Slashdot Mirror
$500,000 Worth of Bitcoins Stolen
olsmeister writes "A Bitcoin user allegedly has had $500,000 worth of Bitcoins stolen from him. A hacker supposedly gained access to the user's home computer and managed to get the user's wallet.dat file, which contained the cryptographic keys that allowed him to drain the user's balance."
He was an early adopter. When bitcoin value exploded what was little more than $20 worth of digital money exploded to $500,000. Effectively, he was exactly the type of person many expressed concerns about bring the real people who would benefit from bitcoins.
by Anonymous Coward: I, for one, welcome the shift from car analogies to pizza analogies. um.. overlords?
At http://forum.bitcoin.org/index.php?topic=16457.0 the victim allinvain stated that, "a very large chunk of my bitcoin balance gone to the following address: 1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg" That just happens to be the same address for donations to LulzSec on some of their ASCII banners.... http://pastebin.com/88nGp508
True. Sort of. The victim should know exactly what the recipient address of those ill gotten gains are.
Technically, if I understand the way that bitcoin confidence works, half the damn bitcoin network should know about the details of the transfer.
The problem of course is figuring out who the hell the address belongs to. That is the hard part.
As I understand the technology, each and every one of those bitcoins now contain their transaction history, so -in theory- they could be "flagged as stolen", IF there were a central authority that took care of that thing, but of course there isn't as that's the point of bitcoin, no central authority.
I honestly confused if bitcoin technology is for this though. Technically, this isn't all that different from the victim leaving his front door open, and a robber coming in to steal $500,000 worth of jewelry or the like. If your home gets broken in to, you can't blame the jewelry itself for being stolen, that's what thieves -do-, steal stuff. This thief just happened to break in to his computer instead of his house. So therefore you may not want to store $500,000 of bitcoin on your own home pc just like you probably don't want to store $500,000 of jewelry in your dresser drawer. Maybe you keep a few pieces at home, and keep the rest in your safety deposit box?
I know that bitcoin technology provides for cloud-based "banks" of a sort. If they have been implemented yet, I do not know.
This would explain the laundering activity that has been going on the past 24 hours. The equivalent of the entire market of bitcoins has been transferred to hundreds of accounts in 50k+ increments. Only 6.5m BTC in existence, over 8m BTC in transfer activity. If any of that starts selling, it will collapse the market down to nickels and dimes.
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
Technically, if I understand the way that bitcoin confidence works, half the damn bitcoin network should know about the details of the transfer.
Which is also probably why the thief knew where to go. It's a security hole.
Ok, parent was already wrong, and you are more wrong.
First, yes, they knew which account it went to, but without sniffing the traffic of the entire Bitcoin network, it's much harder to know which machine it went to. It seems unlikely that the Bitcoin network itself is vulnerable that someone could send an attack to a Bitcoin address without at least getting an IP address out of it first.
Maybe if you were a neighboring peer, you could notice a lot of transactions coming from one particular peer, but you still don't know if those transactions originated from that peer, and it also doesn't help you, since transactions originate from the sending peer (for obvious reasons), and are broadcast to pretty much the entire network. So even if you could track where a transaction originated from by sniffing traffic, that doesn't tell you where it went -- it could, in fact, be anywhere in the entire network, or in an account which is physically disconnected, or even in an account which doesn't exist (user mis-pasted the destination address).
To get anywhere close, you'd have to be able to sniff pretty much all of the originating peer's traffic, including other channels like web and IRC where the transaction was probably negotiated. Even that doesn't help you much, since you now have the problem of tracking a website, forum user, or IRC user back to the actual IP address where the coins are kept.
Now, all of this stuff is possible, certainly, but none of it really has much to do with Bitcoin being anonymous or not. At least, it provides no new problems over traditional banking, and is actually somewhat safer. If I could somehow sniff your communication with your bank (though admittedly, Bitcoin IRC and forums aren't always encrypted, and are more often TORed), I could drain your account whether you're the sender or receiver, and I wouldn't need to break your machine if I could somehow intercept your credentials (MITM). Banks can use SSL, but you could also refuse to trade Bitcoins over any forum which doesn't.
So, TL;DR: There's no way that the entire Bitcoin network knowing about a transaction (or about every transaction) is going to lead to knowing which physical machine to attack.
Not that the user should have known this, but dontcha think if there was $500k involved that a little curiosity on how it works and how to encrypt it better (put the .dat file in TrueCrypt container and make copies)?
Um. Yes. And yes, the user absolutely should've known that. WTF were they doing putting $500k in Bitcoin if they didn't? It's certainly enough to afford some extra hardware so you can do air-gaps.
I mean, I don't know what sort of precautions I should take before carrying $500k around in my pocket (or in a briefcase), but I'd bloody well find out before I did so.
Don't thank God, thank a doctor!
It is backed by the US military.
The US dollar is the world reserve currency, about 60% of all international transactions involve US dollars. This means that the rest of the world has to purchase dollars.
Oil specifically is a commodity which almost all have to import, and the House of Saud in particular have (for some reason) insisted in the use of US dollars for oil transactions, this means therefore that oil backs the dollar, and it is military force which encourages and maintains the use of the dollar in oil transactions.
Didn't you wonder why most the 9/11 hijackers were Saudi? World started making some sense now?
Deleted
About $2 million is traded at mt gox every day. And it is always going up. You could get $500,000 in about a week without effecting prices much. No problem.
This whole system SCREAMS money laundering.
Why would you invest in this "currency" as opposed to any other fiat currency on earth backed by a central bank? ... because it's digital??1! Money laundering.