Topic: Bitcoinica MtGox account compromised - page 6. (Read 156012 times)

I want to tell you, but I can't. It's the only thing NDA'd.

All I can say is, the money isn't enough to compensate for my unhappiness and worries during this period.

How much did you make on the sale of Bitcoinica?

Guys, I'm not happy, constantly worried and possibly scared. I didn't have a nice sleep since long time ago.

I'm really afraid of the possible criminal charges if things don't work out well. It'll be devastating to my life, considering the permanent record and inconvenience in every single official activity, even if I'm proven innocent. I know some victims are desparate, and they are going to take actions against whatever entity that's ever related to Bitcoinica.

When the General Partners asked for apology, I gave. When they asked for respect, I also gave. I also contributed a significant portion of my personal investment to compensate the victims. I'm trying to cut down the ties but I can't, even though I owned nothing of the company since January and announced the change of management explicitly in April.

And today, there are still people claiming that I hacked the accounts. Both Mt. Gox and AurumXchange froze some of my personal funds without giving specific reasons (they did tell me some generic reasons), persumably related to Bitcoinica. I'm really nervous! (If it's unrelated, please email/PM me so that I'll feel much better.)

I can be sure that I'm not financially related to Bitcoinica, and I should never be liable for any debt of the company. I am willing to join any lawsuit against Bitcoin/Bitcoinica Consultancy Ltd and/or Bitcoinica LP as a claimant, and I also possess important but secretive documents that can only be revealed in court.

I want to do whatever I can to help you, and help myself.

People are often creatures of habit, too.  If you know one mistake they've made, you can often take an educated guess at other mistakes they may have made.

yep, the mindset of a good attacker often starts with "let's imagine that the target is stupid beyond reason and does all kinds of idiotic things that no sane person would ever do".

We know that an email account was breached in order to effect the Rackspace compromise.  That would have given the Rackspace hacker to the email communications for the mailing list, among other things.  I have little doubt that the existence of the LastPass account has probably been discussed in internal emails.

Again, Zhou has already said that whoever perpetrated the Rackspace hack had enough information to compromise the MtGox account.  They may have waited to make an attempt until they knew funds had been moved there (which was obvious once refunds were being made).  Just because you assume that people will change credentials after an attack doesn't mean it will happen, and there's nothing to be lost by seeing if the credentials you've obtained will work.  The source code leak confirmed that the MtGox API key hadn't been changed - this could have encouraged the Rackspace hacker (or someone else with whom he shared the information he'd obtained during the hack) to see what else hadn't been changed.

To a large extent, exploiting vulnerabilities involves a lot of poking around for holes you don't expect to find rather than creating sophisticated means to overcome security measures which do exist.

I've read this post, then reread it. Then again. Then stared at it, thinking of something to pen (not this post), but couldn't come up with anything substantial. I truly am shocked at what I have just read. Thanks, ZT.

~Bruno~

How would the hacker know beforehand it it was even worth getting into the account to get a look-see. First, he would have to know the account existed then, by happenstance, find the PW(s), then try them, all the long not only hoping that it works, but that it was all worth his time.

~Bruno~

Because they needed to make those transfers from a hot wallet and ever since the Linode hack people had been screaming at them about keeping their hot wallet on their own servers (and suggesting that it should be kept on MtGox for security).  Doing it through MtGox would also help give them a better record of the transactions if something went wrong with their own systems.  Remember that people were also asking to be paid in MtGox codes.

I still dont understand why they even needed Mt Gox in the first place at least for the bitcoin side of things. Why pay all the fees when you can just transfer bitcoin directly ?

That is a scam that wants people to chase them down.

Staying in public and handling this like idiots just creates an illusion that this all is just a huge fuckup and not something they(or one of them) decided to carry out.

This whole fiasco is a much better way to run a scam than to collect and run away.

Tihan noted in the pastebin post that he gave the funds to intersango guys who then had to distribute it to the users and this is where intersango seemingly moved the funds to mtgox which then got stolen or so they say.

A real scam would have the team running away real fast to avoid capture from the police. However, their names and faces are known and they are not running away. At least one individual even contributed code to the bitcoin codebase.


The intersango team didn't keep the fund, Tihan did, and he did it in the worst possible way you can. Stupidity is easier than intelligent actions.

Don't matter. Their reputation is ruined.

They wouldnt want to tarnish the security record of intersango of course by stealing from their own exchange 

Here is my ultimate nail in this obvious scam.

Bitcoinica is now managed by Intersango guys but they somehow decide to move the refundable coins/USD over to their biggest competitor MTGOX.

Why didnt they move the funds over to their own exchange for safekeeping, is this perhaps their way of distorting progress by getting another exchange involved in this mess, hell only knows.

So Zhou, who had almost exonerated himself by showing lots of good faith information distribution to the victims of his incompetence and his partner's lies and obfuscation, admits that while he "doesn't work for them" and "hasn't had access since 2011" is still able to log into company accounts after two to four ownership changes?

Believe that?

And the entire brain trust behind the acquisition of Bitcoinica, in whatever uber venture capitalist/hostile takeover/white hat rescue ranger configuration they used pulled off stealing the company away from the minor that was running it on the basis of their vastly superior security protocols and ability to prevent the very technique used to allegedly steal from them 6 months after they announced their brilliant level of talent to change the entire Bitcoinica world.

Believe that?

And somehow there is a master hacker who can correctly guess an API key password to one single account within 5 tries, steals thousands of dollars in both bitcoin AND US dollars, that he is able to mask from the block chain, AND doesn't have the common sense to change the password or leave a back door so he can come back and clean out the rest of their account?

Believe that?

And that this wunder-kind hackzor, who can defeat lengthy random digit passwords, only chooses to violate one single account after successfully entering Mt. Gox? And doesn't touch a single dime other than the funds ear-marked for restitution to the folks fleeced by Zhou and his magic pyramid machine?

Believe that?

Why do we have cancer, hunger, losing football teams, sub-Saharan droughts and famine when there is pure genius like that on this planet? Seriously now, this amazing hacker would be able to solve pretty much any crisis or need just by blinking and twitching his nose they would have us believe.

Or we can call nonsense when we see it. You insult us by throwing out the same bullshit story. You stole the money.

What the actual fuck.