Friday, May 11, 2012

Developing: Bitcoinica "Hacked" - Potentially 18,000 BTC ($90,000 USD) Stolen

Bitcoinica has been shutdown until further notice, following a theft of 18,000 BTC. News of the hack was posted this morning by Bitcoinica's founder, Zhou Tong:
"Today, we have discovered a suspicious Bitcoin transaction that doesn't seem to be initiated by any one of the company owners. Some of them are not online at the moment so this is not conclusive.

 Suspicious transaction:

{
"account" : "",
"address" : "182tGyiczhXSSCTciVujNRkkMw1zQxUVhp",
"category" : "send",
"amount" : -18547.66867623,
"fee" : 0.00000000,
"blockhash" : "00000000000003f6bfd3e2fcbf76091853b28be234b5473a67f89b9d5bee019c",
"blockindex" : 1,
"txid" : "7a22917744aa9ed740faf3068a2f895424ed816ed1a04012b47df7a493f056e8",
"time" : 1336738723
},

We have contacted Rackspace to suspend all our servers and lock down our accounts. All your trading and financial data is safe (as far as I know), apart from the Bitcoin loss. Thank you for your patience and understanding while we investigate this issue in detail."
And in a follow-up post:
"Our data is kept inact. Any order placed before the shutdown will still be valid. However, no order execution will happen (no zhoutonging either).
If the market moves significantly, we will come up with a proposal to compensate disadvantaged customers once the investigation is complete."
Bitcoinica was also the victim of a 43,000 BTC ($215,000 USD) heist back on March 1st.

It will be interesting to see how the market is affected by the inability of traders to take leveraged positions in either direction. Also, you should not surf to Bitcoinica.com, as the site has been redirected to a porn site.

13 comments:

  1. Here is an opportunity: create an insurance company for Bitcoin services. It is win-win-win-win: the end user wins by having a secure transactions, the company wins by having the most secure system possible, the insurance company wins by profiting, Bitcoin wins through practical application.

    ReplyDelete
    Replies
    1. thats a stupid idea frist I have to pay real money for a bitcoins not 50 bitcoins then all the transaction fees that go with it then you want to pay an insurance company that is the dumbest thing I have ever heard

      Delete
  2. The most secure system possible wouldn't need insurance, IMO. Insurance costs are passed from the company to the end user in the form of higher fees. I hope the developers can improve security without bringing in a bunch of parasitic middlemen, we don't want Bitcoin to end up like the US healthcare system.

    ReplyDelete
  3. Perhaps I am misunderstanding something, but why is the system allowing negative transfers?

    "amount" : -18547.66867623

    ReplyDelete
    Replies
    1. The negative number signifies a withdrawal.

      Delete
    2. Thanks for the clarification.

      Delete
  4. but gavin said as long as we do his BIP 6969 this could never happen again

    ReplyDelete
  5. quote: "but gavin said as long as we do his BIP 6969 this could never happen again"

    Well does Bitcoinica use pay-to-script with multiple keys located on different servers? I doubt it, but perhaps now they will.

    ReplyDelete
  6. it's time to realise that the powers that be have a vested interest in destroying Bitcoin, they may not be involved in this event but we ought to accept that since they are a potential adversary, our concentration on security needs to be total.

    ReplyDelete
  7. What they need is to make sure the site has some proper security on it. Check for example the payment card industry data security standards (pci-dss) and take note how complex it must be to actually make it out there.

    ReplyDelete
  8. PCI-DSS is a farce, as a standard it has elements that make sense, but when given to those who do it as a benefit/cost equation they just fuck it up.

    ReplyDelete
  9. This bitcoin hack is going to destroy the market: http://www.youtube.com/watch?v=P0j_6CvBWaY

    ReplyDelete
  10. Very informative article, thanks for sharing.

    -Prudential Life

    ReplyDelete

Note: Only a member of this blog may post a comment.