Author

Topic: Why are people with the most Bitcoins the most careless? (Read 1440 times)

jr. member
Activity: 56
Merit: 1
Quote
It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked.

...

Two months ago we migrated from MD5 hashing to freeBSD MD5 salted hashing. The unsalted user accounts in the wild are ones that haven't been accessed in over 2 months and are considered idle. Once we are back up we will have implemented SHA-512 multi-iteration salted hashing and all users will be required to update to a new strong password.
legendary
Activity: 1400
Merit: 1005
They aren't.  They're just the ones that get the news/media attention.  No one cares about the guy who lost 5 bitcoins, or the exchange with 10 users that was hacked.  And actually, fewer hackers are likely to go after the exchange with 10 users.  It's not necessarily that MtGox was more careless than other exchanges, it's that it was a bigger target, so drew tougher hackers.
sr. member
Activity: 365
Merit: 250
I have almost 300 btc's, am i wealthy?  Tongue
newbie
Activity: 56
Merit: 0
they got the coins for nothing or essentially nothing so WTF.
newbie
Activity: 14
Merit: 0
OP, your premise isn't necessarily correct.

We just hear more about the wealthy AND careless due to selection bias. That doesn't mean that the wealthy tend to be more careless.
full member
Activity: 224
Merit: 100
A fool and his money...
sr. member
Activity: 500
Merit: 253
This isn't a full answer to your question, but a tip I learned when playing poker is that you can't look at your chips as if they were money. Only points. My guess is this disconnect helps people trade with a clear/emotionless mind, but wreck-less one as well.

That being said, all in vain may not have been a trader, just a fool. And MTGox's problem was gross incompetence.
full member
Activity: 196
Merit: 101
Let's go down the list:

allinvain - no encryption, left his computer sitting there online 12 hours AFTER the first attack where only a few were stolen. 20,000 BTC lost

mtgox - Had unsalted md5 passwords, and let someone outside of the team access all their data locally. HUGE PR loss

Person on mtgox with big account - Had a shitty password that got brute forced, with hundreds of thousands of coins at stake.


Do you think their egos are so big that they think nothing will ever go wrong? I don't have nearly as much at stake but I'm very careful with all my accounts and wallets.
Jump to: