Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation - page 70. (Read 224562 times)

Unfortunately it is not that easy to secure a hot wallet.

The game plan should be:

1. Minimise amount of bitcoins to be held in hot wallet.
2. Have complete control over physical and management access to hardware and OS. It sucks but this requires extending trust to a few trusted people. This is the weakest link.
3. Definitely do not have ANY 3rd parties anywhere in the loop with any kind of access to the hot wallet server in either management or physical access capacity.
4. Obviously, having secure web interfacing code, with all user supplied data sanitised and hardened server helps a lot. But this is relatively trivial matter.
5. Using multisig functionality could help a lot. For example, say, a "offline" second sig server, which also has some monitoring code and freeze withdrawals based on some set of rules, until manual intervention resolves the flagged issues."

- Hosting your own email could help too in some cases.
- Securing cold wallets is another topic.

This basically means, decent colo setup with a few nuts and bolts on top of it. Hello! Big news! It was pretty much brought to Bitconica's attention in August/September 2011. I hope others will be able to learn from this.

This also means no hosting any wallets with nontrivial amounts of bitcoins on any:
- VPS's (generally, the bigger the company operating those VPS's, the more random dudes have root access, the more risk you take)
- dedicated servers are effectively the same VPS with all kinds of management access hosters have, however encrypted partitions could help a lil bit in this scenario, i.e. attacker would need to access it without rebooting.

(The above assumes VPS's and dedi's hosted by 3rd parties)

In other words, if you do not know who EXACTLY has or can have root access, say bye bye to your hot wallet.

Tough titty, "google search based sysadmins" and "flying in the clouds" generation! You simply cannot google up 10-20 years of professional experience and once you start relying blindly on all those cloud services you are screwed again.

Bitcoinica's "Zero sysadmin" policy in action. Enjoy!

I don't keep my real wallet in a lockbox at a train station and I wouldn't keep a bitcoin wallet on public server at a datacenter.

Yes, close enough when the machine is a VM on a cloud somewhere.

Are they implying the hacker would have physical access to the machine? I thought computers could only communicate through ports.

Are you intentionally missing their point?

Vladimir, I have the biggest respect for you and cypherdoc, and because of this it amazes me how you guys only can be so oblivious to the social dynamics at play here. If Bitcoin keeps destroying value instead of creating value, the market will simply drop it. Not even to mention the image problems Bitcoin already has with anyone who is not already a Bitcoiner (couple ten k guys). We cannot continue at this rate and transfer hard earned Bitcoins from market participants to hackers, scammers and leeches forever expecting Bitcoin to have any value.

You say it is transferred from early adopters to geeks, but this has not at all been true lately. The only example I know of would be allinvain with his 25k coins if his report was true.

Consider also the cost of securing Bitcoins (this substracts from BTC value) and the barrier of entry it creates. I say these continuous gigantic (in terms of money supply %) thefts from large Bitcoin sites do hurt Bitcoin over the long run.

I am even thinking that this could be a similar attack to what happened with MtGox and all the other sites in summer/fall because MtGox and GLBSE were also targeted the past week. Which $$$ oriented hacker would redirect the site to Meatspin instead of a wallet.dat stealer or other malware? Ie possibly a coordinated attack on all infrastructure by someone who doesn’t like Bitcoin.

Disclosure: I hold Bitcoins and had no funds at Bitcoinica.

Why would you have a custom interface but leave the bitcoind rpc port and ssh open to the public?

So...any news on this yet?  What is Zhou's twitter handle?

Let me make it simple
Nobody is going to use the grace period.  
Nobody is going to use the locked down bitcoind to send a tx.

They are just going to steal the private keys.  No grace period on stolen keys.


There always is a server.  Bitcoind has to be somewhere.  If you have access to the server you have access to the keys.  Period.*

It appear the attackers gained access to the server.  Ergo they had access to the private keys.


* Well in theory maybe not with a HSM or TPM.  But even then if the attacker has gained access to the wallet server your security model has already failed, it is just you could get lucky and avoid losing a lot of funds.

I always wondered where Loompaland was, but I knew that green hair colour was fake.

So, that chocolate factory was one of the first sweat shops, eh?

/offtopicsilliness

If the keys are stolen, ANY bitcoind can make the transaction, doesn't have to be on the compromised server.

There is nothing to reverse if the transaction is canceled during the grace time before it is executed on bitcoind. There is no server to hack into when the only network-accessible thing is the custom interface.

Anything less than an isolated dedicated, unmanaged server, is simply suicide.

And to add more flames to this raging inferno, Rackspace maintains backdoor root accounts on their managed servers to perform backups and maintenance. I'm not sure whether this applies to the cloud servers or not.

Which does nothing since Bitcoin is irreversible.


The most likely attack vector was
a) gain access to rackspace admin console
b) reset root password
c) login as root
d) steal private keys

Speculation I know but we do know that just prior to the "cashout" tx hitting blockchain all the admins were notified of a password change.

So what exactly would a custom RPC do about that?

So do their girlfriends.

Damn, I can feel the fires of hell roasting my toes already.

we call them "little people" .....lol

Well, they most certainly don't grow.

I lol'd

yet, right