Pages:
Author

Topic: MyBitcoin Back Up! (with a press release) (Read 12351 times)

member
Activity: 154
Merit: 10
August 09, 2011, 11:53:34 AM
I got my 49% too Undecided
legendary
Activity: 2940
Merit: 1090
I thought the guy was a BTC millionaire...if he is, shouldn't he have more than enough to pay back everyone in full and still be left with some money for himself?

Millionaires already thought of that, and countered it by having the government make them officially not liable for the scams they start, provided the scams are not proven to be deliberate scams and provided they get away with the scam and maybe a few other provisions.

What it amounts to is, any deliberate scam with both malice aforethought and enough up front capital to afford it will have some cool logo or notation or afficxation or prefix or suffix along the lines of "LLC" (Limited Liability Corporation), "LTD" (LimiTeD liability corporation), etc (some German acronym, etc etc, maybe various tiny states established purely for the purpose of running an offshore scams industry might even allow these warning labels to be left off, or use a warning label many people in the world have not yet learned to see as a red flag aka warning label, but basically they are all red flags warning you of a government-approved scam in progress or the intent to escape liability for anything that might go wrong can go wrong or is intended to go wrong, subject some provisikons maybe if you are lucky.

-MarkM- (Kids are responsible to parents; politicians are officially irresponsible, specifically not liable for consequences of laws they pass...)
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
I thought the guy was a BTC millionaire...if he is, shouldn't he have more than enough to pay back everyone in full and still be left with some money for himself?
donator
Activity: 2772
Merit: 1019
One can now claim 49% of the funds, it seems: https://mybitcoin.com

I claimed and received 49% of my 0.3 BTC Wink
hero member
Activity: 686
Merit: 564
There is actually a simple way to still keep the 50btc - you just need to pay it to the mybitcoin depodit address that your other funds are being sent too.. then, assuming mybitcoin accepts it, you get to keep the 50BTC also.
As I understand it, MyBitcoin didn't accept deposits that came directly from generation transactions - the 50 BTC would never get credited to your account no matter what happened. Most Bitcoin wallet sites have the same limitation.
member
Activity: 147
Merit: 11
The day to rise has come.
Maybe once he saw the posts about a bounty on his head, he got a little antsy.  These geeks are some great detectives.
this wasn't clear... the bounty will be on the hacker of my bitcoin .. maybe thats Tom Williams him self, and maybe not ..
How much $$$$$ is that bounty?

so far we have a poeple have committed a total of 25 btc

how ever we these poeple are holding on to the coins themselves, seeing how no one seems to trust anyone these days

Due to the amount of Bitcoins we are talking Millions of dollars here are we not??? I did not have any coins there, but I am willing to pledge Money, Time, Resources and I think everyone who has lost a significant amount would contribute in some way to at least try and recoup the loss! Where is it upto?
If anyone -or me- is going to put a lot of time and effort into catching that guy, it better be rewarding.
Does anyone have Tom Williams' email address or something? i am pretty sure their server has a lead Smiley
newbie
Activity: 52
Merit: 0
I can't believe that this wasn't foreseen. Bitcoin transactions can be reversed, it happens. It's absolutely irresponsible to not reconcile the block chain against your accounting backend every so many blocks.

This was forseen:

MyBitcoin is still accepting payments with only 1 confirmation. This is insane for a bank. Any miner capable of mining two blocks in a row can steal money from MyBitcoin pretty easily. I'm surprised no one has attempted it yet.

There's another attack made possible by accepting payments with less than 6 confirmations that would allow you to see exactly which coins MyBitcoin has, and possibly do other damage.

This is not a fault with bitcoin, and bitcoin transactions still can't be 'reversed'.  Anyone accepting bitcoins should be waiting for more than 1 confirmation.  Sensationalist posts saying 'Bitcoin transactions can be reversed' don't help.

Will



I'd hardly call my tone or point sensationalist. Transactions can be reversed, although maybe you'd prefer the term "discarded" or "ignored" rather than reversed.
I agree, this is not a flaw in bitcoin itself, but rather related entirely to implementation on the part of MyBitcoin.
full member
Activity: 212
Merit: 100
If you're creating an orphaned block then you wouldn't get the 50btc... so your whole reward would be the stolen coins.
[/quote]
For this scam to work, your block must get orphaned.
It's a possibility still that your block would get picked up by the next miner/pool who solves a block, in which case, your attack didn't work, but you got the 50 btc.
[/quote]

There is actually a simple way to still keep the 50btc - you just need to pay it to the mybitcoin depodit address that your other funds are being sent too.. then, assuming mybitcoin accepts it, you get to keep the 50BTC also.
hero member
Activity: 767
Merit: 500
I can't believe that this wasn't foreseen. Bitcoin transactions can be reversed, it happens. It's absolutely irresponsible to not reconcile the block chain against your accounting backend every so many blocks.

This was forseen:

MyBitcoin is still accepting payments with only 1 confirmation. This is insane for a bank. Any miner capable of mining two blocks in a row can steal money from MyBitcoin pretty easily. I'm surprised no one has attempted it yet.

There's another attack made possible by accepting payments with less than 6 confirmations that would allow you to see exactly which coins MyBitcoin has, and possibly do other damage.

This is not a fault with bitcoin, and bitcoin transactions still can't be 'reversed'.  Anyone accepting bitcoins should be waiting for more than 1 confirmation.  Sensationalist posts saying 'Bitcoin transactions can be reversed' don't help.

Will

newbie
Activity: 52
Merit: 0


Step 2 is a problem, not impossible, but would require a substantial mining investment.   If i took all of my $X000 investment in mining gear I would be able to do that about once a month and it would not be guaranteed each time I solved a block. 


But, if you're mining anyway and can steal a couple hundred extra bitcoins half the time you solve a block; this is a pretty good scam.

If you're creating an orphaned block then you wouldn't get the 50btc... so your whole reward would be the stolen coins.
For this scam to work, your block must get orphaned.
It's a possibility still that your block would get picked up by the next miner/pool who solves a block, in which case, your attack didn't work, but you got the 50 btc.

Worst case scenario, MyBitcoin picks up the other block before you announce yours. In which case, you only lost time and electric.
I'd say a pretty good investment for a scammer with a few thousand btc they'd like to double.

I can't believe that this wasn't foreseen. Bitcoin transactions can be reversed, it happens. It's absolutely irresponsible to not reconcile the block chain against your accounting backend every so many blocks.
Also, simply delaying larger deposits for more confirms would mitigate this.
member
Activity: 97
Merit: 10


Step 2 is a problem, not impossible, but would require a substantial mining investment.   If i took all of my $X000 investment in mining gear I would be able to do that about once a month and it would not be guaranteed each time I solved a block. 


But, if you're mining anyway and can steal a couple hundred extra bitcoins half the time you solve a block; this is a pretty good scam.

If you're creating an orphaned block then you wouldn't get the 50btc... so your whole reward would be the stolen coins.
newbie
Activity: 53
Merit: 0
My MBC account address shows all the coins still in it, no transfers out.  Hopefully this means that 100% of them will be available to me and there will not be some BS about losing part of mine to compensate someone else.
eof
full member
Activity: 156
Merit: 100


Step 2 is a problem, not impossible, but would require a substantial mining investment.   If i took all of my $X000 investment in mining gear I would be able to do that about once a month and it would not be guaranteed each time I solved a block. 


But, if you're mining anyway and can steal a couple hundred extra bitcoins half the time you solve a block; this is a pretty good scam.
newbie
Activity: 52
Merit: 0
Understood.  I was commenting on how hard it is to generate a single block though six months ago it was not so hard.

Ahh, yeah, it would require some time. But even if your attempts fail, you are still rewarded with 50 btc for your efforts.

I don't expect that the person responsible bought into mining just for this scam. I'm sure it was an established miner, or more likely, this is all a made up story.
legendary
Activity: 1386
Merit: 1004
Understood.  I was commenting on how hard it is to generate a single block though six months ago it was not so hard.
newbie
Activity: 52
Merit: 0
I'm surprised that, even with 1 block confirmations, stealing bitcoins in the way that Tom describes would be feasible without a considerable amount of compromised computing power.  If my understanding is correct, for an attack to succeed an attacker would have to compute 2 blocks containing their false transactions before the rest of the network computes one.  This computation could be done offline so the attacker could wait until they have been lucky and computed these blocks before publishing them, but it would still require a non-insubstantial amount of compute or waiting a long time before being able to make the attack.

I'm not saying that pools are involved in this, but if even a small pool was involved, then this attack would be a lot more believable.

Will

I'm pretty sure it would work something like this.

1.) Peer directly to the bitcoind running on MyBitcoin.
2.) Solve the next block with your dubious transactions.
3.) Wait for someone else to solve the block you solved.
4.) After the same block was found, but before MyBitcoin's bitcoind hears it, announce your dubious block to MyBitcoin.
5.) That is 1 confirm, funds will now show up. Transfer the funds out, the next block on the network will orphan your dubious one.

Step 2 is a problem, not impossible, but would require a substantial mining investment.   If i took all of my $X000 investment in mining gear I would be able to do that about once a month and it would not be guaranteed each time I solved a block. 

No, I'm not saying you have to generate two successive blocks.
Just generate a given block first.

By dubious transactions, I mean legitimate coins sent to MyBitcoin that will get reversed once your block gets orphaned, but only after the funds are confirmed on MyBitcoin.
legendary
Activity: 1386
Merit: 1004
I'm surprised that, even with 1 block confirmations, stealing bitcoins in the way that Tom describes would be feasible without a considerable amount of compromised computing power.  If my understanding is correct, for an attack to succeed an attacker would have to compute 2 blocks containing their false transactions before the rest of the network computes one.  This computation could be done offline so the attacker could wait until they have been lucky and computed these blocks before publishing them, but it would still require a non-insubstantial amount of compute or waiting a long time before being able to make the attack.

I'm not saying that pools are involved in this, but if even a small pool was involved, then this attack would be a lot more believable.

Will

I'm pretty sure it would work something like this.

1.) Peer directly to the bitcoind running on MyBitcoin.
2.) Solve the next block with your dubious transactions.
3.) Wait for someone else to solve the block you solved.
4.) After the same block was found, but before MyBitcoin's bitcoind hears it, announce your dubious block to MyBitcoin.
5.) That is 1 confirm, funds will now show up. Transfer the funds out, the next block on the network will orphan your dubious one.

Step 2 is a problem, not impossible, but would require a substantial mining investment.   If i took all of my $X000 investment in mining gear I would be able to do that about once a month and it would not be guaranteed each time I solved a block. 
newbie
Activity: 52
Merit: 0
I'm surprised that, even with 1 block confirmations, stealing bitcoins in the way that Tom describes would be feasible without a considerable amount of compromised computing power.  If my understanding is correct, for an attack to succeed an attacker would have to compute 2 blocks containing their false transactions before the rest of the network computes one.  This computation could be done offline so the attacker could wait until they have been lucky and computed these blocks before publishing them, but it would still require a non-insubstantial amount of compute or waiting a long time before being able to make the attack.

I'm not saying that pools are involved in this, but if even a small pool was involved, then this attack would be a lot more believable.

Will

I'm pretty sure it would work something like this.

1.) Peer directly to the bitcoind running on MyBitcoin.
2.) Solve the next block with your dubious transactions.
3.) Wait for someone else to solve the block you solved.
4.) After the same block was found, but before MyBitcoin's bitcoind hears it, announce your dubious block to MyBitcoin.
5.) That is 1 confirm, funds will now show up. Transfer the funds out, the next block on the network will orphan your dubious one.
hero member
Activity: 767
Merit: 500
I'm surprised that, even with 1 block confirmations, stealing bitcoins in the way that Tom describes would be feasible without a considerable amount of compromised computing power.  If my understanding is correct, for an attack to succeed an attacker would have to compute 2 blocks containing their false transactions before the rest of the network computes one.  This computation could be done offline so the attacker could wait until they have been lucky and computed these blocks before publishing them, but it would still require a non-insubstantial amount of compute or waiting a long time before being able to make the attack.

I'm not saying that pools are involved in this, but if even a small pool was involved, then this attack would be a lot more believable.

Will
newbie
Activity: 45
Merit: 0
I seem to remember some people complaining months ago that 1 or 2 bitcoin's was missing from there mybitcoin wallets.
So i wonder if the hacker has had access to the site for month's?
 
Pages:
Jump to: