Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Linode Exploit Caused Theft of Thousands of Bitcoins

samzenpus posted more than 2 years ago | from the say-goodbye dept.

Bitcoin 450

Sabbetus writes "Popular web hosting service Linode had a serious exploit earlier today. Apparently the super admin password for their server management panel was leaked and allowed a malicious attacker to target multiple Bitcoin-related servers. The biggest loss happened to a major Bitcoin mining pool that lost over 3000 BTC, which is currently worth almost 15 000 USD. Now the question is, will Linode compensate for lost bitcoins?" Update: The 3000 BTC theft was not even close to being the biggest, Bitcoin trading site Bitcoinica lost over 40,000 BTC.

cancel ×

450 comments

oops (5, Funny)

buzzsawddog (1980902) | more than 2 years ago | (#39216913)

oops...

Newsflash (5, Insightful)

Anonymous Coward | more than 2 years ago | (#39216915)

Imaginary currency is not safe.

Re:Newsflash (2)

houstonbofh (602064) | more than 2 years ago | (#39216931)

And real banks and credit systems are never robbed... They should have had insurance to cover this. If not, they are in a very bad way.

Re:Newsflash (4, Interesting)

Kenja (541830) | more than 2 years ago | (#39217021)

That would be an interesting claim to file. "They stole my bits! I demand that you replace them."

Re:Newsflash (4, Interesting)

mrmeval (662166) | more than 2 years ago | (#39217121)

Isn't that the point of bitcoin? To make the intangible tangible? If those bits can be stolen they're about as tangible as it gets. ;) So there is a loss. I'm sure Lloyds of London could write that policy but I don't see them doing it for a price that was affordable.

Re:Newsflash (1)

killkillkill (884238) | more than 2 years ago | (#39217133)

Might be a bit difficult to find someone who even would insure their bitcoin balance, not to mention the difficulties that would probably arise if a claim was filed. Fortunately, in this case the operators of the services are absorbing the lose and their customers/clients are not directly affected.

Re:Newsflash (1)

buzzsawddog (1980902) | more than 2 years ago | (#39216933)

I guess that goes for the currency for most major countries too.

Re:Newsflash (0)

Anonymous Coward | more than 2 years ago | (#39217077)

Imaginary currency is not safe.

"...will Linode compensate for lost bitcoins?"
Meh, there's an app for that.

Re:Newsflash (1)

matrim99 (123693) | more than 2 years ago | (#39217313)

All currency is imaginary.

Re:Newsflash (0)

Anonymous Coward | more than 2 years ago | (#39217325)

Safer than using yellow rocks for currency, that's for sure. I don't need a fuckin' vault for bitcoins.

POOP! (-1)

Anonymous Coward | more than 2 years ago | (#39216917)

POOP!

The greatest value of bitcoin (5, Funny)

cold fjord (826450) | more than 2 years ago | (#39216921)

The greatest value of bitcoin seems to be in generating headlines.

Re:The greatest value of bitcoin (1)

repapetilto (1219852) | more than 2 years ago | (#39216993)

Ever read/watch/listen to the news? Besides terrible things happening to people, 90% of the headlines are the government doing something questionable. Following your logic...

Re:The greatest value of bitcoin (0)

Anonymous Coward | more than 2 years ago | (#39217237)

Really? I see sports taking up at least 1/5 of the headlines. Then there's weather, with another fifth.

Sure, sometimes those overlap with terrible things happening to people, but then so does government doing things.

Re:The greatest value of bitcoin (1)

repapetilto (1219852) | more than 2 years ago | (#39217307)

Hmm, sometimes I forget I get all my mainstream news from talk radio that usually avoids sports.

$15000 USD???? (0)

Anonymous Coward | more than 2 years ago | (#39217061)

Jeez,
So Bitcoin is a viable currency?? Diss it all you want, but it seems to be holding up well, even growing against the US$.

Re:$15000 USD???? (1)

Fluffeh (1273756) | more than 2 years ago | (#39217117)

Diss it all you want, but it seems to be holding up well, even growing against the US$.

Not taking a stand on bitcoins either way, but at the moment, just about everything is growing against the US$.

Re:$15000 USD???? (1)

Soluzar (1957050) | more than 2 years ago | (#39217159)

I'm skeptical. Just where exactly can I spend a bitcoin, and if I do so today, will in fact be worth five US Dollars? Can I spend a few bitcoins to buy myself lunch? Can I spend bitcoins to fill up my car? Can I buy a movie or a videogame with them?

