@BitcoinBull I assume by 'box' you mean his personal computer?
More likely his VPS (virtual private server), which he explained was the cause of the last breach. He said he gives many "noobs" from #C++, etc access to that VPS.
genjix's box was hacked? Who told you that?
So, the simplest explanation is the one you gave and not that genjix himself leaked the source code?
Given his history, I think incompetence is more likely than malice, definitely in genjix's case.
That patrick would walk away right now looks suspicious, if he were a smart thief he would come back and finish the claims so everyone gets their 66% (like myBitcoin). So in a counter-intuitive way, I think that he "walked away" in anger/frustration is actually a sign that it wasn't an inside job. Its very plausible and at least equally likely that there was another thief IMO (see below)...
I think the probability is about the same as finding a sha-256 collision in bitcoin
So its probably silly to imagine it happened. Compare the chance of an inside job (someone told the thief where to look or told them the actual password) or a keylogger (etc) type attack was used to discover it, in such cases the fact one can find it in the source code is merely a red herring, whether deliberately dyed red or merely accidentally happening to be red.
-MarkM-
I didnt see a "lastpass master pasword " label on that string.
This.
Was ANYONE here even aware that the bitcoinica source code had been leaked, prior to genjix's OP on this thread?
Plugging the file URL into Google gives only a handful of results, with this thread being the earliest incidence of it, as far as I can tell.
That, plus the fact that the tar file appears to have been packed by username genjix.
Additionally, there's the fact that the lastpass password was supposedly the MtGOX KEY (username) and not the SECRET. A bizarre thing to do, which smells more like it's a fuck-up in an attempt to make up a plausible hack story.
The whole story is just too cute for me.
The source code was leaked on reddit almost a week ago (0 points from 9 downvotes, that's why I personally missed it).
It is plausible that someone would try the mtgox api key as the LastPass password. A very lucky someone could've confirmed months ago that
[email protected] was a LastPass account, because LastPass tells you if you try log-in with an invalid username/e-mail ("Unknown e-mail address") or if its a valid LastPass account ("Invalid password").
So when the source code was leaked, they saw the API key and decided to try it.
