Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linode Exploit Caused Theft of Thousands of Bitcoins

Posted by ryuzaki0 on from the say-goodbye dept.

Sabbetus writes "Popular web hosting service Linode had a serious exploit earlier today. Apparently the super admin password for their server management panel was leaked and allowed a malicious attacker to target multiple Bitcoin-related servers. The biggest loss happened to a major Bitcoin mining pool that lost over 3000 BTC, which is currently worth almost 15 000 USD. Now the question is, will Linode compensate for lost bitcoins?" Update: The 3000 BTC theft was not even close to being the biggest, Bitcoin trading site Bitcoinica lost over 40,000 BTC.

3 of 450 comments (clear)

  1. Linode Terms of Service by Laebshade · · Score: 5, Informative

    http://www.linode.com/tos.cfm

    Section 9, paragraph 1:

    Subscriber acknowledges that the service provided is of such a nature that service can be interrupted for many reasons other than the negligence of Linode.com and that damages resulting from any interruption of service are difficult to ascertain. Therefore, subscriber agrees that Linode.com shall not be liable for any damages arising from such causes beyond the direct and exclusive control of Linode.com. Subscriber further acknowledges that Linode.com's liability for its own negligence may not in any event exceed an amount equivalent to charges payable by subscriber for services during the period damages occurred. In no event shall Linode.com be liable for any special or consequential damages, loss or injury. Linode.com is not responsible for any damages your business may suffer. Linode.com does not make implied or written warranties for any of our services. Linode.com denies any warranty or merchantability for a specific purpose. This includes loss of data resulting from delays, non-deliveries, wrong delivery, and any and all service interruptions caused by Linode.com.

  2. overblown news story, here's the real truth by slashmydots · · Score: 5, Informative

    Oh the drama. As an actual bitcoin miner, let me fill you in on the real story instead of that media fluff that's purposely inflated to overdramatic proportions. Almost all bitcoin mining pool websites are configured to pay people every time 1 BTC is reached. That's around $5 US and takes a mediocre mining rig approximately 2 days to generate. So the most that the average person probably lost is $0.01 - $5.00. NOBODY keeps massive piles of BTC sitting around at the pool itself. The exchanges, yeah, but not the pools. They're known for lax security too. At the #1 biggest mining pool, your miners' login passwords are listed as plaintext on the page because what are people going to do, mine for you? And none of your money stay there for long so nobody really cares.
    What really doesn't add up is the 3000 BTC estimate. Even Deepbit, the largest pool, doesn't have 6000 members, which would be the number required to, at any given point in time, have an average of 3000 BTC on-hand. So it likely was the site owner's profit pool that got robbed the most heavily.

    1. Re:overblown news story, here's the real truth by godofpumpkins · · Score: 5, Informative

      What about the 43,000 coins bitcoinica reported stolen in the same breach? Still overblown? https://bitcointalk.org/index.php?topic=66979.0