Author

Topic: BTC-e hacked ?? - page 119. (Read 199749 times)

full member
Activity: 233
Merit: 100
July 26, 2017, 01:59:45 PM
First of all, he is not in the hands of the FBI yet, he was just detained by the Greek police, though it seems that he was arrested specifically by the request from the US authorities. Further, this dude might be a Russian citizen so the US authorities could encounter some issues extraditing him to the US where he is to be tried. In fact, Greece may have to make a tough choice right now since Greek authorities seem to be slightly pro-Russian these days but the country is still a NATO member anyway. Things are likely to get quite complicated here

Why do you think that Greece is pro-Russian these days? You maybe mixing Greece with Turkey?

It is not about just these days

Greece is an Eastern Orthodox Church country like Russia, and Russia in the past always supported or even directly participated in the warfare at the Greek side against same Turkey. Now Greece is one of the few older NATO members extensively using Russian weaponry, so there is substantial Russian economic presence in the country. Regarding Turkey specifically, Russia could very well play a role of an intermediary or mediator between these two countries. In any case, Turkey has never been Russia's ally and will never be

We don't have many Russian made weapons. Some APCs, a couple hovercrafts and one s300 system. Cyprus is the one that the military mostly consists of Russian weaponry. Greece in 2005 wanted to turn to Russia but was actively blocked by the US (google "Pythia 1 plan"). Greece always was a yes man of the west and always will be. Now the actual public opinion? that's different.
legendary
Activity: 1232
Merit: 1091
July 26, 2017, 01:53:41 PM
Latest tweet:

Update2: At the moment, work is underway to restore the service. Approximate terms from 5 to 10 days. Thank you for understanding

That's quite a bummer. At least there is someone else in control of everything. It may very well turn out that they are preparing themselves to move away from where their servers are located -- all to avoid the scenario where the alleged arrested BTC-E admin opens his mouth. In essence, if they do it properly, they could even be fully operational again, but it might be me just wishful thinking. At the end of the day, it was a much needed bit of communication with the desperate outside world.
legendary
Activity: 1552
Merit: 1047
July 26, 2017, 01:53:27 PM
Latest tweet:

Update2: At the moment, work is underway to restore the service. Approximate terms from 5 to 10 days. Thank you for understanding
This is great news. It sounds like the second admin is still on the loose. Hope he is safe and well. If we're lucky the USSA did not manage to seize funds nor server in time and we will be able to get it back.
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
July 26, 2017, 01:51:08 PM
First of all, he is not in the hands of the FBI yet, he was just detained by the Greek police, though it seems that he was arrested specifically by the request from the US authorities. Further, this dude might be a Russian citizen so the US authorities could encounter some issues extraditing him to the US where he is to be tried. In fact, Greece may have to make a tough choice right now since Greek authorities seem to be slightly pro-Russian these days but the country is still a NATO member anyway. Things are likely to get quite complicated here

Why do you think that Greece is pro-Russian these days? You maybe mixing Greece with Turkey?

It is not about just these days

Greece is an Eastern Orthodox Church country like Russia, and Russia in the past always supported or even directly participated in the warfare at the Greek side against same Turkey. Now Greece is one of the few older NATO members extensively using Russian weaponry, so there is substantial Russian economic presence in the country. Regarding Turkey specifically, Russia could very well play the role of an intermediary or mediator between these two countries. In any case, Turkey has never been Russia's ally and will never be

Interesting details. Anyway if that was related only to ETH couldn't they just stop ETH trades and deposits?

You should read more carefully. It is about a similar attack vector (obviously Bitcoin related), not about Ethereum at all
newbie
Activity: 56
Merit: 0
July 26, 2017, 01:49:44 PM
The Facts.

Ok guys, if you want to know.

1) Two nights ago, "anomolous activity" led staff to believe that an attack similar to the ETC syphon attack after the ETH fork was being prepared for August 1st
2) To isolate these effects of this activity, the btc-e core trade engine and dependent applications have been quarantined
3) Work around code has been completed and tested in a sandbox environment, however:
4) BTCe should be fully functional *only after* August 1st as a contingency

Interesting details. Anyway if that was related only to ETH couldn't they just stop ETH trades and deposits?
member
Activity: 131
Merit: 13
In the fray since 2013.
July 26, 2017, 01:49:34 PM
The Facts.

Ok guys, if you want to know.

1) Two nights ago, "anomolous activity" led staff to believe that an attack similar to the ETC syphon attack after the ETH fork was being prepared for August 1st
2) To isolate these effects of this activity, the btc-e core trade engine and dependent applications have been quarantined
3) Work around code has been completed and tested in a sandbox environment, however:
4) BTCe should be fully functional *only after* August 1st as a contingency





\Att new update, I think this is very much in line with what you write

"Update2: At the moment, work is underway to restore the service. Approximate terms from 5 to 10 days. Thank you for understanding"
legendary
Activity: 1470
Merit: 1004
July 26, 2017, 01:48:19 PM
Latest tweet:

Update2: At the moment, work is underway to restore the service. Approximate terms from 5 to 10 days. Thank you for understanding

yeah, in short "give us time to withdraw the funds"   Cheesy
legendary
Activity: 1414
Merit: 1000
July 26, 2017, 01:47:00 PM
Latest tweet:

Update2: At the moment, work is underway to restore the service. Approximate terms from 5 to 10 days. Thank you for understanding
hero member
Activity: 784
Merit: 502
July 26, 2017, 01:43:36 PM
The Facts.

Ok guys, if you want to know.

1) Two nights ago, "anomolous activity" led staff to believe that an attack similar to the ETC syphon attack after the ETH fork was being prepared for August 1st
2) To isolate these effects of this activity, the btc-e core trade engine and dependent applications have been quarantined
3) Work around code has been completed and tested in a sandbox environment, however:
4) BTCe should be fully functional *only after* August 1st as a contingency



newbie
Activity: 56
Merit: 0
July 26, 2017, 01:43:12 PM
First of all, he is not in the hands of the FBI yet, he was just detained by the Greek police, though it seems that he was arrested specifically by the request from the US authorities. Further, this dude might be a Russian citizen so the US authorities could encounter some issues extraditing him to the US where he is to be tried. In fact, Greece may have to make a tough choice right now since Greek authorities seem to be slightly pro-Russian these days but the country is still a NATO member anyway. Things are likely to get quite complicated here

Why do you think that Greece is pro-Russian these days? You maybe mixing Greece with Turkey?
full member
Activity: 233
Merit: 100
July 26, 2017, 01:40:10 PM

If they Fed's have it, that could be a different story, but if that's the case, why did someone take the time to replace the cloudflare page with an official looking "Down for maintenance" page? If they FBI took it down, they usually like to brag about it.

FBI haven't found the servers probably, yet. They only got one admin. They'll make him squeal. That's very easy. 2 choices.

1-Alex tells them everything, he stays in jail for the rest of his life.
2-Alex tells them nothing, he still goes to jail but he'll get some extra there;)

It's only a matter of time now.
Greek authorities seem to be slightly pro-Russian these days

Unfortunately this is not 2005. I can god damn guarantee you myself that Greece would never say no or even pose a the slightest of arguments vs the US government.
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
July 26, 2017, 01:35:55 PM

If they Fed's have it, that could be a different story, but if that's the case, why did someone take the time to replace the cloudflare page with an official looking "Down for maintenance" page? If they FBI took it down, they usually like to brag about it.

FBI haven't found the servers probably, yet. They only got one admin. They'll make him squeal. That's very easy. 2 choices.

1-Alex tells them everything, he stays in jail for the rest of his life.
2-Alex tells them nothing, he still goes to jail but he'll get some extra there;)

It's only a matter of time now.

I should disagree with you regarding this matter

First of all, he is not in the hands of the FBI yet, he was just detained by the Greek police, though it seems like he was arrested specifically by the request from the US authorities. Further, this dude might be a Russian citizen so the US authorities could encounter some issues extraditing him to the US where he is to be tried. In fact, Greece may have to make a tough choice right now since Greek authorities seem to be slightly pro-Russian these days but the country is still a NATO member anyway. Things are likely to get quite complicated here
newbie
Activity: 56
Merit: 0
July 26, 2017, 01:27:30 PM
Quote
To be clear, this investigation turned up evidence to identify Vinnik not as a hacker/thief but as a money launderer; his arrest news also suggests this is what he is being suspected for. He may have merely bought cheap coins from thieves and offered a laundering service. He is, however, a crucial piece of the puzzle, as he will have likely known who he was dealing with and laundering for, and so represents a major breakthrough in the case. We assume that law enforcement will now be taking the appropriate next steps to pursue all the remaining angles and hopefully identify the other individuals involved as well.

No surprises.

Everybody saw that over the years. Whenever an exchange gets hacked, it was btc-e who took the coins and distributed to the other people. It was always btc-e where the action was happened, people cheered up "cheap coins!!!1!" in their trollbox. I know it because I was there when Gox happened and I was there when Finex happened.

Nobody assumed that they were in an agreement with the hackers though. (some did maybe, I didn't) Everybody assumed that those hacked coins made their way into btc-e magically.  Cheesy

Now we know why they were too picky about their anonymity.

If everybody saw it why do you write about it? Anyway your signature with bitmixer.io is outdated since that site is not offering mixing services anymore.

They were anonymous to general public but not to government and financial institutions...... Mayzus Financial Services Ltd, Deutsche bank, Cloudflare, xBTCe....... do you think they all would do the businesses without know-your-customer checks for years?
legendary
Activity: 3276
Merit: 2442
July 26, 2017, 01:19:10 PM
Quote
To be clear, this investigation turned up evidence to identify Vinnik not as a hacker/thief but as a money launderer; his arrest news also suggests this is what he is being suspected for. He may have merely bought cheap coins from thieves and offered a laundering service. He is, however, a crucial piece of the puzzle, as he will have likely known who he was dealing with and laundering for, and so represents a major breakthrough in the case. We assume that law enforcement will now be taking the appropriate next steps to pursue all the remaining angles and hopefully identify the other individuals involved as well.

No surprises.

Everybody saw that over the years. Whenever an exchange gets hacked, it was btc-e who took the coins and distributed to the other people. It was always btc-e where the action was happened, people cheered up "cheap coins!!!1!" in their trollbox. I know it because I was there when Gox happened and I was there when Finex happened.

Nobody assumed that they were in an agreement with the hackers though. (some did maybe, I didn't) Everybody assumed that those hacked coins made their way into btc-e magically.  Cheesy

Now we know why they were too picky about their anonymity.
newbie
Activity: 12
Merit: 0
July 26, 2017, 01:06:21 PM
On the other hand if BTC-e really had a contingency plan to pull a kill switch of sorts and move the server and everything on it to a new place (like thepiratebay.org) and they end up reopening and giving everyone back their funds plus some compensation for loses, they would probably become more popular than ever.
staff
Activity: 3500
Merit: 6152
July 26, 2017, 01:04:49 PM
That's nice!
means some member of the btc-e team is just laughing on people's struggle, reading around ...

We don't know who is controlling the account and we don't know If the team members know each others and If they were actually planning for this. It's very likely that only the owner got arrested and the rest of the people has nothing to do with it but Its impossible to know anything for sure as the team is unknown for the public.

I can't say that the bitcoiners don't take a percentage If the exchange goes down though, they have been told over and over to not hold their coins on exchanges, 1st august and we told them to not do that more, but not one listens. The trading volume this exchange had was like 50 million dollar daily, It's probably not as big as Mt.gox but It will definitely have an impact, not on the price probably but on how people will look at cryptos.
jr. member
Activity: 57
Merit: 25
July 26, 2017, 01:03:32 PM
Quote
To be clear, this investigation turned up evidence to identify Vinnik not as a hacker/thief but as a money launderer; his arrest news also suggests this is what he is being suspected for. He may have merely bought cheap coins from thieves and offered a laundering service. He is, however, a crucial piece of the puzzle, as he will have likely known who he was dealing with and laundering for, and so represents a major breakthrough in the case. We assume that law enforcement will now be taking the appropriate next steps to pursue all the remaining angles and hopefully identify the other individuals involved as well.
member
Activity: 104
Merit: 10
July 26, 2017, 01:00:58 PM
Not sure how much value it has, but the btc-e forum account just came online. https://bitcointalksearch.org/user/btc-ecom-33012

I seriously hope this is a good sign as I have 1 BTC in my exchange account that I desperately look to withdraw from there as soon as they put the site back online (if ever). If they can access their main forum account, they can also share some more details -- the silence is literally pissing off thousands of people as we speak.

That's nice!
means some member of the btc-e team is just laughing on people's struggle, reading around ...
legendary
Activity: 1232
Merit: 1091
July 26, 2017, 12:56:30 PM
Not sure how much value it has, but the btc-e forum account just came online. https://bitcointalksearch.org/user/btc-ecom-33012

I seriously hope this is a good sign as I have 1 BTC in my exchange account that I desperately look to withdraw from there as soon as they put the site back online (if ever). If they can access their main forum account, they can also share some more details -- the silence is literally pissing off thousands of people as we speak.
newbie
Activity: 28
Merit: 0
July 26, 2017, 12:55:10 PM
http://blog.wizsec.jp/2017/07/breaking-open-mtgox-1.html

July 27, 2017
Breaking open the MtGox case, part 1
Earlier today news broke of an arrest in Greece of a Russian national suspected of running a large-scale money laundering operation focused on Bitcoin. The man has since been publicly identified as Alexander Vinnik, 38, and over $4 billion USD is said to have been trafficked through the operation since 2011.

We won't beat around the bush with it: Vinnik is our chief suspect for involvement in the MtGox theft (or the laundering of the proceeds thereof). This is the result of years of patient work, and these findings were surely independently uncovered by other investigators as well. Everyone who worked on the case have patiently kept quiet while forwarding findings to law enforcement, so as not to tip suspects off and to maximize the chances of arrests.

With such an arrest actually happening, we think today might — finally — be the day when we can begin talking about what we've actually been doing all this time and what we found. Thank you for your patience.


Summary
We're going to split this into a couple of different posts, as our full findings cover a wider range of topics, and for this post we'll just very quickly summarize the main BTC theft and its connection to Vinnik:

    In September 2011, the MtGox hot wallet private keys were stolen, in a case of a simple copied wallet.dat file. This gave the hacker access to a sizable number of bitcoins immediately, but also were able to spend the incoming trickle of bitcoins deposited to any of the addresses contained.
    Over time, the hacker regularly emptied out whatever coins they could spend using the compromised keys, and sent them to wallet(s) controlled by Vinnik. This went on for long periods, but also had breaks — a prominent second phase of thefts happened later in 2012 and 2013.
    By mid 2013 when the funds spendable from the compromised keys had slowed to a near halt, the thief had taken out about 630,000 BTC from MtGox.
    In addition, the shared keypool of the wallet.dat file lead to address reuse, which confused MtGox's systems into mistakenly interpreting some of the thief's spending as deposits, crediting multiple user accounts with large sums of BTC and causing MtGox's numbers to go further out of balance by about 40,000 BTC. None of these users seem to have reported their "sudden luck".
    After the coins entered Vinnik's wallets, most were moved to BTC-e and presumably sold off or laundered (BTC-e money codes were a popular choice). In total some 300,000 BTC ended up on BTC-e, while other coins were deposited to other exchanges, including MtGox itself.
    Some of the funds moved to BTC-e seem to have moved straight to internal storage rather than customer deposit addresses, hinting at a relationship between Vinnik and BTC-e.
    The stolen MtGox coins were not the only stolen coins handled by Vinnik; coins stolen from Bitcoinica, Bitfloor and several other thefts from back in 2011 and 2012 were all laundered through the same wallets.
    Moving coins back onto MtGox was what let us identify Vinnik, as the MtGox accounts he used could be linked to his online identity "WME". As WME, Vinnik had previously made a public outcry that coins had been confiscated from him (the coins in question coming from Bitcoinica).
    There were other thefts and incidents explaining other missing funds from MtGox. More on that in later posts.

There will be follow-up posts fleshing out the details of this post as well, for now we are keeping it short simply to stay close to the announcement of the arrest.
Coin flow
Having identified the actual transactions for the bulk of the stolen MtGox bitcoins, we traced them and clustered all addresses involved, quickly finding that other stolen coins were making their way into the same wallets. Below is a summarized illustration highlighting the theft coin flow of September 2011 onwards:

    (The top area of the graph includes clusters unrelated to Vinnik, and appear to be part of a different theft.)

As some coins were deposited back to MtGox, we could identify which accounts were used to receive them; two in particular were of interest, and were possible to link to the online identity "WME". (Clusters who directly used these MtGox accounts are highlighted in red.) WME has been active since a long time back, often advertising "cheap coins" on the BitcoinTalk forums and wanting to trade exchange money codes. BTC-e publicly vouched for him, saying that "[we] know WME very well".

WME was involved with an incident involving stolen Bitcoinica funds (visible in the graph above), which provided yet another strong indicator that we had identified the right man, seemingly the main money launderer behind the MtGox heist. This incident also ended up revealing the name "Alexander Vinnik", though we didn't at the time think it was his real name, having seen many aliases. Today's arrest suggests it was real after all

To be clear, this investigation turned up evidence to identify Vinnik not as a hacker/thief but as a money launderer; his arrest news also suggests this is what he is being suspected for. He may have merely bought cheap coins from thieves and offered a laundering service. He is, however, a crucial piece of the puzzle, as he will have likely known who he was dealing with and laundering for, and so represents a major breakthrough in the case. We assume that law enforcement will now be taking the appropriate next steps to pursue all the remaining angles and hopefully identify the other individuals involved as well.

Next
We're currently preparing more material for disclosure, so for more information on the MtGox theft, and all the other aspects of the MtGox case that we didn't have time to cover in this post, stay tuned and check back again soon.
Jump to: