Bter hacked. PTS, bitassets withdrawal successful. Share you experience.

[klosure]

btw, why do you have a new account?

https://bitsharestalk.org/index.php?topic=11871.msg185151#msg185151

My favourite number is 888 so I ended Empirical1.1 after 888 posts.

This leaves you exposed to impersonnification as we will now assume that Empirical1.X has to be you.
You should pre-generate Empirical1.3, 1.4 etc. to thwart that attack.

[klosure]

you would expect that only a few select people would have access to the cold wallet given that production staff (actually most likely a script) can top-up by broadcasting pre-generated and pre-signed transactions.

Actually it is a script that sent these two 100 BTC top-up transactions. If you look at the timestamps of these transactions, both were received by the node who minted the block at 2015-02-14 04:25:56, which means that they were broadcasted at the same time. Unlikely to be the deed of a human operator.
http://www.walletexplorer.com/txid/f6a3cd44800621cbab9cdee7132e4aab47e35142421ed5985614527fc0ad33fe
http://www.walletexplorer.com/txid/4a700f46a583d585683381c019645da326eafa4767c3f21069f179895daee5b3

edit: as it turns out, this is the blocktime, so these transactions could still have been manually sent.

[Empirical1.2]

btw, why do you have a new account?

https://bitsharestalk.org/index.php?topic=11871.msg185151#msg185151

My favourite number is 888 so I ended Empirical1.1 after 888 posts.

but your first one only has 885?! https://bitsharestalk.org/index.php?action=profile;u=2288  must be the cause of the hack!
:p

Yeah I noticed that I think I've lost the password for that one otherwise I'd actually get it back up to 888. Some months ago when they updated the forum/something some people lost a few posts but it was left on 888 originally.

[fluxer555]

Probably due to deleted threads.

[matt608]

btw, why do you have a new account?

https://bitsharestalk.org/index.php?topic=11871.msg185151#msg185151

My favourite number is 888 so I ended Empirical1.1 after 888 posts.

but your first one only has 885?! https://bitsharestalk.org/index.php?action=profile;u=2288  must be the cause of the hack!
:p

[Empirical1.2]

btw, why do you have a new account?

https://bitsharestalk.org/index.php?topic=11871.msg185151#msg185151

My favourite number is 888 so I ended Empirical1.1 after 888 posts.

[klosure]

Something puzzles me in the history of Bter cold wallet transaction
http://www.walletexplorer.com/wallet/Bter.com-cold

The withdrawals from the cold wallet are all 100 BTC withdrawals with only a few very rare exceptions, all sent to the same hot wallet address. This does very much look like pre-generated pre-signed offline transactions being broadcasted as needed, save for the eventual custom offline transactions. The two transactions that happened at the time where the cold wallet was alledged to be compromised are most certainly pre-generated pre-signed transactions because to top-up 200 BTC, they didn't send a 200 BTC tx but two standard 100 BTC transactions exactly like all other transactions made in the last month.

Now, If that's the case and Bter was indeed broadcasting pre-generated pre-signed offline transactions to top-up the hot wallet, how did the cold wallet get compromised? The only two rational explanations I can see are that the transaction of 7k+ was generated and signed offline, or the private key of the cold wallet was leaked by the cold wallet operator and the balance withdrawn. Either way, looks very much like an insider job and it should be easy to find the culprit as you would expect that only a few select people would have access to the cold wallet given that production staff (actually most likely a script) can top-up by broadcasting pre-generated and pre-signed transactions.

Even more puzzling is the fact that the hot wallet wasn't actually emptied. As of now, it still has a balance of 0.01860446 BTC. Sounds very congruant with other round number withdrawals.

[matt608]

btw, why do you have a new account?

[D4vegee]

Welcome to the wild west.


Sent from my iPhone using Tapatalk

[hadrian]

If it is claimed that a 'cold wallet' has been 'hacked' then one or more of the following is true:

• It was NOT a cold wallet
• It was NOT hacked
• The 'hack' involved someone having access to 'keys' by non-internet based means
• Someone was so incredibly lucky that they managed to guess the private keys (not realistically feasible)

edit: this wasn't in response to your post @Ander.

[Ander]

Perhaps the bug allowed the hacker to generate someBTC by dumping other coins like BTS.  Then they tried to withdraw BTC, this forced bter to add funds fro mcold wallet, and then this triggered them being vulnerable to getting everything stolen?

[klosure]

I then saw a very large BitUSD balance (medium 4 figures) that I knew wasn't mine, tested to see with a small amount whether it was withdrawable, sent that amount back to Bter.

How about sending back the 7k BTC balance too ?

[Empirical1.2]

Where did you get that?

If you read my post above you'll see there was some glitch that incorrectly credited me with BTS & BitUSD on Fri that I noticed on Sat. I doubt I was the only one and I imagine the strange dump of BTS on Bter on Fri was probably related to that glitch/hack.

It seems to me that the hacker sold any free BTS they got and ran off with the BTC.  The dump was like 3 million BTS, followed by a few more 200k dumps.  At most probably 5M BTS.  Bter probably can cover that, or at least fulfill 95%.

Unless there is a ~50M BTS tranfer on our blockchain yesterday, the BTS should be fine, or alternately almost all of it fine. 

Can anyone see a transaction like that?

How do you know the hacker got any BTS? sounds like the hacker was just targeting BTC, and waiting for BTER to make a transfer from cold wallet, and as soon as BTER did the transfer, the hacker was able to empty their cold wallet and run off. Doesn't seem the hacker got any BTS

I agree.  Empirical said they stole BTS.  I dont think they did, or at most stole only a small amount.

Well I don't know if the hacker got BTS but recipients of the glitch probably did.

In my case I logged on to deposit and sell BTS for BTC and was surprised to see I already had my regular BTS trading size on my account. So I sold it for BTC. I then saw a very large BitUSD balance that I knew wasn't mine, tested to see with a small amount whether it was withdrawable, sent that amount back to Bter. Then emailed their support and our guys about the issue & told Bter I could easily replace the BTS I had incorrectly sold. (I also keep an XCP balance on Bter that covered that amount anyway.)

Then this all happened, so it seemed like glitch and hack are related but maybe not.

[Ander]

For some reason bitsharesblocks isnt working for me today. 

Can anyone check the transaction history for yesterday and see if there were any huge BTS transactions?  If there werent then we know bter still has the bts.

[Ander]

Where did you get that?

If you read my post above you'll see there was some glitch that incorrectly credited me with BTS & BitUSD on Fri that I noticed on Sat. I doubt I was the only one and I imagine the strange dump of BTS on Bter on Fri was probably related to that glitch/hack.

It seems to me that the hacker sold any free BTS they got and ran off with the BTC.  The dump was like 3 million BTS, followed by a few more 200k dumps.  At most probably 5M BTS.  Bter probably can cover that, or at least fulfill 95%.

Unless there is a ~50M BTS tranfer on our blockchain yesterday, the BTS should be fine, or alternately almost all of it fine. 

Can anyone see a transaction like that?

How do you know the hacker got any BTS? sounds like the hacker was just targeting BTC, and waiting for BTER to make a transfer from cold wallet, and as soon as BTER did the transfer, the hacker was able to empty their cold wallet and run off. Doesn't seem the hacker got any BTS

I agree.  Empirical said they stole BTS.  I dont think they did, or at most stole only a small amount.