Re:$15000 USD???? (0)

Anonymous Coward | more than 2 years ago | (#39217217)

http://stuffexists.com/bitcoin/

Re:$15000 USD???? (3, Funny)

Anonymous Coward | more than 2 years ago | (#39217219)

Yes, you can do all of that with bitcoins. Just follow these steps:

1) you need to already have bitcoins. If you don't have any bitcoins, you can go to one of the sites that will convert dollars into bitcoins.
2) When you want to buy lunch/gas/videogame/whatever, go to one of the sites that will convert bitcoins into dollars, and convert your bitcoins to dollars.

Re:$15000 USD???? (0)

Anonymous Coward | more than 2 years ago | (#39217251)

Yes, you can do all of that with bitcoins. Just follow these steps:

1) you need to already have bitcoins. If you don't have any bitcoins, you can go to one of the sites that will convert dollars into bitcoins.
2) When you want to buy lunch/gas/videogame/whatever, go to one of the sites that will convert bitcoins into dollars, and convert your bitcoins to dollars.

So really, it's like a PayPal debit scenario? :0

Linode Terms of Service (5, Informative)

Laebshade (643478) | more than 2 years ago | (#39216923)

http://www.linode.com/tos.cfm [linode.com]

Section 9, paragraph 1:

Subscriber acknowledges that the service provided is of such a nature that service can be interrupted for many reasons other than the negligence of Linode.com and that damages resulting from any interruption of service are difficult to ascertain. Therefore, subscriber agrees that Linode.com shall not be liable for any damages arising from such causes beyond the direct and exclusive control of Linode.com. Subscriber further acknowledges that Linode.com's liability for its own negligence may not in any event exceed an amount equivalent to charges payable by subscriber for services during the period damages occurred. In no event shall Linode.com be liable for any special or consequential damages, loss or injury. Linode.com is not responsible for any damages your business may suffer. Linode.com does not make implied or written warranties for any of our services. Linode.com denies any warranty or merchantability for a specific purpose. This includes loss of data resulting from delays, non-deliveries, wrong delivery, and any and all service interruptions caused by Linode.com.

Don't you just LOVE an unregulated service (-1, Troll)

Anonymous Coward | more than 2 years ago | (#39216949)

Ain't that the dream of Libertarians, that without regulation, things will go so much smoother and more effectively, and nobody will have cause for complaint.

  0 wyth, sumtig izzn't qyte ryte har!

Re:Don't you just LOVE an unregulated service (1)

houstonbofh (602064) | more than 2 years ago | (#39216967)

And after this, if Linode does not make the users whole, they will leave for someone who will. That is the dream of Librarians.

Re:Don't you just LOVE an unregulated service (5, Funny)

Anonymous Coward | more than 2 years ago | (#39216997)

Really? Isn't the dream of librarians of that top button finally being released to expose the...

Oh wait, that's my dream of librarians.

Re:Don't you just LOVE an unregulated service (0)

Anonymous Coward | more than 2 years ago | (#39217223)

Instead, why not just take money from those who manage their affairs prudently, and use it to prop up incompetent busnessmen to continue in their ways, as long as they promise not to do it again.

Re:Don't you just LOVE an unregulated service (1)

repapetilto (1219852) | more than 2 years ago | (#39216971)

No, it is just that things will go more smoothly and fairly than under the alternatives.

Re:Don't you just LOVE an unregulated service (0)

Anonymous Coward | more than 2 years ago | (#39217013)

American Libertarians, you mean. They've co-opted the term and twisted it to mean something other than its original meaning.

Free Insurance (1)

bill_mcgonigle (4333) | more than 2 years ago | (#39217059)

Ain't that the dream of Libertarians, that without regulation, things will go so much smoother and more effectively, and nobody will have cause for complaint.

I have an idea - let's make ISP's fully responsible for all incidental and consquential damages.

OK, your turn - figure out what the monthly pricing is going to look like.

Re:Free Insurance (3, Insightful)

bmo (77928) | more than 2 years ago | (#39217385)

Oh, look, it's reductio ad absurdum *and* a strawman *and* a false dichotomy all in one neat little package!

Always the libertarian argument: Less regulation is ALWAYS good, and ANY regulation means TOTAL FASCISM and NO MIDDLE GROUND AT ALL.

--
BMO

Re:Free Insurance (0)

Anonymous Coward | more than 2 years ago | (#39217401)

Just think, if ISPs WERE held responsible, how much we'd save in dealing with SPAM and the related fraud.

Ok, so 99.99% of the effort would go to enforcement of copyrights for major media corporations instead, I'm still working on a way to actually protect the customers.

FTFY (1)

killkillkill (884238) | more than 2 years ago | (#39217081)

Ain't that the dream of Libertarians, that without regulation, things will go so much smoother and more effectively.

-or-

Ain't that the dream of Utopian Socialists, that with regulation, things will go so much smoother and more effectively, and nobody will have cause for complaint.

Re:FTFY (0)

Anonymous Coward | more than 2 years ago | (#39217259)

Utopian Socialist? Never met one. On the other hand, the Libertarians, you can't cross the Internet without stepping in a few.

But last I checked, those who do want regulation recognize complaints, and seek the resolve them through structured methods that avoid imposing upon the non-guilty.

Libertarians just say "It's not me, tough being you" and walk their way.

Re:FTFY (0)

Anonymous Coward | more than 2 years ago | (#39217277)

"Libertarians just say "It's not me, tough being you" and walk their way."

You speak for everyone that you think is covered by your personal definition of libertarian? Isn't that just a tad presumptive?

Re:Don't you just LOVE an unregulated service (1, Insightful)

MindlessAutomata (1282944) | more than 2 years ago | (#39217353)

The crash of the beanie baby market clearly shows that government regulation is needed.

Re:Linode Terms of Service (4, Insightful)

Wonko the Sane (25252) | more than 2 years ago | (#39216987)

Those people had no business storing $15,000 worth of irreplaceable data, electronic currency or not, on a service with these kinds of terms. Instead of spending an appropriate amount of money for the proper security they gambled with a service not designed to insure against that kind of liability and lost.

Re:Linode Terms of Service (0)

killkillkill (884238) | more than 2 years ago | (#39217185)

It wasn't irreplaceable. The losses are being covered by the operators. The balances of their clients will not be affected. Some lessons about keeping all your eggs in one basket had already been learned.

Re:Linode Terms of Service (1)

Wonko the Sane (25252) | more than 2 years ago | (#39217239)

It's irreplaceable in the sense that Bitcoin transactions can not be reversed. Once they've been transferred to another address the strength of the encryption involved prevents the stolen Bitcoins from being returned to their previous owner.

Re:Linode Terms of Service (5, Interesting)

v1 (525388) | more than 2 years ago | (#39217015)

Subscriber further acknowledges that Linode.com's liability for its own negligence may not in any event exceed an amount equivalent to charges payable by subscriber for services during the period damages occurred.

So if this is binding and enforceable, (which should always be questioned, you can put just about anything in your TOS) that means if they are incompetent retards and let your hosted server get hacked through their back door to your hosted machine they won't be liable for anything beyond the monthly fees you paid them while being hacked?

That's very likely to go to court. They may win or they may lose, but that fails the "common sense" assumption that part of what you are paying for is at least reasonable security for your IP at the facility you are leasing time on. And losing control of your hypervisor-ish password should be easy to prove to be negligent.

I think if they came right out and had to decode that and say "we reserve the right to let random vandals come in and snoop all your data and you won't have any legal recourse" they'd lose a lot of customers. But that's basically what this is going to tell all their customers now. They'd have been a lot smarter to just have quietly reimbursed them. It'll cost them more due to bad publicity.

Re:Linode Terms of Service (0)

Anonymous Coward | more than 2 years ago | (#39217139)

Subscriber further acknowledges that Linode.com's liability for its own negligence may not in any event exceed an amount equivalent to charges payable by subscriber for services during the period damages occurred.

So if this is binding and enforceable, (which should always be questioned, you can put just about anything in your TOS) that means if they are incompetent retards and let your hosted server get hacked through their back door to your hosted machine they won't be liable for anything beyond the monthly fees you paid them while being hacked?

That's very likely to go to court. They may win or they may lose, but that fails the "common sense" assumption that part of what you are paying for is at least reasonable security for your IP at the facility you are leasing time on. And losing control of your hypervisor-ish password should be easy to prove to be negligent.

I think if they came right out and had to decode that and say "we reserve the right to let random vandals come in and snoop all your data and you won't have any legal recourse" they'd lose a lot of customers. But that's basically what this is going to tell all their customers now. They'd have been a lot smarter to just have quietly reimbursed them. It'll cost them more due to bad publicity.

This is no different from a consumer internet connection being used to run a business. If it goes down and you lose money, you're SOL.

If these individuals wanted protection, they should have paid a company that could provide it, rather than looking for the cheapest service possible. Yes, those options cost more. Wonder why?

