
Blockchain Graveyard – Intrusions resulting in stolen financials or shutdown - malikNF
https://magoo.github.io/Blockchain-Graveyard/
======
Scoundreller
Add this one to the list:

[http://ottawacitizen.com/business/ottawa-bitcoin-exchange-
de...](http://ottawacitizen.com/business/ottawa-bitcoin-exchange-defrauded-
of-100000-in-cyber-currency)

>The Ottawa police are investigating an Oct. 1, 2013, incident at Canadian
Bitcoins, when someone opened an online chat session with a technical support
worker at Granite Networks, now owned by Rogers Communications, and claimed to
be Canadian Bitcoins owner James Grant.

> He claimed to have a problem with a server and asked the attendant to reboot
> it into recovery mode, allowing him to bypass security on the server.

~~~
asadhaider
The two quotes you picked out don't do it justice.

> After being asked, the technical support worker gained access to Grant’s
> locked server pen, plugged in a laptop and then manually gave the fraudster
> access to Canadian Bitcoins servers, where he cleaned out a wallet
> containing 149.94 bitcoins, valued at around $100,000.

That's just mind-bogglingly stupid.

~~~
kbenson
It is (or at least sounds so from the details given), but this dovetails right
into the current discussions about identity and verification and how to do
each well in an age where much of your personal identification is spread
around the internet and easily obtainable.

Would we really think it was less mind-bogglingly stupid if there was an email
verification beforehand but the hacker had compromised the email account?
Probably, but maybe not by much. It's a hurdle, but not always an
unsurpassable one, and sometimes not hard at all (how hard is it to convince
the tech that the reason you're calling is because you route all mail to the
server in question and it has crashed, so email verification doesn't work so
you need to fall back on other provided info?).

Good procedures and policies can help, but that also means the attacker knows
exactly what's needed to defeat them.

------
josephagoss
I wonder how many of these exchange hacks are inside jobs by the founders as
part of a sophisticated long con?

~~~
degenerate
I am a firm believer this is exactly what most of the "hacks" are.

------
gonvaled
Whoever trusts an exchange as depositor is doing so at their own risk: your
bitcoins are not really _yours_ (technically) unless you have them in your
wallet, preferably a cold wallet.

All these breaches do not show any weakness of blockchain security.

~~~
bobcostas55
Maybe if your digital currency depends on printing out private keys and
storing them in bank vaults in order to be secure, its security model is kinda
shitty? Why should secure digital currency be 100x more cumbersome to use than
a credit card?

~~~
icelancer
The "security model" for the current method of payment in the United States
involves getting breached left and right, getting 97 years of credit report
monitoring, constant reissuance of cards, and refunding fraudulent charges
sometimes as late as 30 days after the fact.

BTC happens to be worse currently, but not by that much.

EDIT: Also, this is the same model as PGP/GPG and priv/pub key protection.
Presumably you don't think this security model is shitty for the myriad of
uses it sees.

------
binalpatel
Wow - I never realized the scale of the Mt. Gox one. Wiki says they lost
855,000 BitCoin, which at current prices are around $8.5 billion USD.

~~~
rlanday
It doesn’t make sense to use the current price for something that happened
several years ago when the price was much lower.

------
ringaroundthetx
You are going to see history repeat itself with all the noobs that flock to
crypto

So much happens on a daily basis propelled by greed that new participants are
not interested in history

~~~
pabloski
The funny ( ok it is not that funny ) thing is they use cryptos in the same
way they use banks. What is the point of using cryptos if you put all your
Bitcoin/Ethereum/Monero/Litecoin/etc... in a web wallet?

~~~
Klinky
Even if you don't use them as a "web wallet", you can still get bit when you
go to exchange and find out the exchange is not trustworthy too late and your
coins are gone. Many defunct exchanges continued to allow deposits while
blocking or limiting withdrawals.

------
Scoundreller
There was speculation about the Bitomat.pl that it may have been an ESL issue:
Amazon's EC2 server instances are "ephemeral".

If you don't bother to translate that critical word properly, your reboot
won't go as intended.

------
zebraflask
Very entertaining and instructive.

------
Flenser
I'd like to see a chart by bitcoin as well as incidents.

------
bluetwo
Thank you for putting this together. Very insightful.

------
cocktailpeanuts
This post is actually really great for educating people about WHY they should
use decentralized networks like blockchains instead of trusting a single point
of failure.

But the title is not helping at all because it gives the impression that some
sort of "blockchain" has been shut down (which would be way more interesting
if something like that actually happened, since that would be equivalent to
the bittorrent network being "shut down", which hasn't happened due to its
decentralized nature)

I'm sure the point was not to insinuate that cryptocurrency will fail because
of these incidents, maybe there's a better title for the website?

~~~
beager
On the contrary, it's a great resource to teach people that blockchain won't
save you from fraud, and that blockchain applications that store and transact
value are just as prone to that fraud as any other medium.

