lnovy> Yes... stay tuned... I have a clue :) gammer> lnovy any news ? lnovy> yes... almost... I'm missing just one single piece now gammer> if you're pulling a prank on us these couple of days... it so not cool :D lnovy> They way the theft worked was usign the paybutton api lnovy> there is an obvious cross-site request forgery bug in it lnovy> attacker create a one-shot button, setting a price in USD and putting in a bitcoin address lnovy> then he made a victim with mtgox account "click" this pay button lnovy> which caused market buy order for that amount to be filled (known as satoshi's thrust, or willy the bot) and after filling coins were instantly send to target address gammer> lnovy: you know this for a fact? lnovy> when you combine this with some other scamming/carding technique and faked AML documents, mtgox would lose bitcoins and fiat deposit would be charged back lnovy> I'm sure of it up to the second part (when you combine...) lnovy> I can prove it lnovy> well... not prove it... but I have no other possible explanation gammer> how you get the victim to click your "custom" button? lnovy> check the source of this page http://webcache.googleusercontent.com/search?q=cache:bnsz3it6l9YJ:https://payment.mtgox.com/21b2e5c5-79d5-4192-bd6e-9e08975cc3ac+&cd=59&hl=en&ct=clnk&gl=cz&client=firefox-a lnovy> no protection against csrf gammer> We lack data. These are all great (impressive) guesses, but far from a smoking barrel. lnovy> notice that when you google 21b2e5c5-79d5-4192-bd6e-9e08975cc3ac lnovy> You already paid that transaction in the past! We have a transaction from your account on the 2013-08-08 13:20:12 lnovy> When you lookup "2013-08-08 13:20:12" in withdrawals db lnovy> ae04aae7-d6dc-4f34-a2df-0930480786e6,e887c417-1fbe-4988-a76d-515b6a528e8b,"2013-08-08 13:20:12",withdraw,-26.92114483 lnovy> this user did two withdrawals only, no deposits lnovy> ae04aae7-d6dc-4f34-a2df-0930480786e6,ce7a32a0-1be7-4c0c-b06c-75aa77f5c311,"2013-08-08 13:05:45",withdraw,-27.18101624 lnovy> this is the second one lnovy> his balance is lnovy> | ae04aae7-d6dc-4f34-a2df-0930480786e6 | 83d24ca9-0f6e-4061-ad75-f4698c9ad58a | BTC | 56783893 | 0 | 7 | virtual | NULL | NULL | N | 2013-08-08 13:20:12 | gammer> hmm, maybe there is some smoke there. lnovy> | 673c4e76-a8e1-424a-af72-f994054236f4 | 83d24ca9-0f6e-4061-ad75-f4698c9ad58a | USD | 7952770 | 0 | 4 | virtual | NULL | NULL | N | 2013-08-08 13:04:28 | lnovy> notice that no more moving of BTC was done after withdrawal at 2013-08-08 13:20:12 lnovy> ../trades/2013-08_coinlab.csv:1375967016444075,"2013-08-08 13:03:36",592438,83d24ca9-0f6e-4061-ad75-f4698c9ad58a,ec0919d81d73ab12dc7375677723fea9,NJP,buy,USD,54,5507.94438,97.114,534897.778,0,97.114,0,0.1296,1330.073,US,NJ lnovy> ../trades/2013-08_coinlab.csv:1375967068401809,"2013-08-08 13:04:28",592438,83d24ca9-0f6e-4061-ad75-f4698c9ad58a,ec0919d81d73ab12dc7375677723fea9,NJP,buy,USD,1,101.97792,97.114,9903.47,0,97.114,0,0.0024,24.631,US,NJ lnovy> he did only this two trades... lnovy> notice that all of his limit value on wallets is null, but dissable limit is false lnovy> last piece: https://blockchain.info/address/1La4eXNXYLF41cnkADh2pKi8LGN7ePSFde lnovy> this address leads to mixnet :) lnovy> so... is the barrel smoking now? gammer> Looks convincing gammer> Any way to tell how much flowed through that exploit? lnovy> well... my query is still running... But I bet, that everything that was considered to be "will the bot" will be linked to this method lnovy> can I leave your nicknames in when I paste this on reddit?
I’d like to add, that you don’t need to ‘sign’ the encryption. What this does is allows the seller to verify that you are the actual sender of the message. However, I’d argue this isn’t entirely necessary, as it will also require you to post your public key somewhere.
- Get gpg4win, install, and open 'GPA'
- Now you need to make your own key. Go to Keys>New Key, and follow the prompts. Use a fake name/e-mail. Before entering a passcode, write it out (the longer the passcode, the better, and you have to enter it every time you encrypt something). Once that's done, you have your own key.
- Import the seller key from the seller page. To do this, copy the public key from the page, paste it into a blank notepad file, and save the file. Then click 'Import' in GPA and load that file. You now have that seller's public key.
- To encrypt your address, open the clipboard in GPA and type in your address. Click encrypt, select the seller's public key, and in the lower box, check "sign" and select your own key. Then you will be prompted to enter your passcode. Once complete, copy the block from the clipboard and paste it into the address box on the shopping cart page.
You received an email for each trade you made at MtGox. The email is from [email protected] and has the subject "[Mt.Gox] Notification: Trade(s) Executed". The trade type, date, amount and total can be used to lookup your details. “Hackers already liberated the MtGox database, and I was able to confirm my balance there. I’d be much more interested in having MtGox release the wallet addresses so the supposedly stolen ... Bitcoin Address Lookup Search and Alerts. View and research bitcoin ownership, transactions and balance checker by name, bitcoin address, url or keyword Buying crypto like Bitcoin and Ether is as easy as verifying your identity, adding a payment and clicking "Buy". Sign up for our Wallet today. Create Wallet. Trade Crypto at the Exchange. Integrated with the Blockchain Wallet, our Exchange is a one-stop shop where you can deposit funds and place trades seamlessly in minutes. Bitcoin Microformats Show bitcoin address metadata embedded in a page (Chrome) Bitcoin Address Lookup Right click an address to view its value. (Chrome) PC apps . Qt Bitcoin Trader - Open Source Multi exchange trading client for Windows, Mac OS X and Linux; MyBTC-Trader.com - a MtGox Bitcoin trading client for windows with GUI
[index]          
We fared pretty well overnight, but this morning I saw an alarming piece of news- the Mt. Gox trustee has started consolidating BTC in a wallet address, of an amount of 16k BTC, or about $140 million. In recent news, we have learned that less than 1 percent of the Mt.Gox coin's were stolen from an outside hacker. Recent press releases pertaining to the Mt.Gox Bankruptcy in Japan, shows that the ... craig wright now claims to own an address containing 79,000 stolen bitcoin from the mt gox hack event and asks blockstream to recover it for him. amazing. Social Media: Follow me on Dlive: https ... 06/16/2020 Roman petrov Australian entrepreneur Craig Wright said that the bitcoins at the address indicated by his lawyers are not related to the hacking of the MtGox exchange, but were acquired ... A NEW OPPORTUNITY IN THE WORLD OF BITCOIN Many those who are looking for years of software, blasting, or to generate bitcoins, but without success. In this video I show you a script that allows ...