Topic: Hacked Linode & coins stolen to 1NRy8GbX56MymBhDYM... - page 6. (Read 62205 times)

You missed  - on eligius, added bonus:
The coins you receive are virgin whereas with most pools you potentially could get mixed/old coins.

A court of law and physical reality don't always agree, I'll give you that. I'm hopeful that all parties involved will work together to determine what can be done to mitigate the losses, but this is an unfortunate collision between the purity of mathematical and physical reality and legal opinion, (assuming it even gets that far), and opinion will never trump reality.

Yea, so you agree then? Linode should be held responsible since it had nothing to do with customer security and was indistinguishable from an inside job...

You are trying to preach a libertarian ideal without accepting that the US legal system is not libertarian. Bring it back down to earth now.

In a court of law, what Linode did was actionable. That is the only point that needs be made.

P.S. I don't think you're a twat and I typically agree with you, but this point smells of agenda.

Exactly - like the difference  between stealing a shirt or pirating a movie . Both might cost the same but the 1st is a 100% loss to the store and the other...well, the pirate probably wouldn't have bought it anyway so no real loss.

Don't see how Linode can get out of compensating (at least in the form of 5 free years of hosting or something) without implying "we're just not a secure-enough service for you to put sensitive data on. Don't put data on our servers unless you're hosting non-interactive web-pages with cute little kittens, or protect your data like Fort Knox because there's no telling when it'll be compromised, either by our staff or our irresponsibility/incompetence."

Well Facebook has complete control over their own currency and could easily mitigate such issues. Bitcoin is a different animal of a different color on a different planet. This isn't a data redundancy issue, nor an intellectual property issue. This is storing, backing up and restricting access to unique digital information that once accessed and used, is no longer valuable to anyone anywhere ever again (particularly the victim). I can steal the secret formula for Coca Cola, but that doesn't prevent Coca Cola from continuing to produce and sell their beverage. I can pirate a movie, but that doesn't mean the original copy is unviewable (in the vast majority of cases). I can login and delete all of your live data, but you still likely have backups. I can't keep my wallet in a safe and have the ability to double spend my illicitly accessed bitcoin (outside of exceedingly unlikely circumstances).

I do not believe that I am a twat.

PS: All money is imaginary.

If facebook's employee administrator panel was hacked into and someone stole facebook credits from users, would they say "fuck you it's imaginary money"?

I hope you're being sarcastic and not an uneducated twat who has never heard of digital commodities, intellectual properties and suing for damages.

This

Hopefully, this doesn't encourage other VPS/service/host providers to decline service to any potential future bitcoin sites. If slush/bitcoinica successfully convice Linode to compensate them in some significant way, then the lesson for other hosts is that "bitcoin losses will hurt or kill us". In any event, I bet every major host is double checking their TOS and reminding their clientele that they don't cover "imaginary webzone dollar" losses.

If, and I believe in it, it was a staffer, I just fully hope that Linode has logged all such attemps and will identify the attacker and will try hard to force him to return the stolen funds. If he somehow managed to bypass the logs, or hacked the Linode, then Linode should end immediately as whole, this is unacceptable.

Yes, Eligius' better than the traditional pool, on that point.

I think it's more likely that Linode has a staffer into bitcoins that used the command line tools from the host VM manager to halt the systems, modify the shadow file and bring them up and steal the coins than it is that the Linode user's management tool was compromised.

Linode, if we can believe what they've said, didn't see any management UI activity in the logs at the time the reboots occurred. This is more consistent with someone using a tool outside of the normal logged events, such as the native VM tools, rather than the UI being broken into.

Please do not mix things. There are two separate issues:
1. - the security of the server that your client is talking to.
2. - the security of the software running on your computer.

1. It is completely impossible for an Electrum server to steal your coins, because transactions are signed locally. The only way to steal your coins would be to compromise your own computer.
2. Someone gaining access to the server that distributes the software could insert malicious code in the software that is being distributed. (the tar.gz or .zip file, or the executable). Such an attack would only affect the users who downloaded and installed software between the time of the attack and the time where the attack is discovered. This kind of attack is possible for any type of bitcoin client (even the official one). It is mitigated by scrutiny from the community.

Please understand that the situation is very different if you use a web wallet such as blockchain.info. If you use a web wallet, points 1 and 2 are not distinct; an attacker who gains control of the server will modify the javascript code that is sent by the server. The danger is amplified by the fact that your web browser will update the javascript code running on your computer everytime you use the service, and not just when you decide to upgrade your client. Thus, if the server is compromised, then the attacker can quickly replace the javascript code running in the web browser of all clients, and do whatever they want.

Lesson learned: private keys (wallet.dat) are just that: private. Once you put them out there, cloud, webserver, hosting server, email, etc, THEY ARE NO LONGER PRIVATE.

Can we move along now?

Yes this is a problem sometimes

Markets can remain irrational for longer than I can remain solvent.

yeah i never said it was the stolen coins that were being sold.

Buy!

This too shall pass.

But in the mean time, I am vexed!