Bitcoinica MtGox account compromised - page 40.

DarkEmi

full member

Activity: 223

Merit: 100

Quote from: ninjarobot on July 13, 2012, 04:39:15 AM

Quote from: genjix on July 13, 2012, 04:00:07 AM

This has resulted in the loss of one third of all the Bitcoinica money which has been stolen from MtGox. (40k BTC / 40K USD - the mtgox daily limits)

When did this happen? In a single day or over the course of many?

Are you saying 40.000 USD + 40.000 BTC were stolen? Or the USD equivalent of $344.800,00 at today's exchange rates?

If he took USD, then there was a account number that you can use as theft for POLICE ? PLEASE ?

aq

full member

Activity: 238

Merit: 100

Quote from: N12 on July 13, 2012, 04:39:48 AM

Hey, if people get back 66.6%, that's more than MyBitcoin gave its users.

Stop complaining. Grin

They get hacked on a daily basis. I doubt that there will be anything left, before they really start to pay back.

N12

donator

Activity: 1610

Merit: 1010

Hey, if people get back 66.6%, that's more than MyBitcoin gave its users.

Stop complaining. Grin

ninjarobot

hero member

Activity: 761

Merit: 500

Mine Silent, Mine Deep

Quote from: genjix on July 13, 2012, 04:00:07 AM

This has resulted in the loss of one third of all the Bitcoinica money which has been stolen from MtGox. (40k BTC / 40K USD - the mtgox daily limits)

When did this happen? In a single day or over the course of many?

Are you saying 40,000 USD + 40,000 BTC were stolen? Or the USD equivalent of $344,800 at today's exchange rates?

davout

legendary

Activity: 1372

Merit: 1008

1davout

Quote from: markm on July 13, 2012, 04:30:28 AM

Quote from: davout on July 13, 2012, 04:24:41 AM

See https://github.com/davout/bitcoin-central to see how you properly store production passwords.

protip : not directly in the fucking source code

Pro tip 2: for months now the whole problem of how to properly store passwords has been holding up Open Transactions development because of the intricacies of how to convince the various different operating-systems never ever ever to let it land on disk, including by not allowing the memory it is remembering it in get swapped to disk. Its stuff like this that has made Open Transactions late to market.

Let's leave the advanced tips for when the basics have been understood

rapeghost

sr. member

Activity: 419

Merit: 250

dude.. inside job? you guys are fucking retarded.

he explained exactly what happened.

go loosen your tinfoil hats

Raoul Duke

legendary

Activity: 1358

Merit: 1002

Just like the 18k BTC theft, this one is also very convenient.

I imagine no police report also on this one.

Bullshit. You guys(Bitcoinica customers) are being taken for a ride.

DarkEmi

full member

Activity: 223

Merit: 100

If you have 2/3 of the funds left, PLEASE give me back at least 2/3 the btc you own me.

It would help me sleep at night. You already confirmed me and I have gotten nothing so far...

ColdHardMetal

hero member

Activity: 700

Merit: 500

Is this real life?

btcprophet

newbie

Activity: 27

Merit: 0

Each new act of this farce reaches previously unimaginable levels of fail.

Bravo, I feel like I'm almost getting my money's worth of cringeworthy entertainment.

markm

legendary

Activity: 2940

Merit: 1090

Quote from: davout on July 13, 2012, 04:24:41 AM

See https://github.com/davout/bitcoin-central to see how you properly store production passwords.

protip : not directly in the fucking source code

Pro tip 2: for months now the whole problem of how to properly store passwords has been holding up Open Transactions development because of the intricacies of how to convince the various different operating-systems never ever ever to let it land on disk, including by not allowing the memory it is remembering it in get swapped to disk. Its stuff like this that has made Open Transactions late to market.

Better to get in fast and out with a fast buck than wait until ready to "do it right" though maybe eh?

-MarkM-

aq

full member

Activity: 238

Merit: 100

Quote from: davout on July 13, 2012, 04:24:41 AM

Quote from: genjix on July 13, 2012, 04:00:07 AM

We regret to inform you that there has been another huge breach of Bitcoinica. While all passwords were changed after the theft which occurred May 11th, the password for LastPass was not compromised and thus left unchanged. The breach today occured because the password for LastPass was in fact a duplicate password which had been compromised during the hack.

[...]

While the initial hacker had the ability to cause this breach it is likely that it was not taken advantage of until many users had access to the sourcecode in a recent leak:

Code:

genjix:~/tmp/bitcoinica_legacy/config/initializers$ cat mtgox_credentials.rb 
if Rails.env.production?
  MtGox.configure do |config|
    config.key = "c02e1a27-5524-449f-ba65-aff9581ddedc"
    config.secret = '83U1ROG++O3vwBqFrxpcdyLIoChpgnowImy1oMVQwBLalaLevZDmWeCPJFTrYW00OQ7XUgG53LsIL2pBZ2PQgA=='
    end
end

See https://github.com/davout/bitcoin-central to see how you properly store production passwords.

protip : not directly in the fucking source code

They got hacked. Site was shut down. So they left the API open for what? Only for the hacker?

Justin00

legendary

Activity: 910

Merit: 1000

★YoBit.Net★ 350+ Coins Exchange & Dice

who didn't see this coming ?

In fairness I though it would be a few weeks earlier.

DarkEmi

full member

Activity: 223

Merit: 100

I am not sure I understand. You are telling us you lost ANOTHER 40 k ?

If thats the case, I am becoming increasingly depressed.
I will state publicly that I had 5k btc on bitcoinica and thats basically a majority of my wealth, which was accumulated trough hard work...
Because I was having that much faith into bitcoins.

I was kinda closing my eyes to the disaster so far hoping for a good news but I dont know what to do anymore

davout

legendary

Activity: 1372

Merit: 1008

1davout

Quote from: genjix on July 13, 2012, 04:00:07 AM

We regret to inform you that there has been another huge breach of Bitcoinica. While all passwords were changed after the theft which occurred May 11th, the password for LastPass was not compromised and thus left unchanged. The breach today occured because the password for LastPass was in fact a duplicate password which had been compromised during the hack.

[...]

While the initial hacker had the ability to cause this breach it is likely that it was not taken advantage of until many users had access to the sourcecode in a recent leak:

Code:

genjix:~/tmp/bitcoinica_legacy/config/initializers$ cat mtgox_credentials.rb 
if Rails.env.production?
  MtGox.configure do |config|
    config.key = "c02e1a27-5524-449f-ba65-aff9581ddedc"
    config.secret = '83U1ROG++O3vwBqFrxpcdyLIoChpgnowImy1oMVQwBLalaLevZDmWeCPJFTrYW00OQ7XUgG53LsIL2pBZ2PQgA=='
    end
end

See https://github.com/davout/bitcoin-central to see how you properly store production passwords.

protip : not directly in the fucking source code

aq

full member

Activity: 238

Merit: 100

Sorry, but whoever handles this whole bitcoinica mess should probably leave bitcoins, or better anything related to computers.

eleuthria

legendary

Activity: 1750

Merit: 1007

You have to be joking. There aren't words to describe how terrible Bitcoinica has been at "losing" money. Quite frankly I don't see how anybody can believe this isn't an inside job/run with the money scheme anymore.

markm

legendary

Activity: 2940

Merit: 1090

Quote from: davout on July 13, 2012, 04:15:31 AM

EDIT : Oh wait, I misread, it indeed went through the username+password authentication. I don't have words to describe the sheer amounts of fail this represents and how easily it could have been prevented.

Ah so then it does not all point to Tihan, someone else aided and abetted by setting Gox up ready for his "negligence" to work?

-MarkM-

iddo

sr. member

Activity: 360

Merit: 251

Quote from: genjix on July 13, 2012, 04:00:07 AM

This has resulted in the loss of one third of all the Bitcoinica money which has been stolen from MtGox. (40k BTC / 40K USD - the mtgox daily limits)

I'm not sure whether I understand what you meant here: are you saying that 40K USD were also stolen via MtGox ? If so, MtGox knows the identity of the thief who withdrew the USD ? If you meant that 40K BTC were withdrawn but not USD, then please ignore my question.

ninjarobot

hero member

Activity: 761

Merit: 500

Mine Silent, Mine Deep

Can someone from MtGox support please weigh in and provide more details on what happened, when, how much?

This is just incredulous.

Topic: Bitcoinica MtGox account compromised - page 40. (Read 156012 times)