Pages:
Author

Topic: Hacked Linode & coins stolen to 1NRy8GbX56MymBhDYM... - page 8. (Read 62186 times)

legendary
Activity: 1358
Merit: 1002
I obviously get lost whenever I see more than 2k Bitcoins /me drools
sr. member
Activity: 406
Merit: 251
Getting access to the Linode admin UI doesn't give access to the server itself.  You can view the console, but you just get the login prompt.  You still need the server's password to log in.

To reset the password the server has to be shut down so that /etc/shadow can be modified.  At that point they could just go in and grab the data, but they most likely used Linode's password changer to minimize the downtime to a few seconds to help prevent getting caught.

A reboot wouldn't be required if they got access to the Linode hosts, but it doesn't sound like that was the case here.  I'm guessing the exploit is in their web-based server management.

This is by far one of the scariest things about the process.  Considering Slush and the Faucet were compromised at roughly the same time, it points to the flaw being in Linode's administrative control panel.  A -very- scary situation, considering Linode is one of the largest VPS providers around.

I'm late to the party. None of my bitcoind Linodes have been compromised...yet. Come and get 'em...all my coins are hot now.
hero member
Activity: 756
Merit: 500
I'm still waiting what they'll find, but expect they'll try to hide any issue on their side and they will definitely reject to pay 3000 BTC for this attack :-/.


Dude even says he doesn't expect the company to cover this which kinda implied he hoped they would in the first place.
legendary
Activity: 2940
Merit: 1090
It is sad that you have no option of hosting at home, Slush. I always figured it would be stupid to think private keys hosted anywhere else are not compromised and thus as long as they have not yet been stolen to assume it is mostly because there is not yet enough value in them to bother stealing them yet.

I have never considered hosting my private keys anywhere other than a site I physically control and know who else (if anyone) has physical access to. Hence, at home or in some kind of locked bunker no-one else has keys to.

Is there really no way you can get your own home hooked up to the net?

-MarkM-
sr. member
Activity: 406
Merit: 250
I'm half a noob when it comes to exactly how the blockchain can be used to track transactions, but my understanding is that since we have the hash that stole the coins, even if he tries to wash them can't we see at least where big chunks will go?   can we track this money through the block chain?

funny I was wondering the very same thing. I don't get why anyone would steal bitcoin since when you go to "cash out" it could conceivably be red-flagged - then again they could do small amounts  BUT STILL what thief wants to sit there and do $50 cash out at a time ? can anyone explain this?

right... anyone trying to follow the bits?

http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333

Help?

WTF http://blockchain.info/address/0c767fd66d57a601838213fe5da3b20681a85db4

99K Bitcoins?Huh 1 hoop away from the 25k transaction? holly SH************************

You obviously missed the part about the coins leaving and coming back to the same address.

BTC received != BTC total
donator
Activity: 1218
Merit: 1079
Gerald Davis
Remind me why linode should pay you back for your own fuck up? If you're too lazy to search around and to then use a respectable host with reasonable security measures then its your own problem if you lose your own money. It's no different to if I change my gold into fiat dollars, put it into a government backed bank who then goes bust.

Slush never asked or demanded that Linode pay him back so how about you just fuck off for a while?

legendary
Activity: 1358
Merit: 1002
I'm half a noob when it comes to exactly how the blockchain can be used to track transactions, but my understanding is that since we have the hash that stole the coins, even if he tries to wash them can't we see at least where big chunks will go?   can we track this money through the block chain?

funny I was wondering the very same thing. I don't get why anyone would steal bitcoin since when you go to "cash out" it could conceivably be red-flagged - then again they could do small amounts  BUT STILL what thief wants to sit there and do $50 cash out at a time ? can anyone explain this?

right... anyone trying to follow the bits?

http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333

Help?

WTF http://blockchain.info/address/0c767fd66d57a601838213fe5da3b20681a85db4

99K Bitcoins?Huh 1 hop away from the 25k transaction? holly SH************************

Or is that a Bitcoinica or Slushs' address? I can't get my head to understand all those inputs and outputs.
hero member
Activity: 756
Merit: 500
Remind me why linode should pay you back for your own fuck up? If you're too lazy to search around and to then use a respectable host with reasonable security measures then its your own problem if you lose your own money. It's no different to if I change my gold into fiat dollars, put it into a government backed bank who then goes bust.
legendary
Activity: 1330
Merit: 1000
Bitcoin
I'm half a noob when it comes to exactly how the blockchain can be used to track transactions, but my understanding is that since we have the hash that stole the coins, even if he tries to wash them can't we see at least where big chunks will go?   can we track this money through the block chain?

funny I was wondering the very same thing. I don't get why anyone would steal bitcoin since when you go to "cash out" it could conceivably be red-flagged - then again they could do small amounts  BUT STILL what thief wants to sit there and do $50 cash out at a time ? can anyone explain this?

right... anyone trying to follow the bits?

