Author

Topic: Bter Feb 14th hack. Blockchain analysis. (Read 2442 times)

hero member
Activity: 572
Merit: 506
February 23, 2015, 07:09:14 AM
#14
This address: https://blockchain.info/address/1J4TJQKgh1phPMcsV8cbRkAhV2Q6V8wW25
also seems to be related to BitcoinFog, although this connection isn't as obvious and straightforward as in the case of 1812GWjALf17QPvn4pRRkpSJ3Qt6kx7w2e
Update: as well as https://blockchain.info/address/1Foex8UKai3FMqXzNaQj28MBVmksZ7eJRK
https://blockchain.info/address/1GFX81qZpYNg1m3KxqyUDD4pBT5w8uiMvg - very closely related to BitcoinFog, probaly is one of their addresses too.
sr. member
Activity: 350
Merit: 250
February 23, 2015, 06:57:10 AM
#13
Personally I don't know why you wouldn't just do the following if you were the hacker:

Split up the 7000 into 100 or 200 increments of BTC in each address.

Send to bitmixer.io and do a selective, different fee each time. Do one address (of 100-200 BTC) every couple of days, in no predictable fashion. Set a random time delay on each mix to also prevent time delay.

And boom. Coins mixed. Now sell them.
hero member
Activity: 742
Merit: 526
February 23, 2015, 06:51:23 AM
#12
If he used fog, then it might say 2 things:

1. He won't get his stoled btc back.
2. He is bitcoinfogs' operator.

lol
!! SCAM !!

10 days passed, more than 1000 confirmations, more than 25 BTC..
they are selective scammers, definetely. when i try to withdraw small sums like 0.1-0.2 BTC it's ok, but the real big money didn't even shown on my dep.

BITCOIN FOG = SCAMMERS, they only let small balances out, but don't even try to send'em more than 5-10 BTC..

Am I the only one who waits so long time?..


Also, it should be easy to get the stolen BTER bitcoins new addresses

Quote
Do you keep logs?

We keep logs for 1 week for debugging and troubleshooting purposes. After that they are automatically deleted. ALL logs are taken care of. Even the bitcoin client we use is purged every week, starting with a fresh installation of only the block chain, and importing all the addresses we need at that point automatically. That way, if you have received a payment from us a month ago, not even the address will be left on our server. If any service tells you that they don't keep any logs at all, they are most probably lying, becauase when clients come asking for funds they think are missing, not having any history is like turning our backs on them and not being able to provide any support.


Bitcoin Fog: the service will from now on have a new url: http://foggeddriztrcar2.onion

Very strange name for a public service indeed. Also, I don't believe that all the logs are automatically deleted after one week (whatever they might try to persuade you in). Most obviously they are archived and written to some storage media like CDs or whatever.
legendary
Activity: 2898
Merit: 1017
February 23, 2015, 03:24:40 AM
#11
If he used fog, then it might say 2 things:

1. He won't get his stoled btc back.
2. He is bitcoinfogs' operator.


lol
!! SCAM !!

10 days passed, more than 1000 confirmations, more than 25 BTC..
they are selective scammers, definetely. when i try to withdraw small sums like 0.1-0.2 BTC it's ok, but the real big money didn't even shown on my dep.

BITCOIN FOG = SCAMMERS, they only let small balances out, but don't even try to send'em more than 5-10 BTC..

Am I the only one who waits so long time?..


Also, it should be easy to get the stolen BTER bitcoins new addresses

Quote
Do you keep logs?

We keep logs for 1 week for debugging and troubleshooting purposes. After that they are automatically deleted. ALL logs are taken care of. Even the bitcoin client we use is purged every week, starting with a fresh installation of only the block chain, and importing all the addresses we need at that point automatically. That way, if you have received a payment from us a month ago, not even the address will be left on our server. If any service tells you that they don't keep any logs at all, they are most probably lying, becauase when clients come asking for funds they think are missing, not having any history is like turning our backs on them and not being able to provide any support.


Bitcoin Fog: the service will from now on have a new url: http://foggeddriztrcar2.onion
sr. member
Activity: 356
Merit: 250
February 22, 2015, 11:38:23 PM
#10
It is so fucking sad to see people involve themselves with problem like this.
legendary
Activity: 1540
Merit: 1013
February 20, 2015, 08:27:08 AM
#9
I asked BTER to provide proof they went to the police to file a complaint but my mails went unanswered, I suggest we all send them tweets (https://twitter.com/btercom) or write them e-mails to provide such information ([email protected]).

Suspecting fool play as it was an alleged "cold wallet hack". Wouldn't be the first exchange to do so...

yeah right, cold wallet hacked is really an old fashion way of saying we are shutting down, but  taken by their action to refund their customer, it could be really hacked, but we dont know for sure until full report shown
newbie
Activity: 52
Merit: 0
February 19, 2015, 07:09:16 PM
#7
Soon after the hack, the thief (or somebody who received coins from him) distributed the smallest (170 BTC) of chunks he created, to several addresses in an interesting transaction: https://blockchain.info/address/1812GWjALf17QPvn4pRRkpSJ3Qt6kx7w2e
Most of the addresses where the coins were sent to were used again and again either before or after the transaction from the thief. I think it's hardly a mixer, since a good mixer absolutely should not reuse addresses. It could be e.g. another exchange (for example BTC-e, because they have plenty of fiat withdrawal options and they don't ask lots of questions like some other exchanges where fiat is present), anyway it could be helpful in chasing the thief.

To the mixer: http://www.walletexplorer.com/wallet/fea18c17bd397803?from_address=1812GWjALf17QPvn4pRRkpSJ3Qt6kx7w2e
sr. member
Activity: 308
Merit: 250
February 18, 2015, 09:51:00 AM
#6
I asked BTER to provide proof they went to the police to file a complaint but my mails went unanswered, I suggest we all send them tweets (https://twitter.com/btercom) or write them e-mails to provide such information ([email protected]).

Suspecting fool play as it was an alleged "cold wallet hack". Wouldn't be the first exchange to do so...
hero member
Activity: 572
Merit: 506
February 18, 2015, 07:14:57 AM
#5
There is no doubt that this was an insider who had access to the cold storage wallet.
Why are you so sure?
legendary
Activity: 1610
Merit: 1004
February 18, 2015, 07:00:50 AM
#4
There is no doubt that this was an insider who had access to the cold storage wallet . This is hard to define that if he did it by his own or many people were involved in this act.
hero member
Activity: 572
Merit: 506
February 18, 2015, 04:40:43 AM
#3
Soon after the hack, the thief (or somebody who received coins from him) distributed the smallest (170 BTC) of chunks he created, to several addresses in an interesting transaction: https://blockchain.info/address/1812GWjALf17QPvn4pRRkpSJ3Qt6kx7w2e
Most of the addresses where the coins were sent to were used again and again either before or after the transaction from the thief. I think it's hardly a mixer, since a good mixer absolutely should not reuse addresses. It could be e.g. another exchange (for example BTC-e, because they have plenty of fiat withdrawal options and they don't ask lots of questions like some other exchanges where fiat is present), anyway it could be helpful in chasing the thief.
newbie
Activity: 52
Merit: 0
February 16, 2015, 08:45:27 PM
#2
17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9
yes it is a Bter address

It has been collecting a lot of little funds from change address's
hero member
Activity: 572
Merit: 506
February 16, 2015, 03:45:26 AM
#1
There are already several threads about the hack. I suggest to post here info backed by something more than pure speculation, conclusions which could be made from blockchain analysis, your constructive thoughts.

Here is what I posted in another thread:

Looking at Bter's 'cold wallet' address: https://blockchain.info/address/1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e we see two outgoing transactions 8 minutes before the hack. Funds were sent to 17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9 which probably is one of Bter's hot wallet addresses, because there were more outgoing transactions from 1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e to that address before, and 17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9 has huge turnover. Before Feb 14th, the most recent outgoing transaction from 1M2bv occured on Feb 2nd, again funds were sent to 17o5z. And before Feb 2nd the last outgoing transaction from 1M2bv happened on Jan 27th, i.e. outgoing transactions were quite rare, what makes me believe, they indeed were using that address for cold storage.
If their cold wallet wasn't very cold, and they were infected with a trojan, that likely happened between Feb 2nd and Feb 14th. If it indeed was cold, the funds were stolen by somebody who had access to the wallet, especially during last several days before the hack.
Jump to: