Slashdot Mirror
438 Bitcoins Worth Nearly $3.5 Million Stolen From Exchange In India, CSO Accused (indiatimes.com)
William Robinson shares a report from The Economic Times: Nearly 438 bitcoins, worth nearly $3.5 million, were stolen from a top exchange firm in India in what is being billed as the biggest cryptocurrency theft in the country so far. The exchange, which has over two hundred thousand users across the country, found that all the bitcoins that were stored offline had vanished. It was later found that the private keys -- the password that is kept by the company and is stored offline -- were leaked online, leading to the hack. The company tried to trace the hackers, but found that all the data logs of the affected wallets had been erased, leaving no trails about where the bitcoins were transferred. Coinsecure, a Delhi-based cryptocurrency exchange, is accusing its CSO, Amitabh Saxena, of siphoning off the money from the firm's wallet. The exchange is urging the government to seize Saxena's passport, fearing that he may leave the country.
The error was not giving half of them to the police.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
What an appropriate name!
As I said in my previous comment...
Bitcoin - the joke is on its users.
Unfortunately, when Bitcoin implodes, a lot of folks who are "too big to fail" will be affected.
And so the bill will be placed on the taxpayers.
The joke will be on our tab.
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Isn't this why so many people trust Bitcoin "security" to begin with? So you can trace any and all transactions back to the inception of the bitcoins used themselves?
Seems rather pointless if you can just delete any records. Sounds more like a scam every time I read something new about them.
I tend to rant.
Ya know, we used to think the same with companies, that they will just perish if they don't succeed in the market.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Bitcoin - so much more secure than the banks! Hahaha! Stored in da cloud, blockchain, blah blah blah.
Right.
Bitcoin - the joke is on its users.
Uhm, what you fail to understand is that Bitcoin has nothing to do with with these incidents happening on exchanges. You handed them your money for safekeeping and to do trading on their platform; at this point they are technically no longer yours. If you don't know how it works, don't bother commenting.
You're supposed to keep your bitcoin in your own wallet. If you're against banks but keep your crypto at an exchange for more than the time needed to, you know, exchange it, that goes pretty much against the whole selling point. Even more, you just trust them blindly, because they're not regulated or part of an insurance scheme either.
"Everybody's naked underneath" -- The Doctor
Bitcoin - so much more secure than the banks! Hahaha! Stored in da cloud, blockchain, blah blah blah.
Right.
Bitcoin - the joke is on its users.
Uhm, what you fail to understand is that Bitcoin has nothing to do with with these incidents happening on exchanges. You handed them your money for safekeeping and to do trading on their platform; at this point they are technically no longer yours. If you don't know how it works, don't bother commenting.
It works like this: A key member of the exchange takes the property of exchange users, often Bitcoins, and then cries, "Omigosh! Hacksters!"
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
You are possibly sarcastic playing on the bail out. Well done. If you are not sarcastic : bitcoin even with "overinflated" value is 1/100 of the bailout value, and so far as I can tell no fiduciary institution was insane enough to buy any relevant amount.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Not one day passes without a multi-million dollar Bitcoin heist
It supposed to be secured
The cryptography actually still works as it should. None of those heist is due to the cryptography being broken.
It's good old hacking of insecure servers, etc.
Not somebody managing to forge a signature on the blockchain and sign to himself a huge chunk of somebody else's money.
But the 'security' itself turns out to be the fatal flaw
Yes, its cryptocurrencies turning out to be fatal to themselves.
But the security of the cryptography isn't the culprit.
The problem arise from the base premises :
It's supposed to be a decentralized system for exchanging number, with no single central authority.
It's big advantage for people wanting free exchange with no obstruction (see controversies about Visa and Mastercard freezing some donation to wikileaks, back when bitcoin started to gain popularity). Same as with cash, nobody can prevent you to decide who you'll be handing a banknote.
But that means the obvious drawback that there's not simple central way to exerce regulations on all actors (unlike a bank in the banking system that needs to follow a ton of regulation before being able to itself a "Bank"). Same as with cash, nobody can warn you that the person whom you're handing a banknote is a crook.
You have to realize that, and as a consequence, remember to exercise brain before taking any decision, because the government cannot (by design for such decentralized scheme) protect you from your own stupidity.
If you're transferring BTCs (or whatever is the hipest cryptocurrency du jour) to some company that pretends to be an "exchange", you get no inherent safety guarantee regarding if the exchange platform follows at least a minimal required level of secure practice. Or if it's a complete scam all-together.
(Nobody can do that control for you, by design of the system).
It's a double edged sword.
If you want to have "muh freedomz" and be able to do whatever you want with your numbers, unrestrained by a central authority (no banks nor government involved),
then don't come crying when it turned out you're a sucker and gave out all your earnings to some scammer.
You asked for unrestained exchange possibility, assume its consequences now.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Isn't this why so many people trust Bitcoin "security" to begin with? So you can trace any and all transactions back to the inception of the bitcoins used themselves?
Seems rather pointless if you can just delete any records. Sounds more like a scam every time I read something new about them.
That is true on the blockchain itself, regarding exchange of BTC on the public bitcoin protocol.
You can't "delete" anything, unless the majority of the nodes on the network all agree together to roll back the blockchain. (Which happens every now or then when a newcomer cryptocurrency has a massive blunder leading to abuses and theft. Some time the whole network of that currency agree to roll back to before the blunder and use the new patched software).
But here, it's not the blockchain it self that got deletes.
There are transaction going from various owner to the wallet of the exchange platform,
there are other transaction going from the above mentioned exchange's wallet to other accounts.
But whatever happens on the exchange platform itself happens "behing closed doors" as long as the crypto-currency protocol is concerned.
An exchange platform might keep track of who exchanged which cryptocurrency with whom, so that at the end, when that user decide to withdraw their earnings, the platform knows how much to send from the platform's bitcoin wallet.
But that entirely internal book keeping.
And is completely left at how the platform feels appropriate.
For all the cryptocurrency protocols cares, it could also be a gambling platform.
Or some "artist's happenning" that completely burns and destroy bitcoins.
Here, hacker managed to get hold of the exchange platform server and persuade it to pay them out a good chunk of the BTCs held on the platform's bitcoin wallet, no matter what the server log held.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
I am not sure they even know how blockchains work..
I am not sure you even know how a cryptocurrency exchange platform works.
Most keep their own internal journal of the exchange transaction happening on the platform itself.
They only accept payment on the blockchain to their platform's wallet when exchange's users pour money in,
and pay BTCs out on the blockchain out of their platform's wallet when the exchange's users decide to cash out.
But every exchange it self happens internally and has no visibility on the blockchain it self.
(There are exceptions, some exchange platform trying to run on ACTUAL blockchains themselves.
I think there was some Ethereum powered platform at some point)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
"all the data logs of the affected wallets had been erased, leaving no trails about where the bitcoins were transferred."
I'm not up on cryptocurrencies, but isn't this exactly the kind of thing that blockchains are intended to prevent?
Nope. The same thing could happen to MasterCard or visa(see the target, home Depot, and a few other hacks)
The exchange was hacked and they took the wallets and used the money in them.
However MasterCard and visa run their own protection systems and revert charges back in the event of a stolen card number.
Block chain has no undo button like that so your money is gone forever. Etheruem does do some roll backs, but still only in big cases and they are controversial every time.
What this is simply don't realize what they pay for with MasterCard and visa. Basically insurance againist things out of their control. Bitcoin has no insurance, no backing, and no accountability. It is why you can make money in the short term but long term they all will fail or be limited to things like in store credits.
Now block chain may go on to do unique stuff. But Bitcoin isn't blockchain. My personal favorite is companies using the ripple blockchain tech for things other than ripple but the price of ripple goes up.
i thought once I was found, but it was only a dream.
The issue here is people trusting someone else (the exchange) with their money (bitcoin). This isn't an inherent issue with bitcoin itself.
Fiat banks, for example, are essentially people trusting someone else (the bank) with their money. That would be just as stupid as the bitcoin exchange situation except; banks have insurance and government-backed assurances that mean if they screw up, customers don't lose their money.
The downside to the fiat model is; I have to use a bank because I cannot keep $350m of my own money safe without one. Keeping that much cash safe would be a horrible task that is prone to many risks. So my only real option is to use a bank to look after that money for me, and pay for the bank's insurance so my money is protected. Note that the insurance payment might be via your taxes (see government bailouts), account fees or whatever other mechanism the banks use to generate profit from you.
Bitcoin's different because I can keep 350m bitcoin safe myself. It's just a private key. The effort to keep 1 bitcoin safe is identical to the effort to keep 350m bitcoin safe. I don't need to pay to insure someone else anymore - I'm in total control of my own funds.
So given that bitcoin enables people to keep their own money safe without having to trust anyone else - why do people keep leaving their money on exchanges?
Answer 1: Because they're idiots. Or,
Answer 2: Because each individual only left a small amount of money on the exchange. Exchanges are the best way to get bitcoin right now - so, even in a transient capacity - people's bitcoins will be on the exchange and outside of their own control for a period of time. If people are smart, the quantity of bitcoin left on the exchange at any point in time will be balanced with the impact of losing it. Ie - transiting a small amount that you're not afraid to lose is fine.
I hope the majority of the lost $350m were from people who subscribe to answer #2 and no individual lost any money that means anything to them. Unfortunately, I suspect, there are a lot of misinformed/idiots who perhaps lost a significant amount of their own money through nothing but ignorance.
tl;dr
The lesson to be learnt here (and from every other exchange 'hack') is;
Don't give an unregulated and uninsured company a significant amount of your money to hold on to.
It's just a private key. The effort to keep 1 bitcoin safe is identical to the effort to keep 350m bitcoin safe
Really? Surely you must protect that private key somehow, both from theft and from loss. How exactly do you do that in a manner that is the same effort for 1 bitcoin vs 350m bitcoin? If there is any 'physical' component to it, then the protection requirements of that physical component are no different (other than sheer space required) than the physical protection requirements for cash. And if there are 'mental' components (passwords, etc), how do you protect against forgetting them, either for yourself or your heirs?
Bitcoin itself is not the issue. It is the exchanges where people store their coins, and endpoint compromise.
One of the shortcomings to cryptocurrencies is that some people want standard "banks" to store their stuff. Of course, someone is going to provide this service, but sooner or later, the "bank" gets sacked, most of the currency lost, and in some cases, the top brass of the exchange all walk away quite wealthy for some odd reason. Cryptocurrencies take some getting used to, and there are no bank protections, be it stop payments or credit card fraud reverses. Once the transaction is signed by the relevant parties and propagated to the blockchain, it is done and forever. This is brutal, but this is part of the game.
This is a Wild West field. Arguably, the best thing is to have multiple wallets. One online that one can frequently access, and if compromised, doesn't have much currency in it, and one offline (paper, Trezorit, offline PC) which is used for the big currency storage.
"but found that all the data logs of the affected wallets had been erased, leaving no trails about where the bitcoins were transferred."
I thought the whole point of bitcoin was that every transfer ever is logged and public. You might not know who controls a wallet, but you know what every wallet is doing or owns.
Half of what it was December 2017. Or about 1000% more than December 2016. Pick your time-frame to suit your argument.
Unfortunately, when Bitcoin implodes, a lot of folks who are "too big to fail" will be affected.
And so the bill will be placed on the taxpayers.
Doubt it. The 2007 crisis revolved around values in the the trillions concentrated on the financial sector of the USA. Bitcoin has a total market cap of $130bn spread across the globe.
If the price was set to zero tomorrow, a few institutional investors may hurt, but it won't be a banks going bankrupt event.
It's just a private key. The effort to keep 1 bitcoin safe is identical to the effort to keep 350m bitcoin safe
Really? Surely you must protect that private key somehow, both from theft and from loss.
Yeah, keep it in your head.
The core wallet generates a string of words, which you learn by heart. Then, whenever you want to regain access to your funds, you install a new core wallet application and restore your wallet using those words.
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
So a rap on the head, or a stroke, or (obviously) death, or any of number of things that cause memory problems and all your money is, in effect, gone? That may be acceptable for 1 bitcoin, but I doubt many people would consider it acceptable for 350 million (which was the claim).
You know what's ironic about this? The pushers of Bitcoin try to promote it as the next big thing where there's no government interference or main control body to control the currency but as soon as a large batch of coins are stolen, they're out begging for the government to do something because something went wrong.
You are overlooking the other major reason people use exchanges : trading. A lot of BTC users fancy themselves currency traders, so they want their coins on a service where they can trade them rapidly without hitting the main (slow) network. In a way, this actually is a bit of a flaw in BTC. It functions poorly for a major use case that people want to use it for, so all these exchanges have popped up to offer a solution for the limitations of it.
In case of death you're guaranteed you'll lose all your money, just sayin'.
Oh, next of kin? Write down the words on a piece of paper and store it in a safe box. Create 10, 20, 100 wallets, spread your coins to all of them, write many words on many pieces of paper and store those in multiple safe boxes. Then make a will and tell them in it how to recover said wealth.
Bury the piece of paper in your backyard. Carve the words on a wall behind furniture in your basement. Create a poem with each verse containing one of the words and publish it online. Etc.
There are many methods to safely store the information needed to recover a lost wallet.
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
They could have been faked.
In fact, if you fake a fake currency, did anything happen, other than a chain of fiddling ones thumbs?
-- Tigger warning: This post may contain tiggers! --
You're missing the point. The claim was that you need a bank to store cash because it is impossible to safely store it otherwise. He said no such protection was needed with bitcoin, that it was just as easy to protect 1 bc as 350 million.
If you just rely on your memory, you are subject to losing the money if you forget the words. But, if you write them down, etc, then the places they are written should receive just as much protection as an equivalent amount of cash. Is that true or not?
Not necessarily.
In case of money stored in a bank, the bank takes care of everything and you pay them to do so. Your money are insured up to a certain amount (definitely not 350M). That's the advantage. The disadvantage is that the wealth you have stored can be taken away from you (asset freezing, government turning cuckoo, etc).
In case of cryptocurrencies, you can secure them as strongly (or weakly) as you want. Nobody else is or can be made responsible for your "wealth" but you. That's the disadvantage, so-to-speak: greater risk of you losing access to them because you weren't careful enough. The advantage? Nobody else can take your wealth away from you.
...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)