bitfloor coin theft details | Bitcointalksearch.org

Littleshop

legendary

Activity: 1386

Merit: 1004

Quote from: Littleshop on September 04, 2012, 10:21:55 PM

Quote from: foo on September 04, 2012, 05:13:58 PM

Here are clickable links to the transactions, to save everyone a lot of cutting and pasting...

http://blockchain.info/tx/83f3c30dc4fa25afe57b85651b9bbc372e8789d81b08d6966ea81f524e0a02be - 16,120 BTC
http://blockchain.info/tx/d5d23a05858236c379d2aa30886b97600506933bc46c6f2aab2e05da85e61ad2 - 1,000 BTC
http://blockchain.info/tx/f9d55dc4b8af65e15f856496335a29e2be40f128a7374c75b75529e864579f93 - 6,400 BTC
http://blockchain.info/tx/42ea472060118ee5aee801cdedbc4a3403f3708a87340660f766e2669f0afeb0 - 60 BTC
http://blockchain.info/tx/358c873892016649ace8e9db4c59f98a6ca8165287ac80e80c52e621f5a26e46 - 498.39 BTC

EDIT: Added the amounts.

This is another $200,000+ hack?

No need to respond, I see all of the other threads. Wow.

Littleshop

legendary

Activity: 1386

Merit: 1004

Quote from: foo on September 04, 2012, 05:13:58 PM

Here are clickable links to the transactions, to save everyone a lot of cutting and pasting...

http://blockchain.info/tx/83f3c30dc4fa25afe57b85651b9bbc372e8789d81b08d6966ea81f524e0a02be - 16,120 BTC
http://blockchain.info/tx/d5d23a05858236c379d2aa30886b97600506933bc46c6f2aab2e05da85e61ad2 - 1,000 BTC
http://blockchain.info/tx/f9d55dc4b8af65e15f856496335a29e2be40f128a7374c75b75529e864579f93 - 6,400 BTC
http://blockchain.info/tx/42ea472060118ee5aee801cdedbc4a3403f3708a87340660f766e2669f0afeb0 - 60 BTC
http://blockchain.info/tx/358c873892016649ace8e9db4c59f98a6ca8165287ac80e80c52e621f5a26e46 - 498.39 BTC

EDIT: Added the amounts.

This is another $200,000+ hack?

skydust

member

Activity: 74

Merit: 10

Quote from: foo on September 04, 2012, 05:13:58 PM

Here are clickable links to the transactions, to save everyone a lot of cutting and pasting...
...

thank you.

makomk

hero member

Activity: 686

Merit: 564

Quote from: casascius on September 04, 2012, 04:01:25 PM

With all due respect to the victims in this hacking, whoever they'll end up being, I am suspicious of hacking claims where the announcement of the hack includes a factual assertion of how the hack took place, e.g. "we used encryption but they found our forgotten unencrypted backup". How does one come to know with certainty that this is actually what happened?

I seem to recall that in the previous Bitcoin-related Linode compromises the hacker had to reboot the VPSes in order to gain access to them. That'd lock them out of any encrypted data but not an unencrypted backup, not to mention the fact that it made the fact the VPSes had been compromised really obvious afterwards.

foo

sr. member

Activity: 409

Merit: 250

Here are clickable links to the transactions, to save everyone a lot of cutting and pasting...

http://blockchain.info/tx/83f3c30dc4fa25afe57b85651b9bbc372e8789d81b08d6966ea81f524e0a02be - 16,120 BTC
http://blockchain.info/tx/d5d23a05858236c379d2aa30886b97600506933bc46c6f2aab2e05da85e61ad2 - 1,000 BTC
http://blockchain.info/tx/f9d55dc4b8af65e15f856496335a29e2be40f128a7374c75b75529e864579f93 - 6,400 BTC
http://blockchain.info/tx/42ea472060118ee5aee801cdedbc4a3403f3708a87340660f766e2669f0afeb0 - 60 BTC
http://blockchain.info/tx/358c873892016649ace8e9db4c59f98a6ca8165287ac80e80c52e621f5a26e46 - 498.39 BTC

EDIT: Added the amounts.

deus-ex-machina

full member

Activity: 166

Merit: 100

I'm going to try looking into the transaction details. I'll see what I can find. The sooner we get this solved, the better. Even if I find nothing, the least I can do is try to help everyone.

ErebusBat

hero member

Activity: 560

Merit: 500

I am the one who knocks

Quote from: shtylman on September 04, 2012, 04:04:11 PM

Quote from: casascius on September 04, 2012, 04:01:25 PM

With all due respect to the victims in this hacking, whoever they'll end up being, I am suspicious of hacking claims where the announcement of the hack includes a factual assertion of how the hack took place, e.g. "we used encryption but they found our forgotten unencrypted backup". How does one come to know with certainty that this is actually what happened? Seriously, I'd expect to see "we don't know how they got our funds, but clearly they did, we can think of n possible ways they did it so far, including this forgotten backup, and we'll let you know more when we find out".

This is the most information I have at the moment. There are only a number of places/files on the disk that would have provided the attacker the keys so narrowing this down to a few possibilities was not impractical.

Not knowing your current security procedures how can you rule out a compromise of your personal PCs?

shtylman

sr. member

Activity: 243

Merit: 250

Quote from: casascius on September 04, 2012, 04:01:25 PM

With all due respect to the victims in this hacking, whoever they'll end up being, I am suspicious of hacking claims where the announcement of the hack includes a factual assertion of how the hack took place, e.g. "we used encryption but they found our forgotten unencrypted backup". How does one come to know with certainty that this is actually what happened? Seriously, I'd expect to see "we don't know how they got our funds, but clearly they did, we can think of n possible ways they did it so far, including this forgotten backup, and we'll let you know more when we find out".

