Forgot your password?
typodupeerror
Bitcoin

Linode Exploit Caused Theft of Thousands of Bitcoins 450

Posted by samzenpus
from the say-goodbye dept.
Sabbetus writes "Popular web hosting service Linode had a serious exploit earlier today. Apparently the super admin password for their server management panel was leaked and allowed a malicious attacker to target multiple Bitcoin-related servers. The biggest loss happened to a major Bitcoin mining pool that lost over 3000 BTC, which is currently worth almost 15 000 USD. Now the question is, will Linode compensate for lost bitcoins?" Update: The 3000 BTC theft was not even close to being the biggest, Bitcoin trading site Bitcoinica lost over 40,000 BTC.
This discussion has been archived. No new comments can be posted.

Linode Exploit Caused Theft of Thousands of Bitcoins

Comments Filter:
  • by v1 (525388) on Thursday March 01, 2012 @11:25PM (#39217015) Homepage Journal

    Subscriber further acknowledges that Linode.com's liability for its own negligence may not in any event exceed an amount equivalent to charges payable by subscriber for services during the period damages occurred.

    So if this is binding and enforceable, (which should always be questioned, you can put just about anything in your TOS) that means if they are incompetent retards and let your hosted server get hacked through their back door to your hosted machine they won't be liable for anything beyond the monthly fees you paid them while being hacked?

    That's very likely to go to court. They may win or they may lose, but that fails the "common sense" assumption that part of what you are paying for is at least reasonable security for your IP at the facility you are leasing time on. And losing control of your hypervisor-ish password should be easy to prove to be negligent.

    I think if they came right out and had to decode that and say "we reserve the right to let random vandals come in and snoop all your data and you won't have any legal recourse" they'd lose a lot of customers. But that's basically what this is going to tell all their customers now. They'd have been a lot smarter to just have quietly reimbursed them. It'll cost them more due to bad publicity.

  • Re:Newsflash (Score:5, Interesting)

    by Kenja (541830) on Thursday March 01, 2012 @11:27PM (#39217021)
    That would be an interesting claim to file. "They stole my bits! I demand that you replace them."
  • by Anonymous Coward on Thursday March 01, 2012 @11:43PM (#39217105)

    A question I consider sometimes is the relationship between Bitcoins and the US Customs (or any other border agency.)

    When we cross the border there are obvious signs making it clear that if you carry more than $10,000 across the border (Canadian or American in my case) in either direction you must declare the transaction. Suppose one's bitcoin wallet is on their cellphone and they are carrying more than $10,000 worth of bitcoins on their cellphone. Would these need to be declared?

    I guess it would be similar to carrying bearer bonds across the border but I'm not certain what the conditions are for those, either.

    The concern would be whether two people with cellphone bitcoin wallets could meet and move bitcoins from one cellphone wallet to the other without another server or service being involved in the transaction. If so then I can certainly see how this process could be used to facilitate illegal transactions with less obvious traces than carrying large volumes of actual cash.

  • Re:Newsflash (Score:5, Interesting)

    by mrmeval (662166) <mrmevalNO@SPAMgmail.com> on Thursday March 01, 2012 @11:45PM (#39217121) Journal

    Isn't that the point of bitcoin? To make the intangible tangible? If those bits can be stolen they're about as tangible as it gets. ;) So there is a loss. I'm sure Lloyds of London could write that policy but I don't see them doing it for a price that was affordable.

  • by slashmydots (2189826) on Thursday March 01, 2012 @11:57PM (#39217205)
    Boy did they bury the lead. Here's the entire story. Allegedly someone broke into the Linode web hosting company, hacked specifically just 8 sites involved in bitcoins and THAT'S IT, no other sites, and stole a hell of a lot more than 3000 BTC. 3000BTC isn't significant but 43,554 BTC were stolen from another major exchange, Bitcoinica. That company is claiming they have the money to cover it and will reimburse everyone. That's almost a quarter of a million US dollars by the way.

    Apparently the word on the street is this was targeted and definitely an inside job from an employee or multiple employees at Linode. The easiest way a simultaneous 8-site web control panel hack would be to simply log in with a secret back-door master password that basically all web hosts have. Either someone hacked Linode and found out that master password or it was an employee, the latter of which is obviously a lot simpler and more believable.
  • Re:$15000 USD???? (Score:5, Interesting)

    by shaitand (626655) on Friday March 02, 2012 @01:11AM (#39217533) Journal

    I can, there is a little cafe down the street that takes Bitcoin. In our office Bitcoin is also the typical method of settling a shared check for lunches. You can also conduct all manner of black market trade with Bitcoin. Drugs, guns, prostitutes, all on the table. Or you can just turn it into your local currency to conduct business.

    Bitcoin has plenty of uses. It doesn't have to be used as a drop in replacement for us dollars.

  • Re:Newsflash (Score:5, Interesting)

    by Mister Transistor (259842) on Friday March 02, 2012 @01:37AM (#39217623) Journal

    Actually more of them do than you think! I used to work for a bank, and we would NEVER publicize robberies. First, because of the fear of creating a wave of copycat crimes. Second, to not undermine the bank's secure image. There are 2-5 bank robberies a MONTH in the Chicagoland area, but none of them ever hits the news. Only when there's external involvement, like a shootout or a hostage situation does it ever make the evening news. I found this quite surprising how much the general public is kept in the dark about this sort of thing.

You might have mail.

Working...