[Emergency ANN] Bitcoinica site is taken offline for security investigation - page 54.

REF

hero member

Activity: 529

Merit: 500

Quote from: zhoutong on May 12, 2012, 05:03:41 AM

(...)
Important Disclaimer: I'm not a partner of Bitcoinica LP after the corporate reorganisation. Therefore, I have no financial obligation in this matter as I'm only an employee of Bitcoinica LP responsible for daily operations (no shares, no voting). However, I'll do my best with the team to resolve this problem as quickly as possible and minimize the impact for the community. I appreciate your patience and understanding.

wow did you get out of bitcoinia's ownership position at the perfect time.

BIGMERVE

hero member

Activity: 728

Merit: 500

There's a lot of complaining, arguing, and finger pointing going on in this thread and rightfully so. However, I think the first thing we should worry about is %100 reimbursement as fast as possible. Only after that should we worry who's to blame. Many people in this forum, including me, lost a considerable amount of money. Having that money just vanish is terrifying and until we get it all back will we be able to think straight and rationally.

Clipse

hero member

Activity: 504

Merit: 502

Quote from: paraipan on May 12, 2012, 03:29:09 PM

Quote from: Clipse on May 12, 2012, 03:27:34 PM

.....

...or secure your coins and stop having exploits available as in the case of bitcoinica, EMAIL COMPROMISED AND ROOT RESET Huh

??

how can you reset root password by compromising an e-mail ?

Ask zhou, he stated root access were reset by compromised mailserver.

bulanula

hero member

Activity: 518

Merit: 500

Quote from: paraipan on May 12, 2012, 03:29:09 PM

Quote from: Clipse on May 12, 2012, 03:27:34 PM

.....

...or secure your coins and stop having exploits available as in the case of bitcoinica, EMAIL COMPROMISED AND ROOT RESET Huh

??

how can you reset root password by compromising an e-mail ?

Control panel of hosting provider.

VPS = facepalm.

paraipan

legendary

Activity: 924

Merit: 1004

Firstbits: 1pirata

Quote from: Clipse on May 12, 2012, 03:27:34 PM

.....

...or secure your coins and stop having exploits available as in the case of bitcoinica, EMAIL COMPROMISED AND ROOT RESET Huh

??

how can you reset root password by compromising an e-mail ?

kokjo

legendary

Activity: 1050

Merit: 1000

You are WRONG!

Quote from: giszmo on May 12, 2012, 03:14:25 PM

Quote from: DeathAndTaxes on May 12, 2012, 02:37:30 PM

Quote from: bbit on May 12, 2012, 01:00:15 PM

Thanks I respect yours also. No, I'm just saying for big thefts like the one's that have been happening I think there would be a big consensus in favor of disabling $87,000 worth of bitcoin. Yes, I don't know all the logistics of how it would play out but I'm pretty sure we are all smart enough to figure it out.

Ok say I buy 20,000 BTC worth of Gold from you. I pay you, you get the 6 confirms. I walk away with my ~$100K in gold. Then I report the coins stolen. Oops you lose 20K BTC. Even better I cal you up and threaten to report them stolen. If you give me back 5K BTC I won't report them stolen. You lose 5K or you lose 20K. Your choice.

Worse say I did steal 20K BTC. I then buy some gold form you. Nobody has reported them stolen ... yet. I pay you, you get the 6 confirms. I walk away with $100K in gold and then the original legit owner of the coins reports them stolen. I stole the coins and lost nothing. The owner is still out 20K coins and you are out $100K in gold.

Awesome system you got there. Also there is no central agency in Bitcoin. Who decides if a coin is disabled or not? Someone with 51% of hashing power. Awesome you just gave the govt an auto kill switch. Gain 51% control of Bitcoin (even temporarily) and disable all 21M coins. Game Over.

Blacklisting and destroying can work with the protocol as is. The biggest exchanges maintain blacklists and send any amount to /dev/null that sources from their blacklist unless the amount received already got that amount sent to /dev/null before.

If I send Bitcoins to MtGox and they destroy 1/1000th of them explaining it stems from that recent raid, I can take legal action against them but if judges start supporting this behavior there is little you can do in the protocol to stop it from happening. Now I can check where I got my coins tainted from ... ah .. SatoshiDice. I can demand my money back from this guy which would lead to him starting to use the black lists as well and as I don't want to hear from Gox how I had dirty fingers next time, I will also run the blacklists on my client.

Slippery slope but we are already on it. This will come the one way or the other.

nope people are just gonna use mixers of money for laundering:
http://en.wikipedia.org/wiki/Anonymous_internet_banking#The_underlying_mathematics
in short: this method can, by relining on a central anonymous authority, create anonymous untraceable "cash".
in contrast to bitcoin, where every transaction is pseudonymous, and not anonymous. and therefor traceable

the only down side of this is that it can't work distributed, as is needs a central private key, for the mixer.

this gonna happen sooner or later.

Clipse

hero member

Activity: 504

Merit: 502

Quote from: giszmo on May 12, 2012, 03:14:25 PM

Quote from: DeathAndTaxes on May 12, 2012, 02:37:30 PM

Quote from: bbit on May 12, 2012, 01:00:15 PM

Thanks I respect yours also. No, I'm just saying for big thefts like the one's that have been happening I think there would be a big consensus in favor of disabling $87,000 worth of bitcoin. Yes, I don't know all the logistics of how it would play out but I'm pretty sure we are all smart enough to figure it out.

Ok say I buy 20,000 BTC worth of Gold from you. I pay you, you get the 6 confirms. I walk away with my ~$100K in gold. Then I report the coins stolen. Oops you lose 20K BTC. Even better I cal you up and threaten to report them stolen. If you give me back 5K BTC I won't report them stolen. You lose 5K or you lose 20K. Your choice.

Worse say I did steal 20K BTC. I then buy some gold form you. Nobody has reported them stolen ... yet. I pay you, you get the 6 confirms. I walk away with $100K in gold and then the original legit owner of the coins reports them stolen. I stole the coins and lost nothing. The owner is still out 20K coins and you are out $100K in gold.

Awesome system you got there. Also there is no central agency in Bitcoin. Who decides if a coin is disabled or not? Someone with 51% of hashing power. Awesome you just gave the govt an auto kill switch. Gain 51% control of Bitcoin (even temporarily) and disable all 21M coins. Game Over.

Blacklisting and destroying can work with the protocol as is. The biggest exchanges maintain blacklists and send any amount to /dev/null that sources from their blacklist unless the amount received already got that amount sent to /dev/null before.

If I send Bitcoins to MtGox and they destroy 1/1000th of them explaining it stems from that recent raid, I can take legal action against them but if judges start supporting this behavior there is little you can do in the protocol to stop it from happening. Now I can check where I got my coins tainted from ... ah .. SatoshiDice. I can demand my money back from this guy which would lead to him starting to use the black lists as well and as I don't want to hear from Gox how I had dirty fingers next time, I will also run the blacklists on my client.

Slippery slope but we are already on it. This will come the one way or the other.

...or secure your coins and stop having exploits available as in the case of bitcoinica, EMAIL COMPROMISED AND ROOT RESET Huh

?? That is the most hilarious security implimentation Ive heard of thus far, also why is so many people allowed access to the whole system, like zhou stated he wasnt sure which of the allowed accounts possibly made the withdrawal at first.

giszmo

legendary

Activity: 1862

Merit: 1114

WalletScrutiny.com

Quote from: DeathAndTaxes on May 12, 2012, 02:37:30 PM

Quote from: bbit on May 12, 2012, 01:00:15 PM

Thanks I respect yours also. No, I'm just saying for big thefts like the one's that have been happening I think there would be a big consensus in favor of disabling $87,000 worth of bitcoin. Yes, I don't know all the logistics of how it would play out but I'm pretty sure we are all smart enough to figure it out.

Ok say I buy 20,000 BTC worth of Gold from you. I pay you, you get the 6 confirms. I walk away with my ~$100K in gold. Then I report the coins stolen. Oops you lose 20K BTC. Even better I cal you up and threaten to report them stolen. If you give me back 5K BTC I won't report them stolen. You lose 5K or you lose 20K. Your choice.

Worse say I did steal 20K BTC. I then buy some gold form you. Nobody has reported them stolen ... yet. I pay you, you get the 6 confirms. I walk away with $100K in gold and then the original legit owner of the coins reports them stolen. I stole the coins and lost nothing. The owner is still out 20K coins and you are out $100K in gold.

Awesome system you got there. Also there is no central agency in Bitcoin. Who decides if a coin is disabled or not? Someone with 51% of hashing power. Awesome you just gave the govt an auto kill switch. Gain 51% control of Bitcoin (even temporarily) and disable all 21M coins. Game Over.

Blacklisting and destroying can work with the protocol as is. The biggest exchanges maintain blacklists and send any amount to /dev/null that sources from their blacklist unless the amount received already got that amount sent to /dev/null before.

If I send Bitcoins to MtGox and they destroy 1/1000th of them explaining it stems from that recent raid, I can take legal action against them but if judges start supporting this behavior there is little you can do in the protocol to stop it from happening. Now I can check where I got my coins tainted from ... ah .. SatoshiDice. I can demand my money back from this guy which would lead to him starting to use the black lists as well and as I don't want to hear from Gox how I had dirty fingers next time, I will also run the blacklists on my client.

Slippery slope but we are already on it. This will come the one way or the other.

bulanula

hero member

Activity: 518

Merit: 500

Quote from: bbit on May 12, 2012, 02:50:04 PM

Quote from: DeathAndTaxes on May 12, 2012, 02:37:30 PM

Quote from: bbit on May 12, 2012, 01:00:15 PM

Thanks I respect yours also. No, I'm just saying for big thefts like the one's that have been happening I think there would be a big consensus in favor of disabling $87,000 worth of bitcoin. Yes, I don't know all the logistics of how it would play out but I'm pretty sure we are all smart enough to figure it out.

Ok say I buy 20,000 BTC worth of Gold from you. I pay you, you get the 6 confirms. I walk away with my ~$100K in gold. Then I report the coins stolen. Oops you lose 20K BTC. Even better I cal you up and threaten to report them stolen. If you give me back 5K BTC I won't report them stolen. You lose 5K or you lose 20K. Your choice.

Worse say I did steal 20K BTC. I then buy some gold form you. Nobody has reported them stolen ... yet. I pay you, you get the 6 confirms. I walk away with $100K in gold and then the original legit owner of the coins reports them stolen. I stole the coins and lost nothing. The owner is still out 20K coins and you are out $100K in gold.

Awesome system you got there. Also there is no central agency in Bitcoin. Who decides if a coin is disabled or not? Someone with 51% of hashing power. Awesome you just gave the govt an auto kill switch. Gain 51% control of Bitcoin (even temporarily) and disable all 21M coins. Game Over.

You are assuming this is just for "anyone" to take advantage of ( maybe, a bitcoin business has to pay into this ) . No, I'm talking about the big business's where it clearly stolen and we know that is based on who the business is - are you saying someone legitimately withdrew 18,000 bitcoins ? In this case, yes Bitcoinica can say yes they were stolen and who is going to doubt them? - are you saying they would be pulling a fast one ? I'd rather have system like this then having bitcoins ripped off left and right I mean like someone mentioned there is going to be more stolen bitcoins then there is legitimate bitcoins are the rate we are going Undecided

I am pretty sure they were stolen by somebody from Nigeria. Or the boogeyman took them.

Why would they steal the BTC themselves when they would make more money from running the service and getting the fees Grin

Where can we see the 18K getting dumped ? Any second now.

What exchanges accept stolen coins ? Intersango, BTC-E, Leo's CoinExchanger ( did he get scammer tag for accepting Linode coins ) ?

bbit

legendary

Activity: 1330

Merit: 1000

Bitcoin

Quote from: DeathAndTaxes on May 12, 2012, 02:37:30 PM

Quote from: bbit on May 12, 2012, 01:00:15 PM

Thanks I respect yours also. No, I'm just saying for big thefts like the one's that have been happening I think there would be a big consensus in favor of disabling $87,000 worth of bitcoin. Yes, I don't know all the logistics of how it would play out but I'm pretty sure we are all smart enough to figure it out.

Ok say I buy 20,000 BTC worth of Gold from you. I pay you, you get the 6 confirms. I walk away with my ~$100K in gold. Then I report the coins stolen. Oops you lose 20K BTC. Even better I cal you up and threaten to report them stolen. If you give me back 5K BTC I won't report them stolen. You lose 5K or you lose 20K. Your choice.

Worse say I did steal 20K BTC. I then buy some gold form you. Nobody has reported them stolen ... yet. I pay you, you get the 6 confirms. I walk away with $100K in gold and then the original legit owner of the coins reports them stolen. I stole the coins and lost nothing. The owner is still out 20K coins and you are out $100K in gold.

Awesome system you got there. Also there is no central agency in Bitcoin. Who decides if a coin is disabled or not? Someone with 51% of hashing power. Awesome you just gave the govt an auto kill switch. Gain 51% control of Bitcoin (even temporarily) and disable all 21M coins. Game Over.

You are assuming this is just for "anyone" to take advantage of ( maybe, a bitcoin business has to pay into this ) . No, I'm talking about the big business's where it clearly stolen and we know that is based on who the business is - are you saying someone legitimately withdrew 18,000 bitcoins ? In this case, yes Bitcoinica can say yes they were stolen and who is going to doubt them? - are you saying they would be pulling a fast one ? I'd rather have system like this then having bitcoins ripped off left and right I mean like someone mentioned there is going to be more stolen bitcoins then there is legitimate bitcoins are the rate we are going Undecided

JusticeForYou

vip

Activity: 490

Merit: 271

Quote from: mcorlett on May 12, 2012, 02:43:03 PM

Let's start checking bills for traces of narcotics, too!

http://articles.cnn.com/2009-08-14/health/cocaine.traces.money_1_cocaine-dollar-bills-paper-bills?_s=PM:HEALTH

Noted... go turn yourself in. Or give the money back it is 'tainted'.

btw: I like your avatar, it is unique.

mcorlett

donator

Activity: 308

Merit: 250

Let's start checking bills for traces of narcotics, too!

http://articles.cnn.com/2009-08-14/health/cocaine.traces.money_1_cocaine-dollar-bills-paper-bills?_s=PM:HEALTH

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

Quote from: bbit on May 12, 2012, 01:00:15 PM

Thanks I respect yours also. No, I'm just saying for big thefts like the one's that have been happening I think there would be a big consensus in favor of disabling $87,000 worth of bitcoin. Yes, I don't know all the logistics of how it would play out but I'm pretty sure we are all smart enough to figure it out.

Ok say I buy 20,000 BTC worth of Gold from you. I pay you, you get the 6 confirms. I walk away with my ~$100K in gold. Then I report the coins stolen. Oops you lose 20K BTC. Even better I cal you up and threaten to report them stolen. If you give me back 5K BTC I won't report them stolen. You lose 5K or you lose 20K. Your choice.

Worse say I did steal 20K BTC. I then buy some gold form you. Nobody has reported them stolen ... yet. I pay you, you get the 6 confirms. I walk away with $100K in gold and then the original legit owner of the coins reports them stolen. I stole the coins and lost nothing. The owner is still out 20K coins and you are out $100K in gold.

Awesome system you got there. Also there is no central agency in Bitcoin. Who decides if a coin is disabled or not? Someone with 51% of hashing power. Awesome you just gave the govt an auto kill switch. Gain 51% control of Bitcoin (even temporarily) and disable all 21M coins. Game Over.

Ichthyo

hero member

Activity: 602

Merit: 500

Quote from: cypherdoc on May 12, 2012, 02:30:55 PM

so when is the current estimate for Bitcoinica to return online?

maybe end next week in a disabled fashion, just to allow you to withdraw your funds. Then a relaunch sometime this summer?

well, just wildely guessing

--Ichthyo

GuinnessBIT

newbie

Activity: 36

Merit: 0

Bitcoinica really should put up a splash page saying they are down temporarily as not everyone reads these forums.

cypherdoc

legendary

Activity: 1764

Merit: 1002

so when is the current estimate for Bitcoinica to return online?

Raoul Duke

legendary

Activity: 1358

Merit: 1002

Quote from: davout on May 12, 2012, 02:20:30 PM

Quote from: Raoul Duke on May 12, 2012, 02:18:40 PM

How you reached the conclusion that address is a vanity address? Seems pretty random to me with the exception of the EML part

Not sure if serious...

So, you think that's a vanity address also? Explain why, please...

Also, is the following address also a vanity address? 1AKNNX3uptocrisMbW7amrLYAbF3TggYdN
Or this one with no numbers whatsoever besides the intial 1: 1AhAzstfNZGwmNKVNbHJoKPWJYEUgodoBk

Phinnaeus Gage

legendary

Activity: 1918

Merit: 1570

Bitcoin: An Idea Worth Spending

Quote from: Raoul Duke on May 12, 2012, 02:18:40 PM

Quote from: Phinnaeus Gage on May 12, 2012, 02:11:18 PM

Whoever created this vanity address 1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX is the cracker. Notice that there is only one number in it--a 4. That took a while.

How you reached the conclusion that address is a vanity address? Seems pretty random to me with the exception of the EML part

I guess so. Here's another random address.

Quote from: etotheipi on January 09, 2012, 09:09:27 PM

I wasn't able to get GPU working in linux, but it turns out my cluster of CPUs was enough to create the address I really wanted :

1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX

Am I really the first person that has done this? FreeMoney didn't even recognize it as a BTC address. At the very least, people should recognize that one when they see it

A donation is on its way!

davout

legendary

Activity: 1372

Merit: 1008

1davout

Quote from: Raoul Duke on May 12, 2012, 02:18:40 PM

How you reached the conclusion that address is a vanity address? Seems pretty random to me with the exception of the EML part

Not sure if serious...

bbit

legendary

Activity: 1330

Merit: 1000

Bitcoin

Quote from: bulanula on May 12, 2012, 02:17:33 PM

Quote from: bbit on May 12, 2012, 02:14:53 PM

Another thing I was just thinking since Mt.Gox blacklists "tainted funds" - they should go ahead and entertain the person to send their coins "to cash" out but never cash them out thus retrieving the coins again ?

What ...

lol....meaning mt.gox should let them send them their coins to "Cash out" but in reality never "Cash out" thus keeping the coins.

better?

Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation - page 54. (Read 224562 times)