Bitcoin Forum>Economy>Marketplace>Service Discussion
Pages:
Author

Topic: BitMarket.Eu has closed down - page 22. (Read 204185 times)

defxor
hero member
Activity: 530
Merit: 500
Re: BitMarket.Eu has closed down
February 18, 2013, 05:42:27 PM
#811
Quote from: M4v3R on February 18, 2013, 12:59:34 PM
What's with the whole witch hunt?

Whenever you feel like releasing blockchain transactions supporting your initial story about gambling at Bitcoinica, please do so.

GsR
newbie
Activity: 34
Merit: 0
Re: BitMarket.Eu has closed down
February 18, 2013, 01:17:59 PM
#810
Quote from: Ollie on February 18, 2013, 11:34:44 AM
Quote from: Bitmarket.eu-victim0815 on February 18, 2013, 06:35:44 AM
Does anybody know M4v3rs mailing and/or residential address?
He seems to have lived in place called Wojcieszowie in 2010, and had two cats. His G+ profile photos are visible to all. Might be fake though.


One of his photos with a blond girl(Marlena?) from 2007(camera date wrong?) has this location information.


A blue car seems to appear at multiple locations in his photos.


Hi all I'm pretty angry for this situation because I'm losing more bitcoins further the already frozen one.
I don't want to make any public consideration now but I think that too many information of M4v3R are available.

So it is difficult for him to escape and seems he doesn't want to do this.

I hope in a restoration of stolen bitcoins as soon as possible  ...
M4v3R
hero member
Activity: 607
Merit: 500
Re: BitMarket.Eu has closed down
February 18, 2013, 12:59:34 PM
#809
What's with the whole witch hunt? It's not that I'm running from the responsibility of Bitmarket users. The site is taken offline due to investigation about the hack. During last 48 hours I've gathered much information about this, which I'll post shortly (I don't want to risk that the hacker is reading these forums and covers his tracks).
Also, if all goes well, the Bitcoins that were lost during this incident will be returned to the owners soon.
Ollie
member
Activity: 89
Merit: 10
Re: BitMarket.Eu has closed down
February 18, 2013, 11:34:44 AM
#808
Quote from: Bitmarket.eu-victim0815 on February 18, 2013, 06:35:44 AM
Does anybody know M4v3rs mailing and/or residential address?
He seems to have lived in place called Wojcieszowie in 2010, and had two cats. His G+ profile photos are visible to all. Might be fake though.


One of his photos with a blond girl(Marlena?) from 2007(camera date wrong?) has this location information.


A blue car seems to appear at multiple locations in his photos.
vv01f
sr. member
Activity: 314
Merit: 250
Re: BitMarket.Eu has closed down
February 18, 2013, 07:59:09 AM
#807
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I would like to receive the private key to my account address - can you
make this possible?
The Account should be connector with a new one and I'd accept a fee of 1
BTC for the service - if more People are willing to buy their Key, this
can be a way for you to earn back some coins.
Transmission of the key should be done with pgp encrypted to the
accounts email.
Also in this state I suggest you send out mails to all users with there
current amount of coins in their accounts and inform actively about the
hack.

This message will also be Sent via PM and have attached some details.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBUSIsuHsPDkonDMJDAQJrIwgA5WnubPJlJJxo0Fpwogeshp71Q75O6ahH
BVDBQFNGahyqQqlnCHtKbx6bxbb5mnm2gAQxYZM2OizghYdgq3RO40d0rLYWP6qc
XJPREFp1zalVfg9DvKbZ4MHgbjS3ax2jdzdzdVyr1l2PSuTpwT60QU7/r5yq0nC2
sBHmrDrqQCzR3ZJ0tglejDUyNZucYdrDP8pPrs3X5+CYbCmxJ3xmnPeHiVO0LJKu
VFkEfTpZZInDJXLEejX/GdHC2XOu7GiQgnfz7qTfed5V7xCtQCzuRenHIEoQQ4Ow
K+nZiuUUjJzHSRWR8gkkzg1sHGjb5mqQbr++o9HRzecT77mPPT9ZmA==
=u1Ey
-----END PGP SIGNATURE-----
Bitmarket.eu-victim0815
newbie
Activity: 18
Merit: 0
Re: BitMarket.Eu has closed down
February 18, 2013, 06:35:44 AM
#806
Does anybody know M4v3rs mailing and/or residential address?
M4v3R
hero member
Activity: 607
Merit: 500
Re: BitMarket.Eu has closed down
February 17, 2013, 11:16:47 AM
#805
I'd like to point one thing at this moment, because some people are going to wrong conclusions. Martin Albert (mralbi) wasn't in any way affiliated with any of this. We were only at the stage of negotiations about how to proceed. He didn't have any access to the site yet, and he hadn't source code of the site. So even though the amount of stolen Bitcoins is very close to what he has in debt (the exact amount is 618.53109582, while 620 BTC was stolen), but this is probably because the thief, while going through the database, looked up the members table. Then, as the logs clearly show, he sorted the members by the "debt_bitcoins" column, descending, and found "mralbi" username at the 2nd place. The amount was also there, so it may be the case that he thought that he can withdraw at least this amount.

