BTER.com hacked| 7170 BTC stolen | DON'T KEEP YOUR MONEY ON AN EXCHANGE | - page 64.

deisik

legendary

Activity: 3514

Merit: 1280

English ⬄ Russian Translation Services

Quote from: stdset on February 16, 2015, 06:35:52 AM

The hack transaction emptyed not only 1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e, but several other addresses too:
1CZ6jGQ9TPBjixtRkNZ21PNR8gQe7YNydE, 13sswj3bpfyFQby1oJbpjCUe18ZxUygKZt, 1Ni8z1MbaF4ri8GGE67BWtLu66YnXj2BuW, 1AeRVukQNG3qhd3i31pwFa7Z8qc6JnkYEs - the first 3 are all change addresses of their cold wallet, but the last one looks strange. There were no outgoing transactions from this address before the hack, only incoming ones, after the hack there were several incoming and outgoing transactions operating mostly with dust outputs.

Probably, Bter had to pay someone no matter what and what amount (we see escrowed transactions)... Cool

Also, how do you know that these addresses (except for 1M2bv, indeed) belong to Bter at all?

stdset

hero member

Activity: 572

Merit: 506

The hack transaction emptyed not only 1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e, but several other addresses too:
1CZ6jGQ9TPBjixtRkNZ21PNR8gQe7YNydE, 13sswj3bpfyFQby1oJbpjCUe18ZxUygKZt, 1Ni8z1MbaF4ri8GGE67BWtLu66YnXj2BuW, 1AeRVukQNG3qhd3i31pwFa7Z8qc6JnkYEs - the first 3 are all change addresses of their cold wallet, but the last one looks strange. There were no outgoing transactions from this address before the hack, only incoming ones, after the hack there were several incoming and outgoing transactions operating mostly with dust outputs.

deisik

legendary

Activity: 3514

Merit: 1280

English ⬄ Russian Translation Services

Quote from: dagi on February 16, 2015, 06:27:28 AM

Quote from: deisik on February 16, 2015, 06:20:42 AM

Quote from: dagi on February 16, 2015, 06:10:23 AM

Quote from: deisik on February 16, 2015, 05:59:56 AM

Quote from: dagi on February 16, 2015, 05:55:35 AM

Quote from: deisik on February 16, 2015, 05:47:58 AM

Did anyone try to decipher those cryptic messages in the transactions? Cool

cryptic messages? where?

Here, though they may be irrelevant... Cool

Also note one of the thief addresses (1Muse5NL7nDPPHVreF2Gkq5wv5XLbC2Qtz)

thx
Muse can be just from random key-address generator
and message .... i don't know ... just someone send message for the theft

Yes, but it was sent to all 7 (seven) addresses... Bter hand? Cool

probably yes
I can't decode these Chinese characters :-(

If these symbols represent the message in Chinese, then the recipient should be able to decipher them, which leaves us with an inference that they know (or think to know) who the thief is. Thus more weight to an inside job assumption... Cool

dagi

sr. member

Activity: 374

Merit: 250

Quote from: deisik on February 16, 2015, 06:20:42 AM

Quote from: dagi on February 16, 2015, 06:10:23 AM

Quote from: deisik on February 16, 2015, 05:59:56 AM

Quote from: dagi on February 16, 2015, 05:55:35 AM

Quote from: deisik on February 16, 2015, 05:47:58 AM

Did anyone try to decipher those cryptic messages in the transactions? Cool

cryptic messages? where?

Here, though they may be irrelevant... Cool

Also note one of the thief addresses (1Muse5NL7nDPPHVreF2Gkq5wv5XLbC2Qtz)

thx
Muse can be just from random key-address generator
and message .... i don't know ... just someone send message for the theft

Yes, but it was sent to all 7 (seven) addresses... Bter hand? Cool

probably yes
I can't decode these Chinese characters :-(

deisik

legendary

Activity: 3514

Merit: 1280

English ⬄ Russian Translation Services

Quote from: dagi on February 16, 2015, 06:10:23 AM

Quote from: deisik on February 16, 2015, 05:59:56 AM

Quote from: dagi on February 16, 2015, 05:55:35 AM

Quote from: deisik on February 16, 2015, 05:47:58 AM

Did anyone try to decipher those cryptic messages in the transactions? Cool

cryptic messages? where?

Here, though they may be irrelevant... Cool

Also note one of the thief addresses (1Muse5NL7nDPPHVreF2Gkq5wv5XLbC2Qtz)

thx
Muse can be just from random key-address generator
and message .... i don't know ... just someone send message for the theft

Yes, but it was sent to all 7 (seven) addresses... Bter hand? Cool

dagi

sr. member

Activity: 374

Merit: 250

Quote from: deisik on February 16, 2015, 05:59:56 AM

Quote from: dagi on February 16, 2015, 05:55:35 AM

Quote from: deisik on February 16, 2015, 05:47:58 AM

Did anyone try to decipher those cryptic messages in the transactions? Cool

cryptic messages? where?

Here, though they may be irrelevant... Cool

Also note one of the thief addresses (1Muse5NL7nDPPHVreF2Gkq5wv5XLbC2Qtz)

thx
Muse can be just from random key-address generator
and message .... i don't know ... just someone send message for the theft

deisik

legendary

Activity: 3514

Merit: 1280

English ⬄ Russian Translation Services

Quote from: dagi on February 16, 2015, 05:55:35 AM

Quote from: deisik on February 16, 2015, 05:47:58 AM

Did anyone try to decipher those cryptic messages in the transactions? Cool

cryptic messages? where?

Here, though they may be irrelevant (or are from Bter trying to get in touch with the thief himself)... Cool

Also note one of the thief addresses (1Muse5NL7nDPPHVreF2Gkq5wv5XLbC2Qtz)

dagi

sr. member

Activity: 374

Merit: 250

Quote from: deisik on February 16, 2015, 05:47:58 AM

Did anyone try to decipher those cryptic messages in the transactions? Cool

cryptic messages? where?

deisik

legendary

Activity: 3514

Merit: 1280

English ⬄ Russian Translation Services

Did anyone try to decipher those cryptic messages in the transactions? Cool

stdset

hero member

Activity: 572

Merit: 506

Quote from: deisik on February 16, 2015, 05:24:37 AM

Quote from: stdset on February 16, 2015, 05:11:15 AM

Quote from: deisik on February 16, 2015, 04:58:48 AM

As I said earlier, I had problems withdrawing bitcoins two days prior the hack (had to wait for two hours until my withdrawal request got finally processed), so it may well mean that their cold storage turned into hot wallet... Roll Eyes

There were no outgoing transactions from 1M2bv around Feb 12th.
Edit: Could you check your incoming transaction, where from the funds were sent?

I'm afraid not, at least right now, since I had been transferring funds from Bter to Bittrex, and there I can only see the date and sum of the deposit (and it was on the 14th actually, 12:13:55 AM, I just checked). If you give me an address of some blockchain explorer, I would try to find the transaction... Cool

Update: here's the transaction

Your transaction was sent from one of their hot wallet change addresses.

deisik

legendary

Activity: 3514

Merit: 1280

English ⬄ Russian Translation Services

Quote from: stdset on February 16, 2015, 05:11:15 AM

Quote from: deisik on February 16, 2015, 04:58:48 AM

As I said earlier, I had problems withdrawing bitcoins two days prior the hack (had to wait for two hours until my withdrawal request got finally processed), so it may well mean that their cold storage turned into hot wallet... Roll Eyes

There were no outgoing transactions from 1M2bv around Feb 12th.
Edit: Could you check your incoming transaction, where from the funds were sent?

I'm afraid not, at least right now, since I had been transferring funds from Bter to Bittrex, and there I can only see the date and sum of the deposit (and it was on the 14th actually, 12:13:55 AM, I just checked). If you give me an address of some blockchain explorer, I would try to find the transaction... Cool

Update: here's the transaction

stdset

hero member

Activity: 572

Merit: 506

Quote from: deisik on February 16, 2015, 04:58:48 AM

As I said earlier, I had problems withdrawing bitcoins two days prior the hack (had to wait for two hours until my withdrawal request got finally processed), so it may well mean that their cold storage turned into hot wallet... Roll Eyes

There were no outgoing transactions from 1M2bv around Feb 12th.
Edit: Could you check your incoming transaction, where from the funds were sent?

stdset

hero member

Activity: 572

Merit: 506

Their NXT wallets, both hot and cold also look OK:
https://nxtblocks.info/#section/accountId/NXT-LVKY-Q9KY-5Q2Z-AV9JA
https://nxtblocks.info/#section/accountId/NXT-R3V3-2S79-F3ZM-BVXKZ

deisik

legendary

Activity: 3514

Merit: 1280

English ⬄ Russian Translation Services

Quote from: mishax1 on February 16, 2015, 03:00:43 AM

Quote from: stdset on February 16, 2015, 02:39:51 AM

Looking at Bter's 'cold wallet' address: https://blockchain.info/address/1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e we see two outgoing transactions 8 minutes before the hack. Funds were sent to 17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9 which probably is one of Bter's hot wallet addresses, because there were more outgoing transactions from 1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e to that address before, and 17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9 has huge turnover. Before Feb 14'th, the most recent outgoing transaction from 1M2bv occured on Feb 2'nd, again funds were sent to 17o5z. And before Feb 2'nd the last outgoing transaction from 1M2bv happened on Jan 27'th, i.e. outgoing transactions were quite rare, what makes me believe, they indeed were using that address for cold storage.

That is mostly correct. This page shows that 1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87ewas used as a cold storage.

This doge wallet has over 4.5 billion dogecoins (which is more then 5% of all doges in circulation), and it hasn't been touched since December, 2014. At least doge owners may have some hope. I mean Bter may actually haven't scammed, otherwise why keep them there? Cool

Quote from: mishax1 on February 16, 2015, 03:00:43 AM

You can also see that 'someone'/something accessed the cold storage about 10 minutes before they took the 7K. Here and Here

As I said earlier, I had problems withdrawing bitcoins two days prior the hack (had to wait for two hours until my withdrawal request got finally processed), so it may well mean that their cold storage turned into hot wallet... Roll Eyes

stdset

hero member

Activity: 572

Merit: 506

Quote from: redsn0w on February 16, 2015, 04:46:40 AM

Quote from: stdset on February 16, 2015, 03:08:09 AM

If their cold wallet wasn't very cold, and they were infected with a trojan, that likely happened between Feb 2nd and Feb 14th. If it indeed was cold, the funds were stolen by somebody who had access to the wallet, especially during last several days before the hack.

I think their cold wallet wasn't a real cold wallet, when it was connected on "internet" it has lost the property of a cold wallet (or am I wrong ?).

I think we can't be sure for the time being.

redsn0w

legendary

Activity: 1778

Merit: 1043

#Free market

Quote from: stdset on February 16, 2015, 03:08:09 AM

If their cold wallet wasn't very cold, and they were infected with a trojan, that likely happened between Feb 2nd and Feb 14th. If it indeed was cold, the funds were stolen by somebody who had access to the wallet, especially during last several days before the hack.

I think their cold wallet wasn't a real cold wallet, when it was connected on "internet" it has lost the property of a cold wallet (or am I wrong ?).

acquafredda

legendary

Activity: 1316

Merit: 1481

Quote from: cshelswell on February 16, 2015, 12:37:12 AM

Quote from: Cluster2k on February 15, 2015, 11:01:10 PM

People keep repeating the mantra "don't keep your bitcoins anywhere but in your own wallet". It's almost blaming the victim for being so careless about who they trust. How do these people expect bitcoin commerce to work if businesses are always meant to be fearful of someone taking down an exchange? How many businesses function in a world where Mastercard, Visa, PayPal, etc could at any moment lose all customer funds?

How is an exchange like bitfinex meant to be funded if no one is ever to keep bitcoins on there to fund leveraged positions and earn interest?

Agreed. It's a real problem that the only safe thing to do with your btc is do nothing at all

I totally disagree. The fiat world works in a completely different way. And it's meant to work like that. They say your bank accounts and deposit are "safe" until a certain amount after that they do not guarantee your money back in case of failure, bankruptcy or whatever else.

The thing is that people here in the BTC world understood that this is the new way of getting "money from nothing".

Mt.gox, did that, mintpal did that, I'm not sure about bitstamp, bter probably did that etc.

Hence this is the problem: do we all see that this "legitimate" services which start nice and very well done at the end run away with customers money?
This is happening for cloudmining too. So many scams out there.

This world is very difficult. And we don't even know who we're playing with.

That said, I'll keep my BTC on my wallet. I'm my own guard. I do not need an exchange so far.

My 2 satoshis

stdset

hero member

Activity: 572

Merit: 506

If their cold wallet wasn't very cold, and they were infected with a trojan, that likely happened between Feb 2nd and Feb 14th. If it indeed was cold, the funds were stolen by somebody who had access to the wallet, especially during last several days before the hack.

mishax1

legendary

Activity: 2898

Merit: 1017

Quote from: stdset on February 16, 2015, 02:39:51 AM

Looking at Bter's 'cold wallet' address: https://blockchain.info/address/1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e we see two outgoing transactions 8 minutes before the hack. Funds were sent to 17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9 which probably is one of Bter's hot wallet addresses, because there were more outgoing transactions from 1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e to that address before, and 17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9 has huge turnover. Before Feb 14'th, the most recent outgoing transaction from 1M2bv occured on Feb 2'nd, again funds were sent to 17o5z. And before Feb 2'nd the last outgoing transaction from 1M2bv happened on Jan 27'th, i.e. outgoing transactions were quite rare, what makes me believe, they indeed were using that address for cold storage.

That is mostly correct. This page shows that 1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87ewas used as a cold storage.

You can also see that 'someone'/something accessed the cold storage about 10 minutes before they took the 7K. Here and Here

stdset

hero member

Activity: 572

Merit: 506

Looking at Bter's 'cold wallet' address: https://blockchain.info/address/1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e we see two outgoing transactions 8 minutes before the hack. Funds were sent to 17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9 which probably is one of Bter's hot wallet addresses, because there were more outgoing transactions from 1M2bv6sypZSp6uAEC9U4Gzvgp6jd29F87e to that address before, and 17o5zDFGNvP5H2iWd7aWbhacwS1HKDE4i9 has huge turnover. Before Feb 14'th, the most recent outgoing transaction from 1M2bv occured on Feb 2'nd, again funds were sent to 17o5z. And before Feb 2'nd the last outgoing transaction from 1M2bv happened on Jan 27'th, i.e. outgoing transactions were quite rare, what makes me believe, they indeed were using that address for cold storage.

Topic: BTER.com hacked| 7170 BTC stolen | DON'T KEEP YOUR MONEY ON AN EXCHANGE | - page 64. (Read 119723 times)