On ycombinator zhoutong claims he didn't set the LastPass password:
http://news.ycombinator.com/item?id=4240408Well I do agree with you that Bitcoinica was not 100% secure. This hack really has nothing to do with the app or its infrastructure.
- I didn't set the password. - I didn't have the power to change the password. - I shouldn't have access to the account.
The root cause is LastPass account being stolen.
Then who chose to set the LastPass password as the mtgox api key? Tihan?
I'm wondering the same. And very much wondering why bother changing all the other passwords except the one that protects all the other fucking passwords?? :/
BUT, the other thing I am wondering is, how can they know the current Gox user/pass was found out from LastPass? I guess to them it would seem obvious of the gox acct was a new pass that only the current controller of the gox acct had. But, these are still questions that all need to have answers to them in order to make better determinations.
the whole thing is sad. Seems Bitcoinica was in safer hands with Zhou Tong.....
@Genjix - Stressing about it is not gonna help you, your company or anyone else, m8. Hindsight is 20/20, should have changed LastPass too and not put source code on a public github repo(assuming it or the bitcoinica one were public). But, add those to the list of 'yea we should haev known better' and move on. Button up what you need to, get with Gox about where the USD went, since it will be easier to track and then walk away for a few days. Come back and friggin disperse what the company still holds and then move on from there.