Pages:
Author

Topic: The bitomat exchange lost their wallet - selling exchange for 17,000 BTC!! (Read 9382 times)

full member
Activity: 210
Merit: 100
firstbits: 121vnq
I can understand (well, I can't really, but I can pretend to understand) not quite understanding how Amazon's instances work. What I can't even begin to understand is having all the coins in one wallet and not having backups of the wallet spread across multiple places. What kind of fucking businesses are these?

I hope that they get their asses sued off in court and all the users recover their money.
legendary
Activity: 1386
Merit: 1004
I did a translate on the page and they indeed say they are back up.  They are back up with everyone having ZERO BTC.  No accounts I assume as well.  Like a clean slate.   Would you trust them or mybitcoin.com if they came back up?
legendary
Activity: 1148
Merit: 1001
Radix-The Decentralized Finance Protocol
Just for my understanding: Bitomat is still operating as we speak, correct?

I was wondering exactly this. How is it operating if it was destroyed?
legendary
Activity: 2100
Merit: 1000
Just for my understanding: Bitomat is still operating as we speak, correct?
hero member
Activity: 484
Merit: 500


You just could not make it up. The only unlimited commodity in universe is indeed stupidity. Fools and money are parted quickly.


On a positive note, give it a year or two and idiots will get washed out of the system by free market.


+1
full member
Activity: 140
Merit: 100

This can be easily and conclusively proven if any of those coins ever move again in blockchain.


True. Is there a list anywhere that people could add to?
legendary
Activity: 2492
Merit: 1473
LEALANA Bitcoin Grim Reaper
Any person in their right mind wanting to spend 17,000 BTC to buy the third largest exchange's name should put some of that 17,000 BTC towards the construction of a new exchange and have some btc left over after the exchange is complete.
full member
Activity: 130
Merit: 100
I don't believe this .
hero member
Activity: 955
Merit: 1002
Protip on how to backup wallet: encrypt it then happily upload it in gmail, msn skydrive and every other email or online service you have. Since it's encrypted, no one will steal it. And no way you can lose it, even if some service happily delete your account you still have others. And except that, these online services are very reliable.

I like (and use) the above technique.  A couple of other suggestions if I may.  These are simply my own personal thoughts on things and I encourage people to think about things and roll their own...avoiding a monoculture is a good thing in my opinion.

--

When encrypting a wallet.dat, do NOT use a password you can remember (unless you are really good at this stuff) and for the love of God, don't forget your password(s).  That means keeping it/them written down in a secure place or several.

If someone is trying to break into an on-line account, there are a limited number of attempts they can try.  If someone has the encrypted wallet.dat file in their possession, they can try at a much higher rate, and with software akin to mining rigs.  So the password should be much better.

(If someone has a password hash from a dump stolen from some web site's database, they can use rainbow tables and other tricks to try to obtain the password.  That is a different beast.)

--

I also suggest re-naming the encrypted wallet.dat to reflect info about it.  e.g., 'wallet.dat__sav-2_20_20110802.enc-1'.  I can see at a glance that this is my second savings wallet, it contains 20 BTC, it was created today, and it uses my '1' encryption scheme.

It sorts nicely with my other savings wallets as well.  I personally keep an active working wallet with spending money and don't bother to back it up at all.  My savings wallets are in cold storage.

On mistake I made was forgetting to properly document the addresses of each savings wallet (so I could check the balances on blockexplorer and make sure all was as expected over time.)  Had to open a bunch of them back up to get it.

--

I also suggest if one is puttering around with command line tools, be most careful indeed to not overwrite or prematurely throw away a wallet.dat, and to double check that the end result can be turned back into a functional wallet.dat file when a technique is decided upon (and documented.)

Most people will want to use a canned tool for such an operation.  Fine, but be careful about where the tool came from and be advised that attackers will know exactly how it works and how to exploit whatever weaknesses it has even if the tool is perfectly legitimate.

--

Lastly, I suggest that deleting a file off a hard drive, pen drive, etc, is not as definitive as a lot of people think.  There could be a whole lot of 'deleted' wallet.dat files to be found if one's HDD is stolen and if the person who is looking is proficient.  There are programs which can securely and reliably nuke a file.  Depending on your risk profile, keep this in mind.



It's actually quite easy to create a complex password that you can remember - just string together a set of other passwords (from facebook, gmail etc) , your mothers maiden name, the year Henry VIII died followed by 6 $ signs and your Autie's name spelt backwards. The important thing is not to type them in. Copy and paste them from a large text document with random letters and symbols (so to avoid key loggers).
Also if you create a large wallet file by creating thousands of addresses it will be less likely that is can be stolen, if you just open it quickly to make a transaction (depending on your upload bandwidth) and then delete it
legendary
Activity: 4690
Merit: 1276
Protip on how to backup wallet: encrypt it then happily upload it in gmail, msn skydrive and every other email or online service you have. Since it's encrypted, no one will steal it. And no way you can lose it, even if some service happily delete your account you still have others. And except that, these online services are very reliable.

I like (and use) the above technique.  A couple of other suggestions if I may.  These are simply my own personal thoughts on things and I encourage people to think about things and roll their own...avoiding a monoculture is a good thing in my opinion.

--

When encrypting a wallet.dat, do NOT use a password you can remember (unless you are really good at this stuff) and for the love of God, don't forget your password(s).  That means keeping it/them written down in a secure place or several.

If someone is trying to break into an on-line account, there are a limited number of attempts they can try.  If someone has the encrypted wallet.dat file in their possession, they can try at a much higher rate, and with software akin to mining rigs.  So the password should be much better.

(If someone has a password hash from a dump stolen from some web site's database, they can use rainbow tables and other tricks to try to obtain the password.  That is a different beast.)

--

I also suggest re-naming the encrypted wallet.dat to reflect info about it.  e.g., 'wallet.dat__sav-2_20_20110802.enc-1'.  I can see at a glance that this is my second savings wallet, it contains 20 BTC, it was created today, and it uses my '1' encryption scheme.

It sorts nicely with my other savings wallets as well.  I personally keep an active working wallet with spending money and don't bother to back it up at all.  My savings wallets are in cold storage.

On mistake I made was forgetting to properly document the addresses of each savings wallet (so I could check the balances on blockexplorer and make sure all was as expected over time.)  Had to open a bunch of them back up to get it.

--

I also suggest if one is puttering around with command line tools, be most careful indeed to not overwrite or prematurely throw away a wallet.dat, and to double check that the end result can be turned back into a functional wallet.dat file when a technique is decided upon (and documented.)

Most people will want to use a canned tool for such an operation.  Fine, but be careful about where the tool came from and be advised that attackers will know exactly how it works and how to exploit whatever weaknesses it has even if the tool is perfectly legitimate.

--

Lastly, I suggest that deleting a file off a hard drive, pen drive, etc, is not as definitive as a lot of people think.  There could be a whole lot of 'deleted' wallet.dat files to be found if one's HDD is stolen and if the person who is looking is proficient.  There are programs which can securely and reliably nuke a file.  Depending on your risk profile, keep this in mind.

legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
Is it so hard to make a client that show me the total amount of address in a wallet? And that let me add new address to it? Why i have to mess with text files? Do they think i'm using windows 3.1?
hero member
Activity: 955
Merit: 1002
The best idea is to pre-generate plenty of addresses, encrypt wallet with AES-256 (7-zip supports it) and store it both at home and in various online places (GMail, file hostings, etc).

How I can instruct bitcoin client to not generate new addresses, but use existing ones? This is what I really do not like about it - not being able to tell when client used new address for change or reused already genereated one.

I've just created a wallet with 20000 addresses to see what happened (creating a Bitcoin.conf file - copy and pasting from here: https://en.bitcoin.it/wiki/Running_Bitcoin and changing keypool to 20000). It took about half an hour on my computer to create the addresses with a final 14MB Wallet.dat file (about 2.4MB in an encrypted zip).
I think the default 100 addresses is too small and will lead to people losing bitcoins (especially newbies who don't understand that the wallet is actually a set of keys). Any computer can handle a 14MB file - I'm tempted to try it overnight and create 200000 addresses. I doubt I'll ever use that many addresses in my life, and it would still only be an 160mb file.
legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
Protip on how to backup wallet: encrypt it then happily upload it in gmail, msn skydrive and every other email or online service you have. Since it's encrypted, no one will steal it. And no way you can lose it, even if some service happily delete your account you still have others. And except that, these online services are very reliable.
legendary
Activity: 1722
Merit: 1004
Quote
But this is actually bullish news for BTC, 17000 BTC has just been destroyed, this should increase the value of the rest of the BTC by almost 2%.


It's not really good news, the decrease in supply is dwarfed by the increases of anxiety over bitcoin.

If you are a relatively new investor to bitcoin and read about the 25l stolen, the mtgox hack, third biggest exchange loses all it's coin, mtgox shows coins at 1.3 million each, the dwolla charge back hack and mybitcoin one of the largest and most recommended online wallet services went dark this weekend and their doesnt seem to be any way to contact the owner or any info on it.

This is a dark day for the coin, and this shit needs to stop happening for it to become mainstream. A stock exchange can fall but they will still eventually find your stocks. These coins just vanished.


A big +1 to this. All this recent nonsense is horrible for adoption.
hero member
Activity: 546
Merit: 500
The best idea is to pre-generate plenty of addresses, encrypt wallet with AES-256 (7-zip supports it) and store it both at home and in various online places (GMail, file hostings, etc).

How I can instruct bitcoin client to not generate new addresses, but use existing ones? This is what I really do not like about it - not being able to tell when client used new address for change or reused already genereated one.
legendary
Activity: 1582
Merit: 1002
The best idea is to pre-generate plenty of addresses, encrypt wallet with AES-256 (7-zip supports it) and store it both at home and in various online places (GMail, file hostings, etc).
mrb
legendary
Activity: 1512
Merit: 1028
I can provide backup of your wallet on 3 different dedicated server, hosted in 3 different datacenters ( wether you are an individual or an exchange ) .
 For trust concerns you can check my gpg Wot and my otc ratings

True Bitcoin hackers create a small, GPG-encrypted wallet and back it up by embedding it in the block chain itself, globally replicated around the world  Cool
hero member
Activity: 955
Merit: 1002
How could they not even have an old backup copy of their wallet? Even if it was missing some addresses they could get some of their money back. (and why not just create a lifetimes worth of addresses in the wallet and backup that first).
You don't ever need to make more than one backup of a wallet if you have prepared it with enough potential addresses.
full member
Activity: 146
Merit: 100

 I can provide backup of your wallet on 3 different dedicated server, hosted in 3 different datacenters ( wether you are an individual or an exchange ) .
 For trust concerns you can check my gpg Wot and my otc ratings

 more on my bitcoin services :
http://bitcointalk.org/?topic=1687.0
legendary
Activity: 2492
Merit: 1473
LEALANA Bitcoin Grim Reaper
Quote
third biggest exchange loses all it's coin

Someone really believe they "lost" 17000btc?  Roll Eyes

Any sane person would have created an offline backup. So I'm with you, I think it's just an excuse to say that they don't have the BTC.

I sure am glad I learned my lesson after the mt. gox hack and kept my btc offline and in my possession.
Pages:
Jump to: