Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Bitcoin Security The Almighty Buck The Internet News Technology

Bitcoinica Breach Nets Hackers $87,000 In Bitcoins 196

dynamo52 sends this quote from Ars about a breach involving a Bitcoin exchange: "More than $87,000 worth of the virtual currency known as Bitcoin was stolen after online bandits penetrated servers belonging to Bitcoinica, prompting its operators to temporarily shutter the trading platform to contain the damage. Friday's theft came after hackers accessed Bitcoinica's production servers and depleted its online wallet of 18,547 BTC, as individual Bitcoin units are called, company officials said in a blog post published on Friday. It said the heist affected only a small fraction of Bitcoinica's overall bitcoin deposits and that all withdrawal requests will be honored once the platform reopens." Reader linhares points out a forum post discussing how the attacker(s) hinted at a 'mass leak' in the near future. This attack comes shortly after a leak of a different sort — an FBI document (PDF) about Bitcoin found it way onto the internet. It seems they're worried about the virtual currency's potential use in criminal activities.
This discussion has been archived. No new comments can be posted.

Bitcoinica Breach Nets Hackers $87,000 In Bitcoins

Comments Filter:
  • From https://bitcointalk.org/index.php?PHPSESSID=a5fdf1db75465f52e9f1ebb06e67b70e&topic=81045.380 [bitcointalk.org]:

    "The root cause of this problem is an email server compromise. The email server belongs to one of our team members."

    Really? Does their server really send (unencrypted) emails with root passwords to their entire system? Or did the email server just happend to have root access? I don't even know what possibility is worst.

    • by Michalson ( 638911 ) on Saturday May 12, 2012 @05:49PM (#39981577)
      "The root cause of this problem is an email server compromise. The email server belongs to one of our team members."

      A poorly secured email server is not the failure in this statement.

      The failure is what was a non-essential piece of software, what sounds like someone's personal software, doing on this server or even on the same firewalled subnet?
    • by girlintraining ( 1395911 ) on Saturday May 12, 2012 @06:00PM (#39981639)
      Hey there, while you're on the topic of security, couldja not include your session ID in a URL you post? Makes you look sorta stupid. Try this [bitcointalk.org] instead, guys.
  • by Razgorov Prikazka ( 1699498 ) on Saturday May 12, 2012 @05:29PM (#39981473)
    ...That the concept of Bitcoins, nor the encryption behind it, nor anything like that is being breached.
    It's always some kind of security breach that allows malicious folk to get the coins themselves. Or people that get their coins stolen from a leaky windhose box. Something like that.
    So that is cudo`s for Bitcoin huh? I mean, I never heard some story like "hackers have found a way to create Bitcoins without all the hassle (and made it into a nice gui-ed program)" Enter the amount you wish, hit 'generate' and within 2 seconds your bitcoins are ready to be used.
    It is a solid piece of work isn't it?
    • Unless we just don't hear about it, or they always go for those low hanging fruits figuring it's easier.

      FYI, its "kudos"

    • by jjohnson ( 62583 ) on Saturday May 12, 2012 @06:52PM (#39981921) Homepage

      It's not kudos for bitcoin even if the design itself is proven perfect, because bitcoins are useless without practical implementations and real markets, and if those real-world applications continually fail for external reasons, the bitcoin economy will never take off.

      Put a little differently, it doesn't matter how perfect bitcoin is on paper. If it can't be made to work in real life, it's useless. And if the computing infrastructure on which bitcoin transactions occur is fundamentally un-securable, then it can't be made to work in real life. It's like deploying an uncrackable ATM in a crime-ridden neighbourhood. It doesn't matter that you can't break into the ATM if you just have to wait for someone to withdraw cash and then rob them.

      • by Statecraftsman ( 718862 ) on Saturday May 12, 2012 @08:18PM (#39982357) Homepage
        What you're seeing with Bitcoin is sort of like raw access to the Visa network and I'm surprised more theft doesn't occur. As you pointed out it's nontrivial to have a secure computer nowadays.

        As the infrastructure evolves we are likely to see payment processors that use things like multi-sig transactions and stronger security measures to insulate the user from such concerns. Even then, you'll still have the freedom to operate independently.

        Freedom(tm) - A (previously?) core value of the /. community.
      • If someone creates a little program that is a beauty in its language, simplicity and does not have a single bad aspect, but no one will use it because it is useless...
        It is still a beauty in its language, simplicity and does not have a single bad aspect. There, that is what I meant.
        The concept and the technicalities are just good. Kudo/cudo's (whatever is preferred) for that.

        And quite the opposite for anyone who have a lot of bitcoins on a disk on a system that is on-line and that is open for all to rob!
      • by Sycraft-fu ( 314770 ) on Sunday May 13, 2012 @01:55AM (#39983547)

        They are only useful if you can spend them, and if people do spend them. Money is just a theoretical construct to facilitate trade, nothing more. It has no magical powers. As such it only works if people can spend it on things they want, and in fact do spend it. If they can't spend it, they have no reason to hold on to it or obtain it. If they don't spend it, then it isn't performing its purpose of facilitating trade.

        This is why, all other issues aside (and there are a number of them) bitcoins fail as a currency. It has built in deflation which means that people would have an incentive to hoard, not to spend. That makes it fail as a currency. When there's an inherent deflationary setup in a currency, it will never function well.

        Also you can see it doesn't actually function as a currency because to the extent people use it these days it is two main ways:

        1) Mining/speculating. They just trade in and out of it to try and make money. While all currencies have trading and speculation it is not the major activity. With bitcoins, it is by far most of what happens. That means it isn't being used as money, but as a commodity.

        2) To hide payments. People get bitcoins, pay someone they don't want to have it tracked to, and that person/company turns it right back in to an actual currency. That makes it no more a currency than Paypal. It is just a means of payment, and only being used to try and launder the money. At both ends the actual "money" is a regular currency.

        Money isn't money because of some magic reason, or some special thing backing it or any of that. Money is money when people use it as such. When people are willing to accept it in trade for goods and services and willing to spend it on the same, you've got money. Doesn't matter what it is, just that you can spend it and you do in fact spend it. Gold coins, printed paper, bits in a computer, big rocks, all can work (and all have worked).

    • by jd ( 1658 )

      No system is truly robust unless it meets not only the trivial requirements (such as strong encryption) but also meets the harder requirements (it must meet the reliability threshold outlined in the Byzantine General's Problem, for example, where the nodes in the problem are not simply the people but also the computers concerned).

      That is a tough one. The problem is not solved in centralized banking systems, it is merely better-hidden. Banks are reputed to lose many billions a year to people getting in throu

    • The people that are attacking Bitcoin as a whole aren't hackers. Hackers and intellectuals are inspired by the possibility of Bitcoin, a universal currency that appreciates constantly at the maximum level. No more booms, or busts, no more shady deals, no more loans you apply for in a tie.

      The people concerned about Bitcoin are governments, security agencies and anyone that believes in the "pounding flesh and smiling" agenda that has separated the richest from the poorest and removed the representation in r
  • by Statecraftsman ( 718862 ) on Saturday May 12, 2012 @05:39PM (#39981519) Homepage
    In the world of Bitcoin, startups are held to a higher standard when it comes to transparency. How many $87k thefts do you think occur on a daily basis with other companies? How many of those do you think you would hear about if they did happen? Usually when we hear of technology it's always in the multi-millions either of dollars or of records compromised.
    • by ceoyoyo ( 59147 )

      Taken as fractions of the entire relevant markets, this theft must rank among the biggest of all time.

    • Any time any institution I've banked with has been hit in a way that could affect me, I've been informed promptly. What you mean is that you only pay attention to news on places like Slashdot and ti is all Slashdot reports. They don't report every credit card theft out there.

      Also a big difference is with real banks and such the money is tracked, so you get it back. At one time I noticed a charge on my CC that wasn't mine. I called the bank, and had it all taken care of in about 10 minutes. Nothing lost, the

      • As far as you know. And you know as well as anyone that data copied need not be used immediately. I won't say that every Bitcoin business has been or will be above board but the fact that there is a public transaction log makes certain activities very hard to hide or explain away. As for reclaiming stolen funds, the largest thefts occur at the top. MF Global for example is missing $1.2-1.6 billion. That is an amount of money that can affect millions of people in ways they would feel.
    • by makomk ( 752139 ) on Saturday May 12, 2012 @08:08PM (#39982315) Journal

      Actually there's good reason to suspect that the big daddy of all Bitcoin organisations - MtGox - has been less than honest about its own losses to fraud and theft. Their main payment provider suffered massive fraud targetted at Bitcoin exchanges and clawed back all the fraudulent deposits, and Mt Gox's claim not to have been hit by this seemed really unlikely. As you pointed out when talking about bank theft, we only know about the ones we actually get to hear about and not the thefts that are hushed up sucessfully.

