by Jessica Holyoke

Possibly in conjunction with the many griefing attacks of this weekend, the SL banks have been hit by hackers. L & L Bank and Trust reports that 3 million Lindens were stolen through a hack on an ATM by avatar Hamid Jewell. This was following an exchange from avatar Betatester Allen that deposited $10 million in Lindens and then withdrew $20,500 L. While L&L Bank and Trust is waiting for help from the Concierge and Governance teams in getting the money back, other banks are being vigilant regarding their balances.
Second Life Investor's Bank reported suspicious activity with deposits of fraudulent Lindens, but no damage was done to their bank. Second Life Business Bank was also hacked into today, but the owner, Anre Heron, was able to put their ATM's offline. BCX Bank had an attempt on their ATM's today, but according to Travis Ristow, the Linden Risk API and their own security systems were able to recognize the avatar in question before a deposit was made. Intlibber Brautigan reported no attacks on BNT Financial. JT Financial and SL Capex also reported no incidents of attacks.

TNW Bank's ATM's were almost hacked into but the server encryption kept the hacker out. According to TNW owner Lex Fitzcarraldo, the hacker then took over a management account and deleted the mall and club on their island. Currently, the mall has been rebuilt on TNW while the club is still being worked on.

With the hack into the ATM's, it appears that this might be a concentrated attack on the banks, as opposed to one member embezzling funds. Is the hacks due to common script vendors for ATM's? More investigation is being conducted on the fraudulent linden balances and whether there is an exploit with the server.
It's interesting that that many ATMs can be "hacked" at the same time. Either A) There is a new exploit, or B) they were using the same scripts. What also makes it interesting is that an actual account was "hacked" as well.
Posted by: nimrod Yaffle | November 20, 2007 at 07:28 AM
This is also why I never keep my money in banks in Second Life.
Posted by: nimrod Yaffle | November 20, 2007 at 07:28 AM
"Possibly in conjunction with the many griefing attacks of this weekend, the SL banks have been hit by hackers. L & L Bank and Trust reports that 3 million Lindens were stolen through a hack on an ATM by avatar Hamid Jewell. This was following an exchange from avatar Betatester Allen that deposited $10 million in Lindens and then withdrew $20,500 L. "
So, someone hacked the ATMs out of L$3mil, right after a suspicious L$10mil was deposited? That still means the "bank" is up by L$6mil.... Or did I read that wrong?
Posted by: nimrod Yaffle | November 20, 2007 at 07:30 AM
What's an "exploit"?
Posted by: Marc Woebegone | November 20, 2007 at 08:49 AM
When will people learn that putting their money in an online computer game 'bank' is stupid?
Just like the Ginko fiasco, when people try to be smart and buy and sell unregistered, unlicensed 'stocks' and 'bonds', they are going to get burned.
Posted by: Observer | November 20, 2007 at 08:50 AM
"So, someone hacked the ATMs out of L$3mil, right after a suspicious L$10mil was deposited? That still means the "bank" is up by L$6mil.... Or did I read that wrong?"
Yes. It says that a 10 mil was deposited, after which 20,5 mil was withdrawn. So that alone makes -10,5 mil for the bank.
Posted by: Bennie | November 20, 2007 at 10:40 AM
My apologies. I did so many rewrites late last night to get this published quickly that a few points were self edited out.
Betatester Allen deposited fraudulent Linden dollars, or counterfeit dollars. L&L Trust does not have the right to keep that money. According to the ToS, a fraudulent exchange can see the buyer lose up to 150% of the fraudulent exchange amount, one of the concerns of L&L trust.
The two means of attack on the banks were hacking into the ATM software, which some banks were able to beat back and some were not, and depositing counterfeit Lindens, with attempts made on more than one bank. Counterfeit Lindens, although inaccurate, makes more conceptual sense than fraudulent Lindens, which is the commonly used term between the banks and in the press release.
Photo notes:
1st photo: Standing inside L&L trust with the ATM's removed from service.
2nd photo: Outside Second Life Business Bank. The logo states what some people say SL is all about.
3rd photo: A vendor area specializing in ATM scripts.
Posted by: Jessica Holyoke | November 20, 2007 at 10:40 AM
The only thing that surprises me about this is that it took so long for this attack to happen.
The tools that are provided in LSL for encryption, authentication, and establishing electronic trust between scripts are all broken and implemented wrong.
ModPow() is used pretty much exclusively in public-key encryption but the LSL version only works with 16-bit number; whereas a minimum of 1024-bit numbers is currently considered acceptable for public key and real banks use much larger public-key sizes.
MD5 is implemented completely wrong, as is XOR and there are no other tools available in LSL that are specifically designed for encryption or digital authentication.
The fact that a few dedicated and knowledgeable scripters have managed to implement XTEA and SHA1 in LSL still amazes me.
Posted by: Anonymous Poster | November 20, 2007 at 10:46 AM
Beanie: It says "$20,500 L." Not mil.
Posted by: nimrod Yaffle | November 20, 2007 at 11:47 AM
Jessica, do you know if they were all using the same ATM script? (Or variations of the same one?)
Posted by: nimrod Yaffle | November 20, 2007 at 11:49 AM
Why are there still banks in SL anyways? Who's putting their money in banks? I would think that if the whole concept of sticking your money in a virtual bank didn't seem stupid enough as is, that the ginko financial fiasco would have supported that idea and proven that there are heavy risks to be had here.
Posted by: Artemis Fate | November 20, 2007 at 02:54 PM
Um, hai. Dis is Commun Sense checking in. Y do U continue to leve munies in banx that R not govrn'd? Kthxbai.
Posted by: Tenshi Vielle | November 20, 2007 at 03:46 PM
I lol'd at your spacemonies being "heisted".
btw, it had nothing to do with the Patriotic Ni/gras (YAY FOR WORD FILTER!!!), it was entirely coincidental.
Posted by: RoFLKOPTr | November 20, 2007 at 04:30 PM
Being that it is really stupid to have your l's in a bank when you perfectly sit with a balance every time you are on the grid these people who keep "investing" in these banks deserve it. Not only do they deserve it-they deserve to be lined up somewhere on the grid and be shot at, laughed at and then banished from SL. But then again...this is just my world we are talking about.
Posted by: Aya Pelous | November 20, 2007 at 05:11 PM
The banking and stock exchanges are the biggest joke in Second Life. Nobody is stupid enough to continuing throwing ther money away to these bunko schemes. Interesting that all the "banks" were hit except one. Hmmm....
Posted by: Adam | November 20, 2007 at 05:52 PM
The SL wealthy who invest and lose lindens in "banks" : I have no pity for.
If he/she would stand atop a building at Welcome Island or Welfare Island and make it rain on the poor with their folded lindens (not the change-may put an eye out): THAT would be more respectable. :)
Posted by: Bob Barker | November 20, 2007 at 08:12 PM
@ nimrod yaffle
It was suggested that the banks that were hit by hacks used the same script vendor, but I didn't have proof of that when I was gathering information for the article because each bank was a little busy at the time. I suspected it, which is why I included the photo of the script vendor that provided the script for SL Business Bank.
@ roflkoptr
It was a suggestion that the two were related, but there is no proof of that.
Posted by: Jessica Holyoke | November 20, 2007 at 09:12 PM
I'm in ur b4nk, steelin ur lindens...
Posted by: Tomhaz A'Bucket | November 20, 2007 at 10:06 PM
I predict that this type of story will keep happening on a consistent basis and no longer become news thus no longer being reported...much like drive-bys in Compton.
Banking in SL will continue to be retarded until SL goes completely open source and/or some sort of ID verification system is setup so your RL identity is tied to your account and is somewhat accessible...just like regular internet transactions are now.
Posted by: DaveOner | November 21, 2007 at 11:34 AM
Hmmmmmm, I had no idea. Nope, no idea at all this happened. Just fucking amazing. Whoever did this I'm sure he is pretty elite. Yes, he sure is.
Posted by: d3adlyc0d3c | November 21, 2007 at 10:33 PM
Its interesting that this story made headlines in the herald but there was not one word said about the whole MIDAS bank fiasco....You all know what I'm talking about where the WSE refused to make its quarterly payment then decided to keep the 3.5 million Midas had invested and declare Midas bankrupt...
Posted by: Typo | November 22, 2007 at 06:30 AM
@ Typo
I know about both Midas bank and the Allenvest financial liquidations and was planning articles on both, but with more detail. I wanted more information from Midas Commons before I started writing so I could compare the two actions.
And with the SLEC trying to step in with the WSE, I also need some time with them as well.
Posted by: Jessica Holyoke | November 22, 2007 at 07:40 AM
I made a 2nd blog posting out of all this, how we had no problems, and why security is a routine not a feature etc.
Should give some people more insigh to the incident etc. :D
So head over to
and read it for more details :)
My first blog posting was: for those interested :)
To clarify: LL took back that 10mil L$ deposited to LNL promptly. I infact had even my account suspended for it! So infact, this STARTED way worse for me than the others.
Posted by: Tyrian Camilo | November 25, 2007 at 06:43 AM
you can be sure that if the n/igra/s took the space monies then they already turned it into liquid assets... and by liquid assets i mean lemonade and grape drink
Posted by: dick burns | November 25, 2007 at 04:33 PM