The Apache access logs follow (warning, long text; I've grepped the log only to show the activity from thief):

Code:
178.177.206.245 - - [14/Feb/2013:04:17:21 +0400] "GET /adminer-iuqgs124.php HTTP/1.1" 200 2325 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:17:21 +0400] "GET /adminer-iuqgs124.php?file=default.css&version=3.6.1 HTTP/1.1" 200 1700 "https://bitmarket.eu/adminer-iuqgs124.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:17:21 +0400] "GET /adminer-iuqgs124.php?file=functions.js&version=3.6.1 HTTP/1.1" 200 19551 "https://bitmarket.eu/adminer-iuqgs124.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:17:22 +0400] "GET /adminer-iuqgs124.php?file=favicon.ico&version=3.6.1 HTTP/1.1" 200 714 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:17:28 +0400] "POST /adminer-iuqgs124.php HTTP/1.1" 302 740 "https://bitmarket.eu/adminer-iuqgs124.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:17:28 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket HTTP/1.1" 200 3313 "https://bitmarket.eu/adminer-iuqgs124.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:17:28 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&script=connect HTTP/1.1" 200 682 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:17:30 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket HTTP/1.1" 200 3780 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:17:30 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&script=db HTTP/1.1" 200 1978 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:17:33 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&table=members HTTP/1.1" 200 3396 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:17:35 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&table=members HTTP/1.1" 200 3396 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&table=members" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:17:37 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members HTTP/1.1" 200 20958 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&table=members" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:17:42 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&order%5B0%5D=bitcoins HTTP/1.1" 200 24254 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:17:46 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&order%5B0%5D=bitcoins&desc%5B0%5D=1 HTTP/1.1" 200 24590 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&order%5B0%5D=bitcoins" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:18:09 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&order%5B0%5D=debt_bitcoins HTTP/1.1" 200 21247 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&order%5B0%5D=bitcoins&desc%5B0%5D=1" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:18:15 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&order%5B0%5D=debt_bitcoins&desc%5B0%5D=1 HTTP/1.1" 200 24254 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&order%5B0%5D=debt_bitcoins" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:19:23 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&order%5B0%5D=bitcoins HTTP/1.1" 200 24399 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&order%5B0%5D=debt_bitcoins&desc%5B0%5D=1" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:19:27 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&order%5B0%5D=bitcoins&desc%5B0%5D=1 HTTP/1.1" 200 24590 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&order%5B0%5D=bitcoins" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:21:32 +0400] "GET / HTTP/1.1" 200 6549 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:21:37 +0400] "POST /login HTTP/1.1" 200 2276 "https://bitmarket.eu/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:21:40 +0400] "POST /login HTTP/1.1" 302 596 "https://bitmarket.eu/login" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:21:41 +0400] "GET /account HTTP/1.1" 200 5636 "https://bitmarket.eu/login" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:21:58 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&sql=SELECT+%2A%0AFROM+%60members%60%0AORDER+BY+%60bitcoins%60+DESC%0ALIMIT+30 HTTP/1.1" 200 6456 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&order%5B0%5D=bitcoins&desc%5B0%5D=1" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:22:18 +0400] "POST /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&sql=SELECT+%2A%0AFROM+%60members%60%0AORDER+BY+%60bitcoins%60+DESC%0ALIMIT+30 HTTP/1.1" 200 7203 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&sql=SELECT+%2A%0AFROM+%60members%60%0AORDER+BY+%60bitcoins%60+DESC%0ALIMIT+30" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:22:40 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&edit=members&where%5Bid%5D=2559 HTTP/1.1" 200 7061 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&sql=SELECT+%2A%0AFROM+%60members%60%0AORDER+BY+%60bitcoins%60+DESC%0ALIMIT+30" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:23:03 +0400] "GET /logout HTTP/1.1" 302 805 "https://bitmarket.eu/account" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:23:03 +0400] "GET / HTTP/1.1" 200 3204 "https://bitmarket.eu/account" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:23:06 +0400] "GET /register HTTP/1.1" 200 4692 "https://bitmarket.eu/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:23:23 +0400] "POST /register HTTP/1.1" 200 2405 "https://bitmarket.eu/register" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:23:37 +0400] "GET /register/activate/37397/LW7Eqzk3z9 HTTP/1.1" 302 596 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:23:37 +0400] "GET /account HTTP/1.1" 200 5460 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:23:59 +0400] "POST /account/details HTTP/1.1" 200 5685 "https://bitmarket.eu/account" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:21:58 