MtGox

Whenever a BitCoin-exchange is hacked it lowers people’s trust in the BitCoin system making the prices for BitCoins go down. Then probably come up again 😀

But there is no such thing as „perfect software“ so this time it’s a race governments (NSA) against the programmers of that system.

this is the php code that is said to be the point of compromise:

https://gist.github.com/alainmeier/9319451

original name: mtgox.php

copy: MtGox_hacked_bitcoin_exchange_php_script.php_.txt

„combination of poor management, neglect, and raw inexperience“ – sounds bad.

http://www.computerworld.com/article/2476003/cybercrime-hacking/the-php-that-shagged-mtgox-bitcoin-mystery-deepens.html

Mt. Gox was a Bitcoin exchange based in Tokyo, Japan.

It was launched in July 2010, and by 2013 was handling 70% of all Bitcoin transactions.[1]

In February 2014, the Mt. Gox company suspended trading, closed its website & exchange service, and filed for a form of bankruptcy protection from creditors called minji saisei, or civil rehabilitation, to allow courts to seek a buyer.[2][3] It announced that around 850,000 bitcoins belonging to customers and the company were missing and likely stolen, an amount valued at more than $450 million at the time.[4][5]

Source: https://en.wikipedia.org/wiki/Mtgox

Trust your computer – he knows you better than yourself!

“Although the complete extent is not yet known, we found that approximately 750,000 bitcoins deposited by users and approximately 100,000 bitcoins belonging to us had disappeared,” the company’s spokesperson said in the latest update at the MtGox website. “We believe that there is a high probability that these bitcoins were stolen as a result of an abuse of this bug and we have asked an expert to look at the possibility of a criminal complaint and undertake proper procedures.”

That loss was discovered on February 24. On the same day, the company found “large discrepancies between the amount of cash held in financial institutions and the amount deposited from our users. The amounts are still under investigation and may vary, but they approximate JPY 2.8 billion [$27 million US].”

But that may not be the full extent of the loss. “Since there are probably a variety of causes, including hacking by third parties, we need to investigate a huge amount of transaction reports in order to establish the truth,” the company said in its statement. “As of this date, we cannot confirm the exact amount of missing deposit funds and the total amount of bitcoins which disappeared.”

The 1,719 lines of commented PHP code posted over the weekend include code to access individual customers’ Bitcoin wallets and to process transactions. MtGox’s Bitcoin node IP address is hard-encoded in the server code, as are SSH keys used to connect to MtGox’s transaction processing server. Anyone who had access to the server running this code could have easily redirected transactions or pillaged the Bitcoin wallets of customers.

source: http://arstechnica.com/business/2014/03/mtgox-code-posted-by-hackers-as-company-files-for-bankruptcy-protection/

Links:

https://startpage.com/do/search?q=MtGox+php+code

http://arstechnica.com/business/2014/03/mtgox-code-posted-by-hackers-as-company-files-for-bankruptcy-protection/

http://www.computerworld.com/article/2476003/cybercrime-hacking/the-php-that-shagged-mtgox-bitcoin-mystery-deepens.html

admin