  • I think I'll stick with shoving my "coin" under the mattress. It works fine for me because it's obscure; someone would have to first break into my house to discover that the mattress have a secondary purpose, and my house isn't a conspicuous target. Too bad these Bitcoinica folks have a very conspicuous house. I suppose they need Fork Knox and not a mattress.

    • I keep my valuable currency of Beanie Babies and Pez Dispensers under my mattress. And, boy, do I sleep terrible.

      That's what economists are talking about when they mention "hard" and "soft" currencies. It is measured by how it feels when you stuff it under your mattress:

      • Gold, canned food, ammunition: hard.
      • Cash, stock certificates, anything else printed on paper: soft.
      • Bitcoins: "Stop squeezing the Charmen, Mr. Whipple!"
      • by macraig ( 621737 )

        I hope you have the Star Trek Pez set! It'll be worth some serious (bit)coin in about a century. They're no lesser peas under the mattress than ammo clips, though. You can probably shoot a burglar with both.

  • Only $87k, it's nothing compared to other virtual insurances like the US Dollar or the Euro.

    • ... as opposed to what? The Yen? Ruble? Yuan? Peso?

      • Oh, please, now you are just begging for somebody to start yet another argument about gold.
        • The "value" of gold is just as arbitrary.

          • The "value" of gold is just as arbitrary.

            No it isn't. Because at the end of the day, if the entire civilised world collapsed into a steaming pile of dog poo, women will still be attracted to a man with gold. And this is the primary force that drives the universe.

            • by jd ( 1658 )

              I have gold, but that has made bugger all difference. I'm as ignored by women now as I was before. So that's clearly not the deciding factor.

            • by raynet ( 51803 )

              At that point I am sure they would be more attracted to the man with food.

  • Bitcoins are the tender of the future. The FUTURE. As far as FBI's worry about their use for criminal activity--too late! The things I've seen on an Onion router off the shoulder of Orion. Hell, people earn real goods and services for grinding in a game. Some of those goods and services may well be ILLEGAL. Maybe we should ban grinding to prevent this nefarious use of virtual technology? Some people collect bottles at the roadside for money. Some of this money buys meth and pot. Should be now ban.... and
    • Bitcoins are the tender of the future

      No they are not; the demand for Bitcoin is microscopic by comparison with the demand for other currencies, and when the hype dies down people are going to be selling Bitcoin more than they will buy. Without the ability to pay taxes etc. with Bitcoin, it is doomed -- and there is no incentive for any government to accept Bitcoin for tax payment, nor for any court to assess damages in terms of Bitcoin, nor for any bank to issue a Bitcoin loan, etc. The economic shortcomings alone are enough to kill Bitcoi

    • by jd ( 1658 )

      Bitcoin's creators are completely ignorant about what makes for a useful currency, what makes for a secure system and what makes for a workable system. The FBI's concerns are immaterial in all of this, Bitcoin is simply a very badly-designed system.

      Current central currencies are no better, they have many of the same defects and a whole host of different ones.

      What is needed is a replacement system, sure. A decentralized system, with no tracking. But Bitcoin isn't it. Bitcoin just makes power generating compa

  • by bmo ( 77928 ) on Saturday May 12, 2012 @05:50PM (#39981585)

    "an FBI document (PDF) about Bitcoin found it way onto the internet. It seems they're worried about the virtual currency's potential use in criminal activities."

    During the televised SOPA hearings with the House Judiciary Committee, Jared Polis - after introducing the song "The Internet is for Porn" into the Congressional Record - waxed poetic on the underground economy, Bitcoin, drugs, TOR and Silk Road.

    Those watching on /g/ were aghast. "OH GOD HE KNOWS!" was the reaction.

    Yes, folks, they've known for a while.

    Bitcoin, when it's not a scam, is a method of money laundering.


    • Do you have any references to Bitcoin being used in money laundering? Having a hard time finding a concrete story...
      • by bmo ( 77928 )

        When you convert dollars to bitcoins, buy drugs with bitcoins on SilkRoad, and then those bitcoins are converted back to cash by your dealer, that is money laundering.

        >dirty money
        >black box (bitcoin)
        >"clean" money out

        Any time you obfuscate the source of money in a transaction to hide illegality or "synthesize" transactions after the fact to hide illegality, that is money laundering. You may argue about the finer points, but that is the overall definition and rule of thumb.

        And the penalties for mon

        • by Sycraft-fu ( 314770 ) on Saturday May 12, 2012 @06:18PM (#39981743)

          Geeks have trouble with this concept, they get all overly literal about shit and think that if something is ok to do under any condition, it is ok to do under all conditions.

          That is, of course, not the case. In the law, intent quite often matters. Also what you actually do with it matters as well. If you actually go and buy drugs with the alternate currency you bought then yes, that can be used as evidence of money laundering.

          The other part of the problem is that geeks seem to have trouble with the concept of "reasonable doubt" at times. They think if they can cook up any alternate explanation for an action, no matter how far fetched, a jury should have to accept it and they'd get off. Again, not how it works. It isn't beyond any doubt, just beyond a reasonable one.

          So yes, if you buy bitcoins for the purpose of buying drugs, they could nail you for money laundering and likely make it stick.

          • by bmo ( 77928 ) on Saturday May 12, 2012 @06:32PM (#39981829)


            There was a jeweller in town who is in prison for the rest of his life and a few hundred years after that because he did conversion of cash to gold and back to cash for the mob.

            Exchanging cash for gold is not illegal
            Exchanging gold for cash is not illegal
            Exchanging cash -> gold -> cash in order to help someone hide where his cash came from is so illegal it is more illegal than most crimes of violence and more illegal than the original crimes of drug dealing, numbers running, bookmaking, etc.


        • Using money to buy illegal things is not laundering in itself. Money laundering requires that bad money be mixed in with the good stream of what looks to be a legitimate business. Again, I must ask if you have a reference for such an occurrence.
          • by bmo ( 77928 )

            >Using money to buy illegal things is not laundering in itself.

            It's the conversion that makes it money laundering. Conversion to bitcoin is "anonymizing" a money stream to hide the illegality of buying drugs, etc.

            Whether you agree with this or not, this is how the feds are going to present it to a jury and that's how you will go to jail.


            • The same could be said of converting a bank balance to cash. Your implication that using Bitcoin = jail time makes me wonder what your concern is against people being able to spend their money as they wish (something that is again still largely possible with cash).
              • by bmo ( 77928 )

                The same could be said of converting a bank balance to cash.

                No. You're assuming that bitcoin is the same as a bank account. It's not. There is no converting either. It's dollars in/dollars out. You are deliberately stretching what I say into nonsense.

                Your implication that using Bitcoin = jail

                No. My implication is the anonymizing of the cash stream through bitcoin conversions *is* money laundering. You have to show intent that the money was for illegal goods/services. If it can be demonstrated that

      • > any references to Bitcoin being used in money laundering?

        Is Bitcoin something called a "legal tender" ?
        • It is not classified as legal tender by the government but that doesn't mean it's illegal to use. Case in point, hundreds of local currencies in use around the country (Ithaca dollars, Disney dollars). What you can't do is refuse USD as payment for debt, the commonly quoted case being when you go to dinner and pay the bill after eating. There you are in debt and the restaurant must accept USD in the US.
          • by bmo ( 77928 )

            It is not classified as legal tender by the government but that doesn't mean it's illegal to use.

            It was never stated that bitcoins, as such, are illegal. You can use anything for money. Bags of salt, etc.

            You are not allowed, however, to do conversions and transactions to hide the money stream for illegal activities. That's money laundering.

            You're dense.


    • by wrook ( 134116 )

      Bitcoin, when it's not a scam, is a method of money laundering.

      This is certainly the tag line many people have used for Bitcoin. While there is definitely potential for this, I'm not sure it's *actually* being used that way. The last time Bitcoin was brought up here, someone made the assertion that the first X bitcoins (I won't rely on my crappy memory to say how many) that were created *have not ever been spent*. This is quite easy to verify, and I've been meaning to do it for a while, but haven't gotten around to it.

      If that were true, why haven't they been spent?

      • by bmo ( 77928 )

        law enforcement haven't been bothered to really follow up on it. I suspect that will change someday.

        Just because the feds have not gotten 'round to actually arresting people yet does not make the acts themselves legal.

        Only stupid people would use this for money laundering. Using it for large scale illegal transactions would pretty much be like having a neon sign over your head saying, "Arrest Me"!"

        They are using the relative obscurity of bitcoin.

        Also: the prisons are not exactly filled with geniuses.

        It sti

        • by wrook ( 134116 )

          I don't really disagree with you on most of what you are saying, but I wonder if you possibly have a strange definition of the word "money laundering". Money laundering means taking money earned from illegal activities, using it in a legal activity that makes it hard to figure out where it came from, and then receiving a portion of it back again. The money that comes back comes from a legal activity and is hence "clean", even though the legal activity is being supported by "dirty money". Buying or sellin

          • by bmo ( 77928 )

            Money laundering means taking money earned from illegal activities, using it in a legal activity that makes it hard to figure out where it came from, and then receiving a portion of it back again


            What would make it difficult is if there was a legitimate, legal service being run in the middle. Then the bitcoins going out the end could be ordinary people. But there is no such service as you point out. Virtually all the money being used in Bitcoin is for illegal activity.

            In the US, it doesn't have to be a l

        • "Just because the feds have not gotten 'round to actually arresting people yet does not make the acts themselves legal."

          It is called "targeted prosecution", and it has been used as a very effective political assassination tool to suppress free speech.

          This is because it is very easy to commit felonies without you even knowing it.

          You seems to have some legal background. I suggest you read the book "Three Felonies a Day: How the Feds Target the Innocent" by Harvey A. Silverglate. A very interesting read.

      • by bmo ( 77928 )

        I forgot to address this

        >If that were true, why haven't they been spent?

        Because bitcoins, by their virtue of being limited at a hard number, are deflationary. You are crazy to spend a currency that, over time, chases more goods as economies expand.

        So you hoard, gambling that the future is going to give you a bounty.

        This is why the first bitcoins are being hoarded. They were easy to generate in large quantities by the early adopters. Why spend them when they didn't cost much to generate and further suc

        • There are many stocks which are almost certainly going to be worth more tomorrow than they are today, yet they are still being traded by thousands of investors. Are they all 'crazy'?

          There are plenty of reasons not to hoard, even if they are in fact expected to go up. For one, people sometimes actually want the money for something other than watching it grow. And 2033 - the year when the "hard number limit" will be reached - is still a long way from now.

          • by bmo ( 77928 )

            There are many stocks which are almost certainly going to be worth more tomorrow than they are today, yet they are still being traded by thousands of investors. Are they all 'crazy'

            There are people who gamble with stocks, then there are people who take long positions, and those that take shorts.

            Taking a long position on something that you have spent pennies on to create that sell for 20 dollars each, is not crazy. If you believe that whole bitcoins are going to go above 100 dollars within the next 10 years

            • by wrook ( 134116 )

              Clearly, there is going to be no convincing you. Hell, I don't know if this was originally meant to be a scam or not. I totally agree with you that there is a lot of potential for a scam. But from the evidence at the moment, it does not appear that it is being used as a scam.

              If Bitcoin actually emerges as being a legitimate currency (which I highly doubt, for economic reasons), if the original authors cash in their bitcoins, I'm not going to call that a scam. They provided a service and profited by it.

      • by Kjella ( 173770 )

        As for money laundering, Bitcoin makes a poor money laundering system. Everything is easy to track. First, you need to *get* the bitcoints. Mining isn't going to get you enough volume to do anything worth while. This means you have to buy them with real currency. That transaction happens on a server which will almost certainly keep records (i.e. the information is available to law enforcement). It's also difficult to buy BTC with cash. You pretty much need to go through a bank account. After that, each transaction is traceable -- by everyone. You don't even need to be part of the system to track the transactions. Just download the blocks. Only stupid people would use this for money laundering. Using it for large scale illegal transactions would pretty much be like having a neon sign over your head saying, "Arrest Me"!"

        Offer any sort of legal service anonymously for BitCoins? It could be anything that you can deliver digitally, whether it's code, artwork, translations, esseys, whatever that you can deliver via proxies and such. You now have anonymous bitcoins, sure they can trace the coins going into your wallet but all they'll find is an innocent guy who paid for something legal. If there's a challenge it's on the other side, after receiving money for something illegal they're now dirty and you need to launder them. For

        • by wrook ( 134116 )

          My point was that there aren't any legitimate services being offered. Thus, it really doesn't matter how many times you jumble around the bitcoins, they never get clean. Bitcoin is considerably less anonymous than cash. If you want to do money laundering, cash is going to be way easier (especially in the types of volume that Bitcoin can currently handle).

          The original assertion was that Bitcoin is used for exactly 2 purposes: "a scam" (which I interpret to mean "pump and dump"), and money laundering. Eve

  • by Anonymous Coward on Saturday May 12, 2012 @06:03PM (#39981649)

    Bitcoin was an interesting experiment.

    I was one of the lucky ones- I got in before Bitcoin hit prime time for its 15 minutes of fame. Back then mining actually got you something worthwhile when you could dedicate a couple of GPUs and one or two computers to it (back then FPGAs weren't even being discussed that much). It managed to pay for four separate computers, which I later overhauled and replaced the motherboards on so I could stuff three GPUs in each. A few months ago I decided to shut it down (after witnessing random things like the rollback of an entire market because someone sold too many BTCs and it pissed off the big guys who lost a lot of money because they didn't see it coming) and started to cash out. At the end of it all (after I sold my equipment- though that only accounted for ~10% of my total catch), I'd made enough to pay off my car and both me and my fiancee went on a nice trip to Maui for two weeks.

    A friend recently "discovered" BTC and came to me for information on "how to get rich quick". It took me over two hours to convince him that it wasn't worth it anymore, that he could probably pump a good $10K into equipment and not even make back the money power would cost him to run it all. You'd have to invest ten times that into exotic FPGA hardware just to make any reasonable amount of income, and even then I doubt you'll ever pay for the hardware itself before the system completely crashes.

    BTC is, ultimately, a failed experiment. Now that the system has gotten rolling there is little reason to use it for anything other then illegal goods, and nobody wants to be associated with a currency that is predominantly used to move dirty money or pay for black market items. I suppose things might be a bit better if we actually had reasonable exchanges running, but for the most part what is out there right now (including MtGox- which formerly stood for "Magic the Gathering Online eXchange") is just about as untrustworthy as the people using it.

    If you're a potential miner, my advice is to stay away from BTC. If you weren't there when it started, then you're basically not going to make any money. Those few elites still making money off the system will soon leave as the entire thing becomes unprofitable for even them, and then when they cash out the entire system will crash hard- and any BTC you might own will be worth nothing.


    • by Troed ( 102527 ) on Saturday May 12, 2012 @06:57PM (#39981947) Homepage Journal

      I agree. Anyone who thinks Bitcoin is about "making money" should stay away. It's a monetary agent. It's as much for "making money" as using Western Union is, without anyone being able to say "no" to whom you want to send money.

      I've used it to donate to Wikileaks, among other things (all legal, incredibly enough).

      • Re: (Score:3, Informative)

        by Anonymous Coward


        So... Let me get this straight... The OP AC thinks BTC is "a failed experiment" because it can't be used to get free money anymore?


        • by iroll ( 717924 )

          No, he thinks it's a failed experiment because it's a fragile ecosystem run by people who will pull the rug out from under it at the first opportunity.

          The fact that he got free money out of it was just a happy benefit from being in the right place at the right time, and means that he probably has some perspective on the future utility of the system.

  • They lost $87,000 worth of BitCoins. If everyone withdrew their money (not that unlikely now) they would need to find $87,000 of real money to honour those withdrawals. Are they insured or do they have the cash on hand?

  • All I hear about in the news these days is about how bitcoins are stolen.

Our business in life is not to succeed but to continue to fail in high spirits. -- Robert Louis Stevenson