HN Gopher Feed (2017-07-26) - page 1 of 10 ___________________________________________________________________
Breaking open the Mt. Gox case, part 1
219 points by pcorey
http://blog.wizsec.jp/2017/07/breaking-open-mtgox-1.html___________________________________________________________________
buryat - 4 hours ago
So according to the following, Vinnik was aware of the origin of
bitcoins that were sold on BTC-e:> Some of the funds moved to BTC-e
seem to have moved straight to internal storage rather than
customer deposit addresses, hinting at a relationship between
Vinnik and BTC-e.and he was stupid enough to deposit them back to
his account on MtGox:> Moving coins back onto MtGox was what let us
identify Vinnik, as the MtGox accounts he used could be linked to
his online identity "WME" http://archive.is/6cFcYAll in all, there
a strong suggestion that he participated in money laundering and
was involved in the whole scheme.I wonder, if BTC-e somehow
artificially pumped the bitcoin valuation leveraging the huge
amount of bitcoins they put hands on, same as what MtGox did.Also,
it looks like that Mark Karpeles wasn't involved in the whole
scheme, and the hack was that simple thanks to the low or no
security and engineering culture at MtGox:> In September 2011, the
MtGox hot wallet private keys were stolen, in a case of a simple
copied wallet.dat file.> the shared keypool of the wallet.dat file
lead to address reuse, which confused MtGox's systems into
mistakenly interpreting some of the thief's spending as deposits,
crediting multiple user accounts with large sums of BTC and causing
MtGox's numbers to go further out of balance by about 40,000 BTC.
None of these users seem to have reported their "sudden luck".
ryanlol - 4 hours ago
>All in all, there a strong suggestion that he participated in
money laundering and was involved in the whole scheme.Well duh,
anyone involved in the Bitcoin community was very well aware of
this. BTC-e has been flagrantly disregarding AML and KYC laws for
it's entire existence.
alfon - 16 minutes ago
Btc-e is currently under 'unplanned maintenance' [1], does
anyone know if it has something to do with this?.[1]
https://btc-e.com/
ryanlol - 2 minutes ago
Almost certainly. BTC-e always describes any and all issues
as "maintenance".
[deleted]
jstanley - 3 hours ago
Lots of people in Bitcoin hate KYC and AML laws, and consider
them invasive. I am one of these people.In itself, it's not an
indicator of wrongdoing.
dragonwriter - 51 minutes ago
Hating KYC/AML law may not be a strong indicator of legal
wrongdoing; breaking it, OTOH, is not merely an indicator of
legal wrongdoing, but is itself such wrongdoing.
ryanlol - 1 hours ago
I don't know what you're getting at here? We're not
discussing wrongdoings, but violations of the law.BTC-e was
operating illegally for a very long time and everyone knew
this.If your dislike of KYC and AML laws led you to believe
that BTC-e was on solid legal ground, then you're simply
stupid.
xg15 - 2 hours ago
Except potentially breaking the law.
empath75 - 57 minutes ago
Breaking the law is an indicator of criminal behavior,
whether you like the law or not.
[deleted]
dmix - 2 hours ago
> All in all, there a strong suggestion that he participated in
money laundering and was involved in the whole scheme.I don't see
how this proves he had direct involvement in the scheme instead
of just running a laundering service for people.This blog post
mentioned he was connected to other thefts as well:>> The stolen
MtGox coins were not the only stolen coins handled by Vinnik;
coins stolen from Bitcoinica, Bitfloor and several other thefts
from back in 2011 and 2012 were all laundered through the same
wallets.Not much solid evidence here of direct involvement in the
hacks despite the bold claims, but it does look like there is
some connection to the crime at the post-hack stage...
mikeyouse - 40 minutes ago
If he ran BTC-e and some of the stolen Mt Gox coins were
transferred directly from the Gox wallet to BTC-e's internal
wallet (bypassing the BTC-e customer deposit wallets), doesn't
that necessarily mean he was involved?
vesinisa - 1 hours ago
In the archived BitcoinTalk post (http://archive.is/6cFcY) he
makes several references to that he is working and handling the
frozen funds for a "client". (He also happens to reveal his
full legal name.) Supports him working as a money launder or
front man for someone else.
Pyxl101 - 2 hours ago
It sounds like MtGox must have had no auditing of their wallets, or
completely ineffective auditing.How did they not at least perform a
simple sum of coins held by their wallets and compare it against
the amount expected by their databases? Or is the attack more
sophisticated than this would detect?If I were building a system
like this, I'd want to run an auditing system continuously that
looks for discrepancies, and then "shuts down everything" if
they're detected.
FRex - 2 hours ago
The site was originally made for trading Magic The Gathering
Online cards by one guy who later got bored and then got into
Bitcoin but I have no idea and wikipedia doesn't mention if they
reused any code or just the domain name itself.It's a fun piece
of trivia one crypto currency guy told me and it seems to be
true.
vesinisa - 1 hours ago
IIRC the site was written in PHP and it was a miracle it didn't
get hacked earlier (or, now it seems, it did, but the hackers
kept the site running to maximize the
heist).https://gist.github.com/alainmeier/9319451
DonHopkins - 46 minutes ago
"PHP can do anything, what about some ssh?" -Mark Karpel?s?_?
https://web.archive.org/web/20100701145902/http://blog.magic.
..
mobiletelephone - 2 hours ago
Magic the Gathering Online Exchange ;)
camjohnson26 - 2 hours ago
Yep. Mt Gox = MTG: Online Exchange
viraptor - 1 hours ago
It really bothers me how often people repeat it like it means
anything in this case. Like they forget Amazon was just selling
books. Also no idea if it still uses any of the old code or
just the name itself.
strgrd - 4 hours ago
I remember a time when BTC-e was the most logical exchange to use,
especially in the fallout of MtGox. I really enjoyed how
straightforward the exchange was, and how easy it was to get
started using their API. I don't think they're coming back after
this.
problems - 1 hours ago
> I don't think they're coming back after this.Are you kidding?
I don't think this will do much damage to them at all. BTC-e is
an anonymously run exchange, the people using it mostly aren't
the kind of people who want to be entirely above board, but there
is massive money in that market for Bitcoin obviously.
Jabanga - 4 hours ago
This would have all been avoided if MtGox had transferred its coins
to a new wallet after the 2011 breach. I guess they assumed that
any attacker that got access to the private keys would have
immediately emptied the wallet, and the fact that this hadn't
happened proved that the private keys hadn't been compromised by
the breach.I have to admit, that is a reasonable assumption. This
may show the limits of the usefulness of heuristics, and the
importance of organizations like exchanges, that have very
significant fiduciary duties, to undertake a systematic process
after a security breach to eliminate all possible remaining
vulnerabilities, no matter how unlikely and counterintuitive.
jmcqk6 - 2 hours ago
>I have to admit, that is a reasonable assumption.I really have
to disagree. You get breached, you change your private keys.
There shouldn't be a debate about that.
SolarNet - 1 hours ago
I think his point is that when it comes to stuff like this, our
intuition about reasonable assumptions is wrong. And we must as
both you and the parent post say, be systematic about the
response.
dopamean - 1 hours ago
You don't have to disagree. I dont think he's arguing that you
shouldn't change the keys based on that assumption.
problems - 1 hours ago
> I have to admit, that is a reasonable assumption.It costs dirt
to move your coins. It's not remotely reasonable if you're in the
Bitcoin world at all - if you have any reason to believe that an
attacker had any access to your wallet the advice is always the
same. Make a new wallet and transfer all the coins ASAP.
