Slashdot Mirror
Bitcoinica Breach Nets Hackers $87,000 In Bitcoins
dynamo52 sends this quote from Ars about a breach involving a Bitcoin exchange:
"More than $87,000 worth of the virtual currency known as Bitcoin was stolen after online bandits penetrated servers belonging to Bitcoinica, prompting its operators to temporarily shutter the trading platform to contain the damage. Friday's theft came after hackers accessed Bitcoinica's production servers and depleted its online wallet of 18,547 BTC, as individual Bitcoin units are called, company officials said in a blog post published on Friday. It said the heist affected only a small fraction of Bitcoinica's overall bitcoin deposits and that all withdrawal requests will be honored once the platform reopens."
Reader linhares points out a forum post discussing how the attacker(s) hinted at a 'mass leak' in the near future. This attack comes shortly after a leak of a different sort — an FBI document (PDF) about Bitcoin found it way onto the internet. It seems they're worried about the virtual currency's potential use in criminal activities.
They look like real Bitcoin, but if you observe them under an electon microscope to emit cesium-137 waves instead of cesium-133.
It would be interesting to know how many bit coins the mods own as they keep posting bit coin stories.
Everyone that disagrees with me is a paid shill
From https://bitcointalk.org/index.php?PHPSESSID=a5fdf1db75465f52e9f1ebb06e67b70e&topic=81045.380:
"The root cause of this problem is an email server compromise. The email server belongs to one of our team members."
Really? Does their server really send (unencrypted) emails with root passwords to their entire system? Or did the email server just happend to have root access? I don't even know what possibility is worst.
...That the concept of Bitcoins, nor the encryption behind it, nor anything like that is being breached.
It's always some kind of security breach that allows malicious folk to get the coins themselves. Or people that get their coins stolen from a leaky windhose box. Something like that.
So that is cudo`s for Bitcoin huh? I mean, I never heard some story like "hackers have found a way to create Bitcoins without all the hassle (and made it into a nice gui-ed program)" Enter the amount you wish, hit 'generate' and within 2 seconds your bitcoins are ready to be used.
It is a solid piece of work isn't it?
rm -rf --no-preserve-root /
I think that in this context they meant root as in core problem.
Another Bitcoin story, another opportunity to learn about pyramid schemes and how they never work out for most people...
"It is completely incorrect to describe Bitcoin as a 'pyramid scheme.' Technically, it’s a 'pump-and-dump.'"
From: http://newstechnica.com/2011/06/18/bitcoin-to-revolutionise-the-economy/
In the world of Bitcoin, startups are held to a higher standard when it comes to transparency. How many $87k thefts do you think occur on a daily basis with other companies? How many of those do you think you would hear about if they did happen? Usually when we hear of technology it's always in the multi-millions either of dollars or of records compromised.
Ironically, Bitcoin serves as a pretty good argument that there should be substantial regulation of financial service providers since people that don't know computers keep losing hundreds of thousands of dollars.
I think I'll stick with shoving my "coin" under the mattress. It works fine for me because it's obscure; someone would have to first break into my house to discover that the mattress have a secondary purpose, and my house isn't a conspicuous target. Too bad these Bitcoinica folks have a very conspicuous house. I suppose they need Fork Knox and not a mattress.
It says Bitcoins are worth something.
Only $87k, it's nothing compared to other virtual insurances like the US Dollar or the Euro.
Ahh, plenty of ways to escalate access from an email server comprise...
You could:
Send an email to another admin, asking them to reset your password
Look through old emails for a "reset password" email
Use your new shell access to exploit a local (not network facing) vulnerability
etc, etc...
Bitcoins are the tender of the future. The FUTURE. As far as FBI's worry about their use for criminal activity--too late! The things I've seen on an Onion router off the shoulder of Orion. Hell, people earn real goods and services for grinding in a game. Some of those goods and services may well be ILLEGAL. Maybe we should ban grinding to prevent this nefarious use of virtual technology? Some people collect bottles at the roadside for money. Some of this money buys meth and pot. Should be now ban.... and so on.
All you have to do is not use their service. Presto, instant regulation.
I want to delete my account but Slashdot doesn't allow it.
I will admit that I know little beyond the vague concept of Bitcoins, but in the various /. comments I've skimmed through, I've seen numerous claims of how Bitcoin spending is fully anonymous. But as often as not there has been some reply that says that isn't true.
Seems like with 87k on the line, we all might get a solid answer to that question, unless I don't understand how any of this works (which is entirely possible).
"The root cause of this problem is an email server compromise. The email server belongs to one of our team members."
A poorly secured email server is not the failure in this statement.
The failure is what was a non-essential piece of software, what sounds like someone's personal software, doing on this server or even on the same firewalled subnet?
"an FBI document (PDF) about Bitcoin found it way onto the internet. It seems they're worried about the virtual currency's potential use in criminal activities."
During the televised SOPA hearings with the House Judiciary Committee, Jared Polis - after introducing the song "The Internet is for Porn" into the Congressional Record - waxed poetic on the underground economy, Bitcoin, drugs, TOR and Silk Road.
Those watching on /g/ were aghast. "OH GOD HE KNOWS!" was the reaction.
Yes, folks, they've known for a while.
Bitcoin, when it's not a scam, is a method of money laundering.
--
BMO
If Bitcoin were a pump and dump don't you think it would have disappeared after the initial bubble? The fact that it continues to grow in transaction volume and in price stability doesn't count for anything?
If either of these is the case, I think someone's going to need to dust off their resume.
https://en.bitcoin.it/wiki/Anonymity tl;dr Bitcoin transactions are not anonymous without substantial care in their execution. That being said it's unlikely the theif will be found unless they make a major slip-up.
A currency whose only recourse for victims of theft is to shut up and stop using it. Where do I sign up?
Hey there, while you're on the topic of security, couldja not include your session ID in a URL you post? Makes you look sorta stupid. Try this instead, guys.
#fuckbeta #iamslashdot #dicemustdie
Bitcoin was an interesting experiment.
I was one of the lucky ones- I got in before Bitcoin hit prime time for its 15 minutes of fame. Back then mining actually got you something worthwhile when you could dedicate a couple of GPUs and one or two computers to it (back then FPGAs weren't even being discussed that much). It managed to pay for four separate computers, which I later overhauled and replaced the motherboards on so I could stuff three GPUs in each. A few months ago I decided to shut it down (after witnessing random things like the rollback of an entire market because someone sold too many BTCs and it pissed off the big guys who lost a lot of money because they didn't see it coming) and started to cash out. At the end of it all (after I sold my equipment- though that only accounted for ~10% of my total catch), I'd made enough to pay off my car and both me and my fiancee went on a nice trip to Maui for two weeks.
A friend recently "discovered" BTC and came to me for information on "how to get rich quick". It took me over two hours to convince him that it wasn't worth it anymore, that he could probably pump a good $10K into equipment and not even make back the money power would cost him to run it all. You'd have to invest ten times that into exotic FPGA hardware just to make any reasonable amount of income, and even then I doubt you'll ever pay for the hardware itself before the system completely crashes.
BTC is, ultimately, a failed experiment. Now that the system has gotten rolling there is little reason to use it for anything other then illegal goods, and nobody wants to be associated with a currency that is predominantly used to move dirty money or pay for black market items. I suppose things might be a bit better if we actually had reasonable exchanges running, but for the most part what is out there right now (including MtGox- which formerly stood for "Magic the Gathering Online eXchange") is just about as untrustworthy as the people using it.
If you're a potential miner, my advice is to stay away from BTC. If you weren't there when it started, then you're basically not going to make any money. Those few elites still making money off the system will soon leave as the entire thing becomes unprofitable for even them, and then when they cash out the entire system will crash hard- and any BTC you might own will be worth nothing.
-AC
So you think a victim down $87,000 worth of Internet Fun Bucks should be satisfied with some libertarian reply about the free market correcting itself?
https://www.paypal.com
Except that it's the financial service provider taking the hit. Sounds like the world is regulating itself to me.
And yet you did.
They lost $87,000 worth of BitCoins. If everyone withdrew their money (not that unlikely now) they would need to find $87,000 of real money to honour those withdrawals. Are they insured or do they have the cash on hand?
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
So wish I had kept my last mod point for this.
If Bitcoin were a pump and dump don't you think it would have disappeared after the initial bubble?
Nope. I tracked a few stocks that I got spam about for a while. The scammers used the same things a few times. They pumped, dumped, sold, and then once the price collapsed they bought and repeated.
I am TheRaven on Soylent News
I'm not sure you could categorize bitcoin users as "people that don't know computers". Your argument could be used to shut down Vegas. Maybe Gambling Permits are in order?
--
damaged by dogma
If Bitcoin were a pump and dump don't you think it would have disappeared after the initial bubble?
No way. Why shut down a scam that's still working? Plus, it does bear some resemblance to a pyramid scheme in that the pumping isn't limited to the original schemers. Anyone can get in, pump for a while, then do some dumping. You can do it over and over. It's a scammer's dream, and it'll continue to work as long as people are willing to pay good money for the useless activity called "mining".
bitcoin and why should i give a romeo alpha?
The fact that it continues to grow in transaction volume and in price stability doesn't count for anything?
Do people really believe that Bitcoin has price stability and is a growing trend? Didn't it crash more than 90 percent just six months ago?
Anybody remember the scene where Snake drains the electronic wallet, and you see a progress bar transferring the money?
It's as much a pyramid scheme as stocks are.
One of the functions of government is to forbid and punish fraud, right?
No. A pump-and-dump requires sellers to intentionally lie or mislead the buyers into thinking there's money to be made. While some might, most miners and the bitcoin developers promise no profits. Buyers only have themselves to blame for making a shitty investment.
Dilbert RSS feed
May I suggest you check out this graph?
Greylisting is to SMTP as NAT is to IPv4
I continue to operate my bitcoin business selling stickers, shirts, and things of interest to bitcoiners. Now it has been a year and it is still growing each month. I sell stuff for bitcoin and buy other things I need or simply cash out via local trade (for USD). I have about 1/3 the fees of PayPal and far less risk. This allows me to sell to people overseas much more safely and as it turns out about half my sales are overseas.
Bitcoin works for me.
Rather than "leaking" a document and getting a story on stooge central to promote bitcoin for illegal activity, perhaps it would be a more efficient use of taxpayer money if the FBI could take out 2 birds with one stone?
When the Internet Fun Bucks are specifically made to be a libertarian free market ideal of untraceable cash, yes.
Isn't that the way ALL stocks work? Buy low, sell high, buy more when low again....
Any time any institution I've banked with has been hit in a way that could affect me, I've been informed promptly. What you mean is that you only pay attention to news on places like Slashdot and ti is all Slashdot reports. They don't report every credit card theft out there.
Also a big difference is with real banks and such the money is tracked, so you get it back. At one time I noticed a charge on my CC that wasn't mine. I called the bank, and had it all taken care of in about 10 minutes. Nothing lost, they reversed the transaction, nulled the card, and sent me a new one. I caught it fast enough that the company hadn't shipped the goods so the thieves got nothing.
No, it makes the site that still adds the session ID to urls look stupid.
And they're not designed to be untraceable.
http://lkml.org/lkml/2005/8/20/95
Both, actually.
Apparently Bitcoinica was hosted on a VPS, and the admin control panel used the email addy's of four (five?) principals.
A pretty amateurish setup, frankly - especially when you stop to think that Bitcoinica was responsible for the majority (i.e., over 50%) of volume on MtGox.
Bitcoin itself is sound (I own some), and of an unhackable nature by design. The bitcoin infrastructure however, is... ummm... "coming along".
Not just financial service providers either. Apparently the #1 seller on Silk Road, the anonymous drugs marketplace, recently did a runner with the Bitcoins he was paid over the 4/20 rush and didn't actually fulfill any of his orders. Turns out that anonymous reputation systems aren't sufficient to protect against scammers. Whoever would have guessed?
Regulation: Violently suppress voluntary exchange between peaceful people. Accept bribes by regulated industry to block everyone else but the politically connected. Entrench the corporation with state in a revolving door. Give people the illusion of security when in fact it is less secure than before. Distort economic incentives that twist market conditions to unsustainable behaviors. etc.
Solution: Educate people on the risks of their actions and let them pursue their ends as they see fit. Work on more stable and secure transaction tools to offer traders. Provide an insurance service(a genuine one, not fascistic like we have today) against losses. 3rd party consumer watch dog services warning of bad businesses. Create investigation agency to recover stolen property. etc.
This is why I cannot take the 'solution' of regulation seriously. In every industry, in every period of history I've studied, regulation is the absence of peoples preferences determining the industry, and in its place is an institution that at best mimics our own influence, but more often encourages the least productive practices to flourish.
Wow, that's a surprise: a bitcoin site with awful security practices.
So why post anonymously? I never heard a better post for justifying a link to your shop.
Please consider this account deleted, I just can't be bothered with the spam anymore.
Geeze, did you even see the headline here on Slashdot? It explicitly refers to "$87,000 in Bitcoins", which pretty strongly suggests that there is a non-zero value to a bitcoin.
In any case, if you don't like the line I quoted, go bitch at the guy who wrote the NewsTechnica article, not me. Though I might try investing in a sense of humor first, so the joke doesn't go over your head again. :)
I don't see how they can be 100% anonymous, if you are going to use them for actual goods.
---- Booth was a patriot ----
Uh, bitcoins have the (monetary) value that the buyers decide they have, not the sellers. So if people want to buy them, of course they have value, that's not a lie nor is it misleading.
In any case, if you don't like the line I quoted, go bitch at the guy who wrote the NewsTechnica article, not me. Though I might try investing in a sense of humor first, so the joke doesn't go over your head again. :)
Maybe I should, because I don't see where's a joke there. It seems exactly the same as the posts by bitcoin haters.
Dilbert RSS feed
http://eprint.iacr.org/2012/248
Palm trees and 8
Nope, it makes the poster AND the site look stupid.
Bitcoin? Not worth a shit, since you can just make your own, apparently... maybe they should be called shitcoins. The symbol could be a capital S with a line through it... as in "$".
All I hear about in the news these days is about how bitcoins are stolen.
A currency whose only recourse for victims of theft is to shut up and stop using it. Where do I sign up?
Just like cash.
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
There, you can see the giant spike I talked about, where the price skyrocketed and then crashed more than 90% in the span of a few months. Was that chart supposed to prove the stability of Bitcoin as a currency?
Is Bitcoins for libertarians who are so ideologically driven that they'll call an $87,000 theft a free market ideal of untraceable cash?
Usually when a bunch of BTC are stolen, it causes a dive in prices because everyone's afraid when the stolen coins are sold off, they'll crash the price. If they right now dumped off 100% of them onto the largest exchange, it would go from $4.99 to $4.82.
By the way, lol @ the 100 posts above me that comment on BTC and clearly know little to nothing accurate about it.
They are only useful if you can spend them, and if people do spend them. Money is just a theoretical construct to facilitate trade, nothing more. It has no magical powers. As such it only works if people can spend it on things they want, and in fact do spend it. If they can't spend it, they have no reason to hold on to it or obtain it. If they don't spend it, then it isn't performing its purpose of facilitating trade.
This is why, all other issues aside (and there are a number of them) bitcoins fail as a currency. It has built in deflation which means that people would have an incentive to hoard, not to spend. That makes it fail as a currency. When there's an inherent deflationary setup in a currency, it will never function well.
Also you can see it doesn't actually function as a currency because to the extent people use it these days it is two main ways:
1) Mining/speculating. They just trade in and out of it to try and make money. While all currencies have trading and speculation it is not the major activity. With bitcoins, it is by far most of what happens. That means it isn't being used as money, but as a commodity.
2) To hide payments. People get bitcoins, pay someone they don't want to have it tracked to, and that person/company turns it right back in to an actual currency. That makes it no more a currency than Paypal. It is just a means of payment, and only being used to try and launder the money. At both ends the actual "money" is a regular currency.
Money isn't money because of some magic reason, or some special thing backing it or any of that. Money is money when people use it as such. When people are willing to accept it in trade for goods and services and willing to spend it on the same, you've got money. Doesn't matter what it is, just that you can spend it and you do in fact spend it. Gold coins, printed paper, bits in a computer, big rocks, all can work (and all have worked).
Compare the value of bitcoins before May 2011 and after September 2011. It's still more than double the pre-bubble value. And volumes are clearly up (including when compared to the volumes traded during the bubble).
Bitcoin is developing just fine, there was a short-lived bubble as it gained popularity and speculators tried to make a few quick bucks. It might happen again but over time the economy has been stabilizing and volume traded has been somewhat steadily rising.
Greylisting is to SMTP as NAT is to IPv4
"More than double"... in 4 months... it might be a growing trend, but it definitely doesn't have price stability.
If that was the case, bitcoins would be worth $0. A transaction always involve two parties, which (both of them) must agree it is "worth" making it.
You don't need to make an actual transaction to assess worth.
If the seller doesn't want to sell, it's presumably because he thinks they're worth even more that what the buyer offers for it. Therefore it's necessarily not $0.
And in any case, that's all irrelevant because that number is based on transactions that are occurring every hour.
Dilbert RSS feed
There is no such thing as fraud rather those with more accumen's are doing better in the market, those with less accumen's will do worse or in time learn to be more savie.
By dinfinition anti-fraud laws are unconstitutianal tortoitus interferance.
(roman_mire, still can't log in)
I was referring to "value that the buyers decide they have, not the sellers". I agree with everything else you said.
If only one side is involved, it is not a price, just an "offer" or an "assessment". To make it a price both parties have to be happy with the deal. Every transaction is by definition a win-win situation.
Because people selling "things of interest" anonymously on the net using an untraceable monetary system might have reason to avoid attention from the authorities?
exactly, i got a fake Rupee 500 note from God knows who, and i can't do shit about it, can't go to police, can't go to bank to exchange it it must be torn and thrown, what a waste!
Which, by the way, is a good argument for not keeping stacks of cash around your house. Personally, I almost never have more then $60 in cash in my house or on my person at any time. Meanwhile, I hear about people having thousands of dollars worth of bitcoins on their computer.
Because the sentiment here on slashdot is so against bitcoin that I felt it would be viewed as spammy.
I use bitcoin for trades, I do not care if it is 50 cents, $5 or $50. I do not hold large bitcoin. But as you can see, others see a vested interest in 'pumping' the price and THAT is a downside to bitcoin. It is not a pump and dump, it is a working currency. The problem is that it is so thinly traded that people who want to pump and dump push it, as well as the true bitcoin fans who have no vested interest other then thinking bitcoin is a great project. It is hard to tell those people apart.
Bitcoin is truly revolutionary and does things that no other online currency has done.
Actually bitcoin price isn't especially volatile if you normalize to market cap. The bubble looks exactly like dotcom and 1980 gold bubbles.
Why is this insightful? You need to compare the amount of money lost to scammers to the cost of regulating and policing the market. Just looking at one side of the equation is pointless...
If you want regulation and chargebacks, use cc's and pay extra for it.
How can a system that records every transaction and makes every record available to everyone be private and anonymous? Ok, so it's the IP address that is used as identity rather than a passport number or driving license.. but isn't this just even less anonymous than cash?
A blog I run for the wealth
I have always asked myself: What is the difference between Bitcoin and "real" money? (taking out the fact of the centralized version of real money) So, if someone hacks into a bank system, considering that now most of the money has no backing in "real" bills and coins, they will be stealing digital goods, the same as if they were stealing Bitcoins.