You have my deepest apologize for the following wall of text, but a lot of people have been asking me questions about this conversation, so without further ado, here it is;
11/16/13
To:
[email protected]Hi Tradefortress,
could you answer a couple quick questions?
1.) When did you first notice that the hot wallet was empty?
2.) How and when did you first realize your Linode administrative account was reset?
3.) Could you post the password reset logs for your Linode administrative console, and tell Linode employees that they may verify them for whoever asks?
4.) Do you have, and could you post, the logs of what the hacker did while he was logged into the Linode administrative console?
5.) Were the logins from 101.0.79.18 into your Linode administrative console, that you posted, the only time the hacker accessed it?
Thank you!
[DumbFruit]
11/16/13
Hi [DumbFruit],
Oct 23th PST time (24th Aus time). A second hack occurred on the Oct 26th (the other 160 BTC).
The compromise was done through compromising multiple of my old email addresses in a chain (compromise one which was the recovery email for another), which led them to
[email protected] which received emails forwarded from
[email protected]. The attacker was able to reset Linode and Apis networks passwords. Email forwarding was disabled on the 26th (PST, 27th Aus).
I've already posted login logs for Linode on bitcointalk, I've attached logins for apisnetworks which were also reset.
5: Yes, to linode manager. The attacker on the Oct 26th used Lish to skip linode manager and directly shell into the Linode, bypassing 2FA on the manager.
4: The incomplete logs were obtained through lish logview's buffer. The attacker installed mc (midnight commander) and used it to transfer files containing credentials via FTP to 0;
[email protected]:
[email protected]. From the midnight commander view, the remote server also has another bit.php file not from Inputs. I speculate that this is taken from another service.
3: I do not see where I have access linode password reset logs. I've sent a support ticket to linode requesting such, and authorizing them to provide it to anyone who asks. Ticket ID 2560514
11/16/13
Thank you so much for answering my questions!
How did you find out the Linode Manager password reset if you couldn't access your email? The first time you tried logging in after the hacker you succeeded.
Also, how did the hacker gain access to Linode Manager if it had 2FA on it?
You absolutely need to press charges against the hacker. They would be able to subpoena that hosting provider and find out who was leasing that server, and they would be able to subpoena Mt.Gox to see if the hacker sent the coins there.
The server was American, and the transaction that moved the coins out of the hackers address also originated in the US.
Finally, could you please send signed data that includes what your users owe, how much you've paid out, and have you considered getting a loan to cover the remaining btc shortfall?
Thanks again,
[DumbFruit]
11/16/13
1. The attacker compromised
[email protected] which had emails forwarded from
[email protected]2. Linode staff has said the attacker can access lish via without 2FA, which grants them SSH access
3. That server is a compromised server.
11/16/13
How do you know the american server is compromised? Are they liable for the damage that was caused via their server?
I thought you said that the hacker only used lish the second time, that doesn't explain how he got access to the Linode Manager the first time, as shown in your logs, right?
If you don't want to give me any financial data I understand, are you working with anyone to help you help you oversee your operation?
[DumbFruit]
11/16/13
1. It's pretty obvious looking at the site.
2. 2FA wasn't enabled the first time.
11/16/13
Also, re password reset logs:
Support Ticket 2560514 regarding account 'gladoscc' has been updated by 'jstewart'
------------------------------
--------------------
Hello,
Thank you for reaching out to us. I'm querying our admins to see if it is possible to generate a password reset log. I will let you know once I have an answer from them.
Regards,
James
--------------------------------------------------
Please use
https://manager.linode.com/support/ticket/2560514 to respond to this ticket.
Thank you,
Linode.com
11/16/13
Thanks, that clears up alot.
Regarding the coins you owe me (DumbFruit), if you send me 500 bitcoins to me before the end of the day (17th Australian time) I would be willing to forgive the remaining 455btc.
With the ever increasing value of BTC, I think that seems reasonable.
I can send and receive btc an address I used to deposit into Inputs.io if you want me to prove it's me.
[DumbFruit]
11/16/13
Well, if you want to make a different offer, you know where I am.
Thank you for your answers,
[DumbFruit]
11/17/13
Hi [DumbFruit],
I can offer you 100% of the amount if we re-denominate the balance in USD from the date you deposited. This is valid for 24 hours.
11/17/13
It looks like it was around $102.00.
102/500=.204
955*.204=194
Make it an even 200 and we have an agreement. (Given the crazy fluctuations in price.)
[BTC address here.]
[DumbFruit]
11/17/13
Hi TradeFortress,
I’m concerned about your lack of response.
If you don’t like the numbers I used, then lets use the numbers that were accurate when you made the proposal. At 2:40am, Eastern Standard time, the price of btc was less than $470.00 each.
The moment I sent the btc to Inputs.io, the price was $103.00.
103/470 = 0.2191
0.2191*955= 209.28723404
You made the proposal at 11/17 at 2:40am East Standard time. It is currently 11/17, 9:50pm Eastern Standard time. Less than 24 hours, so I am within your deadline.
I accept your proposal exactly as you put it forward with no modifications. Please honor your word.
I’m sorry for being impatient, I know you have a lot on your plate.
Thank you,
[DumbFruit]
Price of btc when I deposited to Inputs.io;
http://bitcoincharts.com/charts/mtgoxUSD#rg2zczsg2013-8-10zeg2013-08-10ztgSzm1g10zm2g25zvPrice of btc when you made the proposal;
http://bitcoincharts.com/charts/mtgoxUSD#rg2zczsg2013-11-16zeg2013-11-16ztgSzm1g10zm2g25zvMy transaction into Inputs.io;
The address that you can send the btc to, that was used to deposit to Inputs.io;
11/17/13
Come on, you chose to do the transaction while the price was at a peak, long after I agreed to the transaction. You also chose the Mt.Gox exchange price which is the highest. That is completely unfair.
I specificially said "209.28723404" or "200".
[DumbFruit]
11/17/13
Hi [DumbFruit],
Our offer was "I can offer you 100% of the amount if we re-denominate the balance in USD from the date you deposited. This is valid for 24 hours." which we both agree to. Bitcoin is simply the method we use to transfer, so logically the amount would be based on when the transaction is made. (Same thing if you buy something priced in Euros with a USD credit card, not when you add something to the shopping cart).
The price of when you sent to Inputs.io was $103 (using mtgox)
The current spot price of BTCUSD on Mtgox is $564
103/564=0.1826
0.1826*955=174.383
Payment:
Please see the TXID 72c77cd3de9e34f0c4a1520fdba0ffab10354d5975ab99a54c1ff0c7084adac2
11/17/13
Hi,
If you do not wish for me to use mtgox, why would you use mtgox yourself?
11/17/13
It's not that you used Mt.Gox, it's that you did everything you could to cheat me out of 25btc, which is not what I agreed upon.
I trusted you for 955btc, and I'm willing to forgive 755btc, why are you now cheating me out of 25btc?
[DumbFruit]
12:08 AM
Don't do this, please send the other 25btc I specifically agreed to.
[DumbFruit]
12:19 AM
I'm willing to forgive a debt that is worth $422,800,
why are you cheating me out $14,000?
Please send another 25 btc to the address given.
[DumbFruit]
12:19 AM
Hi [DumbFruit],
If you do not agree please return the funds to the address it came from.
Best regards.
12:21 AM
I do not agree, but you owe me 955btc, so I'm not sending anything back. If you send me another 25btc, then the remaining debt is forgiven.
[DumbFruit]
12:25 AM
Hi [DumbFruit],
Please see the TXID 10d0a9e8d166267b3045b8d107b300cb722334cdb85f845eac9eba40b21cece1
I trust that this matter is settled.
Yes, completely settled. You owe me nothing, and I wish you the best. I'm glad I can put this whole mess behind me and move on.
[DumbFruit]