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&sql=SELECT+%2A%0AFROM+%60members%60%0AORDER+BY+%60bitcoins%60+DESC%0ALIMIT+30 HTTP/1.1" 200 6456 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&order%5B0%5D=bitcoins&desc%5B0%5D=1" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:22:18 +0400] "POST /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&sql=SELECT+%2A%0AFROM+%60members%60%0AORDER+BY+%60bitcoins%60+DESC%0ALIMIT+30 HTTP/1.1" 200 7203 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&sql=SELECT+%2A%0AFROM+%60members%60%0AORDER+BY+%60bitcoins%60+DESC%0ALIMIT+30" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:22:40 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&edit=members&where%5Bid%5D=2559 HTTP/1.1" 200 7061 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&sql=SELECT+%2A%0AFROM+%60members%60%0AORDER+BY+%60bitcoins%60+DESC%0ALIMIT+30" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:24:14 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&sql=SELECT+%2A%0AFROM+%60members%60%0AORDER+BY+%60bitcoins%60+DESC%0ALIMIT+30 HTTP/1.1" 200 3092 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&order%5B0%5D=bitcoins&desc%5B0%5D=1" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:24:21 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&edit=members&where%5Bid%5D=2559 HTTP/1.1" 200 6916 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&sql=SELECT+%2A%0AFROM+%60members%60%0AORDER+BY+%60bitcoins%60+DESC%0ALIMIT+30" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:24:24 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members HTTP/1.1" 200 20942 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&edit=members&where%5Bid%5D=2559" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:24:31 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&page=last HTTP/1.1" 200 9929 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:24:59 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&edit=members&where%5Bid%5D=37397 HTTP/1.1" 200 4725 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&page=last" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:25:40 +0400] "POST /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&edit=members&where%5Bid%5D=37397 HTTP/1.1" 200 5125 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&edit=members&where%5Bid%5D=37397" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:25:59 +0400] "GET /funds HTTP/1.1" 200 2757 "https://bitmarket.eu/account/details" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:26:06 +0400] "POST /funds HTTP/1.1" 200 2644 "https://bitmarket.eu/funds" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:26:20 +0400] "GET /account HTTP/1.1" 200 5396 "https://bitmarket.eu/funds" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:26:36 +0400] "POST /account/details HTTP/1.1" 200 5685 "https://bitmarket.eu/account" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:26:50 +0400] "GET /account/details/address_change/Fl0WAr41C1 HTTP/1.1" 302 612 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:26:50 +0400] "GET /account HTTP/1.1" 200 5476 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:26:56 +0400] "GET /funds HTTP/1.1" 200 2628 "https://bitmarket.eu/account" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:27:01 +0400] "POST /funds HTTP/1.1" 200 2756 "https://bitmarket.eu/funds" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:28:16 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&edit=members&where[id]=37397 HTTP/1.1" 200 7893 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:28:38 +0400] "POST /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&edit=members&where[id]=37397 HTTP/1.1" 200 8472 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&edit=members&where[id]=37397" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:28:51 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&table=transactions HTTP/1.1" 200 2964 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&edit=members&where[id]=37397" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:28:53 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions HTTP/1.1" 200 8100 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&table=transactions" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:28:57 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions&page=last HTTP/1.1" 200 5700 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:30:20 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions HTTP/1.1" 200 8245 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions&page=last" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:30:23 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions&page=last HTTP/1.1" 200 5700 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:30:28 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=bitcoin_transfers HTTP/1.1" 200 8148 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions&page=last" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:30:31 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=bitcoin_transfers&page=last HTTP/1.1" 200 8116 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=bitcoin_transfers" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:30:50 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=bitcoin_transfers&order%5B0%5D=amount HTTP/1.1" 200 8693 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=bitcoin_transfers&page=last" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:31:09 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions HTTP/1.1" 200 8245 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=bitcoin_transfers&order%5B0%5D=amount" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:31:19 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&table=members HTTP/1.1" 200 3396 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:31:20 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members HTTP/1.1" 200 20942 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&table=members" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:31:24 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&page=last HTTP/1.1" 200 9929 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:31:30 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions HTTP/1.1" 200 8100 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=members&page=last" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:32:00 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions&page=last HTTP/1.1" 200 5845 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:32:08 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions&page=795 HTTP/1.1" 200 9041 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions&page=last" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:32:17 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions&order%5B0%5D=amount HTTP/1.1" 200 8969 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions&page=795" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:32:18 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions&order%5B0%5D=amount&desc%5B0%5D=1 HTTP/1.1" 200 8969 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions&order%5B0%5D=amount" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:32:35 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&edit=transactions&where%5Bid%5D=20869 HTTP/1.1" 200 3477 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions&order%5B0%5D=amount&desc%5B0%5D=1" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:32:47 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions HTTP/1.1" 200 8100 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&edit=transactions&where%5Bid%5D=20869" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:32:49 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions&order%5B0%5D=amount HTTP/1.1" 200 8969 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:32:51 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions&order%5B0%5D=amount&desc%5B0%5D=1 HTTP/1.1" 200 8969 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions&order%5B0%5D=amount" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:33:01 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&edit=transactions&where%5Bid%5D=20799 HTTP/1.1" 200 3332 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions&order%5B0%5D=amount&desc%5B0%5D=1" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:33:05 +0400] "POST /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&edit=transactions&where%5Bid%5D=20799 HTTP/1.1" 302 724 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&edit=transactions&where%5Bid%5D=20799" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:33:06 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&select=transactions&order%5B0%5D=amount&desc%5B0%5D=1 HTTP/1.1" 200 9289 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&edit=transactions&where%5Bid%5D=20799" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
83.26.40.6 - - [14/Feb/2013:11:32:12 +0400] "GET /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&sql= HTTP/1.1" 200 3489 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/536.26.17 (KHTML, like Gecko) Version/6.0.2 Safari/536.26.17"
83.26.40.6 - - [14/Feb/2013:11:32:13 +0400] "GET /adminer-iuqgs124.php?file=default.css&version=3.6.1 HTTP/1.1" 200 1700 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&sql=" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/536.26.17 (KHTML, like Gecko) Version/6.0.2 Safari/536.26.17"
83.26.40.6 - - [14/Feb/2013:11:32:13 +0400] "GET /adminer-iuqgs124.php?file=functions.js&version=3.6.1 HTTP/1.1" 200 19406 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&sql=" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/536.26.17 (KHTML, like Gecko) Version/6.0.2 Safari/536.26.17"
83.26.40.6 - - [14/Feb/2013:11:32:13 +0400] "GET /adminer-iuqgs124.php?file=favicon.ico&version=3.6.1 HTTP/1.1" 200 714 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&sql=" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/536.26.17 (KHTML, like Gecko) Version/6.0.2 Safari/536.26.17"
83.26.40.6 - - [14/Feb/2013:11:32:21 +0400] "POST /adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&sql= HTTP/1.1" 200 5164 "https://bitmarket.eu/adminer-iuqgs124.php?server=localhost&username=bitmarket&db=bitmarket&sql=" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/536.26.17 (KHTML, like Gecko) Version/6.0.2 Safari/536.26.17"
83.26.91.26
178.177.206.245 - - [14/Feb/2013:04:33:10 +0400] "GET /account HTTP/1.1" 200 5428 "https://bitmarket.eu/funds" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:33:13 +0400] "GET /account/payment_types HTTP/1.1" 200 3076 "https://bitmarket.eu/account" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:33:14 +0400] "GET /transactions HTTP/1.1" 200 2548 "https://bitmarket.eu/account/payment_types" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:33:28 +0400] "GET /funds HTTP/1.1" 200 2756 "https://bitmarket.eu/transactions" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:04:33:32 +0400] "GET /account HTTP/1.1" 200 5589 "https://bitmarket.eu/transactions" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:17:11:58 +0400] "GET /account HTTP/1.1" 302 3941 "https://bitmarket.eu/transactions" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"
178.177.206.245 - - [14/Feb/2013:17:11:58 +0400] "GET /login HTTP/1.1" 200 2244 "https://bitmarket.eu/transactions" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"

I will post more relevant information about this, and also, how this all affects the previous plans, tomorrow.
unixdude
newbie
Activity: 47
Merit: 0
Re: BitMarket.Eu has closed down
February 17, 2013, 08:41:16 AM
#804
manfred
legendary
Activity: 966
Merit: 1001
Energy is Wealth
Re: BitMarket.Eu has closed down
February 17, 2013, 08:10:38 AM
#803
this was written before the latest events so it was effectively outdated before it was finished.
anyway i decided to post it.


here is a draft solution to get everyone 100% of the on hold bitcoins back at a fixed price of the 21.12.2012 date, over a time frame of 7 years. of course it would need cooperating of all members and the owner. The owner/operator has got the choice, class action lawsuit and bankruptcy or investing in the company and working his arse of to earn some decent money in the future. As it stands everyone can expect very little in financial return if the side is liquidated, only the satisfaction of sending him to the gulags. He seems to have done alright with the coding just take away the business side from him.

The biggest stumbling block is COOPERATION


So here it is:
   current operator take out bank loan for 30% of all bitcoins on hold at a fixed 21.12.2012 price (not live price) and releases them  (21.12.2012 is the date the coins got put on hold, i think) . The remaining 70% stay on hold. If he needs help and can not get a bank loan there is such a thing as community loans, family, friends, private investors..... also there is some return from bitcoinica.

   current owner keeps only access to hot wallet to perform admin duty’s and different members hold and manage the cold storage (as long as it is out of his hands and spread to different locations it is as save as possible).
   
   all members accept 100% return of all on “Hold” bitcoins at fixed 21.12..2012 price per coin and form some sort of share company the size of the share depends in number of coins he has on hold (total about 20000). if someone is not happy with being part owner (does not trust himself, needs some money instantly....) he can sell his share immediately or at any time. Its fair to say that at the beginning the price would be very low. I am equally sure that there would be people eagerly interested to buy the coins (shares) way below market value, but the coins (share) come with some strings attached. After all a share could be worth way more than 100% at some time in future.

   every year, for the next 7 years 10% of the on hold coins become available (at the 21.12.2012 fixed price) to everyone, distributed to the number of bitcoins they hold on “hold”, funded from the fees from the previous year. the case is not if the people will come back to the side, they are there but have the coins on hold and cant trade. also anyone not selling straight away is locked in so to speak to trade, promote,promote, promote buy ,sell on the side. So why trade somewhere else if i pay the fees in the own company.
yes it requires somewhere in the vicinity of 5 million transactions a year and would run a loss in the first year(s). A lose, (the side not archiving the targeted number of trades) simple means that it would be deducted form the released coins and not investment of new capital.
mtgox trades over a 2 million bitcoins a month. What was Mtgox’s  volume 2 years ago, what will it be in 2 years time?
 With the exception of the operator (loan and implementation of new features, p2p on webside and Android, iPhone app....) no one else invests any new money and only max. 70% of the on hold coins are risk of being lost. The risk will be, if the side is profitable in the long term and make some decent money. Whats needed is new users and hoards of them.
Depending how many believe that bitcoins are ready for the next step, being widespread accepted as a peer to peer payment option, the number of trades required is small if the ball gets rolling. Only trading with the bitcoins, it is impossible to archive, it needs the implementation of p2p transaction service and smartphone apps. (to pay my hotel/hostel room, my meal, any gadget.......a simple scan with the phone bitcoins transferred done.

