Linode Exploit Caused Theft of Thousands of Bitcoins 450
Sabbetus writes "Popular web hosting service Linode had a serious exploit earlier today. Apparently the super admin password for their server management panel was leaked and allowed a malicious attacker to target multiple Bitcoin-related servers. The biggest loss happened to a major Bitcoin mining pool that lost over 3000 BTC, which is currently worth almost 15 000 USD. Now the question is, will Linode compensate for lost bitcoins?"
Update: The 3000 BTC theft was not even close to being the biggest, Bitcoin trading site Bitcoinica lost over 40,000 BTC.
Re:Linode Terms of Service (Score:5, Interesting)
So if this is binding and enforceable, (which should always be questioned, you can put just about anything in your TOS) that means if they are incompetent retards and let your hosted server get hacked through their back door to your hosted machine they won't be liable for anything beyond the monthly fees you paid them while being hacked?
That's very likely to go to court. They may win or they may lose, but that fails the "common sense" assumption that part of what you are paying for is at least reasonable security for your IP at the facility you are leasing time on. And losing control of your hypervisor-ish password should be easy to prove to be negligent.
I think if they came right out and had to decode that and say "we reserve the right to let random vandals come in and snoop all your data and you won't have any legal recourse" they'd lose a lot of customers. But that's basically what this is going to tell all their customers now. They'd have been a lot smarter to just have quietly reimbursed them. It'll cost them more due to bad publicity.
Re:Newsflash (Score:5, Interesting)
Bitcoins and US Customs (Score:3, Interesting)
A question I consider sometimes is the relationship between Bitcoins and the US Customs (or any other border agency.)
When we cross the border there are obvious signs making it clear that if you carry more than $10,000 across the border (Canadian or American in my case) in either direction you must declare the transaction. Suppose one's bitcoin wallet is on their cellphone and they are carrying more than $10,000 worth of bitcoins on their cellphone. Would these need to be declared?
I guess it would be similar to carrying bearer bonds across the border but I'm not certain what the conditions are for those, either.
The concern would be whether two people with cellphone bitcoin wallets could meet and move bitcoins from one cellphone wallet to the other without another server or service being involved in the transaction. If so then I can certainly see how this process could be used to facilitate illegal transactions with less obvious traces than carrying large volumes of actual cash.
Re:Newsflash (Score:5, Interesting)
Isn't that the point of bitcoin? To make the intangible tangible? If those bits can be stolen they're about as tangible as it gets. ;) So there is a loss. I'm sure Lloyds of London could write that policy but I don't see them doing it for a price that was affordable.
tip of the ice berg - not even the real story! (Score:5, Interesting)
Apparently the word on the street is this was targeted and definitely an inside job from an employee or multiple employees at Linode. The easiest way a simultaneous 8-site web control panel hack would be to simply log in with a secret back-door master password that basically all web hosts have. Either someone hacked Linode and found out that master password or it was an employee, the latter of which is obviously a lot simpler and more believable.
Re:$15000 USD???? (Score:5, Interesting)
I can, there is a little cafe down the street that takes Bitcoin. In our office Bitcoin is also the typical method of settling a shared check for lunches. You can also conduct all manner of black market trade with Bitcoin. Drugs, guns, prostitutes, all on the table. Or you can just turn it into your local currency to conduct business.
Bitcoin has plenty of uses. It doesn't have to be used as a drop in replacement for us dollars.
Re:Newsflash (Score:5, Interesting)
Actually more of them do than you think! I used to work for a bank, and we would NEVER publicize robberies. First, because of the fear of creating a wave of copycat crimes. Second, to not undermine the bank's secure image. There are 2-5 bank robberies a MONTH in the Chicagoland area, but none of them ever hits the news. Only when there's external involvement, like a shootout or a hostage situation does it ever make the evening news. I found this quite surprising how much the general public is kept in the dark about this sort of thing.