This is the most information I have at the moment. There are only a number of places/files on the disk that would have provided the attacker the keys so narrowing this down to a few possibilities was not impractical.

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

With all due respect to the victims in this hacking, whoever they'll end up being, I am suspicious of hacking claims where the announcement of the hack includes a factual assertion of how the hack took place, e.g. "we used encryption but they found our forgotten unencrypted backup". How does one come to know with certainty that this is actually what happened? Seriously, I'd expect to see "we don't know how they got our funds, but clearly they did, we can think of n possible ways they did it so far, including this forgotten backup, and we'll let you know more when we find out".

When Bitcoinica announced "funds got stolen, they broke into our MtGox by getting our password from LastPass" I questioned this much the same way - this seems unknowable if you're not the hacker. If I ever get hacked, I'll probably the first to say "I don't know how they got in, but I'm reformatting things as I speak! (And your coin balances are safe, because I didn't forget anything anywhere that would put them at risk!)"

notme

legendary

Activity: 1904

Merit: 1002

Quote from: DeathAndTaxes on September 04, 2012, 03:15:21 PM

Quote from: iron77 on September 04, 2012, 03:12:55 PM

What would now happen with USD balances?

They should be returned as even if bitfloor opens it obviously will be at some point in the future. Client funds should be escrowed from company funds. Clients shouldn't be turned into unwilling "investors" simply because they had funds on the wrong site at the wrong time.

I am still confident that shtylman will do the right thing.

You mean like what is happening to those of us who had mostly bitcoin in their accounts?

shtylman

sr. member

Activity: 243

Merit: 250

Quote from: DeathAndTaxes on September 04, 2012, 03:15:21 PM

Quote from: iron77 on September 04, 2012, 03:12:55 PM

What would now happen with USD balances?

I am still confident that shtylman will do the right thing.

I am working on that right now. I will post to the other thread (https://bitcointalksearch.org/topic/bitfloor-needs-your-help-105818) in a few minutes.

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

Quote from: iron77 on September 04, 2012, 03:12:55 PM

What would now happen with USD balances?

They should be returned as even if bitfloor opens it obviously will be at some point in the future. Client funds should be escrowed from company funds. Clients shouldn't be turned into unwilling "investors" simply because they had funds on the wrong site at the wrong time.

I am still confident that shtylman will do the right thing.

iron77

member

Activity: 112

Merit: 22

What would now happen with USD balances?

Vladimir

hero member

Activity: 812

Merit: 1001

-

Quote from: vampire on September 04, 2012, 03:01:28 PM

Quote from: ribuck on September 04, 2012, 03:00:50 PM

Quote from: Vladimir on September 04, 2012, 02:53:14 PM

A few kBTC/year on proper hosting/security is by far better than 30k loss per year on top of all the reputational problems and likely biz failure.

What kind of security guarantee does one get for a few kBTC/year?

Zero

true

but most risks would be reduced dramatically.

Silensec Labs Ltd. (a joint venture of myself and Silensec http://silensec.com/ ) would be happy to discuss what a few kBTC can do for one's information security. But we are going offtopic here, 2 posts full of shameless plugs is too much already.

vampire

hero member

Activity: 574

Merit: 500

Quote from: ribuck on September 04, 2012, 03:00:50 PM

Quote from: Vladimir on September 04, 2012, 02:53:14 PM

A few kBTC/year on proper hosting/security is by far better than 30k loss per year on top of all the reputational problems and likely biz failure.

What kind of security guarantee does one get for a few kBTC/year?

Zero

ribuck

donator

Activity: 826

Merit: 1060

Quote from: Vladimir on September 04, 2012, 02:53:14 PM

A few kBTC/year on proper hosting/security is by far better than 30k loss per year on top of all the reputational problems and likely biz failure.

What kind of security guarantee does one get for a few kBTC/year?

Vladimir

hero member

Activity: 812

Merit: 1001

-

I somehow lack compassion today and for that I do apologize.

Having said the above I must say that you kids with all those fat wallet.dat's sitting on your laughable amateurish servers do deserve to be hacked and will continue to be hacked. Right until you come up with some money to pay pros to help you out with information security.

Once you have some money to spend on security conscious hosting and consulting do let me know. A few kBTC/year on proper hosting/security is by far better than 30k loss per year on top of all the reputational problems and likely biz failure.

coga

full member

Activity: 222

Merit: 100

www.btcbuy.info

Quote from: 1nject0r on September 04, 2012, 02:07:16 PM

i have the proof that server were not hacked even no hacker did that maybe inside employ did this but

if u know how to check defacing site cache google it Tongue

no hackers record on zone-h.org

dude, the situation is already irritating enough as-is. May we focus on something constructive here?

1nject0r

newbie

Activity: 28

Merit: 0

Quote from: epetroel on September 04, 2012, 02:01:49 PM

Quote from: 1nject0r on September 04, 2012, 01:43:22 PM

your server were not hacked i didnot see any defacing issue some account were compromised only but your server are not hacked those were not a russian hacker's they were some other countries hacker

This makes absolutely no sense...

i have the proof that server were not hacked even no hacker did that maybe inside employ did this but

if u know how to check defacing site cache google it Tongue

no hackers record on zone-h.org

epetroel

sr. member

Activity: 431

Merit: 251

Quote from: 1nject0r on September 04, 2012, 01:43:22 PM

your server were not hacked i didnot see any defacing issue some account were compromised only but your server are not hacked those were not a russian hacker's they were some other countries hacker

This makes absolutely no sense...

Topic: bitfloor coin theft details (Read 22005 times)