Summery, Potentially full 100% of the bitcoins everybody gets back, but not at a live price and over 7 years time span. Live price is simply not possible at the current price.
Lets say i have 100 on hold at a price of 10 euro. So 300 euro worth of coins (30% of 21.12.2012 price, not 30 bitcoins) would be released immediately, the other 70% remain on hold. after then every year 100 euro worth of coins  (10% of 21.12.2012 price, not 10 bitcoins) become available.
If the price in 7 years time is at 100 euro per bitcoin 1 bitcoin is credited to the account.
If the price in 7 years time is at 2 euro per bitcoin then 50 bitcoins are credied to the account.
Effectively about 20000 shares at about 10 euro each at start and start capital roughly 60000.

The idea is that the company make a profit as well by then not just give us the money back.
I know it is not possible to please everybody, but a possible 100% return of an investment of an insolvent company with no new money put in (only owners loan) is a good start.

Widespread cooperation is the achilles heel, also his Android Iphone coding skills would need to be verified.
This is a quick thought with a lot of room for improvements to save as many of the gambled coins as possible.
I can see no criminal intent as far as i can tell he never tried to hide, its a case of youth inexperience and plain old greed. Having no business plan in place,  in order to get “paid” for the work deceits to gamble.

Official liquidation is about 6% from 21.12.2012 date, or?

Again, this possible solution was thought up before the latest events.

Latest hack seems inside job, how many coins does his ex partner have on hold?
mralbi
sr. member
Activity: 271
Merit: 250
Re: BitMarket.Eu has closed down
February 17, 2013, 08:02:51 AM
#802
come on, this is all ridiculous. First of all, the whole thing started already on THURSDAY? this means the site was open even longer after the whole thing happened!

And anyway... why should someone steal "randomly" 620 coins and keep the rest in?!?!?, (while my share of frozen coins is 618)? The whole thing smells to heaven... Can you please think SHARPLY who had access to the required information to make such an "insider" Job work? Luckily i am in a "good" position in that sense that i never had access/information to any bitmarket site related stuff at all... If only 2 or 3 people had access / the information to these links it must be clear that it was one of them? Or think further...maybe you have your local computer compromised and the attack came from there by stealing your password stuff from there?

unixdude
newbie
Activity: 47
Merit: 0
Re: BitMarket.Eu has closed down
February 17, 2013, 07:52:21 AM
#801
Quote from: disclaimer201 on February 17, 2013, 07:43:52 AM
You are only safe from hacking as long as you are not targeted.

Bitmarket is dead unless you do all of the following:

A - post bitcoinica transfers and any information available to how the original 3000 btc disappeared

(if you don't people will rightfully see you no1 suspect)

B - take out a loan at a bank / friends / family / boss to recover the latest 600 missing btc

(if you don't, you will lose MrAlbi and other investors because you cannot ask anyone for such a leap of faith,
the latest story sounds very fishy, just like bitcoinica being hacked over and over again, and we all learned yes - lightning does
strike the same spot twice, or even three times)

C - convince investors to move forward with restructuring/investment plans

D - do not reopen bitmarket until other experts and you have looked at bitmarket code for loopholes and you know exactly what caused
the latest hack

E - post information on progress at each of the steps, at least daily

In BTC other case, run everyone and get your lawyers ready.

Always option F send a few polish guys around and physically recover the losses  Tongue - joking
disclaimer201
legendary
Activity: 1526
Merit: 1001
Re: BitMarket.Eu has closed down
February 17, 2013, 07:43:52 AM
#800
You are only safe from hacking as long as you are not targeted.

Bitmarket is dead unless you do all of the following:

A - post bitcoinica transfers and any information available to how the original 3000 btc disappeared

(if you don't people will rightfully see you no1 suspect)

B - take out a loan at a bank / friends / family / boss to recover the latest 600 missing btc

(if you don't, you will lose MrAlbi and other investors because you cannot ask anyone for such a leap of faith,
the latest story sounds very fishy, just like bitcoinica being hacked over and over again, and we all learned yes - lightning does
strike the same spot twice, or even three times)

C - convince investors to move forward with restructuring/investment plans

D - do not reopen bitmarket until other experts and you have looked at bitmarket code for loopholes and you know exactly what caused
the latest hack

E - post information on progress at each of the steps, at least daily

In BTC other case, run everyone and get your lawyers ready.
Herodes
hero member
Activity: 868
Merit: 1000
Re: BitMarket.Eu has closed down
February 17, 2013, 04:20:17 AM
#799
more hacks. oh dear..
unixdude
newbie
Activity: 47
Merit: 0
Re: BitMarket.Eu has closed down
February 17, 2013, 03:17:40 AM
#798
unixdude
newbie
Activity: 47
Merit: 0
Re: BitMarket.Eu has closed down
February 17, 2013, 03:13:33 AM
#797
M4v3R
hero member
Activity: 607
Merit: 500
Re: BitMarket.Eu has closed down
February 16, 2013, 02:17:02 PM
#796
Quote from: crazy573 on February 16, 2013, 01:45:50 PM
Why was there 600 in a hot wallet? Without cold storage you always take a big risk.

It went up to 600 very quickly. And I didn't want to move any coins offline because at this stage, if people couldn't withdraw for any reason, they would be very nervous (it already happened once).

After the transition it would be the case - ~90% in cold storage and 10% for daily operations. I'm even considering encrypting the private keys with user password, so the attacker can't just use them without user's credentials.

[Added on 17.02.2013, 08:10]

Details about the hack follows:

On February 14th, 01:17:21 GMT+1, the attacker approached website's MySQL administration console, which can be seen on the log below:

Code:
178.177.206.245 - - [14/Feb/2013:04:17:21 +0400] "GET /adminer-iuqgs124.php HTTP/1.1" 200 2325 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"

The IP address 178.177.206.245 was used throughout the hack, and wasn't used on the site before. It does not look like a proxy server, and the address comes from Moscow, Russia. The script, which is a well known MySQL administration toolkit was located at a randomly chosen (by me) filename (adminer-[eight random chars].php). The logs doesn't show any signs of guessing, he knew this filename somehow (more on this later).

Knowing the script's filename is not enough, because you still have to know the MySQL credentials. They are stored only in one place, in a config.php file, accessible only to website scripts. The password was 16 characters long and random: cVPzBh54N6bfdbmb (I've already changed it). Yet, the attacker somehow, again, without guessing, logged in to the console without a problem.

Having writeable access to the whole database he could do whatever he wanted really. He adjusted his account's record with new 'bitcoins' figure, and then even made a fictional transaction to point at his account (this was sloppy though, because he changed an existing one from last year, which was standing out, because this transaction seemed to be made before he even registered).

Then, he proceeded to the site itself. According to my logs, this is how it went:
- First, he tried to login to mralbi's account with a password that was supposedly leaked a year ago from other site. He failed at this.
- Then, he tried to access sonba's account (another high-profile user of Bitmarket, also known on the forums). He succeeded, but for some reason he didn't do anything there (just logged in, and two minutes later, logged out).
- Finally, he went to create a new account. The details are as follows:
Code:
   [username] => chinabig01
    [email] => [email protected]
    [password] => c....1
    [country] => fi
- If you google this email address, you will notice that it's not a disposable address. It was used as early as 2009 on various sites (even one Bitcoin site - forbitcoin.com). Also, the username he chose is the same as on those sites. And the password seems to be his username (I don't store sent passwords in server logs, but for critical situations like this I leave first and last letter to prove that someone used a legitimate password for the owner. I know it lowers the password entropy, but if you use long password that you should use, it doesn't matter).
- He then activated his account using his email
- In account settings he set the withdrawal address to 1Lbcfpaw3uHs3iarBqZ12FYeD5vFwNvY49. Again, he confirmed this change by his email.
- Then he proceeded to withdraw the funds. He first withdrew 1 BTC (to test if it worked, I think), then 9 BTC. Finally, he withdrew 55.4561581 and 554.5438419 BTC, which all totals to 620 BTC you can see in the blockchain.
- After that, he went to transactions page to see if the transaction he made up is there, and logged out. I didn't saw this IP on the site since then.

Now, after reading this, there are some legitimate questions that one could ask himself: How in the earth this person could know filename of the script that wasn't posted ANYWHERE? How he knew the MySQL password? I don't know yet. I've asked those questions to my hosting provider and hope to get some answers. There are few possibilities, but at this point it's only guessing:
- there was a flaw in server software. Most critical parts are: Bitcoin client, Apache, PHP, MySQL. Bitcoin client at that time was at version 0.6.1 I believe. The reason for that was, when 0.7 came out, it didn't wanted to work with my wallet for some reason. I didn't want to risk any corruption, so I reverted to 0.6.x. The other bits were using fairly up-to-date software (not the latest point releases, but judging from the changelogs for these, there weren't any flaws in them fixed that could cause this).
- it was an inside job. Possible candidates are: someone from hosting company (which is hard to believe and literally can't be proven) or my old partner (which I don't believe, because he also had some Bitcoins on site when this happened and they were lost as well. He also didn't knew that this MySQL admin tool existed, I've installed this later).
- someone hijacked my SSH details. I've looked at the auth.log and that doesn't seem the case.
- a flaw in website's code. I believe it's not the case, because remote code execution (and that's what was needed for this) is fairly easy to spot, and I looked again at the code yesterday and didn't find anything. The codebase is pretty small and straightforward. Also, I was looking through the apache access logs and didn't find any trace of this.
- something else that I didn't think of

Steps, that I've taken so far:
- gathered all necessary information and passed it to hosting company
- changed my SSH password and bitmarket's MySQL password (root password is totally separate, never used anywhere and not stored anywhere)
- removed all remote access to MySQL
- downloaded site logs for futher analysis.

[Added on 17.02.2013, 22:26]

Sadly, it turned out that it was my SSH account that was hacked. I don't want to disclose any other information at the moment, because I'm still doing an investigation, that could lead me to the hacker. I will provide more information very soon.
crazy573
full member
Activity: 179
Merit: 100
Re: BitMarket.Eu has closed down
February 16, 2013, 01:45:50 PM
#795
Why was there 600 in a hot wallet? Without cold storage you always take a big risk.
M4v3R
hero member
Activity: 607
Merit: 500
Re: BitMarket.Eu has closed down
February 16, 2013, 01:31:31 PM
#794
Quote from: BCB on February 16, 2013, 11:47:56 AM
Sorry guys. This has stunk of fraud from the beginning.

From exactly what beginning? What your opinion is based on? Did I run, regardless of what happened? Did I hide the fact that the Bitcoins were stolen from my investors, or even users? (as I said, I only wanted to wait until evening to post the announcement, because I had to investigate what happened exactly). I was working hard to fix this and everything was right on the track. If this incident didn't happen, soon Bitmarket would reborn as a new, more better site, with new management and features. There would be a chance for many people to take profit from it. And here, if the investors decide to abandon the project (which I still hope they won't), everybody loses. That includes me, really hard.

Anyway, no matter what happens, I want to push this thing forward. I will spend time and funds necessary to audit the site, change all credentials, probably move it to another server, and then reopen it with the proper security. I'm open to all suggestions. This hit was a big one, but I won't give up on this. I made a promise to my users and I will fulfill it.
BCB
vip
Activity: 1078
Merit: 1002
BCJ
Re: BitMarket.Eu has closed down
February 16, 2013, 11:47:56 AM
#793
Sorry guys. This has stunk of fraud from the beginning.
xyz
hero member
Activity: 1848
Merit: 772
Re: BitMarket.Eu has closed down
February 16, 2013, 11:35:04 AM
#792
Quote from: M4v3R on February 16, 2013, 10:53:32 AM


...
Edit 2: The hacker didn't withdraw all that was there, there was ~120 BTC left. I don't know why he withdrawed precisely 620.00 BTC.
...


Perhaps somebody saw no possibility to get back his bitcoins from the owner of bitmarket - so he took the coins himself! Maybe hes amount at the site was about 620 bitcoins and therefore he took not all - only HIS coins!?
Maybe a good idea...
Pages:
Bitcoin Forum>Economy>Marketplace>Service Discussion
Jump to: