Pages:
Author

Topic: Nevermind.. Acct wasnt hacked (Read 4742 times)

legendary
Activity: 1708
Merit: 1020
March 08, 2012, 02:53:01 AM
#62
Quote
what a hassle to go through, playing detective for mtgox.
Centralization. Always bad. No exceptions.
+1  though sometimes it's hard to get around it
hero member
Activity: 756
Merit: 522
March 07, 2012, 10:15:55 AM
#61
Quote
what a hassle to go through, playing detective for mtgox.
Centralization. Always bad. No exceptions.
legendary
Activity: 2506
Merit: 1010
March 04, 2012, 10:27:29 PM
#60
No, wrong.  That's exactly what the client will do on its own.  If I send you 2 separate payments to the same address, they stay as two separate payments to that address.  And if you spend them both at once, they'll show up as two inputs from the same address in the transaction.  That's the only time that separate payments ever get 'mixed'.

I should have known that.  Thanks for clarifying!  I found in the wiki a little more explanation:
 - https://en.bitcoin.it/wiki/Transactions#Input
legendary
Activity: 2940
Merit: 1333
March 04, 2012, 09:41:40 PM
#59
I saw how BlockExplorers shows that a single address ( 1NRy8GbX56MymBhDYMyqsNKwW9VupqKVG7 ) shows twice as inputs in that transaction so was thinking this was some script-fu to cause the length to be 1337.  The client won't do that on its own though, right?

No, wrong.  That's exactly what the client will do on its own.  If I send you 2 separate payments to the same address, they stay as two separate payments to that address.  And if you spend them both at once, they'll show up as two inputs from the same address in the transaction.  That's the only time that separate payments ever get 'mixed'.
legendary
Activity: 2506
Merit: 1010
March 04, 2012, 01:58:20 PM
#58
Seems coincidental.

Don't let the facts get in the way of a good story!   Smiley

I saw how BlockExplorers shows that a single address ( 1NRy8GbX56MymBhDYMyqsNKwW9VupqKVG7 ) shows twice as inputs in that transaction so was thinking this was some script-fu to cause the length to be 1337.  The client won't do that on its own though, right?
 - http://blockexplorer.com/tx/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
March 04, 2012, 07:43:28 AM
#57
Wouldn't a 'leet' thief modify their bitcoin client to make all the 7/2 transactions use a size of exactly 1337?

Agreed wholeheartedly.

Seems coincidental.

If I had done it, they would have all been 8008135 bytes each.
legendary
Activity: 2940
Merit: 1333
March 04, 2012, 06:03:21 AM
#56
The exact number was 1337.

http://www.urbandictionary.com/define.php?term=1337
http://en.wikipedia.org/wiki/Leet

The digits look like "LEET", as in "elite".

while I hope they catch the guy I have to pull my hat to this move - it's almost blockchain art.  Smiley

I was just looking at it.  I recently made a post on stackexchange explaining how to calculate the size of a transaction before you send it:  http://bitcoin.stackexchange.com/a/3011/659

( "if your transaction has in inputs and out outputs, the transaction size, in bytes will be: in*180 + out*34 + 10 plus or minus 'in' )

It turns out that if your transaction has 7 inputs and 2 outputs, then the transaction size is 1338 plus/minus 7, but with a binomial distribution.  This means that 1338 is the most common size (21% of 7-in, 2-out transactions), then 1337 and 1339 are the next most common (18.3% each), etc.  Over 94% of 7-in 2-out transactions have a size between 1335 and 1341 inclusive.  So perhaps the 1337 *was* just a coincidence.  It's not a rare transaction size.

Looking at the first ten 7-in 2-out transactions made by the thief while laundering his spoils, we see a random distribution of transaction sizes:

Code:
size 1337 - tx d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
size 1337 - tx 4533991cd3072d04ffbae4bc97ac0d69c4111d2266a99a2a3853eb28acf87315
size 1340 - tx d396e1f3117c7516270e68041f50183540aeece29860a8d8bb4ca00b4dd5b202
size 1336 - tx afea4f38c1a6c42303e41462df5671aaeb439f047808cc330b911668446d3b9a
size 1340 - tx eaa4390039b8c31fe8e2c7af80494eb47ccbd4456906b461c20e58bea7a38aff
size 1339 - tx 50fe1017ea020e0f20f45cb71d855dc8f935e5db654824f7355ae0258d5fc897
size 1337 - tx 3472d8d9bcda865fbf3c34f68e4c87dc85b8fac0d37495cf2d29e887fb033532
size 1340 - tx ea49f5cd1998a218023a4f1b9f6eff6fe3a5ce41e2c3cb71640e1205b92dc44d
size 1336 - tx 8c05029e5d2b49d1cf7881f29fc3978632f858620efaeb58fb5cb5abc5ec4611
size 1338 - tx d5c18faaa0f4daf8440b20905ef8a6eba49f09aa6178af115b51b35110eb34d6

Wouldn't a 'leet' thief modify their bitcoin client to make all the 7/2 transactions use a size of exactly 1337?
legendary
Activity: 1708
Merit: 1020
March 04, 2012, 05:43:02 AM
#55
After a first sweep to consolidate stolen coins the thief's next movement was a transaction for 25,000 BTC.  The size for that transaction was 1337 bytes.    Someone with sufficient skill to create a transaction so that its size is specifically a certain number of bytes is going to know what steps are necessary to avoid detection.
 - http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
 - http://blockchain.info/tree/2893660

I'm not sure I understand the significance of a transaction being an exact number of bytes, other than a smaller transaction having a higher priority.  Care to explain?

The exact number was 1337.

http://www.urbandictionary.com/define.php?term=1337
http://en.wikipedia.org/wiki/Leet

The digits look like "LEET", as in "elite".

while I hope they catch the guy I have to pull my hat to this move - it's almost blockchain art.  Smiley

edit: it was only coincidence, read below

legendary
Activity: 2940
Merit: 1333
March 04, 2012, 03:03:50 AM
#54
After a first sweep to consolidate stolen coins the thief's next movement was a transaction for 25,000 BTC.  The size for that transaction was 1337 bytes.    Someone with sufficient skill to create a transaction so that its size is specifically a certain number of bytes is going to know what steps are necessary to avoid detection.
 - http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
 - http://blockchain.info/tree/2893660

I'm not sure I understand the significance of a transaction being an exact number of bytes, other than a smaller transaction having a higher priority.  Care to explain?

The exact number was 1337.

http://www.urbandictionary.com/define.php?term=1337
http://en.wikipedia.org/wiki/Leet

The digits look like "LEET", as in "elite".
hero member
Activity: 726
Merit: 500
March 04, 2012, 02:36:27 AM
#53
After a first sweep to consolidate stolen coins the thief's next movement was a transaction for 25,000 BTC.  The size for that transaction was 1337 bytes.    Someone with sufficient skill to create a transaction so that its size is specifically a certain number of bytes is going to know what steps are necessary to avoid detection.
 - http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
 - http://blockchain.info/tree/2893660

I'm not sure I understand the significance of a transaction being an exact number of bytes, other than a smaller transaction having a higher priority.  Care to explain?
hero member
Activity: 784
Merit: 1009
firstbits:1MinerQ
March 04, 2012, 02:14:02 AM
#52
I saw a post here yesterday where the user explored the trail of the allinvain heist of 25,000 BTC. Since that occurred (what, 9 months ago or so?) it can now be traced into almost a million addresses including 9 of the poster himself.

That was me.

It's 100k addresses, and 8 of mine, but you were close.

http://bitcoin.stackexchange.com/a/2900/659
Ah, yes. I really scrambled them up. I was mixing pizza and allinvain figures. Still shows how they really permeate the currency. I was too lazy to go find the link so very good you posted here.
legendary
Activity: 2940
Merit: 1333
March 04, 2012, 01:56:11 AM
#51
I saw a post here yesterday where the user explored the trail of the allinvain heist of 25,000 BTC. Since that occurred (what, 9 months ago or so?) it can now be traced into almost a million addresses including 9 of the poster himself.

That was me.

It's 100k addresses, and 8 of mine, but you were close.

http://bitcoin.stackexchange.com/a/2900/659
legendary
Activity: 2506
Merit: 1010
March 03, 2012, 09:23:41 PM
#50
An investigation that would lead to what exactly?

If he used his own pc without tor or proxy or used the account for usd deposits/withdrawals, locating him might be possible.

After a first sweep to consolidate stolen coins the thief's next movement was a transaction for 25,000 BTC.  The size for that transaction was 1337 bytes.    Someone with sufficient skill to create a transaction so that its size is specifically a certain number of bytes is going to know what steps are necessary to avoid detection.
 - http://blockchain.info/tx-index/2893660/d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333
 - http://blockchain.info/tree/2893660
legendary
Activity: 3472
Merit: 1724
March 03, 2012, 07:31:30 PM
#49
I don't know how much cryptoxchange is involved but whomever's account sold the coins is a good spot to start the investigation.  There are posts all over the forum about the stolen BTC and where a good portion are right now.
An investigation that would lead to what exactly?

If he used his own pc without tor or proxy or used the account for usd deposits/withdrawals, locating him might be possible.
Bro
full member
Activity: 218
Merit: 100
March 03, 2012, 10:17:36 AM
#48
So thief puts coins on CryptoXchange to sell. The price is driven down as buyers flock over to get some cheap coins - arbitrage. Then they hear that the coins are coming from the theft and start to avoid because they're worried they'll be held up and don't want the hassle. So the volume dries up and CryptoXchange realizes that to stay liquid and competitive with other exchanges they need to watch for stolen coins like MtGox.

this.
hero member
Activity: 714
Merit: 500
March 03, 2012, 10:16:25 AM
#47
Watching.
donator
Activity: 980
Merit: 1000
March 03, 2012, 07:59:39 AM
#46
Sorry, but this is MtGox self-appointing themselves as BTC police. Beats me how can they require anything outside of their ToS on the spot and without any warnings. The truth of the matter is that they cannot prove these coins got to this user legitimately or not while we preserve anonymous transactions in the system. The only way would be to enforce identification for all transactions and even then it's possible to fake an identity.

Now I'm keeping my public keys as private as I can, lest someone "donate" coins to me out of the blue and taint me.
But it is in their TOS. And I saw a post here yesterday where the user explored the trail of the allinvain heist of 25,000 BTC. Since that occurred (what, 9 months ago or so?) it can now be traced into almost a million addresses including 9 of the poster himself. So pretty much all coins get tainted over time. That isn't at all what MtGox is looking at. I'm pretty sure they're looking at ones where investigating may help trace how they got to the member. To be useful at all this would limit it to just a few transactions in depth. Maybe even just one deep.

MtGox is looking at the closest tainted coins I guess. Taint (properly calculated) wouldn't be binary. Over time that would grow exponentially, as you said. But you can have likelihood measures of taint, in proportion to the size and length (sequential number) of transactions. This doesn't stop anyone from randomly giving you a significant amount of stolen coins, just because you have some already, making you immediately highly suspicious.
hero member
Activity: 784
Merit: 1009
firstbits:1MinerQ
March 03, 2012, 07:53:36 AM
#45
Sorry, but this is MtGox self-appointing themselves as BTC police. Beats me how can they require anything outside of their ToS on the spot and without any warnings. The truth of the matter is that they cannot prove these coins got to this user legitimately or not while we preserve anonymous transactions in the system. The only way would be to enforce identification for all transactions and even then it's possible to fake an identity.

Now I'm keeping my public keys as private as I can, lest someone "donate" coins to me out of the blue and taint me.
But it is in their TOS. And I saw a post here yesterday where the user explored the trail of the allinvain heist of 25,000 BTC. Since that occurred (what, 9 months ago or so?) it can now be traced into almost a million addresses including 9 of the poster himself. So pretty much all coins get tainted over time. That isn't at all what MtGox is looking at. I'm pretty sure they're looking at ones where investigating may help trace how they got to the member. To be useful at all this would limit it to just a few transactions in depth. Maybe even just one deep.
donator
Activity: 980
Merit: 1000
March 03, 2012, 06:30:14 AM
#44
They will not confiscate the bitcoins

i wouldn't be so quick to assume that.

i'm sure that assumption is based on the amount, 7 btc, right?

what if it had been 7000 btc or 43000 btc? would mtgox confiscate them then? i'm thinking 'yes'.


Of course they wouldn't confiscate them, if they were satisfied that you weren't the thief. This account suspension occurs more often than you think it does, and as far as I know gets rectified reasonably quickly.

Sorry, but this is MtGox self-appointing themselves as BTC police. Beats me how can they require anything outside of their ToS on the spot and without any warnings. The truth of the matter is that they cannot prove these coins got to this user legitimately or not while we preserve anonymous transactions in the system. The only way would be to enforce identification for all transactions and even then it's possible to fake an identity.

Now I'm keeping my public keys as private as I can, lest someone "donate" coins to me out of the blue and taint me.
legendary
Activity: 1358
Merit: 1002
March 03, 2012, 04:19:16 AM
#43
uh oh  Undecided
Pages:
Jump to: