back to article Linode hackers escape with $70K in daring bitcoin heist

Popular web host Linode has been hacked by cyber-thieves who made off with a stash of bitcoins worth $71,000 (£44,736) in real money. The crooks pulled off the heist after obtaining admin passwords for Linode's network gear. Having infiltrated its systems, the thieves proceeded to target several Bitcoin-related servers, …

COMMENTS

This topic is closed for new posts.
  1. Bjorg

    Just like real currency?

    I've heard people say that bitcoins are just like real currency (but probably even better because you get nerd cred for using them). If someone hacks my bank and steals my money, I'm protected by law if I catch it soon enough. So what happens if someone steals by bitcoins? Are they gauranteed in any way? Because if not, it's not at all like real currency.

    1. Old Handle

      Re: Just like real currency?

      No, it's like CASH money. In that if someone breaks in and steals it, it's gone. But, as with cash, that same irreversibility is a a selling point in other situations. Legal protection is definitely uncertain though, I can understand why that's not for everybody.

      1. SJRulez

        Re: Just like real currency?

        Its not quite like cash, they are traceable as all transactions are logged and coin can be followed from point to point. The main drawback is those logs still rely on IP addressing so someone using Tor or similar service could avoid detection.

        One thing i'm not sure on though is whether its possible to actually block a coin from the chain effectively rendering it useless or alternatively whether you could block transactions from a specific wallet.

        Either way the system does have some draw backs including one of which being the limit on the total number of coins that can ever be produced.

        1. Anonymous Coward
          Anonymous Coward

          Re: Just like real currency?

          "including one of which being the limit on the total number of coins that can ever be produced."

          It's the Tea Party's dream currency!

          1. Anonymous Coward
            Anonymous Coward

            It's the Tea Party's dream currency!

            Is that the group which used to be called the Mad Hatters Tea Party by any chance ?

            1. Anonymous Coward
              Anonymous Coward

              Re: It's the Tea Party's dream currency!

              Sniff enough mercury and you, too, can become a force in right-wing American politics.

              Some childhood lead ingestion doesn't hurt either, from the looks of things.

  2. Anonymous Coward
    Anonymous Coward

    RIP Bitcoin

    Nuff said..

  3. Anonymous Coward
    Anonymous Coward

    Real Currency?

    If someone steals your bearer instruments (one type is "cash" as in Euro bills for instance) what kind of guarantee do you have? Oh, none... this is the "real currency" most people would think of.

    The just as usable (in most cases) currency retained in your bank account is another story.... it is also not anonymous. The plods can find you laundering or buying extreme porn or something. So this currency isn't really as "real", but it is mostly just a good and is better protected from theft.

    I do wonder who actually will pay for the stolen bitcoin value-- maybe Linode had an insurer? Maybe they are paying just because if they didn't their business would implode (that is, there is no written guarantee to the users, so you pays your money and takes your chances)?

    1. Old Handle

      Who pays?

      Good question. A quick peek at Linode's ToS shows they've got all the standard nothing-is-ever-our-fault! type language, so I would imagine Bitcoinca, etc, will be out of pocket. I suppose there's some possibility that Linode could be responsible if the hack resulted from gross negligence on their part, but I wouldn't count on it.

  4. Nick De Plume
    Devil

    The Great Simoleon Caper

    No government in the world wants bitcoin to succeed.

    Unless they want taxes, of course.

  5. Bob 18
    Thumb Down

    If it Ain't Broke....

    I don't see what bitcoin is supposed to do (for the normal legitimate user who pays taxes) that would improve on our traditional banking system. And I see plenty of downsides.

    1. Steven Roper
      Stop

      Re: If it Ain't Broke....

      I can see a hint of the old "if you have nothing to hide you have nothing to fear" in there, Bob.

      Bitcoin is needed because right now unaccountable corporations Mastercard and Visa control who is able to trade. You may recall the recent fracas with Wikileaks and how MC and Visa refused to process payments for them.

      This is wrong on every level possible. Why the hell do these unelected and unaccountable corporations have the right to decide which free organisations can exist or not?

      Also, both Mastercard and Visa have lately been making noises about selling your transaction history to third-party advertisers. You better hope you haven't used your credit card on any sketchy porn sites recently, because your purchase history is about to become effectively public knowledge.

      So Bitcoin has a VERY valid place and purpose. It allows organistions like Wikileaks to exist despite the evil machinations of MC and Visa, it provides a confidentiality blanket for purchases we'd rather weren't general knowledge, and ensures freedom of trade between human beings.