StavrosK - 2 hours ago
I don't care how reasonable the assumption is, moving those coins
would have cost nothing! It's inexcusable not to have done that.
ringaroundthetx - 2 hours ago
I only hear about the hackers that empty addresses and wondered
if they could be more effective by slowly draining.Well now know
turns out the biggest one was doing just that
richdougherty - 1 hours ago
And even re-depositing it back!
ringaroundthetx - 15 minutes ago
At least I finally have comfort in my 2011 decisions not to
buy bitcoin for $2 each with my little disposable cash:"I'm
not sending my living money to a sketchy exchange in
Japan"This is the exact sketchy kind of thing I imagined
would be happening.
austenallred - 3 hours ago
Can't wait to get my refund :)It's still insane to me that MtGox
never moved coins to a wallet or acknowledged the breach until long
after it was too late. You would think if you have billions of
dollars sitting somewhere and you realize someone is starting to
take them you would, you know, do something.
wcummings - 3 hours ago
>Can't wait to get my refund :)I had like 0.000001 BTC in mtgox
and it was worth it for the cute sticky unfoldy postcard thing I
got from the Japanese court.
tinco - 1 hours ago
When did you get that? I never received such a card.
wcummings - 1 hours ago
Years ago, it stated I was a creditor and was owed some
comically tiny amount of BTC I had left in my account. Cool
form factor, a sorta sticky postcard sized accordian you
would pull apart, japanese on one side, english on the other.
vocatus_gate - 3 hours ago
Same here, I saved mine to show to my kids some day. "Hey look
kids, your dad was summoned to a Japanese district court over
the loss of 0.0001 bitcoin!"
iak8god - 3 hours ago
> Can't wait to get my refund :)There's no chance of that, right?
(Hence ":)")At the time of the MtGox implosion I was bummed to
have lost a few hundred $ worth of BTC. Now I'd be very
interested in recovering that balance ... in BTC.
austenallred - 1 hours ago
I had a decent chunk of BTC. I would be shocked if I ever saw
any of it.
scotty79 - 2 hours ago
If they recover some coins, will they be transferred to mtgox
bankruptcy trustee.
jron - 3 hours ago
Never a dull moment in Bitcoin.
bhaak - 2 hours ago
I came for the technology but stayed for the drama.
vocatus_gate - 3 hours ago
If penny stocks are the cocaine of the finance world, bitcoin and
related cryptocurrencies are like freebasing crack.
FRex - 2 hours ago
More like krokodil.
NelsonMinar - 3 hours ago
The coin flow graph is terrific:
http://wizsec.jp/images/theft_flow.svgIs this type of visualization
common in Bitcoin? Is it a tool anyone can easily use?Edit, let me
restate my question. "Is there a tool that generates Sankey
diagrams from blockchain data that is easy to use?"
barkingcat - 3 hours ago
This is relatively easy to do since all bitcoin traffic is
transparent and open for easy tracking. You can probably do this
in gnuplot.Anyone who has the blockchain downloaded can run their
own analysis algorithms on it - it's already there for you to
see.
kzrdude - 2 hours ago
I imagine the difficult part is to group transactions and
addresses into understandable entities. A good tool could
certainly make incremental diagrams that help improving that
grouping though.
showerst - 3 hours ago
These are called Sankey diagrams.
sonium - 3 hours ago
Actually more specific is 'alluvial diagram' [1] since the
style emphasizes a 'flow' character.[1]
https://en.wikipedia.org/wiki/Alluvial_diagram[2]
https://en.wikipedia.org/wiki/Sankey_diagram
codezero - 2 hours ago
I read this as Snakey and it still works :)
frew - 3 hours ago
The graph itself is d3: https://bost.ocks.org/mike/sankey/
jcousins - 2 hours ago
I vaguely recalled seeing these in practice somewhere before -
it was ntopng netflow visualisation:
https://en.wikipedia.org/wiki/Ntopng#/media/File:Ntopng.png
dmix - 2 hours ago
> By mid 2013 [..] the thief had taken out about 630,000 BTC from
MtGox.630,000 BTC to USD = 1,560,069,000.00 US DollarsCrazy.$1.5
billion USD = 2.5% of Bitcoin's market cap ($40 billion) and
someone stole it.
loader - 26 minutes ago
Around Mid 2013 Bitcoin supply was around 11.5M coins so 630K was
more like 5.5% of total Bitcoin. Just using a different kind of
math. There's more coins now so using todays market cap % makes
it seem less then it actually was.
mikeyouse - 16 minutes ago
But mid 2013, the price of Bitcoin was ~$100.. So 630k was
"only" $63 million. A much larger percentage of a much smaller
asset.