System Down: Another Hack, In the Hack-Per-Month Campaign

Another Exchange Loses Another Pile of Money

It's like a broken record that is never going to be fixed, turned off, or put out of its misery. It's like bad dream, that you just can't wake up out of. In true, hack-of-the-month, fashion, BTER joins Crypto-trades, for the February hack, and the latest of a long list of Exchanges, Cloud Miners, and other related BitCo's who just can't figure out how to keep your coins in a safe, and secure environment. So exactly what are you paying them for? 

Graph A - BitCrime Breakdown

I mean come on people (you BitCo's, I mean you), get with the program, this is getting ridiculous. It's one thing to make a mistake, forget to lock the door, get held at gunpoint and forced to hand over your valuables, of even get hacked by a super-villain with a Bitcoin extraction laser ray. This cookie-cutter story line of company starts up, fucks up, claims it's an inside job, and the shrugs their shoulders as if they had no responsibility to hold on to your coins to begin with. At least the folks at the MyCoin camp had the guts to blatantly steal the shit. It takes the guess work out of things. No worrying about who did what, or where it was done, while people search for answers with a clueless naivety, when they actually all know damn well what happened.

It was an inside job

In January, when the big secret, was revealed about the Bitstamp hack possibly being a suspected "inside job", I said it then, and I'll say it now:

Of course, it was an inside job, you idiots. 

I think it's time to put together a graph (see Graph A above) and  flowchart. Just so we can stop wasting are time reading about the same redundant dribble over and over again. It seems to be getting worse too. The Bitstamp hack, which was red hot news in January, has been all but forgotten about, HashProfit managed to almost run off without anyone even noticing anything at all. I took a look for news and found very little in the mention of anything other than "they got hacked", or "Ponzi".

Of the aforementioned two, Bitstamp recovered elegantly, I have to give them that credit, I was just waiting in the midst, ready to rip into them with a new fury, but I never had the chance, and that has to be commended, as much as I may well hate to say so.

We Interrupt This Article To Point Out The Obvious

HashProfit however, just pisses me off, it was a scam, it was a Ponzi sceme, and they rounded up about 60,000 users, around the globe, by giving them a small bit of Hash Power which produced an amount of Bitcoin, in two weeks, which was nearly impossible to be ascertained by cloud mining, from a technical, and profitability, point of view. They lasted a few months, and then the payouts started shrinking, while various issues started popping up, and then right when the bubble was about to pop, they were mysteriously DDoS'd to death, all the while managing to keep their homepage, in tact and just fine, which, to spell it out, means there wasn't any kind of DDoS anything other than the DDoS of access to your wallet. They just walked away free and clear and with a nice big fat pile of everyone hard earned coin. That annoys me. No one is even giving it a second look, while they claim:

Disclaimer: this was converted from Russian using Google translator, I do not speak Russian and cannot confirm or denounce the accuracy of the following content, but it looks right.:

Disbursed. Begin active pest control!

Payments are made ​​as promised control of the site, but now all users with a significant amount of capacity will not receive payment until such time has not yet provided information about all users that are active in order to destroy the organizational structure of the service. If you know of such persons, please inform their contact details to the E-mail [email protected] and they will be banned forever. Also in the case of confirmation of data with these people will work. For providing reliable data about the actions of users and organizing work to discredit the service, you will be paid a fee of 0.05 to 0,5 BTC and resumed regular payments a high priority and profitability.
All users who show patience and prudence will be rewarded 
The team working on a new service permitted in the territory of the Russian Federation project using profits accumulated over the past few years, and there are already good results. \
  • Set the following priorities and limitations of payment:
  • The first priority of payments get users residing in the territory of the Russian Federation.
  • Payments will be carried out at least 1 time in 14 days, and if there are good opportunities - every 7 days. 
Thank you for your support and understanding.

What a LOAD! Are you fucking serious? Fake DDoS attacks, followed by a screen in Russian, and a GMail account? That's it? You have GOT to be kidding me.

They did provide a few more details, which were worth nothing more than a laugh, in my opinion: 

     "Over the years"? They've been in business for barely a minute, not as long as GAW, whom we were calling, along with HashProfit, the "Ponzi twins" not too long ago. One had a slick tongue, the other spoke a foreign one.

      "All users who show patience and prudence will be rewarded." is another statement I just have to laugh about, I mean what is the reward? The fact that you will be saved from the embarrassment of falling for this scam?

In any case, I'll leave it at that, and move on, since i really do not know the exact numbers and we likely may not find out any time soon since no one seems to notice that they have left the building. Same is true for MyCoin, their offices had been boarded of for almost a month prior to the news of the theft.

The Story, The Claim, and the Token "Inside Job" Here.

Back on topic, BTER is the subject of this story, so it is of BTER, we shall speak. BTER has up and lost nearly 2 Million USD worth of Bitcoin, and I just have to say that it is rather sad, that when I first caught a whiff of this one, I thought to myself, "That's all? That's not too bad.". That's pathetic (both the loss and my initial reaction), that in the middle of all of these lost, and we should be calling them stolen, Bitcoins, that a mere 2 Million dollars actually sounds like chump change in comparison to all of the theft. It's not chump change, nor is this trivial, it is TWO MILLION DOLLARS. Lost. Gone. No trace left behind, of course, and you guessed it, it was an inside job.

BTER posted a claim on their website, which has become the standard (we really need that flowchart) go to response once there is a "hack", right before they admit it was a "theft", and just a hair before the CEO speaks, steps down, and, or, presents the token "we believe this was an inside job" line of crap. The BTER claim went as so:

7170 BTC got stolen from our cold wallet in this transaction: BTC bounty for chasing it back.
All wallets have been shut down and withdrawals of the unaffected coins will be arranged later.

BTER.comEmail:[email protected] Phone:400-0070-955 QQ: 4000070955 

     Cold wallet? So wait a second, this wasn't even a hack? Someone just waltzed right in and picked up some paper of the desk? This is one of those, I call bullshit scenerios, because we are left to beleive that our Cold Storage coin, is printed out on durable, weather resistant, material and kept locked up in a Fort Knox style facility, complete with armed gaurds and all of the trimmings, impervious to outer beings, so much as breathing on them the wrong way. However, it is my belief, that these are merely locked in an office drawer, or worse. Perhaps a bank safety box, or similar, but truly safe and secure? I think not. I find this a tad doubtful, at best.

     The bounty! Now there's a new one, and makes you wonder why Mt. Gox or Bitstamp, didn't pony up a few bits to get the Reddit, BitTalk, and other Forum trolls all wound up and posting shot after shot of the whereabouts of the missing coin.

     "... coins will be arranged later", so here is this company trusted with millions of dollars of your hard earned coin, and this is the best their marketing team could come up with? "..arranged later..."? Why is it, that they spend copious amounts of time determining the appropriate reponse, only to go out of their way to be as vague as possible. Looks to me like they are saying, our profits ran away, here they are, please help us get them back, and oh yeah ... we'll get around to your stuff later.

This was located and seems to provide a bit more information (again Google suggested transaction, same disclaimer as above still in affect):

Hackers use our instant hot from cold filled purse wallet, the bit cold TWS children all BTC wallet stolen, totaling 7170BTC, transfer records for: 
We've February 15, 2015 the morning to the local police station and was accepted. We will actively cooperate with the police investigation, the recovery of stolen Bitcoins. At the same time, we are offering a reward of 7170 720BTC recover stolen Bitcoins here. To ensure the safety of other funds, we have taken technical measures to stop and turn off all the virtual currency trading online wallet, to do further checks. At the same time, we plan to arrange CNY extraction and other virtual currency as soon as possible to reduce the user to worry about. For losses caused by the user and we apologize , Up to now a bit child has been in operation for nearly two years. We traveled together to accompany the ups and downs of the bitcoin. We look at a variety of currencies to accompany the rise of decline. Please be assured that we will not run away, we will assume responsibility for the user to recover the stolen Bitcoins.

Well, I am just not sure what to make of all of that, hot wallet this, and cold wallet that, and it's the same shit the last guy said (Bitstmap, EgoPay, etc...), which the exception of the bounty, again I must commend that idea. I might even take a BlockChain peek  myself, so that I can feel like I did something of contribution, but my bigger question is where they came up with 720 BTC? Anyone?

So What, Exactly, Are We Paying For?

If you do the math, and you don't have to because I've taken the liberty to do it myself, you will find two interesting things.

      First of all, of the 1.7 Million Dollars of stolen coin, BTER was paid, $170,000.00

      Secondly, the $170,000.00 that BTER was paid, comes roughly to 720 XBT, (2/15 am price)

So now we see where BTER is getting that 720 number, and I gotta say, it's nice to see. What BTER is doing is owning up to this screw up. This is, however, pretty self-serving, since the chances of anyone actually tracing this coin to the point of its return, is pretty slim to none. So BTER really isn't sacrificing anything. They will still get to bank that $170,000.00, but I must admit, that this was a nice gesture on their part. 

That doesn't give them  a pass, by any means. They still allowed this to happen, due to poor security, negligence, poor employee selection and management, and/or all of the above, but taking accountability for it at least shows some character.

Next Steps

We pretty much know how the rest of this story will unfold. The CEO will speak out rather soon, the site will come back up, the CEO or other members of BTER will step down or be fired, they'll confirm it was an "inside job", similar exchanges and other BitCo's will capitalize on the press attention, and throw themselves in the mix, or email spam, with their own version of "you're safe with us, are security is the best on the planet, and so are we", and then next month, or later this month, when the next hack, theft, inside job occurs, we'll have pretty much forgotten all about this fresh batch of stolen coin. The BTER camp should survive this relatively unscathed, as much as I prefer not to admit it, if you look at the volumes, even at a mere 1%, 1.7 MM would not be allot in the scheme of things. They have done things the right way, so far. Let's hope this continues.

What I would really love to see, is someone actually screw up and send coin to a wallet traced directly to them. Accomplish that, and the forum community, who start out hot on the trails of these thieves, would get a bit of a reward to keep their interest in future tracking, As it sits now, they are great coming out of the gate, but grow bored and then it just dissolves as fast as the story itself.

Mt. Gox being the exception, of course, their are entire private organizations planning the continued destruction, of every last bit, of existence of that company. including the CEO, management, and every individual who ever worked there, until there is nothing, but vapor floating towards a black hole, in outer-space, which will obliterate any, and every, possible surviving particle, ripping every fiber of substance, into an absolute nothing, on a molecular level. Only then will they be satisfied, unless they get their money back. That, is how hated Mt. Gox is.

In comparison, the BTER insider hack, was more of a slight, dimly lit, annoyance, similar to a passing firefly, that has already begun to fade away. while the negative feelings towards Gox ... they burn like the surface of the Sun.

In any event, good luck to the BTER camp, in sorting this out. We'll be keeping our eye on this as well...

Post a Comment

Powered by Blogger.