Bitcoinica Hot Wallet Hack

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Bitcoinica Logo/Homepage

Bitcoinica was a bitcoin exchange based in New Zealand. The exchange was popular among bitcoin traders in 2011/2012, offering features such as margin trading, stop orders, guaranteed liquidity, and short selling. In spite of significant efforts by the platform's teenage founder, the platform was breached for a second time in 2012. In addition to taking over 18,000 bitcoin, the thief got access to customer data and close to accessing API keys for Mt. Gox, which could have allowed them to take 30,000 additional bitcoin which were stored there. This ultimately resulted in Zhou making a decision to leave the bitcoin space. There is no evidence to suggest that any of the Bitcoinica customers were ever compensated.

About Bitcoinica

Bitcoinica was an online platform launched via a forum thread on BitcoinTalk on September 8, 2011[1][2][3]. The platform promises advanced features such as margin trading, stop orders, guaranteed liquidity, and short selling[3]. All accounts were margin accounts by default, allowing users to trade more than their deposited amount[3]. The platform enabled leveraged speculation in its contract-for-difference (CFD) market against the Bitcoin to USD exchange rate[2].

The Bitcoinica exchange platform was based in New Zealand, and founded by Zhou Tong[4][5]. Bitcoinica emphasized security by promoting that they did not operate a Bitcoin wallet, instead storing funds in Mt. Gox and bank accounts instead[3]. Zhou Tong spent time to help fight against phishing attacks[6]. Operating on Heroku, a secure cloud platform, Bitcoinica ensured a professional and revolutionary trading environment without transaction fees for orders under ฿50[3].

Despite his position as the creator of a financial speculation service and his strong belief in libertarian capitalist ideals, Bitcoinica to him has never been about the profit. “Bitcoinica is not a money making machine,” he writes. “It’s just a product that sets a high standard for the Bitcoin community.”[4]

The Reality

The history of Bitcoinica had already had a security breach earlier in the same year[7][2]. On March 1st, 2012, the service had experienced a significant loss of over 43,000 bitcoins due to an internal security breach at their Linode web hosting provider[2]. The Bitcoinica server had access to a hot wallet with 18,000 bitcoin as well as API keys for a Mt. Gox wallet which held over 30,000 bitcoin[8] accessible to a single email address[9]. The email address was accessible from an insecure mail server[10].

What Happened

In early May, an attacker compromised the email address of an exchange operator and used their access to initiate a withdrawal of 18,547.66867623 BTC.

Key Event Timeline - Bitcoinica Hot Wallet Hack
Date Event Description
September 4th, 2011 Building Service Starts Founder Zhou Tong starts building the Bitcoinica trading platform[1].
September 8th, 2011 8:27:54 AM MDT Bitcoinica Service Launches The Bitcoinica service is announced on the BitcoinTalk forum[3]. This is tracked as a date of September 8th according to Bitcoin Wiki[2] and September 9th according to founder Zhou Tong[1].
May 6th, 2012 Hot Wallet Hack Date Used Some sources including Kyle Gibson report that “[o]n May 6, 2012, bitcoin exchange Bitcoinica announced that their hot wallet had been hacked.”[11]. It is unclear the origin of this May 6th date, as the relevant transaction would not happen for another 5 days[12].
May 11th, 2012 6:30:33 AM MDT Unexpected Bitcoin Transaction A transaction on the blockchain transfers 18,547.66867623 BTC[12], reportedly an unexpected transaction from the Bitcoinica hot wallet to a third party thief[13].
May 11th, 2012 7:16:37 AM MDT BitcoinTalk Emergency Thread Bitcoinica administrator Zhou Tong posts an emergency thread featuring details of the transaction[13]. He emphasizes that the transaction was not initiated by any company owners, and announces that he has suspended Bitcoinica's servers for a security investigation[13]. While financial and trading data were deemed safe apart from the Bitcoin lost, concerns arose within the community about the vulnerability of hosted systems and the need for enhanced security measures[13]. Comments express shock at the severity of the loss and skepticism about Bitcoinica's legitimacy, with some suggesting the incident as proof of previous warnings regarding the platform's credibility[13]. Despite assurances from Bitcoinica's founder, doubts linger about the site's security practices and potential scams within the Bitcoin community[13].
May 11th, 2012 7:37:24 AM MDT Mt. Gox API Keys At Risk Zhou Tong reveals that the attacker had also been close to obtaining their Mt. Gox API keys, which could have been used to steal over 30,000 more bitcoin[8]. He is relieved to report that none of the Mt. Gox funds were taken[8].
May 12th, 2012 4:03:41 AM MDT Email Server Compromise Revealed Zhou Tong reveals that an email server belonging to one of their team members was compromised[10]. In addition, it is revealed that the database server was compromised and the private information of all customers was exposed[10]. Customers are recommended not to reuse passwords, and there is no mention of a hashing algorithm being applied to the stored passwords[10].
May 12th, 2012 5:19:00 AM MDT BitcoinTalk Reported Time The blockchain timestamp of the theft reported by BitcoinTalk[9], with the timezone assumed to be UTC. The origin of this timestamp is also uncertain.
May 12, 2012 Bitcoin.com Date Reported "On May 12, 2012, a hacker breached the Bitcoinica Rackspace server, according to the now-defunct exchange’s founder Zhou Tong."[14]
May 13th, 2012 7:02:13 AM MDT Zhou Tong Leaving Bitcoin Zhou Tong announces on a BitcoinTalk thread that he's leaving bitcoin[1]. Despite his belief in Bitcoin's potential for financial liberty, Zhou expressed a need to pursue other passions and projects[1]. Reflecting on his journey, Zhou Tong recounted his introduction to Bitcoin in 2010, subsequent involvement in Bitcoinica, and eventual decision to leave due to a desire for new challenges[1]. The announcement received mixed responses from the community, with many expressing gratitude for Zhou Tong's contributions and wishing him success in his future endeavors, while others urged him to reconsider[1].
May 14th, 2012 6:12:46 AM MDT Bitcoin Magazine Obituary Published Vitalik Buterin via Bitcoin Magazine published an obituary of the Bitcoinica exchange[4]. The Bitcoin community faced a series of setbacks, including thefts and financial stress, leading to the shutdown of Bitcoinica, a trading platform[4]. Despite assurances of compensation for users, the future of the platform under Intersango's leadership remains uncertain[4]. Founder Zhou Tong, though expressing faith in Bitcoin's potential for financial liberty, decided to exit the space due to a misalignment with his values, emphasizing the need to create value for society[4]. While criticized for security flaws and inexperience, Zhou's endeavor reflects the ethos of Bitcoin as a realm of opportunity and innovation[4].
May 14th, 2012 9:37:47 AM MDT Sophos NakedSecurity Article Sophos reports on the security breach as a theft of $90,000 worth of bitcoins[7][15]. This incident is noted as another attack on Bitcoinica, following a previous theft earlier in the year[7]. the article also discusses a leaked FBI report expressing concerns about tracking anonymous Bitcoin users, inadvertently providing tips for users seeking anonymity[7].
August 13th, 2012 11:18:00 AM MDT Lawsuit Files Against Platform FinExtra reports that Bitcoinica faces a lawsuit from four former users who claim they are owed nearly $460,000 in missing funds and damages[16]. The article covers both attacks and emphasizes that Zhou Tong is a teenager[16]. Despite assurances from Bitcoinica that the stolen funds were from the exchange itself, not customers, and promises to honor withdrawal requests, users allege only half of their money would be returned[16]. With suspicions circulating that Tong might be involved in the hacks, the plaintiffs have filed a complaint in San Francisco against Bitcoinica, Intersango, and associated individuals, accusing them of conspiring to hinder and deprive the plaintiffs of their rights to the missing funds[16].
December 21st, 2012 1:53:16 AM MST BitMarket.eu Posts About Insolvency BitMarket.eu administrator M4v3r admits in a BitcoinTalk forum thread to having stored bitcoins on the Bitcoinica platform, which are now lost[9][17]. His message apologized for a failure to respond promptly due to personal issues and a search for a solution[17]. It reveals that he cannot currently process withdrawals, attributing the problem to a misguided attempt at providing a hedge fund service for Bitmarket users[17]. This endeavor led to a significant loss of bitcoins, worsened by a subsequent rise in BTC price[17]. M4v3r acknowledges his faults and lack of funds to cover the loss, proposing options like finding an investor or starting over with explicit fees to repay the debt[17]. He expresses a commitment to making amends and provide a bitcoin address for donations to help users with locked funds[17]. The attached comments reflect skepticism and accusations of scamming, countered by the sender's assertion of honesty despite the dire situation[17].
July 26th, 2013 5:52:51 PM MDT Updated BitcoinTalk List The incident is included in the updated BitcoinTalk list by dree12[18]. The amount is increased and valued according to the January 2014 price[18]. A disclaimer is added about the amount potentially increasing even further as the liquidation proceeds[18].
April 24th, 2013 4:30:15 AM MDT Zhou Tong Video Uploaded Zhou Tong uploads a video identifying himself, showing a credit card he was recently issued, and that he is over 18 years old at this point in time[5][19].
June 13th, 2013 3:47:17 AM MDT Zhou Tong Joining CoinJar Zhou Tong (Ryan Zhou) announces that he's joined the team of CoinJar[20]. "CoinJar is a Melbourne-based startup bridging the divide between digital currency and the dollars in your wallet[20]. Bitcoin was naturally the best place to start, being the world's leading digital currency[20]. Founded in 2013, we quickly caught the eye of early start-up investor AngelCube who have generously provided us seed funding and mentorship."[20] Some users praised the platform's sleek design and expressed interest in its features, such as CoinJar Checkout for merchants[20]. Others raised concerns about security, particularly regarding the shared wallet system and the lack of client-side encryption for private keys[20]. Some users suggested improvements, such as implementing 2-factor authentication and a "buy order" feature[20]. Overall, while there was enthusiasm for CoinJar's potential, there were also reservations about its security measures and the need for further development[20].
September 9th, 2013 7:10:32 PM MDT CoinJar Promotion Posted Zhou Tong announces that the CoinJar team will be present at the TechCrunch event in San Francisco[21], which is his final post on the BitcoinTalk forum[22]. There are no responses on this thread[21].
February 3rd, 2017 10:00:04 AM MST Bitcoin.com Article The incident is included with specific mention in a list of bitcoin thefts which you may have forgotten about, published by news site Bitcoin.com[14].
April 1st, 2017 9:06:19 PM MDT Zhou Tong BitcoinTalk Login Zhou Tong logs into BitcoinTalk for the final time[22]. There do not appear to be any posts made at this time[22].
September 9th, 2017 4:26:00 AM MDT Tuur Demeester Tweet Bitcoin analyst Tuur Demeester reports on the connection between Alexander Vinnick, who has recently been arrested, and the Bitcoinica stolen coins[23]. He suggests that Vinnick assisted with laundering the funds and wasn't involved in the initial theft[23].
September 10th, 2017 8BTC News Article "Earlier this year, when BTC-E owner Alexander Vinnick was linked to the Mt.Gox and Bitcoinica hacks and was arrested by the Greek government, entirely new pieces of information in regard to the Mt. Gox hacks surfaced[24]. Security research firm WizSec, which first linked Mt. Gox hacks to Vinnick and had been collaborating with various law enforcement agencies, explained that it was unlikely for a single person to carry out the thefts."[24].

Technical Details

The vulnerability reportedly happened through a compromised email address, which had a higher level of permissions than necessary[9]. This was reportedly compromised through a vulnerable email server[10]. The chief bitcoin transaction involved in the theft is 7a22917744aa9ed740faf3068a2f895424ed816ed1a04012b47df7a493f056e8[12], which was announced on the BitcoinTalk forums[13].

BitcoinTalk Summary

[9]

Zhou Tong, former founder of Bitcoinica, discovered an entry into Bitcoinica's Rackspace server through an excessively privileged compromised email address. This caused the theft of the entire “hot wallet”, funds stored on-site, as well as the loss of the main database. No backups were kept. Bitcoinica shut down because of this incident. The claims process is still ongoing; however, Bitcoinica is now entering receivership.

Total Amount Lost

There are three different estimates of the amount lost in this case.

  • The first value of 18547.66867623 comes from the blockchain transaction[12] and amount which was reported by Zhou Tong on the BitcoinTalk forums[13]. This is included on some lists such as dree12's list on BitcoinTalk[9] and rounded to 18,548 by Kyle Gibson[11]. Kyle Gibson gave an estimated value of $90,000 USD[11].
  • BitMarket.eu had a liquidation, and in the legal paperwork, they reported losing "about" 19980 bitcoins[9].
  • BitcoinTalk user dree12 reported a total amount affected reported to be at least 38527 bitcoin[9]. This is very similar to an estimate on Bitcoin.com, which reported that the exchange lost over 38,000 BTC during the spring incident, which refers to an event that breached Bitcoinica's Rackspace servers on May 12th, 2012[14].

The total amount lost has been estimated at $91,000 USD.

Immediate Reactions

The exchange promptly suspended operations and assured users that most bitcoin deposits were unaffected and withdrawal requests would be honored[7]. While passwords were likely not compromised due to encryption measures, the exchange urged users not to reuse passwords across different platforms[7]. Bitcoinica stated that sensitive customer documents were encrypted and stored separately, minimizing the risk of exposure[7]. However, usernames, email addresses, and account histories may have been compromised, prompting caution against phishing attempts[7].

“On May 6, 2012, bitcoin exchange Bitcoinica announced that their hot wallet had been hacked. The exchange told users that they had “discovered a suspicious bitcoin transaction that doesn’t seem to be initiated by any one of the company owners.” The hot wallet hack was initially suspected to be linked to Bitcoinica owner A. Vinnik, leading some to suspect it was an exit scam.”

Suspicious Transaction Reported

Zhou Tong reported a suspicious Bitcoin transaction not initiated by any company owners, prompting the suspension of Bitcoinica's servers for a security investigation[13]. The transaction involved a significant loss of 18,547.66867623 BTC[13]. While financial and trading data were deemed safe apart from the Bitcoin loss, concerns arose within the community about the vulnerability of hosted systems and the need for enhanced security measures[13]. Comments express shock at the severity of the loss and skepticism about Bitcoinica's legitimacy, with some suggesting the incident as proof of previous warnings regarding the platform's credibility[13]. Despite assurances from Bitcoinica's founder, doubts lingered about the site's security practices and potential scams within the Bitcoin community[13]. It was later revealed that the same email address could have withdrawn over 30,000 bitcoin from Mt. Gox through an API key[8] and that the root cause of the breach was an entire email server being compromised[10].

Media Reports About Bitcoinica

Media reports were reported by multiple sources at the time[7][4].

Ultimate Outcome

As a result, on August 1, 2012, the Wendon Group investment fund, a creditor to Bitcoinica LP, announced the appointment of a receiver under New Zealand law, marking the downfall of the platform[2].

Zhou Tong Leaving Bitcoin

Founder Zhou Tong decided to leave bitcoin entirely[4]. In a forum post from May 13, 2012, user Zhou Tong announced their departure from Bitcoin-related projects following the Bitcoinica incident, where they will discontinue involvement until further notice[1]. Despite their belief in Bitcoin's potential for financial liberty, they expressed a need to pursue other passions and projects[1].

“I always believe in Bitcoin, or simply anything that brings people financial liberty. I have heavily invested in Bitcoin (I purchased one 1,000 BTC gold coin from Casascius and will keep it for as long as I can).”

The announcement received mixed responses from the community, with many expressing gratitude for Zhou Tong's contributions and wishing them success in their future endeavors, while others urged them to reconsider[1]. Vitalik Buterin had strong praise for Zhou Tong and criticized his critics[4].

Zhou Tong has often been reviled as a scammer, and this crisis has, predictably, only amplified such cries. But his actions over the past eight months do not paint the picture of a man who consciously set out to defraud the public with a Ponzi scheme or an arcane system of liquidation rules; rather, they paint the picture of a teenager, still uncorrupted by the rigidities of the status quo, ready to discover the world and find a place where he can make a difference. Of course, Bitcoinica’s history is marked by security blunders and telling signs of Zhou’s inexperience. However, failure is an inevitable part of learning and innovation, and if the Bitcoin community begins to treat failure as an unforgivable sin and every blunder as proof of moral turpitude, then it will cease to be a community that values learning and innovation at all. Instead, it will become yet another manifestation of the inflexible and bureaucratic status quo.

Funds Moved By Alexander Vinnick

Alexander Vinnick is believed to be responsible for the funds being cashed out[24][23].

Lawsuit Against Platform

Finextra reports that four former users of Bitcoinica have filed a lawsuit alleging that they are owed nearly half a million dollars in missing funds, as well as damages[16]. Bitcoinica, once a successful exchange created by teenager Zhou Tong, suffered two major hacking incidents earlier this year, resulting in the theft of thousands of Bitcoins. Despite assurances from Bitcoinica that the stolen funds were from the exchange itself and not customers, the site has remained offline, leaving users uncertain about the fate of their investments. Additionally, Bitcoinica had initially promised to honor all withdrawal requests but later informed users that only half of their funds would be returned, prompting speculation about the exchange's integrity. Amidst rumors implicating Tong in the hacks, the plaintiffs filed a complaint in San Francisco alleging that Bitcoinica, its successor Intersango, and associated individuals conspired to deprive them of their rights regarding the missing funds[16].

BitMarket.eu Collapse Resulting

In December, BitMarket.eu's administrator M4v3r admitted in a BitcoinTalk forum thread to having stored bitcoins on the Bitcoinica platform, which are now lost[17]. His message apologized for a failure to respond promptly due to personal issues and a search for a solution[17]. It reveals that he cannot currently process withdrawals, attributing the problem to a misguided attempt at providing a hedge fund service for Bitmarket users[17]. This endeavor led to a significant loss of bitcoins, worsened by a subsequent rise in BTC price[17]. The administrator acknowledges their fault and lack of funds to cover the loss, proposing options like finding an investor or starting over with explicit fees to repay the debt[17]. They express a commitment to making amends and provide a bitcoin address for donations to help users with locked funds[17]. The attached comments reflect skepticism and accusations of scamming, countered by the sender's assertion of honesty despite the dire situation[17].

Inclusion In Incident Lists

This incident was included in many sources, including:

  • both versions of a list compiled by BitcoinTalk user dree12[9][18].
  • a list of incidents put together by Kyle Gibson[11].
  • a Bitcoin Magazine infographic[25] (along with another Bitcoinica theft).
  • Bitcoin.news lists this as one of the most controversial in the industry[14].
  • Bitcoin Exchange Guide[26].
  • Slowmist[27].

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

Ongoing Developments

There are a few potential ongoing developments.

Identity Of The Hacker

According to BitcoinTalk, the hacker is unknown[9]. While the coins appear to have been laundered by Alexander Vinnick[24], it is considered unlikely by many blockchain analysts that he was also the hacker[23].

Wendon Group Legal Action

Venture capital group Wendon Group threatened legal action against Bitcoinica Consultancy[9].

New Zealand Bankruptcy

A receivership in New Zealand was ongoing[9].

Individual Prevention Policies

When using any third party custodial platform (such as for trading), it is important to verify that the platform has a full backing of all assets, and that assets have been secured in a proper multi-signature wallet held by several trusted and trained individuals. If this can't be validated, then users should avoid using that platform. Unfortunately, most centralized platforms today still do not provide the level of transparency and third party validation which would be necessary to ensure that assets have been kept secure and properly backed. Therefore, the most effective strategy at present remains to learn proper self custody practices and avoid using any third party custodial platforms whenever possible.

Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Knowing who's holding the funds and storing them properly offline with multiple signatures would have avoided the issues.

All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.

All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 Zhou Tong - I'm leaving Bitcoin - BitcoinTalk (Accessed Apr 9, 2024)
  2. 2.0 2.1 2.2 2.3 2.4 2.5 Bitcoinica - Bitcoin Wiki (Feb 4, 2020)
  3. 3.0 3.1 3.2 3.3 3.4 3.5 Bitcoinica - Advanced Bitcoin Trading Platform - BitcoinTalk (Accessed Apr 9, 2024)
  4. 4.0 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 Bitcoinica: An Obituary - Bitcoin Magazine (Accessed Feb 4, 2020)
  5. 5.0 5.1 Zhou Tong is just Zhou Tong - YouTube (Accessed Apr 18, 2024)
  6. Beware of Mt. Gox Phishing Attack! And how we can reduce the risk for OTHERS. - BitcoinTalk (Accessed April 18, 2024)
  7. 7.0 7.1 7.2 7.3 7.4 7.5 7.6 7.7 7.8 Bitcoin exchange gets attacked and loses cash...again! - Sophos Archive May 16th, 2012 6:21:16 AM MDT (Accessed Apr 17, 2024)
  8. 8.0 8.1 8.2 8.3 Zhou Tong - "The hacker almost gained access to our Mt. Gox API keys, before I revoke them! He could get 30,000+ BTC easily if I was asleep, or busy." - BitcoinTalk (Accessed Apr 5, 2024)
  9. 9.00 9.01 9.02 9.03 9.04 9.05 9.06 9.07 9.08 9.09 9.10 9.11 List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses [Old] - BitcoinTalk (Jan 28, 2020)
  10. 10.0 10.1 10.2 10.3 10.4 10.5 Zhou Tong - "The root cause of this problem is an email server compromise. The email server belongs to one of our team members. Reminder again: Please do not reuse your Bitcoinica passwords as the database server was compromised. Do not click any links in the email. All Bitcoinica announcements will be updated on Bitcoinica website when available." - BitcoinTalk (Accessed Apr 9, 2024)
  11. 11.0 11.1 11.2 11.3 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents - Kyle Gibson (Jan 25, 2020)
  12. 12.0 12.1 12.2 12.3 Bitcoinica Theft 18,547.66867623 BTC Transaction - Blockchain.com (Accessed Apr 1, 2024)
  13. 13.00 13.01 13.02 13.03 13.04 13.05 13.06 13.07 13.08 13.09 13.10 13.11 13.12 [Emergency ANN] Bitcoinica site is taken offline for security investigation - BitcoinTalk (Accessed Apr 5, 2024)
  14. 14.0 14.1 14.2 14.3 The Bitcoin Exchange Thefts You May Have Forgotten - Bitcoin.com (Jan 29, 2020)
  15. Bitcoin exchange gets attacked and loses cash...again! - Sophos Archive February 8th, 2014 1:29:59 AM MST (Accessed Apr 17, 2024)
  16. 16.0 16.1 16.2 16.3 16.4 16.5 Users sue Bitcoin exchange over $460k in missing funds - FinExtra (Feb 3, 2020)
  17. 17.00 17.01 17.02 17.03 17.04 17.05 17.06 17.07 17.08 17.09 17.10 17.11 17.12 17.13 M4V3r - "Earlier this year, I had this "genius" idea which led me to making a fatal mistake. I thought I could provide a hedge fund service for Bitmarket users. There were other sites providing this service so I guesses that it could be successful. I had experience in trading before, all I needed is a platform. And there was one - Bitcoinica." - BitcoinTalk (Accessed Apr 2, 2024)
  18. 18.0 18.1 18.2 18.3 dree12 - List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses - BitcoinTalk (Feb 15, 2020)
  19. Zhou Tong - I am who I am - BitcoinTalk (Accessed Apr 18, 2024)
  20. 20.0 20.1 20.2 20.3 20.4 20.5 20.6 20.7 Zhou Tong - CoinJar - Australia's first VC-backed Bitcoin startup - BitcoinTalk (Accessed Apr 18, 2024)
  21. 21.0 21.1 Zhou Tong - Team CoinJar is exhibiting at TechCrunch Disrupt SF on Tuesday - BitcoinTalk (Accessed Apr 19, 2024)
  22. 22.0 22.1 22.2 Zhou Tong's Profile - BitcoinTalk (Accessed Apr 19, 2024)
  23. 23.0 23.1 23.2 23.3 TuurDemeester - "It's likely that the recently arrested A. Vinnik was a money launderer, not the mtgox/bitcoinica thief. #divisionoflabor applies to crime." - Twitter (Accessed Apr 18, 2024)
  24. 24.0 24.1 24.2 24.3 Analyst: Mt. Gox Lost 100,000 More Bitcoins Apart From the $2.5 Billion Hack - 8BTC News Archive September 14th, 2017 2:28:28 AM MDT
  25. Infographic: An Overview of Compromised Bitcoin Exchange Events (Jan 30, 2020)
  26. Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5, 2020)
  27. SlowMist Hacked - SlowMist Zone (Jun 26, 2021)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Bitcoinica_Hot_Wallet_Hack&oldid=5685"