Topic: Bitcoinica MtGox account compromised - page 28. (Read 156012 times)

That's exactly what I took away from this when it started several months ago, and I haven't looked back.  I control the vast majority of my bitcoins now, nobody else - paper wallets and brain wallets.  People need to internalize this.

thats where I store my coins, besides in starfish BCB and hashking.

Yep, one hour long Bruce Wagner "I'm sorry I pushed ya to put all your money in mybitcoin" style video would do wonders.  

When will you people learn that there is ONLY ONE VIABLE TYPE OF BTC SAVING ACCOUNT --> heavily encrypted and backed up bitcoin wallet/brainwallet/paperwallet in a secure place ?

something tells me that you guys should add videos to accompany these kinds of announcements. people need to be able to see into your eyes and see your sorrow and regret, to know that you're telling the truth.

we'd not have so much of this finger-pointing if that were the case, i'll bet.

I agree.  Good for him.  Unfortunately, we are in a shit position, but I am not entirely sure if this could have been avoided anyhow.  Perhaps not to this extent.  I feel confident still that things will be resolved in the end by Zhou T.  He seems like one of the few very stand-up people around here. 

what's going on behind the scenes Tihan,  Zhou,  Patrick, Donald, Amir, or anyone else with access to Bitcoinica money ??
pls write the truth

i was wondering this too. some technical reason?

Why was the bitcoin stored on MtGox anyway? Why not secure in their own wallet.
This reliance on third parties where the Bitcoinica credentials can be spoofed seems to be at the root of all the hacks.

I'm sorry for all involved. I have to say that bitcoin really is the most amazing geek soap opera. If the bitcoin value was backed by drama it would be stratospheric.

Bitcoinica was the first fully licenced financial service provider that provided decent interest of 6% on both BTC and USD currency accounts. The interest on my USD account alone provided me with ~0.5 BTC per day, so I simply used it as a BTC savings account, while leaving speculation to the other customers.

This is the post (from Donald) that won me over: http://bitcoinmedia.com/first-licensed-advanced-trading-platform-for-bitcoin/


On a personal level:

I did not commit any sizeable deposits until Bitcoinica got their new ToS, status as registered FSP in NZ and contracted the Bitcoin Consultancy, who at the time were regarded as some of the best and reputable in the business.

I found Zhou to be responsive, honest and helpful in his communication with customers and the bitcoin community. The fact that he was able to deal with the first hack to the complete satisfaction of the entire customerbase only bolstered my confidence that this was not a scam operation and assumed he learned a costly lesson in security that would not be repeated.

I was impressed by Bitcoinica as a service, it worked very well for my needs. I secured my account with a strong unique password + Google 2-factor authentication and Bitcoinica stated they did not keep deposits on site but at MtGox. Little did I know that while providing strong user facing security features they did not have adequate security measures internally (No offsite backups, cheap VPN, no OTP on their MtGox, root password reset broadcast to a mailinglist, etc.)

I realized this was one of my riskier investments since the legal status of Bitcoin is uncertain and Bitcoinica was still a largely unproven business. I did my due diligence to the best of my ability. I did my risk assessment. I decided the risk/reward was worth it.

I was wrong. Mea Culpa. http://youtu.be/NmFo-LKHGY0

So far this has been an painful and protracted lesson in counterparty risk. Now I see no option left apart from considering joining possible legal action and feeding the lawyercats. I admit I don't like it one bit, but the alternative is to sit around like a fool and I tried that strategy for the last 2 months without much success.

Paper wallets and bank safety deposit boxes? We store everything at pirate these days

MtGox has a 1:1 relation of input and output. A coin or USD can only come of of MtGox after it did come in.

Bitcoinica had leverage. So you could "earn" more coins/USD depending on the MtGox rate than there actually where in Bitcoinica. So Bitcoinica had to "play" against you by selling and buying coins on MtGox.

The difference is in degrees.  Each is not a binary choice.  MtGox, for example, has been forced by circumstance (trial by fire?) to develop good legal and technical defenses.

Even so, I never trusted any exchange and unknown website -- MtGox included -- to store any significant wealth for any period of time.

That's what paper wallets and bank safety deposit boxes are for.

Yep, Jeff, you can say it again. Though, while it was just Zhou it was kind of ok (easier to secure with everything concentrated in one place and having only one principal). As soon as BC bunch got in, it quickly turned into horrendous clusterfuck.

I must admit that, my "resignation" from honorary post of Bitcoinica's "Information Security Advisor" way back in Sep 2011, was probably the smartest move of my "Bitcoin career", in hindsight.

Anyway, I am off to enforcing 2 factor auth for Bitcoin Magazine and others, for everything I can enforce it on (naturally it is on for anything that touches money already).

I hope nobody is going to challenge me now when I repeat again:

Does anybody if MtGox employs pentesters?

gox had yubi keys, bitcoinica had google auth keys, from a laymans point of view both seem identical (I assumed their use functioned in the same way from a security point of view, looks like I was wrong)

Difference Gox<->Bitcoinica?

MTBH.

(Mean Time Between Hacks)

-MarkM- (Not to mention minor details such as yubikeys etc etc etc, which might contribute to MTBH.)

Everything except source code visibility is different.

Can't you apply most or all of these items to pretty much every bitcoin business available?
AFAIK, none of the exchanges had their source code audited, for ex.

what is the difference between mtgox and bitcoinica, from your point of view?