Re:Linode Terms of Service (1)

jpmorgan (517966) | more than 2 years ago | (#39217145)

And? You get what you pay for. Linode is a cheap VPS provider. I doubt Linode signed up to accept tens of thousands of dollars of potential liability when they took these guys on as customers. I sure as hell wouldn't, not without charging a lot more.

Cheap is fine if you want to run a normal website, but obviously not sufficient if you plan on storing bitcoin. Remember this is currency. There's a reason banks have vaults and don't store their currency in utility closets built by the lowest bidder. And these are quasi-financial trading websites... does your bank or stock broker run its online banking on a lowest-bidder VPS platform? Probably not.

In the real world mistakes happen, and part of due diligence is making sure that either you've got a backup plan when things go wrong, or insurance. That these trading platforms haven't done that is incredible negligence.

Re:Linode Terms of Service (1)

zippthorne (748122) | more than 2 years ago | (#39217321)

The vault at the bank does not contain the money. It contains banks of small, thin-walled boxes. The purpose of the vault is to appear impressive, to attract customers.

Re:Linode Terms of Service (1)

Cylix (55374) | more than 2 years ago | (#39217331)

Great Scott!

I've had a brilliant idea.

I'm going to build ultra low cost banks.

Now the every man can enjoy running his own credit institution from the comfort of his own backyard. There may be issues with neighborhood housing associations sanctioning said vault owners as I plan to use some old wood and rusty nails. Still, the price/performance ratio should be well received.

Re:Linode Terms of Service (1)

exomondo (1725132) | more than 2 years ago | (#39217261)

I think if they came right out and had to decode that and say "we reserve the right to let random vandals come in and snoop all your data and you won't have any legal recourse" they'd lose a lot of customers.

So you're suggesting they had no security and they just 'let random vandals come in'? That's clearly not what happened.
And realistically if you're storing that sort of data you don't just plonk it on any service and hope for the best, you go for a service that offers insurance and some added security.

So if this is binding and enforceable, (which should always be questioned, you can put just about anything in your TOS) that means if they are incompetent retards and let your hosted server get hacked through their back door to your hosted machine they won't be liable for anything beyond the monthly fees you paid them while being hacked?

Yes, in which case people storing valuable data will go with a service designed for that sort of thing, probably at a higher price to cover insurance and added security costs.

Would AWS or Windows Azure be any better? (0)

Anonymous Coward | more than 2 years ago | (#39217387)

Honest question, since I haven't waded through their ToS. But I bet not, at least in terms of compensation for a security fault on their side. They might be more secure to begin with though...

Re:Linode Terms of Service (1)

Frosty Piss (770223) | more than 2 years ago | (#39217177)

...of such a nature that service can be interrupted for many reasons other than the negligence of Linode.com

Allowing a "super user" password to fall into unauthorized hands *is not* negligence of Linode.com?

Re:Linode Terms of Service (1)

mysidia (191772) | more than 2 years ago | (#39217193)

Linode can put in disclaimers until they are blue in the face. Obviously they have made an effort to disclaim liability for service interruptions.

The issue they could likely be sued over is not the service interruption, and not necessarily negligence in regards to proferring the service.

But the issue, being that Linode may be strictly liable for their exposure of sensitive customer data due to their direct failure to maintain reasonable care in the maintenance of Linode systems' security, in the form of the "Linode backdoor".

Liability waivers in a ToS are only capable of disclaiming liability that the company is actually legally capable of waiving.

Re:Linode Terms of Service (2)

mysidia (191772) | more than 2 years ago | (#39217255)

P.S. Linode may be implicitly and strictly liable for damages caused by the "linode admin" product on hosted servers.

Separate from any liability for the manner in which service is provided.

In many states, manufacturers cannot disclaim one or more forms of implicit liability.

Just in the same manner, as a manufacturer cannot disclaim warranty in case, your brand new toaster blows itself up the first time you plug it in, due to a manufacturing defect

The manufacturer will be responsible for your injuries, incidental, and consequential damages, even if the warranty, "Terms of use" and stickers on the box say otherwise, due to the manufacturer's negligence, in selling a defective product that causes damage to its user when used as directed.

Re:Linode Terms of Service (0)

Anonymous Coward | more than 2 years ago | (#39217303)

If somebody decides to file a lawsuit (which I find unlikely considering that it isn't a lot of money in absolute terms and it is a group), whether or not their agreement would hold up.

In some ways, I think they should be liable for security breeches and should have insurance on such problems.

and the rest (0)

Anonymous Coward | more than 2 years ago | (#39216935)

Bitcoinica has confirmed 10,000 btc stolen, thats another $50,000 USD

Mmm... (0)

ActionDesignStudios (877390) | more than 2 years ago | (#39216945)

With 10,000 BTC stolen I'd be heading on over to Silk Road very quickly!

Really? Bitcoins? (-1)

Anonymous Coward | more than 2 years ago | (#39216963)

So... a 'popular web hosting service' is breached and the only worry is the loss of some fake currency?

LOL (0, Troll)

Anonymous Coward | more than 2 years ago | (#39216965)

"Worth 15,000" Good luck cashing them out for a currency you can actually use.

This is the equivalent of stealing Monopoly money.

Re:LOL (0)

plopez (54068) | more than 2 years ago | (#39217399)

or Euros.

ToS (3, Insightful)

Rinisari (521266) | more than 2 years ago | (#39216969)

I saw an analysis of their Terms of Service somewhere, indicating that they will only compensate up to the value of the service paid. So, if your service was $100/mo, they'd only compensate you for the downtime you experienced, or up to that month's service charge of $100.

If Linode cares about Bitcoin, it will find a way to compensate its users. Otherwise, if the users who lost money are up to it, I'm sure there is at least one lawyer out there willing to be counsel on the first case involving theft of a digital currency, testing whether or not the data/rights to data stolen are legitimate property of legal value. We supporters of Bitcoin say, "Of course!" but it's not until there's a legal precedent that we really can say that.

Or, Linode can sit behind its ToS and test contract law.

Or, the users can vote with their money and leave Linode and tell others why they're leaving.

At least in my eyes, that I would ever consider Linode in the future is hanging in the balance, and they've previously always had a good reputation in my mind. I would venture that there are plenty of other like-minded geeks out there. Given that Linode's market is primarily we geeks, I believe it behooves them to do the right thing and compensate for the losses.

Re:ToS (2, Funny)

93 Escort Wagon (326346) | more than 2 years ago | (#39217143)

If Linode cares about Bitcoin, it will find a way to compensate its users. Otherwise, if the users who lost money are up to it, I'm sure there is at least one lawyer out there willing to be counsel on the first case involving theft of a digital currency, testing whether or not the data/rights to data stolen are legitimate property of legal value.

Out of principle, shouldn't the complainants only hire a lawyer who will agree to be paid in Bitcoins?

Re:ToS (1)

kiore (734594) | more than 2 years ago | (#39217235)

I would imagine that the crackers would want the same deal with their lawyers

Safe harbor, eh? (1)

macraig (621737) | more than 2 years ago | (#39216975)

Seems like Linode had more in common with Disney's Pirates of the Caribbean ride than, say, San Francisco Bay. Yarrr!

Doesn't the DMCA somehow make this illegal? (0)

Narcocide (102829) | more than 2 years ago | (#39216989)

Why isn't the MPAA up in arms about this? They clearly subverted DRM to steal these bitcoins.

So, to sum up... (1, Insightful)

jht (5006) | more than 2 years ago | (#39217003)

And nothing of value was lost.

Then again, I'm not one who sees any particular use to bitcoin other than interesting math.

Re:So, to sum up... (0)

Anonymous Coward | more than 2 years ago | (#39217055)

In the article summary: They were valued at $15,000.

Re:So, to sum up... (2, Insightful)

Anonymous Coward | more than 2 years ago | (#39217069)

15k is nothing of value eh? Doesn't matter if you think they are worthless. Fact is, they are worth real value to about a million people who use them for a lot more then just interesting math.

Re:So, to sum up... (-1)

Anonymous Coward | more than 2 years ago | (#39217115)

A million people? Now you're kidding yourself.

Re:So, to sum up... (0, Troll)

benjamindees (441808) | more than 2 years ago | (#39217073)

What use do you see in Federal Reserve Notes?

Re:So, to sum up... (2)

slimjim8094 (941042) | more than 2 years ago | (#39217127)

They're worth US dollars, which I can use to pay for stuff, including my taxes. Even if every retailer on the planet took BitCoin, they'd still be less valuable than whatever the national currency is.

Re:So, to sum up... (1)

repapetilto (1219852) | more than 2 years ago | (#39217233)

So I am assuming you keep all your wealth in a savings account then? No stocks, commodities, property, etc?

Re:So, to sum up... (1)

bondsbw (888959) | more than 2 years ago | (#39217377)

Even if every retailer on the planet took BitCoin, they'd still be less valuable than whatever the national currency is.

Such a currency would be at least as valuable, because it would be of enough widespread use to be convertible to the national currency. And better, you can follow the financial trends of the day and decide whether to keep your savings in the national currency or the international currency (BitCoin in your example).

Re:So, to sum up... (2)

nedlohs (1335013) | more than 2 years ago | (#39217383)

So in say 2008 in Zimbabwe you seriously think US dollars were less valuable than Zimbabwe dollars just because the government said Zimbabwe dollars were the national currency?

If every retailer on the planet took Bitcoin then all your local retailers would. So how would they be less valuable than the national currency?

Sure it's an illiquid market and you'd be silly to mark to market a large number of them at whatever the most recent trade was priced at and declare that that is what they are worth. But that's not the same as being worthless.

I have a 1 ounce silver round on my desk - I couldn't use it at the grocery store, I couldn't pay my taxes with it, it's completely useless to me aside from being the paper weight it's acting as. But that doesn't make it worthless - it's worth whatever I can find someone else to pay for it - most likely about $25 these days (it's not exactly pristine given it serves as a card protector in poker games when it isn't a paper weight and isn't in plastic or anything).

Re:So, to sum up... (0)

Anonymous Coward | more than 2 years ago | (#39217129)

I can buy things with them, at the store. Do you tell all the chicks you're bitcoin rich?

Re:So, to sum up... (2, Insightful)

Anonymous Coward | more than 2 years ago | (#39217333)

You can use them to pay taxes, snort cocaine, or wipe your ass. That's three more things than bitcoins are good for.

What kind of exploit? (1)

Nutria (679911) | more than 2 years ago | (#39217045)

Social or technical?

No correlation. (5, Insightful)

Anonymous Coward | more than 2 years ago | (#39217049)

Meh. No correlation. Linode has nothing to do with Bitcoins. You could store magic unicorns on their servers, want compensation if they get stolen? In the end _you_ are responsible for your data, not the host. So sorry if Bitcoin is flawed to the point where it can be so easily stolen by little old root. If you purchase service with a back up plan and the servers get hacked and your content is deleted, then you would legally/reasonably expect a restore but sorry fake money that gets "stolen" doesn't count.

Re:No correlation. (0)

Anonymous Coward | more than 2 years ago | (#39217323)

All that Linode owes depends on what was really lost.

If it was "CPU TIME" lost, then at most Linode could credit for replacement time, but they are so not getting a refund.

It's like anything else, If your computer catches fire, you aren't going to sue your landlord for the loss of the data on the computer, the most you'll get is maybe the computer replaced if it can be found that it was an electrical problem caused by the landlord's negligence. Though in practice this rarely happens.

If I was Linode I'd be like "good riddance", because there's no tangible claim.

The bank left the combination to their safe out (2)

atari2600a (1892574) | more than 2 years ago | (#39217053)

Let's write a news article about it

Re:The bank left the combination to their safe out (0)

Anonymous Coward | more than 2 years ago | (#39217093)

The "bank" had nothing to do with it. Linode got hacked. They happen to serve some customers who held Bitcoins. Fake news.

Spread risk around (1)

weave (48069) | more than 2 years ago | (#39217083)

Got me, but if I had $50k in digital currency I think I'd spread my risk around and stash bits (no pun intended) across many servers at many different hosting sites and companies. The things are like $20/month, for pete's sake.

if you pay $10/mo, you can't really expect damages (5, Insightful)

Chalex (71702) | more than 2 years ago | (#39217085)

Back when I worked for a web host company, we occasionally (rarely) had some issues where customers got screwed. In the worst case, your VPS is on a box where multiple disks die in a RAID array, and you don't have backups, and that's that.

We were customer-friendly, so we would refund the customer's hosting charges if something went terribly wrong. But if you're paying $19/month, you can't really expect us to refund you more than $19/mo when something goes wrong.

There's a rule of thumb in physical security; you should spend ~5% of the value of the thing to secure the thing. E.g. ~$1000 bicycle means ~$50 bicycle lock. If you're using a $19/mo service to hold $10k worth of value, you better be taking some other precautions. These guys were doing the equivalent of keeping $10k in cash in a $20 lockbox in a public place.

Re:if you pay $10/mo, you can't really expect dama (0)

Anonymous Coward | more than 2 years ago | (#39217097)

This. Linode was hobbyist VPS', their TOS explicitly says you aren't owed anything. Why were people hosting such vast sums of 'money' without an SLA?

overblown news story, here's the real truth (5, Informative)

slashmydots (2189826) | more than 2 years ago | (#39217101)

Oh the drama. As an actual bitcoin miner, let me fill you in on the real story instead of that media fluff that's purposely inflated to overdramatic proportions. Almost all bitcoin mining pool websites are configured to pay people every time 1 BTC is reached. That's around $5 US and takes a mediocre mining rig approximately 2 days to generate. So the most that the average person probably lost is $0.01 - $5.00. NOBODY keeps massive piles of BTC sitting around at the pool itself. The exchanges, yeah, but not the pools. They're known for lax security too. At the #1 biggest mining pool, your miners' login passwords are listed as plaintext on the page because what are people going to do, mine for you? And none of your money stay there for long so nobody really cares.
What really doesn't add up is the 3000 BTC estimate. Even Deepbit, the largest pool, doesn't have 6000 members, which would be the number required to, at any given point in time, have an average of 3000 BTC on-hand. So it likely was the site owner's profit pool that got robbed the most heavily.

Re:overblown news story, here's the real truth (5, Informative)

godofpumpkins (1340039) | more than 2 years ago | (#39217243)

What about the 43,000 coins bitcoinica reported stolen in the same breach? Still overblown? https://bitcointalk.org/index.php?topic=66979.0 [bitcointalk.org]

Bitcoins and US Customs (3, Interesting)

Anonymous Coward | more than 2 years ago | (#39217105)

A question I consider sometimes is the relationship between Bitcoins and the US Customs (or any other border agency.)

When we cross the border there are obvious signs making it clear that if you carry more than $10,000 across the border (Canadian or American in my case) in either direction you must declare the transaction. Suppose one's bitcoin wallet is on their cellphone and they are carrying more than $10,000 worth of bitcoins on their cellphone. Would these need to be declared?

I guess it would be similar to carrying bearer bonds across the border but I'm not certain what the conditions are for those, either.

The concern would be whether two people with cellphone bitcoin wallets could meet and move bitcoins from one cellphone wallet to the other without another server or service being involved in the transaction. If so then I can certainly see how this process could be used to facilitate illegal transactions with less obvious traces than carrying large volumes of actual cash.

Re:Bitcoins and US Customs (1)

ThatsMyNick (2004126) | more than 2 years ago | (#39217183)

Have you tried carrying a checkbook through customs? Its the equivalent. Customs only has a need to know of real cash or valuables (say gold, meth) being carried through them, they dont really have to bother about anything else.

Re:Bitcoins and US Customs (0)

Anonymous Coward | more than 2 years ago | (#39217267)

A checkbook isn't the same thing because the money isn't carried in the checkbook, it's still in the bank. If you write a check to someone on the other side of the border then the transaction is recorded through the banking system and can be tracked. You can even write the check so that it represents the currency of the country where the check is to be cashed and the banks will automatically, and with ample service charges, perform the exchange.

Re:Bitcoins and US Customs (1)

repapetilto (1219852) | more than 2 years ago | (#39217199)

You are correct, bitcoins make it easier for the average person to move large amounts of money across borders to facilitate any transaction (illegal or not). As it currently stands, you need the resources to set up a reliable way to cross the border with the money undocumented or shell corporations, etc that hide the true purpose of the money transfer.

The real question is :
Since the well connected and wealthy will find a way to do this either way, is it not better that everyone can now do it?

The answer:
I dunno. It's complicated.

Re:Bitcoins and US Customs (1)

ThatsMyNick (2004126) | more than 2 years ago | (#39217215)

You are correct, bitcoins make it easier for the average person to move large amounts of money across borders to facilitate any transaction (illegal or not). As it currently stands, you need the resources to set up a reliable way to cross the border with the money undocumented or shell corporations, etc that hide the true purpose of the money transfer.

This is called hawala, and is very much legal, and is much more efficient that bank transfers in many cases.

how this will affect the price (1)

slashmydots (2189826) | more than 2 years ago | (#39217125)

Everyone gets all scared when big piles of BTC are stolen because the price usually crashes afterwards. In case you were wondering about that, selling off 3000BTC all at once, right now this very second would drop it from $4.94 US to $4.83. See for yourself:
Live graph of MTGox who does 80-90% of all exchange transactions [mtgoxlive.com]

Re:how this will affect the price (1)

repapetilto (1219852) | more than 2 years ago | (#39217265)

haha someone just dumped to 5k 4.65. Not sure what the volume was.

Re:how this will affect the price (1)

repapetilto (1219852) | more than 2 years ago | (#39217291)

Sorry, at least 5k.

linode corporate post on incident (3, Insightful)

YesIAmAScript (886271) | more than 2 years ago | (#39217131)

If anyone (like me) was wondering if there was any confirmation that linode accepted blame other than from the person who was robbed, there is.

http://status.linode.com/2012/03/manager-security-incident.html [linode.com]

Linode is actually rather lucky this person who did this only went for 8 machines. They could have been in a whole lot more trouble when someone got access like this.

Multisignature transactions (2)

emeitner (513842) | more than 2 years ago | (#39217135)

Bad decisions were made. If you have ever had to deal with PCI DSS certification then you know what the credit card processing companies expect of their merchant customers. Now imagine the standards the credit card companies themselves try to adhere to. Some developers using BitCoin need to think about the security Big Picture before creating infrastructure for their projects/businesses. Keeping a BitCoin wallet containing thousands of BTC on a little cloud server is not wise.

Having said that, there is a solution in the pipe to help with this problem. Gavin Andresen, lead BitCoin developer, had his Bitcoin Faucet [appspot.com] Linode server hacked. While only a few Bitcoins were lost he now is using this incident to support his proposal [blogspot.com] for Multisignature [bitcoin.it] Transactions [bitcoin.it] .

Super admin password leaked? (1)

lsolano (398432) | more than 2 years ago | (#39217155)

Is it not supposed that a super admin password should be stored only in the brains of the super admins?

I don't foresee compensation in their future. (1)

Lose (1901896) | more than 2 years ago | (#39217191)

Unless Linode decides to cough up $15k in a private deal, there will likely be no compensation. IANAL, but since the United States government doesn't recognize bitcoins as a legal form of currency anyway, taking this to court would probably be fruitless and a waste of time. Unless I'm missing details, of course.

If they were to be compensated, though, there is some potential to have this incident set a major precedent in regards to the legitimacy of bitcoins in the U.S.

Awesome (2, Funny)

glwtta (532858) | more than 2 years ago | (#39217201)

So I take it we're back on the BitCoin thing full-time?

Does this mean that we at least don't have to see anything about Raspberry Pie or Strawberry Jam, or whatever, for a few weeks?

Re:Awesome (2)

Bieeanda (961632) | more than 2 years ago | (#39217299)

You wish. As soon as the second batch goes out, there's going to be a flurry of articles about some guy who daisy-chained a hundred of them together for mining.

tip of the ice berg - not even the real story! (5, Interesting)

slashmydots (2189826) | more than 2 years ago | (#39217205)

Boy did they bury the lead. Here's the entire story. Allegedly someone broke into the Linode web hosting company, hacked specifically just 8 sites involved in bitcoins and THAT'S IT, no other sites, and stole a hell of a lot more than 3000 BTC. 3000BTC isn't significant but 43,554 BTC were stolen from another major exchange, Bitcoinica. That company is claiming they have the money to cover it and will reimburse everyone. That's almost a quarter of a million US dollars by the way.

Apparently the word on the street is this was targeted and definitely an inside job from an employee or multiple employees at Linode. The easiest way a simultaneous 8-site web control panel hack would be to simply log in with a secret back-door master password that basically all web hosts have. Either someone hacked Linode and found out that master password or it was an employee, the latter of which is obviously a lot simpler and more believable.

Re:tip of the ice berg - not even the real story! (0)

Anonymous Coward | more than 2 years ago | (#39217411)

Bitcoinica is not an exchange, technically its a bucket shop (http://en.wikipedia.org/wiki/Bucket_shop_%28stock_market%29) a gambling service where people place side-bets on the large multiples of the change of prices of commodities.

Oh noes (-1)

Anonymous Coward | more than 2 years ago | (#39217229)

Somebody stole make-believe money! Somebody get Betty Crocker and the Tooth Fairy on the case!

Rumplestiltskin? (0)

Anonymous Coward | more than 2 years ago | (#39217391)

Spinning straw into bitcoins. The computational effort doesn't create value, it just creates entropy in the case of bitcoins. Theoretically interesting, and perhaps it will provide a lot of useful lessons in creating a practical digital currency, but for now, it has no trust, no backing, no guarantor, and no fungible value.

How to covert bitcoins to hard currency (5, Funny)

yukk (638002) | more than 2 years ago | (#39217395)

1. Generate bitcoins.
2. Hack in and steal bitcoins.
3. Sue for real money.
4. Profit!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...