Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Service Discussion
Re: Public STATEMENT Regarding Bitcoinica account hack at MtGox
by
MrTeal
on 26/07/2012, 14:30:29 UTC
Quote from: aurumxchange on July 26, 2012, 04:41:02 AM
* The Liberty Reserve account used by the hacker is U9236056.
* The email address used by the hacker was stevejobs807@gmail.com.
* To my surprise, upon further examination of our order system, I found an order from Zhou Tong to sell Liberty Reserve to us for the amount of USD 40,000, requesting a wire to his bank account in Singapore. The amount for the order closely matches the total USD exchanged through us (after fees) using the MtGox USD codes stolen from the Bitcoinica account.
* This order was placed the next day the hacking attempts occurred. In addition, it should be noted that Zhou Tong has never dealt with us before as an exchange customer.
* This information was immediately sent to our two biggest trusted business partners: MtGox and Bitinstant in an effort to join forces to further investigate this situation.
* Mark Karpeles indicated that there was an account opened at MtGox using the email stevejobs807@gmail.com sometime in 2011.
* Mark replied stating that there was activity on this account, that the account was opened using an IP address belonging to Microsoft Singapore, that Zhou Tong was known to have worked for said company at said location, that the email stevejobs807@gmail.com have been verified, and that ALL activity on this account is linked to the MtGox account belonging to Zhou Tong.
* Mark has also indicated that the very first operation on the MtGox account opened with email stevejobs807@gmail.com was the redeeming of a 10 BTC MtGox code generated from Zhou Tong's account.
* Charlie indicated that Erik Vorhees (a well known member of this community) has emails he exchanged with Zhou using the email address stevejobs807@gmail.com.

Quote from: zhoutong on July 26, 2012, 05:28:00 AM
stevejobs807@gmail.com was indeed my email account used for anonymous testing purpose, however I haven't been using it for a long time. I'm logging in the account to check the suspicious activity and I'll post relevant details as well.

Quote from: zhoutong on July 26, 2012, 06:03:27 AM
The email account had a heavily-reused password (for the sites that I don't intend to share any private data), *at least* it was used on LinkedIn and many other websites.

The email account is only used for testing purposes, has a heavily reused password and is used at sites that you don't plan to share any personal data with, except the exchanges where you move hundreds of thousands of dollars.