Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: mybitcoin dumb question...
by
JeffK
on 01/09/2011, 04:22:57 UTC
Quote from: sadpandatech on September 01, 2011, 04:09:45 AM
Quote from: JeffK on September 01, 2011, 03:52:12 AM
Quote from: Phinnaeus Gage on August 09, 2011, 05:55:13 PM

How close is it to calling this a perfect crime if this speculation is true?

Seeing as the community seems pretty placated by their 49% returns, no law enforcement has been called, and (rumor has it) 'Tom Williams' was somewhere at Bitcon and didn't get beaten to death, I'd say he's a pretty smooth criminal and escaped with the coins.

I still don't buy the hacking thing, but hey, I'm just an SA troll that helped track down he-who-shall-not-be-named's scammy history, what do I know.

  Yea, I don't see how anyone would not be fuggin livid if they lost more than a few bucks with MBC. According to some unverified numbers it was 154,000~ BTC[citation needed]   If I was dumb enough to let some random dude on the interwebs hold my money and he ran off with it I woulda been on the first flight to Nevis to have a 'chat' with MurningCrap Huldings about who paid to file for mbc llc....  Its also possible that a lot of the peeps who did lose money there just wish to not have their info spread all out here on the forums and are handling things their own way.?

 I don't think anyone bought the hacking thing. Even the few that were confused enough to read it as a dbl spend type exploit, which it wasn't. reorgs will verify that much. The dude basicly said his shopping cart loaded right to the account before verification. The attack vector there would be using a simple editor (fiddler) would likely work, send .01 coins via shopping cart and your btc client. Then edit the http posts you just sent to change the value to 100 or whatever number and then initiate a transfer from your mbc acct to another addy before their backend told your account you only sent .01.. The only thing preventing you using a larger number would be the amount of BTC they kept 'hot' at the time. And using large numbers might tip them off.  Atleast this is exactly the kind of attack he was attempting to suggest. I find it hard to believe the site could have been that flimsy and did not get emptied out from almost day one.


Can we verify he was there at the BTC conference? That would be some funny shit.

p.s Dirty Troll


It all reads as the evidence was meant to be intentionally confusing as to how the hack was done, but I agree with you - any website, especially one run by an amateur without the kind of backing large corporations do, that holds anything of value would be such a high priority target that hackers would have been in there very early and emptied it out.