[Emergency ANN] Bitcoinica site is taken offline for security investigation - page 63.

David M

sr. member

Activity: 476

Merit: 250

Quote from: JusticeForYou on May 12, 2012, 02:55:34 AM

This is why the whole idea of 'tainted' coins is a bad idea.

I would not call it is not an idea per se, but a reaction to crypto shock. Some suffer it from their own mistakes (delete wallet etc..), others by a foreign hand.

The brutal truth that the maths does not care for authority can take time to fully grasp. In the meantime, we rage...

JusticeForYou

vip

Activity: 490

Merit: 271

Quote from: dustintrammell on May 12, 2012, 02:48:30 AM

Quote from: organofcorti on May 11, 2012, 11:39:56 PM

The last address on the list is bitcoin faucet:

http://blockchain.info/address/15ArtCgi3wmpQAAfYx4riaFmo4prJA4VsK

Way to spread that coinage thin and make sure everybody gets some. Even better than donating some to pools in terms of ensuring the coinage wont be black listed.

Now that's far more interesting than the binary message (: The faucet has also already started sending out payments out of that chunk of coin.

See how interesting the argument gets.

The faucet has knowingly received 'supposedly' stolen coins and passed them on to others. Isn't there a name for that?

This is why the whole idea of 'tainted' coins is a bad idea. You can't enforce the unenforceable and trying will do more harm then good.

Lets put the focus where it belongs. How did they get stolen? And try to prevent that from happening again.

If a bridge collapses, the engineers don't do an analysis of where the pieces fell. They do an analysis of how the bridge collapsed.

dustintrammell

vip

Activity: 156

Merit: 103

Cleverly disguised as a responsible adult.

Quote from: organofcorti on May 11, 2012, 11:39:56 PM

The last address on the list is bitcoin faucet:

http://blockchain.info/address/15ArtCgi3wmpQAAfYx4riaFmo4prJA4VsK

Way to spread that coinage thin and make sure everybody gets some. Even better than donating some to pools in terms of ensuring the coinage wont be black listed.

Now that's far more interesting than the binary message (: The faucet has also already started sending out payments out of that chunk of coin.

JusticeForYou

vip

Activity: 490

Merit: 271

Quote from: ?? on ??

Quote from: organofcorti on May 12, 2012, 02:19:08 AM

Quote from: istar on May 12, 2012, 02:11:33 AM

Quote

Well if implemented, it would be to easy to bork the system. By the nature of the system, they are forever marked but with time become but a residue. Just like 90% of Dollars have drug residue on them. You are all suspects now if you have a dollar.

What makes the idea of tainting even worse, is the ability to 'frame' others for something. i.e. 18,000 coins were supposedly stolen, the 'thief' could send 2,000 of them to a reputable person's address. The recipient will claim innocence but who is going to believe that the 'thief' just gave the coins to him? We're talking 10K about now.

You are wrong.

If someone gets 2000 sent to them out of the blue, they can and should send them back.

[chinrub]

Not sure if serious ......

[/chinrub]

I'm pretty sure if you get coins that are not yours, and you know who they belong to you must give them back or get the scammers tag. I have seen it done here on the forum. Not my rules...

If everything is on par, yes.

But, I could send BTC to an address that is known to belong to someone on the forum; however, they no longer have the private key to that wallet. It was destroyed. Now, do we take his word that it was destroyed? Or do we insist he still has access? and give him the scammer tag.

The only way to be sure is to watch the address forever.

dustintrammell

vip

Activity: 156

Merit: 103

Cleverly disguised as a responsible adult.

Quote from: theymos on May 11, 2012, 11:31:24 PM

Cool way of releasing a message. The thief clearly has some familiarity with Bitcoin.

Familiarity with Bitcoin? Perhaps not so much... There's lots of more interesting ways to embed a message in Bitcoin transactions if you're familiar with the data formats and the protocol, such as the one described here for example:

https://bitcointalksearch.org/topic/bitcoin-deanonymization-34458

Having the transaction amounts be binary seems a bit rudimentary, actually.

JusticeForYou

vip

Activity: 490

Merit: 271

Quote from: istar on May 12, 2012, 02:11:33 AM

Quote

Well if implemented, it would be to easy to bork the system. By the nature of the system, they are forever marked but with time become but a residue. Just like 90% of Dollars have drug residue on them. You are all suspects now if you have a dollar.

What makes the idea of tainting even worse, is the ability to 'frame' others for something. i.e. 18,000 coins were supposedly stolen, the 'thief' could send 2,000 of them to a reputable person's address. The recipient will claim innocence but who is going to believe that the 'thief' just gave the coins to him? We're talking 10K about now.

You are wrong.

If someone gets 2000 sent to them out of the blue, they can and should send them back.

You make some assumptions there. They might not even know they received them (i.e. cold wallet) for months.
Then you shouldn't just hand back the coins because someone says they are theirs. You should turn them over to an authority and let the claimant prove they are theirs. (i.e. just like finding a bag of cash on the street) Turn them in, if unclaimed, they are yours.
It is a little more complicated than 'just send them back'.
And many more possible scenarios.

Declare that you have them, yes, but not publicly.

But be honest, most people handed 2K coins will turn off their computer and wait and plan.

BTW: The faucet has received 'tainted' coins.

organofcorti

donator

Activity: 2058

Merit: 1007

Poor impulse control.

Quote from: istar on May 12, 2012, 02:11:33 AM

Quote

Well if implemented, it would be to easy to bork the system. By the nature of the system, they are forever marked but with time become but a residue. Just like 90% of Dollars have drug residue on them. You are all suspects now if you have a dollar.

What makes the idea of tainting even worse, is the ability to 'frame' others for something. i.e. 18,000 coins were supposedly stolen, the 'thief' could send 2,000 of them to a reputable person's address. The recipient will claim innocence but who is going to believe that the 'thief' just gave the coins to him? We're talking 10K about now.

You are wrong.

If someone gets 2000 sent to them out of the blue, they can and should send them back.

[chinrub]

Not sure if serious ......

[/chinrub]

istar

hero member

Activity: 523

Merit: 500

Quote

Well if implemented, it would be to easy to bork the system. By the nature of the system, they are forever marked but with time become but a residue. Just like 90% of Dollars have drug residue on them. You are all suspects now if you have a dollar.

What makes the idea of tainting even worse, is the ability to 'frame' others for something. i.e. 18,000 coins were supposedly stolen, the 'thief' could send 2,000 of them to a reputable person's address. The recipient will claim innocence but who is going to believe that the 'thief' just gave the coins to him? We're talking 10K about now.

You are wrong.

If someone gets 2000 sent to them out of the blue, they can and should send them back.

JusticeForYou

vip

Activity: 490

Merit: 271

Quote from: stochastic on May 12, 2012, 12:42:09 AM

I wonder if those New Zealand police can crack the case.

LOL, I see what you did there.

stochastic

hero member

Activity: 532

Merit: 500

I wonder if those New Zealand police can crack the case.

PawShaker

full member

Activity: 140

Merit: 100

Quote from: LightRider on May 12, 2012, 12:14:20 AM

[...]

http://www.youtube.com/watch?v=JnX-D4kkPOQ

LMAO The video clip is so good. Cheesy

I recomend it to everyone...
The only problem is that YouTube puts PayPal ad in front of the movie...

coretechs

donator

Activity: 362

Merit: 250

Quote from: organofcorti on May 11, 2012, 11:51:22 PM

Quote from: JusticeForYou on May 11, 2012, 11:47:25 PM

Quote from: ?? on ??

Quote from: organofcorti on May 11, 2012, 11:39:56 PM

The last address on the list is bitcoin faucet:

http://blockchain.info/address/15ArtCgi3wmpQAAfYx4riaFmo4prJA4VsK

Way to spread that coinage thin and make sure everybody gets some. Even better than donating some to pools in terms of ensuring the coinage wont be black listed.

They could just as well send .5 BTC to all address in sigs :/

Give a Satoshi to every address in the chain.

Give 1000 btc to me.

Send a big subsidy to p2pool miners.

Actually, don't. The ensuing "should they pay it back" debate would be unbearable.

LightRider

legendary

Activity: 1500

Merit: 1022

I advocate the Zeitgeist Movement & Venus Project.

Quote from: giszmo on May 12, 2012, 12:08:17 AM

Quote from: JusticeForYou on May 11, 2012, 11:27:50 PM

Quote from: giszmo on May 11, 2012, 11:14:05 PM

Quote from: organofcorti on May 11, 2012, 10:43:57 PM

If I'd stolen coins and was worried about exchanges not accepting them, I send bitdust to as many addresses as I could an exchange refusing them would have trouble keeping the rule implemented without pissing off innocent civilians.

Oh, at first sight I was tempted to take this approach for a cure of my worries about bitcoin's anonymity.

Imagine exchanges would not refuse tainted coins right out but "untaint" them by sending the tainted fraction to a well known unspendable address (aka destroy the stolen coins). A future recipient would well notice the tainted coins but also the untainting and accept the input for full bitcoins again.

Imagine gox doing this. Who would want tainted coins? All others would follow and refuse to take tainted coins aka untaint them and demand compensation for the tainted fraction of the payment.

I could imagine such a system for the good of bitcoin as the scheme "move your coins -> claim to got hacked -> profit" would get eliminated and bitcoin would be ultimately more secure but I have a problem to decide who should judge which coins are tainted and which not.

Imagine somebody selling bitcoin and only getting 70% of the promised [dirty something]. He could claim he got hacked to piss off his business partner who would not go to a court for [dirty something].

In a case as yesterday, I see no problem to count bitcoins as stolen and therefore nonexistent/invalid. But what if the raid is discovered only 3 months later and many people already accepted them? What if gox is forced into blacklisting coins from Iran? Etc ...

I love these thought experiments but I would prefer it were easier to say once and for all coins will never be tainted. Else mining would be the only way to get clean coins for sure. Mining where I get the created coins ... from blocks without fees Wink

Well if implemented, it would be to easy to bork the system. By the nature of the system, they are forever marked but with time become but a residue. Just like 90% of Dollars have drug residue on them. You are all suspects now if you have a dollar.

What makes the idea of tainting even worse, is the ability to 'frame' others for something. i.e. 18,000 coins were supposedly stolen, the 'thief' could send 2,000 of them to a reputable person's address. The recipient will claim innocence but who is going to believe that the 'thief' just gave the coins to him? We're talking 10K about now.

So, while they are not anonymous technically, they are anonymous as far as proving anything. And if there are more than 1 'thief' if one gets caught the other can move the coins taking suspicion away from the one that was caught. All the 'what ifs' put it back into the anonymous realm, unlike getting caught with DB Cooper's loot.

Let me guess: You did not read my post?

If your account A with 98 BTC receives 2 blacklisted/stolen BTC then A contains 100 BTC.
When you now send 50 BTC from A to G at MtGox, they could send 1 BTC to /dev/null and add 49 BTC to your balance.

Now if they cash out 10 BTC from G to some other user, this user's client with the same blacklist could see the stolen coins but also the cleaning and accept the 10BTC for 10BTC.

Alternatively getting paid 2 BTC that are blacklisted could directly be forwarded to /dev/null and rerequest just like MtGox would do to you. If the biggest player does so, all others will do so, too.

http://www.youtube.com/watch?v=JnX-D4kkPOQ

giszmo

legendary

Activity: 1862

Merit: 1114

WalletScrutiny.com

Quote from: JusticeForYou on May 11, 2012, 11:27:50 PM

Quote from: giszmo on May 11, 2012, 11:14:05 PM

Quote from: organofcorti on May 11, 2012, 10:43:57 PM

If I'd stolen coins and was worried about exchanges not accepting them, I send bitdust to as many addresses as I could an exchange refusing them would have trouble keeping the rule implemented without pissing off innocent civilians.

Oh, at first sight I was tempted to take this approach for a cure of my worries about bitcoin's anonymity.

Imagine exchanges would not refuse tainted coins right out but "untaint" them by sending the tainted fraction to a well known unspendable address (aka destroy the stolen coins). A future recipient would well notice the tainted coins but also the untainting and accept the input for full bitcoins again.

Imagine gox doing this. Who would want tainted coins? All others would follow and refuse to take tainted coins aka untaint them and demand compensation for the tainted fraction of the payment.

I could imagine such a system for the good of bitcoin as the scheme "move your coins -> claim to got hacked -> profit" would get eliminated and bitcoin would be ultimately more secure but I have a problem to decide who should judge which coins are tainted and which not.

Imagine somebody selling bitcoin and only getting 70% of the promised [dirty something]. He could claim he got hacked to piss off his business partner who would not go to a court for [dirty something].

In a case as yesterday, I see no problem to count bitcoins as stolen and therefore nonexistent/invalid. But what if the raid is discovered only 3 months later and many people already accepted them? What if gox is forced into blacklisting coins from Iran? Etc ...

I love these thought experiments but I would prefer it were easier to say once and for all coins will never be tainted. Else mining would be the only way to get clean coins for sure. Mining where I get the created coins ... from blocks without fees Wink

Well if implemented, it would be to easy to bork the system. By the nature of the system, they are forever marked but with time become but a residue. Just like 90% of Dollars have drug residue on them. You are all suspects now if you have a dollar.

What makes the idea of tainting even worse, is the ability to 'frame' others for something. i.e. 18,000 coins were supposedly stolen, the 'thief' could send 2,000 of them to a reputable person's address. The recipient will claim innocence but who is going to believe that the 'thief' just gave the coins to him? We're talking 10K about now.

So, while they are not anonymous technically, they are anonymous as far as proving anything. And if there are more than 1 'thief' if one gets caught the other can move the coins taking suspicion away from the one that was caught. All the 'what ifs' put it back into the anonymous realm, unlike getting caught with DB Cooper's loot.

Let me guess: You did not read my post?

If your account A with 98 BTC receives 2 blacklisted/stolen BTC then A contains 100 BTC.
When you now send 50 BTC from A to G at MtGox, they could send 1 BTC to /dev/null and add 49 BTC to your balance.

Now if they cash out 10 BTC from G to some other user, this user's client with the same blacklist could see the stolen coins but also the cleaning and accept the 10BTC for 10BTC.

Alternatively getting paid 2 BTC that are blacklisted could directly be forwarded to /dev/null and rerequest just like MtGox would do to you. If the biggest player does so, all others will do so, too.

organofcorti

donator

Activity: 2058

Merit: 1007

Poor impulse control.

Quote from: JusticeForYou on May 11, 2012, 11:47:25 PM

Quote from: ?? on ??

Quote from: organofcorti on May 11, 2012, 11:39:56 PM

The last address on the list is bitcoin faucet:

http://blockchain.info/address/15ArtCgi3wmpQAAfYx4riaFmo4prJA4VsK

Way to spread that coinage thin and make sure everybody gets some. Even better than donating some to pools in terms of ensuring the coinage wont be black listed.

They could just as well send .5 BTC to all address in sigs :/

Give a Satoshi to every address in the chain.

Give 1000 btc to me.

organofcorti

donator

Activity: 2058

Merit: 1007

Poor impulse control.

Pawshaker, you missed a few posts in the excitement, didn't you?

PawShaker

full member

Activity: 140

Merit: 100

From: 1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX
To: 15ArtCgi3wmpQAAfYx4riaFmo4prJA4VsK
Amount: 21.0110111 BTC

To address is Bitcoin Faucet!
He is making sure that a lot of people gets tainted.

JusticeForYou

vip

Activity: 490

Merit: 271

Quote from: ?? on ??

Quote from: organofcorti on May 11, 2012, 11:39:56 PM

The last address on the list is bitcoin faucet:

http://blockchain.info/address/15ArtCgi3wmpQAAfYx4riaFmo4prJA4VsK

Way to spread that coinage thin and make sure everybody gets some. Even better than donating some to pools in terms of ensuring the coinage wont be black listed.

They could just as well send .5 BTC to all address in sigs :/

Give a Satoshi to every address in the chain.

organofcorti

donator

Activity: 2058

Merit: 1007

Poor impulse control.

Quote from: enmaku on May 11, 2012, 11:42:27 PM

You mean like the dendrogram visualization already built into blockchain.info? Grin

Alternately, here's the current dendrogram in PNG format for those who don't feel like clicking to expand all the nodes: http://i.imgur.com/MGReF.png

Yeah, I'd forgotten about it, thanks for that. No need to reinvent the wheel.

enmaku

hero member

Activity: 742

Merit: 500

Quote from: organofcorti on May 11, 2012, 10:29:05 PM

Quote from: homer on May 11, 2012, 10:13:32 PM

They are on the move again.

http://blockchain.info/tx-index/5484758/c141115ff13ad9331e0d46776d850f06083a60fab88b15a2a2df35f2fdf565da

Seven 2600 btc transactions, and that one for 347.66367623 BTC goes to
http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX which then has splits into a bunch of smaller transactions. WTF? how do you follow this many splits?

dbdump.py helps:

https://github.com/gavinandresen/bitcointools

Or you can write a html scraper that reloads a http://blockexplorer.com/address/ page, follows the address trail automatically and saves to a dataframe. Good luck making a visualisation though.

You mean like the dendrogram visualization already built into blockchain.info? Grin

Alternately, here's the current dendrogram in PNG format for those who don't feel like clicking to expand all the nodes: http://i.imgur.com/MGReF.png

Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation - page 63. (Read 224562 times)