I wanted to get this suggestion to Bitstamp:
If you publish the btc addresses that were in the operational wallet that was compromised, then everyone running a mining rig with a client that has an exclusion list file can avoid providing confirmations to the thief until and unless Bitstamp publishes a solution. Some exclusion lists might also feature the ability to allow exceptions when a transaction spends an output into a specified set of addresses, which would allow Bitstamp to request of all interested miners to allow only those transactions that move the bitcoin from their compromised operational wallet into a new protected address.
Topic: bitstamp 18,000 bitcoins stolen? -confirmed - page 8. (Read 15061 times)
i think this is the reason behind recent bitcoin price drop
still bitcoin needs a lot of work to be done before most merchants accepts this
still bitcoin needs a lot of work to be done before most merchants accepts this
Usually, the cause precedes the conséquences...
My link is not suspicious...
It's on cnbc dot com
Yes it is. I suspect it is full of crap
OK, that's true...
My link is not suspicious...
It's on cnbc dot com
Yes it is. I suspect it is full of crap
i think this is the reason behind recent bitcoin price drop
still bitcoin needs a lot of work to be done before most merchants accepts this
still bitcoin needs a lot of work to be done before most merchants accepts this
I love it when people who know nothing about a problem speculate about what it can or cannnot be.
It's funny when it happens on a forum.
It's pathetic when it gets published : http://www.c[Suspicious link removed]m/id/102309754
My link is not suspicious...
It's on cnbc dot com
then /id/102309754
It's funny when it happens on a forum.
It's pathetic when it gets published : http://www.c[Suspicious link removed]m/id/102309754
My link is not suspicious...
It's on cnbc dot com
then /id/102309754
News from them : https://twitter.com/nejc_kodric/status/552091195795845120
Twitter blocked by work proxy.. can someone please repost on here?
Yes of course :
Twitter blocked by work proxy.. can someone please repost on here?
"To restate: the bulk of our bitcoin are in cold storage, and remain completely safe."
There is also:
"Thank you all for your patience, we are working diligently to restore service and hope to have an ETA later today."
News from them : https://twitter.com/nejc_kodric/status/552091195795845120
Twitter blocked by work proxy.. can someone please repost on here?
Here's to hoping bitstamp bucks the exchange "oh no our site was hacked. .your burnt" scenario.
They said new deposit addresses were forthcoming and nothing has happened... this is what leads me to believe they might have a coding problem with address creation.
Maybe nothing's coming for the simple reason that they have a lot on their plate at the moment?Maybe it's more urgent to them to secure their assets than offereing frightened people a possibility to send them more bitcoins.
Just my 2 satoshis...
They said new deposit addresses were forthcoming and nothing has happened... this is what leads me to believe they might have a coding problem with address creation.
https://blockchain.info/address/1L2JsXHPMYuAa9ugvHGLwkdstCPUDemNCf
timestamp of the last trascaction -> 10:12.
bitstamp down from 10:12.
timestamp of the last trascaction -> 10:12.
bitstamp down from 10:12.
so they sent the funds to cold storage. And there is no issue I am hoping.
the question here is whose cold storage is that.
They stopped with deposits 3h before last transaction...
doesnt mean anything really, because someone could have sent his coins to the stamp's hacked hot wallet addresses.
in fact, I will send 1 satoshie to my old stamp address right about now just for fun.
To tarmi : Some new transactions can be seen on the "Hack" address. Could you see if some of these satoshis come from your address?
no.
Everything sent to that address since this morning is dust, apart from a 0.79556526 BTC deposit an hour and a half ago. Why would someone send 0.79556526 BTC there?
nobody did deposit directly to that address.
my guess is that someone did not read the notification and sent 0.79 btc to his old bitstamp address.
That would suggest Bitstamp's system must be partially running, and it has not been given a new hot wallet address to use. I would have expected Bitstamp to update it's system to use a new hot wallet address if it had lost control of it's old one.
if they lost control of the old wallet that doesnt mean that old addresses arent valid. they are, but I assume they are compromised.
https://blockchain.info/address/1L2JsXHPMYuAa9ugvHGLwkdstCPUDemNCf
timestamp of the last trascaction -> 10:12.
bitstamp down from 10:12.
timestamp of the last trascaction -> 10:12.
bitstamp down from 10:12.
so they sent the funds to cold storage. And there is no issue I am hoping.
the question here is whose cold storage is that.
They stopped with deposits 3h before last transaction...
doesnt mean anything really, because someone could have sent his coins to the stamp's hacked hot wallet addresses.
in fact, I will send 1 satoshie to my old stamp address right about now just for fun.
To tarmi : Some new transactions can be seen on the "Hack" address. Could you see if some of these satoshis come from your address?
no.
Everything sent to that address since this morning is dust, apart from a 0.79556526 BTC deposit an hour and a half ago. Why would someone send 0.79556526 BTC there?
nobody did deposit directly to that address.
my guess is that someone did not read the notification and sent 0.79 btc to his old bitstamp address.
That would suggest Bitstamp's system must be partially running, and it has not been given a new hot wallet address to use. I would have expected Bitstamp to update it's system to use a new hot wallet address if it had lost control of it's old one.
