2012, 11:05:37 PM
we will reimburse our customers for the full amount.
Very nice of you. Hope you are some day able to recoup this and extract compensation from the responsible party (insecure host, and of course, the thief.)
March 01, 2012, 11:07:51 PM
I just want to note that after MtGox got severely hacked, it became one of the most secure Bitcoin exchanges out there.
March 01, 2012, 11:02:12 PM
zhoutong, thx for being part of the bitcoin community and being a class act. I hope Linode provides you with all of the compensation.
Jump to: