Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Allege Mt. Gox Still Controls "Stolen" Bitcoins

Posted by timothy on from the other-side-of-anonymity dept.

The Verge reports that "Tokyo-based Bitcoin exchange Mt. Gox lost $400 million worth of bitcoins in February. Its management said the amount was stolen after hackers exploited a transaction bug to divert the funds, but some of Mt. Gox's users are not so sure, suggesting instead that the exchange's owners pocketed the cash. Now, facing silence from those owners about the fate of the money and the methods by which 6 percent of all of the Bitcoin in the world could have been stolen, a group of hackers claims it has broken into the bankrupted Bitcoin exchange's network to get answers. ... Forbes reports that the group gained access to the personal blog and Reddit account of Mark Karpeles, Mt. Gox's CEO. The hackers used the platforms to post a message that claimed Karpeles still had access to some of the bitcoins that he'd reported stolen. In support of the claim, they uploaded a series of files that included a spreadsheet of more than a million trades, Karpeles' home addresses, and a screenshot purportedly confirming the hackers' access to the data." (The Forbes article on which the Verge report is based.)

3 of 228 comments (clear)

  1. Re:Stills seems like it has to be an inside job by delt0r · · Score: 5, Informative

    Well i was on contract to fix bugs in a teleco accounting system where they could only find the missing cash every 3 months when a manual audit was done. Transaction volumes where a little over 1 Billion per year however, and it was only a million or so missing every 3 months.

    --
    If information wants to be free, why does my internet connection cost so much?
  2. Beware: Wallet-stealing virus in the dump by psymastr · · Score: 5, Informative

    Reddit users have verified via decompilation that the dump file includes a wallet-stealing executable. The executable attempts to send the wallet to a hard-coded IP address, whose ISP has been notified of this.

    --
    Improve at backgammon rapidly through addictive quickfire position quizzes: www.bgtrain.com
  3. Re:Stills seems like it has to be an inside job by ras · · Score: 5, Informative

    Consider these Mt. Gox loses:

    • - June 2011: seller's administrator account was hacked by an unknown process. The priveleges were then abused to generate humungous quantities of BTC. None of the BTC, however, was backed by Mt. Gox. The attackers sold the BTC generated, driving Mt. Gox BTC prices down to cents. They then purchased the cheap BTC with their own accounts and withdrew the money. ... Many customers claim they have lost money from this reversion, but Mt. Gox claims it has reimbursed all customers fully for this theft. After the incident, Mt. Gox shut down for several days.
    • - June 2011: Users with weak passwords on MyBitcoin who used the same password on Mt. Gox were in for a surprise after the June 2011 Mt. Gox Incident allowed weakly-salted hashes of all Mt. Gox user passwords to be leaked. These passwords were then hacked on MyBitcoin and a significant amount of money lost.
    • - October 2011: Mt. Gox accidentally destroyed 2609.36304319 bitcoins.
    • - July 2012: A hacker infiltrated the Mt. Gox account used by Bitcoin Syndicate, sold off the USD owned, and withdrew all balances.
    • - July 2012: On July 13, 2012, a thief compromised the Bitcoinica Mt. Gox account. The thief made off with around 30% of Bitcoinica's bitcoin assets.

    But for any programmer, none of this is a surprise given he hacked up an ssh server in PHP, then deployed it on a production server.