http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333

Help?
hero member
Activity: 490
Merit: 500
... it only gets better...
Blackmail linode... Get money for yourself plus publicity for bitcoin...
legendary
Activity: 1904
Merit: 1037
Trusted Bitcoiner
I'm half a noob when it comes to exactly how the blockchain can be used to track transactions, but my understanding is that since we have the hash that stole the coins, even if he tries to wash them can't we see at least where big chunks will go?   can we track this money through the block chain?

funny I was wondering the very same thing. I don't get why anyone would steal bitcoin since when you go to "cash out" it could conceivably be red-flagged - then again they could do small amounts  BUT STILL what thief wants to sit there and do $50 cash out at a time ? can anyone explain this?

right... anyone trying to follow the bits?
sr. member
Activity: 350
Merit: 250
I never hashed for this...
Looks like Linode has issued a status update:

Interesting. There's remaining question - how attacker found that exactly those eight accounts are running bitcoin services without scanning whole database? It just confirms my opinion that they compared linode database with list of IPs with running bitcoind, but technically they had access to all linode boxes, if they wanted.

It uses the terms "credentials" and mentions that he had to gain individual access to eacher account, so it wasn't a superuser account
legendary
Activity: 924
Merit: 1004
Firstbits: 1pirata
Shit, this guy knows his stuff. Check out the transaction size of the 25k transaction:
http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
Size:   1337 (bytes)

I guarantee that isn't a coincidence.

What's that transaction? Who got jacked out of 25k BTC?

that would be the thief counting his coins in a single stash, seen live as it happened...
legendary
Activity: 1386
Merit: 1097
Looks like Linode has issued a status update:

Interesting. There's remaining question - how attacker found that exactly those eight accounts are running bitcoin services without scanning whole database? It just confirms my opinion that they compared linode database with list of IPs with running bitcoind, but technically they had access to all linode boxes, if they wanted.
legendary
Activity: 1358
Merit: 1002
Shit, this guy knows his stuff. Check out the transaction size of the 25k transaction:
http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
Size:   1337 (bytes)

I guarantee that isn't a coincidence.

What's that transaction? Who got jacked out of 25k BTC?
legendary
Activity: 826
Merit: 1001
rippleFanatic
I think an additional measure would be for services to broadcast transactions from their hot wallets strictly behind proxies (as simple as connecting it to a single, separate bitcoind without a wallet hosted somewhere else?), wherever they are hosted.  That way attackers can't figure out the ip address of your hot wallet just by lurking in #bitcoin.
donator
Activity: 1218
Merit: 1079
Gerald Davis
Regardless, I find it hard to believe that a hacker who supposedly has access to all of the Linodes uses that ability to hijack a few bitcoins.

A "few" bitcoins? troll much?  Looks like at least 4 major bitcoin sites/wallets were hit.  There may be dozens more.  At least 12K BTC were taken in a few minutes.  Could easily be double that.   We are talking six figures in USD, better than most armed bank robberies and a lot safer. You find it "hard to believe" a hacker or dishonest employee would use a foolishly unprotected super admin account to acquire $100K in irrevocable funds for a few minutes of "work"?

legendary
Activity: 1204
Merit: 1015
Shit, this guy knows his stuff. Check out the transaction size of the 25k transaction:
http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
Size:   1337 (bytes)

I guarantee that isn't a coincidence.
legendary
Activity: 1386
Merit: 1097
Regardless, I find it hard to believe that a hacker who supposedly has access to all of the Linodes uses that ability to hijack a few bitcoins.

If you call 13000+ BTC a "few coins", then please send me few coins back. I bet that bitcoins are the most valuable information across Linode servers at all.
newbie
Activity: 20
Merit: 0
Looks like Linode has issued a status update:

Quote
Manager Security Incident

Ensuring the security of our platform is our top priority. We maintain a strong security policy and aim to communicate openly should it ever be compromised. Thus, we are posting to describe a recent incident affecting the Linode Manager.

Here are the facts:

This morning, an intruder accessed a web-based Linode customer service portal. Suspicious events prompted an immediate investigation and the compromised credentials used by this intruder were then restricted.  All activity via the web portal is logged, and an exhaustive audit has provided the following:

All activity by the intruder was limited to a total of eight customers, all of which had references to "bitcoin".  The intruder proceeded to compromise those Linode Manager accounts, with the apparent goal of finding and transferring any bitcoins.  Those customers affected have been notified.  If you have not received a notification then your account is unaffected.  Again, only eight accounts were affected.

The portal does not have access to credit card information or Linode Manager user passwords.  Only those eight accounts were viewed or manipulated -- no other accounts were viewed or accessed.

Security is our number one priority and has been for over eight years. We depend on and value the trust our customers have placed in us. Now, more than ever, we remain committed to ensuring the safety and security of our customers' accounts, and will be reviewing our policies and procedures to prevent this from ever recurring.
Pages:
Jump to: