mrb's blog

Linode Attack Enables Theft of $220k (So Far)

Keywords: attack bitcoin security

The hosting company Linode was compromised: someone attacked a web-based customer service portal to specifically take control of machines belonging to customers running Bitcoin-related services. Linode claims that 8 customers were targetted. 4 of them have revealed that a total of 46653 BTC (about $220k) were stolen. The 4 other victims are still unknown.

  • 43554 BTC were stolen from the Bitcoinica exchange. This up from the previous estimate of 10000 BTC stolen.
  • 3094 BTC were stolen from Marek Palatinus (slush)'s Bitcoin mining pool. He shared quite a few more details in this post.
  • 5 BTC were stolen from Gavin Andresen's Bitcoin faucet.
  • The TradeHill exchange was compromised, but according to them no bitcoins were stolen, although a more thorough audit is in progress...

This makes it the largest Bitcoin theft ever (in terms of number of bitcoins), eclipsing the unrelated 25k BTC theft of June 2011 in which a single user had his computer compromised. However, if the other Linode victims come forward, they may confirm that today's theft was perhaps even higher than 47k BTC.


comboy wrote: I think bitcoin will lead to better security. Just tell somebody there's 10k BTC on your remote machine and wait ;)

I'm quite surprised however that bitcoinica had courage to store so many bitcoins on VPS. It's probably subjective but dedicated server seems somehow more solid to me (and your hosting provider doesn't need to know the pass)
02 Mar 2012 06:57 UTC

Nurul@bitcoin wrote: I would like to thank you for the efforts you have put in writing this blog. I’m hoping
the same high-grade web site post from you in the future also. Actually your
creative writing abilities has encouraged me to get my own web site going now.
Really blogging is spreading its wings and growing fast. Your write up is a great example.
11 Mar 2012 17:32 UTC

darul75 wrote: Bad new for bitcoin reputation 21 Sep 2012 14:18 UTC