Author

Topic: Is Bitcoin/Mt.gox under an orchestrated attack to destroy confidence? (Read 6803 times)

hero member
Activity: 728
Merit: 500
Never mind, I figured it out. It's blockexplorer.com
hero member
Activity: 728
Merit: 500

Quote
"ButtSec

Oh hai. We've gained access to some Bitcoin exchange sites. Obviously this includes Mt Gox, which is currently down. Hm wonder why?

Here at Buttsec we're fans of Bitcoin, but we must get the message out there that security is sorely lacking on many of the exchange sites! We will speak with some of these sites in the coming days. If your users aren't given answers, expect some information to make it to the public! ;-)

Yours truly, Buttsec

Bitcoin donations: 15gvHsFAq5RQaFSzUFQUCTCqAjrVoMjv2P
Twitter: @buttsecurity"

I love that somebody donated 0.00000001 to that address.  Even at the highest bitcoins have ever traded, that is still measured in one-hundred thousandths of a cent!
How can you see that someone donated that much? Is there a site where you can track transactions?
full member
Activity: 140
Merit: 101
Gold and silver aren't traded on currency exchanges.....

Are you certain about that?

XAU, XAG, XPT, and XPD -- gold, silver, platinum and palladium.  The only commodities with official currency designations.  And gold and silver are almost always available wherever you get forex quotes (XAU/USD, XAG/USG).

Tony Fell, Chairman Capital Markets, Royal Bank of Canada said in Feb 2007, "At Royal Bank of Canada, we trade gold bullion off our foreign exchange desks rather than our commodity desks, because that's what it is -- a global currency, the only one that is freely tradable and unencumbered by vast quantities of sovereign debt and prior obligations."


Ah, I stand corrected. So we can trade as a currency, commodity and barter!! The best of all worlds.

Thx
newbie
Activity: 53
Merit: 0
Gold and silver aren't traded on currency exchanges.....

Are you certain about that?

XAU, XAG, XPT, and XPD -- gold, silver, platinum and palladium.  The only commodities with official currency designations.  And gold and silver are almost always available wherever you get forex quotes (XAU/USD, XAG/USG).

Tony Fell, Chairman Capital Markets, Royal Bank of Canada said in Feb 2007, "At Royal Bank of Canada, we trade gold bullion off our foreign exchange desks rather than our commodity desks, because that's what it is -- a global currency, the only one that is freely tradable and unencumbered by vast quantities of sovereign debt and prior obligations."
full member
Activity: 140
Merit: 101
but forex is only 6 days a week, 23 hours a day

what'll I do the other day and 6 hours?!?!?!

Update your miners!!!  Smiley
full member
Activity: 168
Merit: 100
but forex is only 6 days a week, 23 hours a day

what'll I do the other day and 6 hours?!?!?!
full member
Activity: 140
Merit: 101
We need to see a forex exchange allow bitcoins and then the MtGox problem is solved.

Yeah, you'd see volume fly then. God knows what would happen to the exchange rate. But is it a currency or commodity? Gold and silver aren't traded on currency exchanges.....
legendary
Activity: 2100
Merit: 1000
We need to see a forex exchange allow bitcoins and then the MtGox problem is solved.

+1 spot on!
legendary
Activity: 1414
Merit: 1000
HODL OR DIE
We need to see a forex exchange allow bitcoins and then the MtGox problem is solved.
full member
Activity: 140
Merit: 101
Sorry to carry the bad news, but if this news checks out:

http://www.bighaber.com/haber/bitcoin-exchanges-offer-anti--money-laundering-aid-929817.html

Rather start to redesign exchanges, Mt.Gox is pretty much dead. This got to be a hard blow in the trust, the "aid offer" will be taken not only for bust drug dealers but to let the government stuck its nose on all BTC economy, from drugs and guns up to undeclared T-Shirt sales, making bitcoin the unsafer currency around.

So you expect an exchange that wants to be legitimate to not cooporate with authorities, no matter how "right" you may think it is as long as it is legal. Please explain how you expect it to work in the real world.

I'm with padrino on this one. It's not reasonable to think BTC is going to operate without any government intervention at all. Most people just really aren't thinking this through.

If I buy a shirt from padrino and send him BTC and he mails me a shirt, I have a shirt and no one's the wiser.

If I send Mt. Gox 1,000 BTC and sell them on the market and the gov gets involved well now what?

If I go to Forex.com and trade currency I'm expected to pay capital gains on my profit. No one likes taxes but it's the way it is. If you're hoping BTC is going to provide you a life of no taxes and freedom from from gov you are in the wrong century.

If BTC is going to be legitimate it needs to operate the same way a currency does and the community needs to grow up about this. No one likes to hear about any form of criminal activity but on what grounds can they "ban" BTC because someone wants to launder cash? You would have to ban cash itself!!! Gov may want to regulate it but criminalising BTC could be very dangerous for them.

It wouldn't go away for one. It would heighten people's awareness of it. And it would crystalize the black market and force the participants to refine and advance their methodologies. BTC is here to stay so "they" have to deal with it just as we have to deal with "them".

Like it or not.

What we need to put thought to as a community is: is BTC a commodity or currency? What's the cost basis for profit determination?
newbie
Activity: 52
Merit: 0

Quote
"ButtSec

Oh hai. We've gained access to some Bitcoin exchange sites. Obviously this includes Mt Gox, which is currently down. Hm wonder why?

Here at Buttsec we're fans of Bitcoin, but we must get the message out there that security is sorely lacking on many of the exchange sites! We will speak with some of these sites in the coming days. If your users aren't given answers, expect some information to make it to the public! ;-)

Yours truly, Buttsec

Bitcoin donations: 15gvHsFAq5RQaFSzUFQUCTCqAjrVoMjv2P
Twitter: @buttsecurity"

I love that somebody donated 0.00000001 to that address.  Even at the highest bitcoins have ever traded, that is still measured in one-hundred thousandths of a cent!
newbie
Activity: 24
Merit: 0
Banks do that, yet they don't it random and voluntarily, they've rules. It's not like you've 100 US, they can't figure out where you got it, on your account and they go on report it to IRS.
One thing is to co-op on demand and within the boundaries of law, other to go on secret co-op arrangements with foreigner authorities. Basically a Japanese and a British are just declaring they will rat their transaction log to the American DEA.
legendary
Activity: 1428
Merit: 1000
https://www.bitworks.io
Sorry to carry the bad news, but if this news checks out:

http://www.bighaber.com/haber/bitcoin-exchanges-offer-anti--money-laundering-aid-929817.html

Rather start to redesign exchanges, Mt.Gox is pretty much dead. This got to be a hard blow in the trust, the "aid offer" will be taken not only for bust drug dealers but to let the government stuck its nose on all BTC economy, from drugs and guns up to undeclared T-Shirt sales, making bitcoin the unsafer currency around.

So you expect an exchange that wants to be legitimate to not cooporate with authorities, no matter how "right" you may think it is as long as it is legal. Please explain how you expect it to work in the real world.
newbie
Activity: 24
Merit: 0
Sorry to carry the bad news, but if this news checks out:

http://www.bighaber.com/haber/bitcoin-exchanges-offer-anti--money-laundering-aid-929817.html

Rather start to redesign exchanges, Mt.Gox is pretty much dead. This got to be a hard blow in the trust, the "aid offer" will be taken not only for bust drug dealers but to let the government stuck its nose on all BTC economy, from drugs and guns up to undeclared T-Shirt sales, making bitcoin the unsafer currency around.
full member
Activity: 124
Merit: 100
Even a 100mbit/s downlink DDoS costs about $500 per day on russian forums by western union.
Utilizing a big botnet is not free at all.
Not if you own the botnet and do it "for the lulz" which may be the case ...
sr. member
Activity: 252
Merit: 251
http://securityforthemasses.blogspot.com/2011/06/bitcoin-exchanges-hacked-by-buttsec.html

Looks like Mt Gox has been compromised, but more to prove lack of security and less to do with destroying bitcoin confidence.

We are not compromised, however our current ISP has troubles coping with the DDoS.

Note that a DDoS has nothing to do with security. Security usually involves getting inside the site to steal stuff (for example) while DDoS just means sending a lot of legitimate-looking traffic to make the site go down.

Anyway we'll be moving to a much stronger solution soon (contract already signed, waiting for setup).

The site has been slow for what, a week (or more)?

Even if the site wasn't compromised, someone must benefit from it; Even a 100mbit/s downlink DDoS costs about $500 per day on russian forums by western union.
Utilizing a big botnet is not free at all.

I still fail to see the motive though. Driving people to other exchanges? Undermining bitcoin? Seems pretty expensive.
vip
Activity: 608
Merit: 501
-
http://securityforthemasses.blogspot.com/2011/06/bitcoin-exchanges-hacked-by-buttsec.html

Looks like Mt Gox has been compromised, but more to prove lack of security and less to do with destroying bitcoin confidence.

We are not compromised, however our current ISP has troubles coping with the DDoS.

Note that a DDoS has nothing to do with security. Security usually involves getting inside the site to steal stuff (for example) while DDoS just means sending a lot of legitimate-looking traffic to make the site go down.

Anyway we'll be moving to a much stronger solution soon (contract already signed, waiting for setup).
hero member
Activity: 809
Merit: 501
Always verify deals with me through my public key!
Check out the decreasing volumes after each attack. People are backing off for the moment. Good news for the other exchanges and something to be watched.
full member
Activity: 140
Merit: 101
seems like TradeHill is now under attack Sad

They've been under routine maintenance. Did I miss something?
full member
Activity: 124
Merit: 100
seems like TradeHill is now under attack Sad
Hm, in what way? Works for me it seems ...
newbie
Activity: 56
Merit: 0
seems like TradeHill is now under attack Sad
full member
Activity: 210
Merit: 100
The security status of the exchanges is not helpful to build the needed confidence for bitcoin.
This is nothing against MtGox specifically, but to me all exchanges lack the minimum security measures that typical exchanges have.
Unless this is improved significantly, why would someone take the risk to invest significant funds? If at the same time he reads the DDOS attacks, password stalling, fund stealing... Strong efforts need to be made to provide at least standard security: I.e. transaction number verificaton per each trade, etc.


Sounds like Craigslist would be safer...... "Pay cash in person, bring laptop".

Not very efficient.

Well, on the positive side at least we can expect great volatility in the markets for the next couple of days. But i do hope they put together something more solid, and at least halt trading/transactions until this is fixed, this is embarrassing to say the least.
full member
Activity: 140
Merit: 101
The security status of the exchanges is not helpful to build the needed confidence for bitcoin.
This is nothing against MtGox specifically, but to me all exchanges lack the minimum security measures that typical exchanges have.
Unless this is improved significantly, why would someone take the risk to invest significant funds? If at the same time he reads the DDOS attacks, password stalling, fund stealing... Strong efforts need to be made to provide at least standard security: I.e. transaction number verificaton per each trade, etc.


Sounds like Craigslist would be safer...... "Pay cash in person, bring laptop".
full member
Activity: 134
Merit: 100
Has any of the "hacking incidents" got confirmed or acknowledged by by Mt.Gox? I'm not aware of such a confirmation ... I would push for an official statement to make sure this is not a FUD campaign by some people ... I do not want to accuse anyone of anything but this is the Internet - it generally isn't a good idea to take a word of some anonymous pseudonym on a forum seriously especially in cases where money is involved.

In one instance the "victim" claimed to have $7,000 withdrawn even that only $1,000 is possible a day, something doesn't smell right here.


Oh, hey, I'm pretty sure that's me.

I can't vouch for the other claims, but I really was. I talked to MagicalTux about it, and he can verify my claims. This is not to say this isn't part of an orchestrated attack, as it would seem that someone is brute forcing passwords, which plays into the greater narrative of something fishy going on. I know I'll never convince everyone that I'm being honest as this is the internet and all, but whatever. All I was ever saying is that people need to make sure to not be naive about their password security, not that Mt. Gox shouldn't be trusted (though they do need some sort of secondary to password account confirmation!!).
legendary
Activity: 2100
Merit: 1000
The security status of the exchanges is not helpful to build the needed confidence for bitcoin.
This is nothing against MtGox specifically, but to me all exchanges lack the minimum security measures that typical exchanges have.
Unless this is improved significantly, why would someone take the risk to invest significant funds? If at the same time he reads the DDOS attacks, password stalling, fund stealing... Strong efforts need to be made to provide at least standard security: I.e. transaction number verificaton per each trade, etc.
full member
Activity: 140
Merit: 101
http://securityforthemasses.blogspot.com/2011/06/bitcoin-exchanges-hacked-by-buttsec.html

Looks like Mt Gox has been compromised, but more to prove lack of security and less to do with destroying bitcoin confidence.

Well, the statement implies that Mt.Gox is down because it was "compromised", as far as I understand it is actually under DDoS attack ... if it's "compromised" what is the need for a DDoS to take it down? I don't know ... by whatever the case, it seems "Buttsec" doesn't have evil intentions Wink

Quote
"ButtSec

Oh hai. We've gained access to some Bitcoin exchange sites. Obviously this includes Mt Gox, which is currently down. Hm wonder why?

Here at Buttsec we're fans of Bitcoin, but we must get the message out there that security is sorely lacking on many of the exchange sites! We will speak with some of these sites in the coming days. If your users aren't given answers, expect some information to make it to the public! ;-)

Yours truly, Buttsec

Bitcoin donations: 15gvHsFAq5RQaFSzUFQUCTCqAjrVoMjv2P
Twitter: @buttsecurity"

That's interesting. After explaining to my fiance what a DDOS was she asked why anyone would do that. I said one reason (among many) would be supporters who would try and point out obvious security flaws.....

Seems everyone is starting to see the potential for much money to be made here and are putting the cart before the horse at the expense of security. Everyone needs to breathe deeply as this evolves....   Cool
full member
Activity: 124
Merit: 100
http://securityforthemasses.blogspot.com/2011/06/bitcoin-exchanges-hacked-by-buttsec.html

Looks like Mt Gox has been compromised, but more to prove lack of security and less to do with destroying bitcoin confidence.

Well, the statement implies that Mt.Gox is down because it was "compromised", as far as I understand it is actually under DDoS attack ... if it's "compromised" what is the need for a DDoS to take it down? I don't know ... by whatever the case, it seems "Buttsec" doesn't have evil intentions Wink

Quote
"ButtSec

Oh hai. We've gained access to some Bitcoin exchange sites. Obviously this includes Mt Gox, which is currently down. Hm wonder why?

Here at Buttsec we're fans of Bitcoin, but we must get the message out there that security is sorely lacking on many of the exchange sites! We will speak with some of these sites in the coming days. If your users aren't given answers, expect some information to make it to the public! ;-)

Yours truly, Buttsec

Bitcoin donations: 15gvHsFAq5RQaFSzUFQUCTCqAjrVoMjv2P
Twitter: @buttsecurity"
sr. member
Activity: 364
Merit: 252
http://securityforthemasses.blogspot.com/2011/06/bitcoin-exchanges-hacked-by-buttsec.html

Looks like Mt Gox has been compromised, but more to prove lack of security and less to do with destroying bitcoin confidence.
full member
Activity: 124
Merit: 100
This got me thinking ... a bunch of interesting events happened recently:

1) first there was a panic sell off which was further fueled on these forums by a group of trolls until measures were taken to get it under control
2) Mt.Gox got crashed what was a middle of the night in Japan where it is located
3) DDoS on Bitcoin website along with Mt.Gox again in the middle of the night and previously other sites
4) mounting suspicious cases of reported "hacked accounts" on Mt.Gox

Any one of these events alone would be non-conclusive and probably coincidence or true incident but taken all together it may appear there is a group that is trying to ruin confidence in Bitcoin. Motives to do so may be numerous ... the simplest one is profit, make people sell and then buy cheap, wait for the price to go up again - profit!

Has any of the "hacking incidents" got confirmed or acknowledged by by Mt.Gox? I'm not aware of such a confirmation ... I would push for an official statement to make sure this is not a FUD campaign by some people ... I do not want to accuse anyone of anything but this is the Internet - it generally isn't a good idea to take a word of some anonymous pseudonym on a forum seriously especially in cases where money is involved.

In one instance the "victim" claimed to have $7,000 withdrawn even that only $1,000 is possible a day, something doesn't smell right here.

So be careful people and do not panic, it's possible that's exactly the goal of such campaign. Every time someone alleges his funds got stolen demand official statement from Mt'Gox whether they can confirm or deny such claims.
Jump to: