Look, we are random internet people, and it's a "me vs. you" scenario, but as someone who worked at Linode in 2012, we were a small company, that all worked out of one office, with like 3 admins at the time. Yes, there were various hacks. Yes, there were silly vulns, but positing that one of the employees at that time stole bitcoin is something that I won't stand for.
Could it have happened, sure. Do I think that it was an inside job? No, not at all. 99% of the people there at that time thought Bitcoin was insanely dumb, and I suspect most of us still do.
As I noted elsewhere, there's an opportunity to do the right thing when someone comes to you and says look, someone is coming in on the control plane and resetting my server passwords.
And yes, that includes looking at your staff especially when bitcoin is in the mix as its less traceable to a person.
For some reason, for year after year, there was this pattern. No problem, we have good security, oh wait, we've been rooted for months. Or someone is coming in on the staff admin plane and taking all sorts of action.
It could be outside hackers sure. But linode never seemed that interested in sorting things out.
The takeaway I had was that you might not notice if a staff person OR hacker was messing around.
When you're in Linode's position, running people's private and infrastructure, you have a very finite amount of grace. Individual employees at linode had an incentive to violate the company's security. When security violations happened that could plausibly have come from employees following their incentives the company consistently failed to assure customers it was making sure the security issues were being addressed. In my opinion this at least shows a wild disregard the well-being of customers and I think it's pretty normal to treat that kind of wild-disregard as malicious (even though it may not be).
This followed the pagerduty hack. We don't know who else was getting hacked either - these were to high profile ones.
So this just raised the question - what's up that they don't take serious issues seriously? With bitcoin there have been a ton of insider issues with how "trusted" infrastructure providers and exchanges handling bitcoin so that was the question.
Even if external hackers, they just got hacked over and over.
If the known facts are consistent with your staff stealing Bitcoin and the reason it can't be confirmed whether or not this happened is because your staff fell short of industry-standard security practices, I think it's entirely fair to say that that might be what happened. Put it this way: from the perspective of someone on the outside, if your staff were stealing Bitcoin this is exactly what it would look like.
As someone who commented on Linode hacks earlier, I can vouch for lbotos having worked there and feel the same way as they do. I don't believe any of the attacks were an inside job, because I don't believe anyone would have done that and if they did they knew how not to leave a trail behind.
Backing up both Tim and Lee here as a former who overlapped with both of them. I had many issues with Linode as an employee. The idea that anybody I worked with at the time, many of whom I don’t get along with because I was even more of an asshole then than I am now, the idea that any of them would pinch Bitcoin off a Linode is so off-base it’s laughable. It simply didn’t happen. Period. If you believe it did, your logic in getting there is no different than that of political conspiracies that are common today.
I remember that rash of Bitcoin thefts and it was all careless behavior by the Linode owner becoming a secondary consequence of a primary employee compromise, I think. As in what happened to Twitter. Think “admin panel compromised, external actor searches for Linodes known to participate in Bitcoin, methodically compromises them one by one, finds poorly stored wallets and drains them”. That intruder very obviously knew what they were after, if memory serves, but this was almost ten years ago.
Seriously. Linode did one thing well and it was hire (mostly) good people. The comms around security incidents could always use improvement, and I think that led to the loss of trust you’re seeing here. I don’t think it’s just Linode, either, I think a lot of the industry is overly discreet when it comes to what to say publicly about events like this. We see the same with journalism: a lot of methods in reporting are trade skills and most people don’t understand the news gathering process, which leaves room to fill in the gaps with conspiracy. So it is with security, too.
I’d back your speculation, Tim: there were maybe two people, definitely one, maybe two, who could both perform the crime and hide it. One’s an unsavory person to interact with if he doesn’t like you but ultimately ethical and a force for good at his core. The other runs the company. Convince me that either of them did that and you may as well convince me the Earth is flat.
I think in 2012 the tech community's sentiment was actually that Bitcoin was really cool and definitely useful, since it was new and did things in a practical application that we hadn't seen before. It's interesting that hindsight clouds that, it has been viewed negatively for years now but it's not that old yet. (Either way, your main point stands of course.)
> I think in 2012 the tech community's sentiment was actually that Bitcoin was really cool and definitely useful
I don't think there was ever really a consensus on this. Lots of people (myself included, but also quite a few friends) always thought Bitcoin was just kinda useless. It's just that in 2012 there were comparatively low stakes (i.e. no massive energy use, not yet massive amounts of people pouring money in it, no massive amounts of "crypto snakeoil") that it just wasn't worth commenting on.
I find this exceedingly hard to believe. Around 2009-2010, btc was definitelynot an "asset" (like the bafoons try to treat it now).
It *was a currency*.
Many still believe in the idea that (certain, less well know) crypto can be used as a real currency, but unfortunately the public severely tainted it with ideas of 'being an asset'.
This comment reads as someone who is more aligned with the public's (HN) perception of modern crypto, rather than the use of it pre-2010.
I think the idea of “hodl” bitcoin wasn’t there. One thing that changed in my perspective is that bitcoin transactions were always destined to be more expensive than I had dreamed. In my mind, I thought transactions would be fast and free of cost. In reality, there are reportedly fewer than ten thousand full nodes.
Everyone thinks of bitcoin in terms of “how many USD is it?” I don’t know what the solution is but as long as we think of bitcoin as a perverted asset like housing - apparently people once again believe we will not allow housing prices to fall to any significant degree - there is no reason to use bitcoin as a currency. With so much speculation, the price is too volatile.
I don’t know what the solution is but I believe transaction costs should be minimal if not zero. I don’t know how we will achieve this but apparently there are other projects that try to get much closer to zero transaction fees. I think that is the future
There were plenty of us who knew – and said – that "cryptocurrency" was borne of technical, political, economic, societal ignorance when it started. Now it's just more obviously terrible.
The sentiment I knew at the time was a mix of excitement at the cool new tech, skepticism of the usefulness of it (my camp), and drooling over using the GPU you already had to make easy money.
nope, I remember starting my first tech job in 2013, and the only people in tech who cared about it were libertarians, which was a very small subgroup of tech
"I think money is insanely dumb, and I suspect most of us do ... So it's ok if someone steals money."
I think I get your sentiment(?), but I'm uncertain of whether or not it matters how individuals value 'success' or 'currency' when it comes to personal property.
To extend to the logical consequences, I am not sure if people on HN would agree that personal property should be non-existent.
No, sorry that I was unclear. My point was that it's my belief that those of us employed at that time did not see value in bitcoin, so we had no motivation to steal bitcoin that would be a small fraction of what we were getting paid.
Now if $some_duder_was_really_into_bitcoin was also on the staff at the time, then sure, maybe they would risk their job to steal some bitcoin because they thought it was cool to do hax0r things with cyberpunk money. I'm not aware of that person existing.
Could it have happened, sure. Do I think that it was an inside job? No, not at all. 99% of the people there at that time thought Bitcoin was insanely dumb, and I suspect most of us still do.