Bitcoin Forum

Hello!

I first wanted to take this post in the Ozcoin thread, but maybe its best to give it an own thread. Not that I have a choice since I am newly registered ;)



So I have been following the latest weeks post in Ozcoin thread, where owner Graet got hacked and lost 923 BitCoins. It was posted to me by a friend that wanted to point out to me how there is much unsafty with bitcoins.
I told him that the problem was not with BitCoins as a system, but Graets lack in security and drew a parallel to people getting their cards skimmed or computers infected with a virus.
Since then People have "chased" the money, and debated about a system to catch stolen money.



Graets money seems to have ended up in a Strongcoin online Wallet according to this post https://bitcointalk.org/index.php?topic=14085.msg1910151#msg1910151 .

As I understand it owner of Strongcoin dogisland then stole this money from the alligated thief and returned it to Graet.

To be honest, I think this is a bigger issue then Graets first loss of money.

I am sorry for your loss Graet but as you said it was your own fault, leaving your system open to such a exploit.
But here dogisland, a "Bank" of bitcoins, took the matter in his own hand as #1 world police and hijacked one of his customers money and gave them to his friend (?) Graet.

What if dogisland one day decides to hijack all his customers money?


First I quote strongcoin.com's firstpage:

Only you. OR, well, dogisland also. And who know who else...?

I hope I have missed something essential here, does anyone care to explain..?


Edit: As a newbie I am not allowed to send messages. I hope someone that can would send them a PM asking them to answer here.
Edit2: Nametypo.

Best of wishes,
Lotus

Graet, not Garet ;)

Well, you got a point there actually. What happened to this? :


Please do not use any online wallets if you value your coins. If strong coin.com was rooted, funds would be stolen easily from users despite that statement above.

heh ;) Fixed! Sorry Graet!

I drew the parallel between real life where people lose real money to skimming and viruses.
and that tts not the bitcoins faults that graet got hacked. its due to careless, its not the goverment or the bitcoins fault.


Ok, its' only https?

Then the quote "neither we nor anyone else can spend your Bitcoins. Only you." from the homepage is a complete lie.

You raise a valid question with regards to how the funds were transferred from your account, however, the lack of empathy and holier-than-thou tone of your post makes it sound more like "I hacked a website and stole funds. Then, someone sole them back and gave them to their original owner."

I'd be interested to see how external law enforcement would react to this sort of claim - especially considering the lack of recognition of BTC as currency, as far as I am aware. This is of course assuming that you are going to contact someone regarding this 'theft'; I assume you will, considering you lost close to USD$60K?

Let us know how you go.

I just signed up for an account with StrongCoin.com. It's pretty neat.

1aQGjTHindCLvophoeu4kNsZMm7XzHgca

QG

I am sorry to say I am only a observer, taking interest in BTCs lately, that tries to shine light on this situation from another perspective.

Probably since I am new to the scene I saw strongcoin.com with its professional website as a serious player, and I did not think such serious players would take law in their own hand and compromise its customers integrity and money so easily, without publishing any real proof.

I hope you can see how this endanger the reputation of bitcoin as a serious currency.

But what is the problem?

You were contacted by owner of StrongCoin and asked where did you get that money and to explain on the forums your involvement, which you didn't do. I think that right now best option is to contact Graet and talk with him, even meet somewhere IRL and show him the proof you are telling truth. That is of course if you have proof.

If he just started stealing coins then I would think differently, but in this scenario he just saved a percentage of a fairly popular pools bitcoins. So I guess if you are going to steal bitcoins from people, don't trust sending them to this service after you do it. He will stop you from profiting from being a piece of shit.

Sure, sure, this is totally believable. Someone just signs up out of nowhere, and their very first post on Bitcointalk is regarding this situation which in no way concerns them personally. No, it does not look like a disgruntled thief created a sock puppet account to vent their frustration about the lost spoils. Not at all.

Maybe it would be more valuable to forget wondering who is he and focus on what he says?
Even if he is the thief, I've never heard of this story before and I'm concerned about the
home-made justice made to this case, so somehow, I don't care from whom is the story
coming from.

900 bitcoins is a fortune :o

I would never trust the online wallets.

I just started mining a week ago with Oz and so i've followed this very closely and all I can say is Lotuss P@wned :)  lmao

That's a blatant lie from Strongcoin then, unless not all of their wallets are hybrid wallets.

They could have done all of that with a JS change even without knowing the private keys.

o.0 did you say garet???

(hides valuables)

:)

Well, what happened to this?


How was dogisland able to "seize" those funds to return them back to Graet? Maybe he modified the site, so all the transaction originated by the thief went to an address controlled by him?

IMO this confirms again that shared wallet/third party services are insecure by nature and thus should be avoided, regardless of super strong passwords, encryption, 2 factor authorization, etc. etc. etc.

It's a pity because really secure third party services are need for BTC (for example for trading)

So, no answer on this. Admin was able to "intercept" the funds as easily as stealing a candy to a baby. I really don't know how they can then write things like this:

Therefore our servers only hold encrypted private keys and neither we nor anyone else can spend your Bitcoins. Only you.

Utter bullshit. They can do whatever they want with your funds :(

It's pretty close to true.  The hacker did spend them -- he was just tricked into sending them to the strongcoin operator.

No online wallet is 100% safe.

Let's do not play games. No online wallet is safe at all

I wonder why guy who stole money from Graet put them into strongcoin?

I guess he was convinced too that Instawallet, Strongcoin, Blockchain.info are the best way to mix your coins. Yeah. And to loose them.

Anyhow, I think he still got away with BTC389 - not bad considering the mistake he did.

+1
I'm surprised how quiet things are around this, given the obvious and HUGE contradiction between claims and facts.

Disgusts me, how can people be so greedy as to steal another persons investment...  :'(

Strongcoin.com admin did the right thing - returning the funds to the legitimate owner, Graet and Ozcoin's miners.

But, the point still persists - how can they boldly claim that NO ONE can access to users funds when this is blatantly not true?

If you want your bitcoins to be safe, then don't put them in an online wallet of any sort.
Keep them offline, dark, hidden, secret, my preccciouussss.

He did a good job by returning bitcoins to original owner but yes it shows His site is not secure, If one day he gets hacked, all customer can loose their bitcoins.

He sounds like a really nice guy but Money Can Corrupt A Good Person,if one day he decides to go rouge he can easily steal all money.

I don't really trust keeping bitcoins online for a long period of time. Why take the risk.

sure, this is totally believable.

But how could Strongcoin.com be sure that the owner of the strongcoin account was really the thief?

Maybe - unlikely but still possible - the holder of the strongcoin account bought this amount of bitcoins by cash (not knowing that they were stolen). He also is not obligated to tell the truth to the strongcoin admin of how he got the coins. So maybe strongcoin admin took away the coins from an honest owner.

All this is just speculation (and probably very unlikely), but I just want to make a point here. Strongcoin just lost all its trust by this action (imo).

john

It seems that the proofs where quite credible.

Anyhow, we all know that it's not the admin of a service who has the right to decide and seize funds - that's authorities task.

I hope everybody takes this as an example of a very important lesson: never leave more than pocket change in third party services, regardless of how secure they seem (Google authenticator, Yubikey, whatever). And remember also that in the Bitcoin world, today's pocket change can be tomorrow's retirement money.