      1. Captain Save-a-ho
        Boffin

        Re: If it Ain't Broke....

        There's not unaccountable about Visa and Mastercard. They're publicly-held corporations, subject to the US government regulations on many levels. If they had not aided the banks, they would have been out of a lot of business too.

        Bitcoin will go nowhere because they don't have a method to become mainstream in today's economic environment, period. That doesn't mean there won't be a prominent place for Bitcoin as the economy becomes even more virtual than today, but few large-scale economies are built on a peer-to-peer model. Might as well revert to paying with chickens or potatoes: while Bitcoin can work, it simply won't scale for the massive economies in existence today.

        1. Steven Roper
          Thumb Down

          @Captian Save-a-ho

          Visa and Mastercard are "publicly held" corporations? Oh, yeah right, they're publicly accountable - to those wealthy enough to own enough shares in them to influence board decisions. Is that your idea of democracy? Having to own huge amounts of shares in order to have a say in anything that affects your livelihood and freedom?

          Spare me your "democracy", Captain, it looks a whole lot like a plutocratic dictatorship from here.

        2. Anonymous Coward
          Anonymous Coward

          Re: If it Ain't Broke....

          I think the idea was that Visa and Mastercard are not really accountable to their users. As in, there is no legal requirement for them to honour transaction requests. Moreover, since they don't have to process requests by law, they can easily be "leaned-on" by US politicians who have a less than shining reputation outside America.

          It isn't good to have so much global trade being routed via just a couple of entities subject to a single country's legal and political system. Alternatives are always good, especially decentralised alternatives. It is called competition and shouldn't be confused with capitalism.

          While I don't participate, I'd like to see bitcoin do well because I think its a nice idea. I like local village "currencies" too and there's nothing wrong with bartering, swapping, buying things second-hand even with cash. I guess I like the idea of people trading for what they want, without someone in the middle taking a cut. Perhaps it won't scale. I can't see a decentralised system begin able to compete with the lobbying of the mainstream financial institutions so I doubt it will ever have a legal basis, but I like it nonetheless.

  6. James O'Brien
    Paris Hilton

    does someone want to clue me in here

    I have never used anything like bitcoin or the like but I am wondering how is it they were able to transfer funds out of this and keep them without being tracked down? Surely there are tracks to which new account the funds were transferred to and if they were traded in surely the company who provides this service is restricted to only one provider for cash-for-coin therefore it should he easy to find a culprit?

    1. SJRulez

      Re: does someone want to clue me in here

      There is a digital footprint but it still has the same restrictions as its based on ip address logging. As far as the cash-for-coin goes, its not just about getting the money for them, there are many online retailers, hosting providers, service providers and dark corners of the internet where they can also be spent. Its also decentralized so there is no real control over bitcoins as a currency.

    2. gregp
      Big Brother

      Re: does someone want to clue me in here

      Bitcoin is completely decentralized; payments are done to public keys (i.e. there are no "account"s) and transactions are stored in a public database, so you may know the public keys of the perpetrator but don't have any other info (apart from what you can gather from the actual intrusion).

      Another way to put it would be, you don't even need to be online to receive bitcoins, and you can also create a public key (or rather a Bitcoin address) without ever being online.

      You would need to actually create transactions yourself in order to spend coins though. So, what the thief would do is, bounce the coins through a multitude of addresses they control and eventually sell them to unsuspecting buyers. Although every transaction is traceable, the original coins will be spread to so many addresses that it's very hard for a buyer to keep track.

      Also, there is plausible deniability, because, since coins from multiple inbound transactions can be merged, the propagation of coins is divergent. Pretty much like the fact that there is at least one oxygen atom in your body that has been passed through the bladder of Socrates. You can increase deniability by mixing tainted coins with clean coins and then pretend that you got a hold of the tainted ones by accident. It's very plausible. There are actual hidden mixing services that would do all of this for you.

      This all may seem like the wild west, but there is another aspect of the technology and the philosophy behind it that one needs to take into consideration. Bitcoin's primary aim is to do away with the need for any kind of centralization. The obvious drawbacks are that there may be times that you would wish that an authority were present. So the ongoing development is focused on addressing the circumstances that this happens. Bitcoin itself is actually a decentralized notary system, and different kinds of transactions are being developed in order to require complex rules to redeem coins. When this happens, it will considerably reduce the risk of theft, and also enable contracts that doesn't need an actual regulatory agency to enforce.

  7. Timo

    still need to change it into something useful

    Now all these people have to do is change it back into real money like dollars or pounds or euros.

    Since the whole market of bitcoins has shrunk it should not be hard to find someone looking to exchange a big pile of them for real money.

    Either that or they would have to dribble out their exchanges over time and dollar-cost-average their exchange rate. If they decided to dump their coins on the market would it have an impact on the price?

    1. gregp
      Big Brother

      Re: still need to change it into something useful

      If they do dump in one go, it would have a negative impact; they wouldn't be able to get the current market price for each. But the market is not shallow either, daily volume fluctuates between 30K and 300K bitcoins nowadays, so they could sell it for other currencies within a couple of days without creating too much downwards pressure.

      It depends on what you consider "real" money though. I'd argue that, seeing that the thefts didn't increase the volatility beyond what's ordinary, there is a good chance that the thieves might consider the market strong enough and prefer to stay long on BTC.

  8. Anonymous Coward
    Anonymous Coward

    Bitcoins like Pokemon cards

    Many ex spotty teenagers no doubt have stashes of Pokemon cards in bedrooms which they visit occasionally when they come home to see Mum and/or Dad. If the market for Pokemon collections has shrunk greatly that doesn't mean everyone who thought they were worth something and expended many hours and much pocket money collecting will immediately dump them. So it probably is for Bitcoins - the true believers who expended countless CPU hours or bot herding keyboard hours mining them will hoard these in the hope that the magic won't go away. Eventually of course such things have to end up in landfill or museums, but I don't know how a museum would treat a once greatly loved Bitcoin and 99% of Pokemon cards will probably be trashed before the museums will touch them.

  9. Conrad Longmore
    FAIL

    Linode

    A really don't think that this is an isolate breach at Linode. In the past few months, Linode servers have regularly been used to serve up the Black Exploit Kit, promoted via spam and drive-by downloads. These servers often have legitimate sites on then, which leads to to think that Linode's servers have been getting hacked for some time. They're not the only mainstream host to have this problem too, so my guess is that whatever mechanism was exploited at Linode is being exploited elsewhere too.

    1. Pete Spicer

      Re: Linode

      If a user has an application deployed on a Linode that is insecure and has vulnerabilities that can be exploited, it will be eventually.

      As a former support rep for certain online software packages, you'd be surprised how often "My <insert software> install got hacked" turns up, when it's not the fault of the software itself but something else on the server that has been compromised - which makes it entirely possible to modify what's on the server and inject backdoors into it.

      Of course, it happens a lot more on shared servers, but VPSes aren't immune to it either - as ever the chain is only as strong as the weakest link, which is often the user running the VPS if they don't keep everything up to date.

      1. Anonymous Coward
        Anonymous Coward

        Re: Linode

        AFAIK Linode rents you a server(part) and loads it up with your (fairly limited) choice of linux flavour. Not every customer will be able to secure their bit to standard. Once you choose your flavour; you're then left on your own to install FTP, Apache, whatever. It's a magnificently splendid plan; but not all of the clients will have the necessary knowhow to make it safe.

        And so there are routes in.

        I love the idea of Linode to bits.

  10. Anonymous Coward
    Anonymous Coward

    the bitcoin merchant's fault

    First of all, they could've encrypted their wallet at least. Or ensure their 'Hot Wallet' as they called it transfer all money over a certain (much smaller) number to a safe deposit wallet more frequently.

    Secondly. On Linode, all it needs is the computer to be setup with SSH login protection and not rely on the password through the admin panel to ensure you're the only one who can ever get into the server.

    Not rocket science.

    1. gotes

      Re: the bitcoin merchant's fault

      Captain hindsight saves the day!

  11. Anonymous Coward
    Anonymous Coward

    Just print more....

    Fixed.

    1. Charles 9

      Re: Just print more....

      That would inflate the currency, reducing its value. One factor that gives a currency value is scarcity. Gold is valuable partly because it's relatively scarce (the other big reason is because it's also in high demand). That's why the creators put a cap on that number: to enforce scarcity.

      1. Anonymous Coward
        Anonymous Coward

        Re: Just print more....

        Of course, there's going to be hell to pay when there's a liquidity crunch. Is there a BitFed?

This topic is closed for new posts.

Other stories you might like