Hacks on exchanges are complicated. A hack on Bitstamp, which takes security seriously, it's extremely complicated.
So, if this happened, I would assume the hacker would have acquired access at least few days earlier. I would also assume code has been tampered with someway, and some audit has to be made. Even if they use strict change management policies, a full code audit is a must.
So, if this happened, I would assume the hacker would have acquired access at least few days earlier. I would also assume code has been tampered with someway, and some audit has to be made. Even if they use strict change management policies, a full code audit is a must.
News from them : https://twitter.com/nejc_kodric/status/552091195795845120
Bitcoin, the new digital currency of the Internet age!
Just don't ever store them on the Internet, or on a computer connected to the Internet. And when you set up your cold wallet, it's best to use a computer that's never been connected to the Internet before. (and if you print it with a network enabled printer, make sure that the wallet isn't stored in the cache).
Just don't ever store them on the Internet, or on a computer connected to the Internet. And when you set up your cold wallet, it's best to use a computer that's never been connected to the Internet before. (and if you print it with a network enabled printer, make sure that the wallet isn't stored in the cache).
https://blockchain.info/address/1L2JsXHPMYuAa9ugvHGLwkdstCPUDemNCf
timestamp of the last trascaction -> 10:12.
bitstamp down from 10:12.
timestamp of the last trascaction -> 10:12.
bitstamp down from 10:12.
so they sent the funds to cold storage. And there is no issue I am hoping.
the question here is whose cold storage is that.
They stopped with deposits 3h before last transaction...
doesnt mean anything really, because someone could have sent his coins to the stamp's hacked hot wallet addresses.
in fact, I will send 1 satoshie to my old stamp address right about now just for fun.
To tarmi : Some new transactions can be seen on the "Hack" address. Could you see if some of these satoshis come from your address?
no.
Everything sent to that address since this morning is dust, apart from a 0.79556526 BTC deposit an hour and a half ago. Why would someone send 0.79556526 BTC there?
Clearly profits outweigh security. It's all speculation at this point and there is a serious lack of information, but my guess is someone screwed up some code somewhere that was creating the hotwallet key pairs and they didn't realize until it was too late which is why they cannot honor any transactions sent to those addresses.
As I see it, there are three scenarios.
1. Bitstamp is pulling a runner, or has otherwise been fraudulent and can no longer cover it up. See Gox.
2. Bitstamp was hacked.
3. Your scenario, where an error was made and keys were lost. Edit: Possibly the keys might also have been made openly available through a server misconfiguration or such.
If it's a hack, they may or may not have lost funds. They may have been compromised in a way that might in principle expose the hot wallet keys to an intruder, but the intruder didn't or couldn't yet spend the BTC. Or they may have simply been robbed.
If it's #3, the BTC is probably lost. Now, in either scenario, #2 or #3, it makes sense for them to shut the service down. The system is compromised one way or another and can't be trusted to function properly. But Bitstamp remained open for business for some time after their announcement about the keys being compromised was made.
Wouldn't you pull the plug on the exchange immediately, if you knew you'd either been hacked or had been exposed to some kind of systemic flaw that might repeat itself? Why wait?
Because the analysis may take time. So you start communicating, then you realise the extent of the problem, and then only you pull the plug...
Shutting down impacts the reputation greatly. Perhaps they tried to mitigate the risk in other ways first. These exchanges depend of their reputation.
Wouldn't you pull the plug on the exchange immediately, if you knew you'd either been hacked or had been exposed to some kind of systemic flaw that might repeat itself? Why wait?
Clearly profits outweigh security. It's all speculation at this point and there is a serious lack of information, but my guess is someone screwed up some code somewhere that was creating the hotwallet key pairs and they didn't realize until it was too late which is why they cannot honor any transactions sent to those addresses.
Wouldn't you pull the plug on the exchange immediately, if you knew you'd either been hacked or had been exposed to some kind of systemic flaw that might repeat itself? Why wait?
Clearly profits outweigh security. It's all speculation at this point and there is a serious lack of information, but my guess is someone screwed up some code somewhere that was creating the hotwallet key pairs and they didn't realize until it was too late which is why they cannot honor any transactions sent to those addresses.
As I see it, there are three scenarios.
1. Bitstamp is pulling a runner, or has otherwise been fraudulent and can no longer cover it up. See Gox.
2. Bitstamp was hacked.
3. Your scenario, where an error was made and keys were lost. Edit: Possibly the keys might also have been made openly available through a server misconfiguration or such.
If it's a hack, they may or may not have lost funds. They may have been compromised in a way that might in principle expose the hot wallet keys to an intruder, but the intruder didn't or couldn't yet spend the BTC. Or they may have simply been robbed.
If it's #3, the BTC is probably lost. Now, in either scenario, #2 or #3, it makes sense for them to shut the service down. The system is compromised one way or another and can't be trusted to function properly. But Bitstamp remained open for business for some time after their announcement about the keys being compromised was made.
Wouldn't you pull the plug on the exchange immediately, if you knew you'd either been hacked or had been exposed to some kind of systemic flaw that might repeat itself? Why wait?
Jump to: