Bitcoin Forum

SECURITY BREACH DISCLOSURE

After careful analysis of the intrusion we have concluded that the software that waited for Bitcoin confirmations was far too lenient. An unknown attacker was able to forge Bitcoin deposits via the Shopping Cart Interface (SCI) and withdraw confirmed/older Bitcoins. This led to a slow trickle of theft that went unnoticed for a few days. Luckily, we do keep a percentage of the holdings in cold storage so the attackers didn’t completely clean us out. Just to clarify, we weren’t “fully” hacked aka “rooted”. You can still trust our PGP, SSL, and Tor public keys.
It appears to be human error combined with a misunderstanding of how Bitcoin secures transactions into the next block. Our programmer was under the assumption that one block was good enough to secure a transaction. Two years ago when the software was written, this single confirm myth was a popular belief.
In hindsight we should have credited deposits after one confirmation so they would show up in the transaction history, and held the deposit until it reached at least 3 confirmations. Keeping track of two balances and displaying them in the login area would have been trivial.

CLAIM PROCESS DISCLOSURE

We are in the process of building a claim procedure for the remainder of the holdings now. We expect that we will have it online soon.

The claim process will consist of a online form where the claimant will be required to enter their MyBitcoin username and password. Their balance will be displayed along with the percentage of remaining Bitcoins that we still have in our holdings. That percentage will be paid to a Bitcoin address of their choosing. This percentage will be based on our current total liabilities vs. our existing assets. We will disclose these figures as soon as they have been totaled.

Each online claim will be written to a ledger and will be manually approved within 48 hours of being filed online. We have decided to have a manual claim approval process for better security. The last thing we all need right now is for someone to breach the claim form. We are confident clients will find this satisfactory.

RECEIVERSHIP

After some research and careful consideration regarding the appointment of a receiver we have concluded that it would be very costly and slow.

Also, finding a receiver that even understands what a Bitcoin is or how to handle the claim process online would be troublesome, and would only end up in increasing our costs. Receivers are typically paid from the remaining assets and we’d like to maximize the amount that we can disperse to our clients.

We have been trying to figure out a way to appoint a 3rd party to certify the asset/liability figures, but there are many risks involved. It would involve having us trust some unknown agent that could possibly just steal the rest of the holdings out from under us. Or, we could be accused of bribing the 3rd party to agree with our figures, and on and on. Trust is a real problem with an anonymous and irrevocable currency.

It is true that we could disclose all of the Bitcoin payment addresses we manage and let everyone look them up and track the lineage of the coins. This is also troublesome due to the way that we defragment small payments to keep the processing engine speedy. Also there are the moral implications of disclosing our client’s finances. We are sure that, unknowingly to us, that our processing system has been used for nefarious purposes.

A GIFT TO THE COMMUNITY

After the claims have all been filed and dealt with we will be releasing the entire MyBitcoin processing engine into the public domain. Our only hope is that the community can improve and adapt the software to all sorts of new and interesting Bitcoin-related things.



Tom Williams

Seems like pretty good news to me!

I haven't lost anything.. so easy for me to say I guess.


Kudos for the public domain software release.  Great idea.

Same I haven't lost anything either ...I do like the idea of having a look at the "engine" ...hopefully, this clears somethings up but I don't know really..

Tom Williams,

You better come up with %100 of everyone's bitcoins ASAP even if you need to buy them with your own money from one of the exchanges.

Those bitcoins are YOUR responsibility.

I can think of times in my life where I made mistakes,  and paid tens of thousands of dollars out of my own pocket to make things right.

Now it is your turn.

Do the right thing.

This seems strangely worded, wonder what they mean?

Well since they are bankrupting people will get what they get.  Hopefully for them they kept most of their money in cold storage.  If I were in their shoes I'd try to keep going under partial reserve untill they can recoup the BTC.  Then again their image may be so damaged at this point it's not possible.

The tech explanation doesn't add up. Is he saying they were the victim of double spend attacks?
That's the only reason 1 vs 1000 confirmations should matter.
It would be so hard to pull off a double spend in this manner that this still smacks of BS.

He has not explained why people were being locked out of their accounts from over a month ago, nor why they received no responses to requests through the messaging system.

Yes - the sad thing is.. If he'd come out with a more immediate statement, and been willing to compromise his identity (at least perhaps to certain community members if not completely publicly) - he might have been able to sell it as a going concern even with the existing liability of missing coins.

Even if the losses are huge - This could have been handled so much better.  I strongly believe there would have been investment funds available only a week or two back because the mybitcoin brand was so big.   The week's silence was devastating.

+1

Couldn't have said it better myself, Memory Dealers.

<conspiracy>
OR, they've been taking Bitcoins for a long time. So far they have had enough people keeping BTC in the accounts they have been able to pay when people take BTC out. As the service had more and more people taking BTC out the wallet was getting empty. Then claim part was stolen and refund the remainder once they can no longer pay when people take BTC out.
</conspiracy>

I have to give that a +1 as well.  Spot on.

Sounds to me that this is another story to buy time, it does not make sense at all, they should still have 100% of the coins and as mentioned above by Memory Dealers any missing coins if ANY should be replaced by mybitcoin.com and also as mentioned the double spending etc, it does not all add up.

He / They are not providing a contact email or any IRC Chat for people to discus what is actually going on, by posting stuff randomly like this it seems He / They are watching the forums, and the bitcoin-police in freenode and keeping an eye on how close people are to finding out the truth and identity and real information.

Im hope everyone gets their full return of coins, this liabilities rubbish is not the problem of the depositors that placed the coins there, liabilities are his companies problem.

Hopefully this is dealt with very quickly! Nothing makes sense though!

Yup, and dump thousands into the market in the process, bringing down prices and allowing them to buy back making a profit. Then say they managed to save a percentage, and it's better not to use that money to go into receivership.

We could be taking many tens or hundreds of thousands.

When a service go silent, people assume the worst and go on a witchhunt. (That's why all critically important service should have an offsite status page where they can communicate)

Keep a cool head and see how Tom William perform, guys.  

If the guy's story is true, I would vote that Bruce be a trusted third party (in spite of a gigantic potential for conflict of interest.)  Maybe I am particularly gullible, but I would bet several BTC that Bruce would err on the side of caution and even against his own personal interests to see that things were wrapped up as fairly as possible.

...but then I had no account at mybitcoin.com.

Well, someone claim their account and tell us what the % is.

If it's like 96% I say all you guys learned a valuable lesson at very little cost. If it's 50%, well, at least you didn't lose it all.

Bruce is affected as well
The Bitcoin Show - Episode 033 - MyBitcoin, Contacting FBI, Discuss on Freenode https://bitcointalk.org/index.php?topic=34211.msg426546

And is very hands on with this situation
Make No Mistake: MyBitcoin is NOT Back Up!
https://bitcointalk.org/index.php?topic=34617.0

I actually PM'd him the press release to find out what he thinks about it waiting word.

qft

Luckily for us, this just told us enough that we could validate his whole story. Wasn't someone working on double-spend detection? Well, we need that ASAP.

  What they are proporting to have happened has nothing to do with a 'double spend' as it would refer to Bitcoins. He expects us to believe that the shopping cart was vulnerable to someone using an 'on the fly' type editor like fiddler, etc to put in a fake deposit via the website's shopping cart and then spending the coins immediatly from the account to elsewhere before the site could see that no deposit showed up in the blockchain.

  I'd like to hear a lot more details on the weak point in the SCI that allowed said depsoits. Just seems that if it was as simple as just modifying the input from the client side that someone would have detected and exploited it long before the point this announced breach was discovered.

A post by Theymos on July 1st, in another MyBitcoin thread:

- http://bitcointalk.org/index.php?topic=22221.msg309173#msg309173

Indeed.  mtgox requires 6 confirmations, IIRC.

Wouldn't these double spend attacks be noticed by other clients though?

To me seems a bit more of a problem with the mining ecosystem then the confirmation requirement (half a year ago it would be almost impossible for double spending even if the transaction would show up in your client (0 confirmations)). As far as I know, there is no miner with >50% mining share, so the attacker could not have any grip on that.

Still, I can't make up much from their explanation of the bug. The only thing I can come up with is a bug with their SCI sending of bitcoins (not receiving) where bitcoins would be send (and not verified) before the balance in their database would be updated (or that the record update failed). But still, these bitcoin transactions should be somewhere in the block chain and SCI works with a MyBitcoin Account (should have a working email address registered in there).

Looking at the reorg log (http://blockexplorer.com/q/reorglog), there may be some truth in Tom's statements. However, I'm not too sure what the proper odds are for how often a reorg should statistically happen, nor do I have the other versions of the blocks listed (my client has been left off for some time).

SEEMS, MY ASS!!! I've read right through it. There are some things written on this forum that one can see right through it, like this for instance: https://bitcointalk.org/index.php?topic=34496.msg433346#msg433346

...and if it's 1% go buy a cheeseburger with that BTC and go choke on it because you failed hard!

I don't have a dog in this fight but the wording of the statement is a bit odd.  Total liabilities vs assets is going to come out as a different percentage than Bitcoins on hand vs Bitcoins which should be on hand as it's going to include other creditors - which means that a portion of the Bitcoins they still have on hand might be liquidated to pay those other creditors a percentage of what they're owed.

While receivership raises its own set of issues, their backing away from it raises big red flags because it means that no external party is going to be overseeing the whole process of them paying back depositors - you're going to be left having to take their word about the state of their balance sheet (and at this point it would be insane to take their word about anything).

This x 1000.

If he's not incorporated, he can be sued for his personal assets and cash by anyone and everyone who lost bitcoins from this.  I encourage people to take this route once more of his information is revealed, and if he does not fully reimburse every single person who used the service.

Maybe we could have two threads. One where people are randomly screaming "GOXED" and another where we discuss the above which to me seems really interesting.

I assume the reorg-link shows the finally accepted blocks? If so, comparing them to the dropped ones should show large transactions where someone transferred money away from mbc.

Direct from MyBitcoin's Terms of Service agreement. You agreed to it when you signed up, so too bad.

If this is true, then surely he should publicly release the bitcoin addresses where this fraud took place so that anybody can track the coins.

I said this before, and it only applies if MyBitcoin's losses are at the "thousands" scale: I wonder if we can buy him out.

Let's say 10000 BTC got stolen. A trusted intermediary (the new administrative board + jury) could create a new asset on GLBSE with 10000 shares, each worth 1 BTC, so that the new company would be 100% publicly owned.

This way, everyone gets their money back AND we save MyBitcoin, which is IMO a valuable asset for the community. Otherwise, both will be lost. Plus, Tom Williams can stay anonymous. Win-Win-Win.

Not only that - if they were the victim of double-spend attacks, they should be able to provide copies the duplicate transactions spending the same input, and probably even the two blocks with different versions of the same transaction. (The official Bitcoin client stores orphaned blocks it saw that used to be part of the main chain pretty much forever.)

A double-spend with only 1 confirmation might actually be doable in this case, though, because an attacker can just keep trying repeatedly until they succeed at little or no cost to them, and because synchronization of blocks between the big mining pools isn't very good even at the best of times. Tycho's refusal to give the IP address of his Bitcoin node for Deepbit to any of the other pool operators is actually quite damaging from what I've heard.

Fantastic  :)

MyBitcoin is Limited Liability Company, i.e. owners don't take any liability for company's debts. In this case maximum you can get suing them is corporation's assets.

+1

This is a good idea. We could rename it to "ourbitcoin" too :D

+1 ;D

Hmmmm, this...looks like a bailout.

I don't think we'd be buying him out, we should offer him 1btc for all of mybitcoin.com, all it's assets and liabilities, end result being we take over responsibility and Mr. Williams can walk away from this mess. There is no reason to actually pay him more than a token amount for mybitcoin and everything with it, it's already broke and worth nothing to him, if anything it's a major headache for him.

That's only if some conditions are met:
1) The amount of btc lost is less (perhaps a lot less) than the share capital we raise to "recapitalise" mybitcoin (oh God this sounds familiar).
2) mybitcoin.com could generate enough profit to eventually repay these capital costs.

IF those conditions are met then yeah, we can bail ou.... I mean buy out mybitcoin.com

Interested parties should pm or email me doctor.nefario@gmail.com, I'll handle everything with regards GLBSE, someone else needs to get in contact with Mr. Williams and get a response from him on this as I don't know the guy.

Nefario.

Very interesting solution! I hope this one, or something like it, pans out. As a caveat, I once bought out the entire stock of this one guy's business. The next day when I went to load up the merc, some items that had good value were missing. I didn't call him out on it because the price point I offered, and he accepted, was quite low, but I also knew that it was not outside the realm of possibilities that this would happen--and this time it did.

http://www.geniusdv.com/weblog/archives/spy%20glass%20image.jpg

The only problem is: getting in contact with Tom Williams.

Heh, simply ask mtgox who is that dude that dumped 10,000 BTC a few hours ago  :D

Protip:

MyBitcoin.com will come back as MtGoxxed.com

MyBitcoin is a Limited Liability Company, so the owner(s) is not personally responsible for the company's debts.  This is a very good thing, because it allows entrepreneurs to start risky ventures without putting their entire lives on the line.  If we didn't have limited liability entities, there would be a whole lot less innovation, a lot less wealth, and a lot fewer jobs.

This is a good plan Nefario. The site should be administered by the community and fees used to help compensate the victims.

If we can open source the site the bitcoin community can ensure this crap never happens again.

Id buy at least 100btc of shares in this venture.

However one of the few things purportedly known about MyBitCoin is that it is a bitcoin millionaire early adopter.

The fact that having become a bitcoin millionaire by virtue of adopting early caused it to be rich enough to not only be perceived as trustable (being in possession of so many bitcoins) but also to actually register itself as a "real company" is now supposedly to be taken as a red flag instead of a green flag???

Hype is such bullshit. A real company is to be trusted because real means absolutely untrustworthy because real means no liability?

Of course we also discovered that one of the main public relations arms of MyBitCoin, Bruce, is nowadays claiming not to know the guy/company/whatever at all, despite having run around way back when seeming to be trying to give the impression he and MyBitCoin are buddies from way back and both trustable (again part of that trust being based on the sheer number of bitcoins they have).

So now part of the propaganda machine known as MyBitCoin, specifically the public media broadcasting part aka the propaganda department, is claiming to have lost a fortune to the other part of that same propaganda machine?

Handy thing about Nevis I guess is it won't tell us what percentage of the "real legal incorporated company" is Bruce and what part is someone else. How many people are needed in order to become incorporated in Nevis? (But presumably the stooges there who for whatever reason do actually create such a company for you in return for the $2000 or so they charge for doing so instead of saying "ha sucker thanks for the $2000 good luck sue-ing us we are in Nevis like you wanted to be and for the same reason hahahahah" can provide enough stooges to fill the quota...)

-MarkM-

P.S. they even named it clearly as being their bitcoin, so even if you are correct that their bitcoin is not the same as their biological lifeform(s) all that does is free the lifeform from liability not the lifeform's bitcoin which are what actually constitute the corporation...

In Latvia ONE person can create corporation, minimum capital is just ridiculous 1 LVL ($2).

Clearly, some people have a knack for inventing conspiracies.

Their website says they're an LLC, but has anyone seen the paperwork?  I'm guessing no, since if they had there would probably be a way to track down the owner(s).

Apparently so. For those of us still trying to learn how best to construct our conspiracies though this is all very educational. For example I had hitherto not really looked into the possibility of basing my conspiracies in Nevis. Currently my own conspiracy is not even limited liability, thus maybe is not a very secure conspiracy...

-MarkM-

On top of that you may find that a LLC does not protct you from gross neglegiance, and whether that was the case or not is not decided in courts. It may be quite simpe or quite complex to pierce the corporate veil.

Given that I have been working on two accounting frontends for financial insttutions and we were always auditing all transactions of the day every night I would certify that not doing so validates what I have been teached is common practice and thus is gross neglegiance / criminal behavior. Heck, we were PRINTING every transaction directory onto a line printer to make sure that in case of some desaster / hack wiping out the computers we had a separate non-destructable log (it is quit hard to delete printed pages from a computer).

Compliance with legal regulalations may be one of the attack vectors that could possibly be used here. At the end, lawyers will have to fight that out.

I totally called it.

MyBitcoin should post the transaction hashes of the transactions that have been reversed so that their story can be verified.

Well it smells so, but technically it's not a bailout, since a new board would take over (a new company that's 100% on GLBSE). A trusted group of people are still needed to make the transition, hopefully people who plan to buy a bigger portion of the shares and/or plan to be employed by the company. The site probably would need to switch to a different business model to be able to generate enough profit though.

On the one hand, I like the GLBSE sell-off idea. I would even be willing to buy a few shares (10 or so). I also like the idea of it being a privately-funded bailout.

On the other hand, I'm really looking forward to the release of their source code! I'd like to be able to offer my brokerage customers a digital wallet service that's easy to use. Of course, I'll have to alter a few lines of code to require 3 confirmations instead of 1, but meh.

OMG, I love ABE! Turns out that we can read all of the branches pretty easily!

Here's some examples:

Block 137571:
http://abe.john-edwin-tobey.org/block/0000000000000779066b823cc302316ca6cf5550f7b1d28f79a26ebff09503d4
http://abe.john-edwin-tobey.org/block/00000000000001fba6bcf0c15d3fecc4d1f2837e934d6ee5afff3ff28a0888a2

Block 136755:
http://abe.john-edwin-tobey.org/block/00000000000000f48d1225842ed629fce1d1e5ae0fba6ae04d4ae7dbfc9e34af
http://abe.john-edwin-tobey.org/block/0000000000000152fd8df6e551d1d3db507132ed34495cde176eb799057871f3

Anyone want to look for conflicts? If we check every reorg, we'll be able to INDEPENDENTLY verify the amount of funds stolen, and where they went to. Additionally, we might even find out that a pool was behind this. Game = changed.

+1 I think this is a sound idea!

So we're creating a non-governmental chartered corporation which you can't sue in courts?

In all seriousness, I hope this new company will be more secure and more accountable to the wallet holders.

True. If they really release their source code, we'll be able to see how their code was fooled with what sounds like a fake block.

I did a check of the fake 137571 block, and the only transaction that's there, but not in the real 137571-137573 blocks is the generation one. Which is what you'd expect from a "legit" dupe block. Looking through the other one now.

edit: Same with the 136755 block. Only generation block is missing.

I'm seeing the same you are. We'll have to check the other blocks too, I guess.

Unless ABE is hiding the conflicting transactions that should have been included in those blocks?

One man's innovation is another man's fraud. “A corporation is a legal person created by state statute that can be used as a fall guy, a servant, a good friend or a decoy,” the company’s website boasts (http://www.reuters.com/article/2011/06/28/us-usa-shell-companies-idUSTRE75R20Z20110628). “A person you control… yet cannot be held accountable for its actions. Imagine the possibilities!”

The whole situation with mybitcoin smells fishy. My instincts tell me that "Tom Williams" is a pirate. Captain Tom!

Hence the reason I started with "If he's not incorporated..."  ;)  I wasn't sure what the registration of the business was.

First I lost money with ice save when the Icelandic economy went tits up. So I switched to an unregulated US hedge fund. They got shut down by the FSA. So I switched to some gold. Some of that went missing in transit. I claimed on insurance but decided to check out Bitcoin. I saved some with mtgox and mybitcoin and my own client. First mtgox got lost (couldn't remember my balance), then mybitcoin had this problem. Terrible!

This is just a reminder that this is nothing new.

In this case I feel I blame myself for using mybitcoin as a store rather than just for spending. I've lost a lot in one way but... When I signed up it wasn't worth what it is now! Oops!

I stay forever hopeful with bit coin because I've experienced first hand greater losses. It could be a lot worse - I'm glad I'm not starving this time and take it as a lesson - spread those eggs into different baskets!

Nevis doesn't require the names of the actual owners or beneficiaries to be listed anywhere in the paperwork.  Given just how many companies are registered to that same PO box and street address and the fact that Meridian Trust (which acts as agents for shell companies) appears in the whois information for Mybitcoin, I doubt that information about the true owners appears anywhere in the LLC records.

I've done a bit of research over the last few days and there are any number of company agents who'll set up LLCs in Nevis complete with a company agent and an off-shore bank account (which can be in Panama, Belize, Nevis or other safe havens) for under $2000.  One of their big selling points is that Nevis courts don't enforce judgements from foreign courts, and that Nevis law prohibits the disclosure of information about the owners/beneficiaries of certain types of legal entities.  A Nevis court can probably force a company agent to disclose that information, but I'm guessing that the company agents would fight very hard against any such action in order to keep their reputation as being IRS-proof intact.

mybitcoin is stalling for time.

They have no contact information available and are not communicating (although they are watching these forums).

They have said there will be a claims process but they've not done anything.

From the information provided, on the technical side their story doesn't add up.

I vote for continuing to attempt to uncover the real identity of Tom Williams. It seems this is the only reason he made a statement at all.

Nefario.

Are they? How are you so sure about that?

Why wouldn't they?

The second press release here confirms it. With no way for us to contact them, there is nowhere else they could have received the community feedback used in #2.

There's some updated information here.

http://bitcoin.crimeunit.net/wiki/index.php/MyBitcoin_Summary

Not really true in all cases. Limited liability does not protect in cases when some kind of crime is proven. Whether it is fraud, operating a depositary institution without appropriate license or something else. By hiding identity, operator of mybitcoin does not help himself much in this regard too.

+1 There have been many cases where the operator of the LLC goes to jail/bankrupt because of the obvious misuse of their company name...

His anonymity is the strongest protection for him to avoid criminal prosecution, enough funds are at stake with mybitcoin.com to warrant the harmed parties to chase him to wherever he happens to be. Once we discover who he is he has no protection, having a disclaimer on the bottom of your site doesn't protect you from criminal charges if you're guilty.

Anonymity might help him to avoid criminal prosecution (if anonymity is breached and if there were indeed any crimes commited), however it does not help at all with keeping Limited Liability protection. That's what I mean.

BTW. Most people do not have any clue on how difficult it is to stay anonymous on the net, particularly when there are allegations of crime thrown around.

I suspect that this is the reason for his very minimal contact with the community. The more he talks and communicates with the community the higher the risk of his ID being discovered.

There is also how he has paid for his hosting, unless he is paying for his hosting with bitcoin (which is very possible) and he has not bought  the coins off an exchange then the credit card can be traced back to him if it's a personal one. There is no such thing as anonymous banking in this world, so that if the credit card is registered with his company he will still have to provide an identity.

It may be difficult and even costly to track him down but it can be done...unless he's a government agent in which case all bets are off as the state (whichever one) would provide protection.

A court order can be obtained in to reveal his identity in the region that his LLC is incorporated.

Nefario.

I think you misunderstood the Mybitcoin's statement about the cause of the hack.


If i correctly interpret this statements, then Mybitcoin accepted transaction as verified after the block number was incremented, not after that transaction was included in the block. This opens an easy way to drain their coins without block chain fork, especially if you know their bitcoind IP address.

Bitcoind doesn't accept remote connections unless their ip is specified in the config file.

I mean 8333 port, not RPC.

If they only used block increment for confirmation, then you could send to their bitcoin one transaction, and to the other part of network different transaction with the same coins.

Why don't they let people know what % of their holdings they can expect to see returned?  I'm glad I didn't have any coins with them, but I know a lot of people did.  There is really a trend of unfortunate circumstances arising out of the centralization of something intended to be decentralized.  MTGOX, Bitomat, and MyBitcoin

My sympathies to all who lost coins entrusted with these or other live wallet services.

In other official postings they said they had 'the majority' of their BTC offline.  If that is true, then they should have more then 50% of users funds.  Somehow I doubt any serious amount will be returned. 

Has anybody with a http://www.domaintools.com/ account tried the "Hosting History" feature on mybitcoin.com? It apparently can show the history of IP addresses that the website was hosted from. Maybe it was hosted somewhere other than Leasweb in the early days and they have some information about the account holder.

All of that information is on the bitcoin crime unit page.

http://bitcoin.crimeunit.net/wiki/index.php/MyBitcoin
  
Their move to Leaseweb was a recent one.  They used Privacy Shark and its owner Dalin Owen recommended Morning Star Holdings (a Nevis corporation mill) to them.  It's doubtful that anyone will disclose any information about the actual owner of Mybitcoin without an order from a Nevis court because these services are set up precisely to offer safe haven from legal actions.

Because they're not sure yet how many BTC they'll be able to buy back with the profits they made from their massive dump of the last few days.

I see no list of previous IP addresses on this any of the crimeunit pages.

My bad. I missed that.

Why would a business ask a web host for advice on where to incorporate?
That whole statement is ridiculous.

Because Privacy Shark is just one of the very many services set up in Nevis to allow the true owners of corporate entities to hide their identities.  It's kind of like if you have a shady accountant and want to find a shady lawyer you might ask your accountant for a recommendation.  Privacy Shark registers domains for people who want their ownership of those domains hidden and Morning Star registers LLCs for people who want their ownership of those corporations hidden.  They're both part of the same industry and there's probably a lot of cross-referral. 

What's not clear is whether the original intention was simply to hide business activity and assets from authorities or to defraud service users.  Dalin Owen obviously knows more than he's revealed so far but there's no reason to assume that he's going to disclose anything further without either a subpoena or an arrest warrant being produced.

I could see a dedicated enough hacker managing to cause significant harm to the hardcopies as well...

What do you mean by "mtgox got lost"? Noone lost any money with mtgox afaik. Please explain.

I'm with you on this, 49% my ass. Bikerbum

+1

It is disappointing that the owners act as if they are not responsible for the lost coins. Also, I think they took the worst route possible of handling this. There wasn't even an attempt on finding a middle ground. And no communication?

They have tainted trust-based businesses, which, for me, is almost the whole point of Bitcoin. Either way, the investigation needs to continue. Is there a way we can donate bitcoins to this endeavour?

Myself, and many others that I know of lost money in the MtGox hack.  About 3 days before news of the hack went public, someone emptied my account (luckily it was only 20.19 BTC) - most likely my password was cracked from the leaked database. It was reported to MtGox before any news of the hack had surfaced through their online trouble ticket system.  It took me over a month of constant emails and trouble tickets before they would even give me a response. In the end, they basically said "tough luck" and they didn't feel responsible and had no plans on reimbursement.  I know several people that had this happen.  They were very sneaky/clever in saying that they lost no BTC in the hack (they didn't, their users did).  I for one will never use their services again.

So, where is our gift?

Things that make you go hmmm...

Earlier today, someone at mybitcoin.com redirected the site.


This may have been some kind of configuration error since /proxy/errors/404/ don't even exist on 50.61.240.200

BUT...what DOES exist at 50.61.240.200 is onlyonetv.com ... Bruce's TV show


I find it strange that whoever is running the mybitcoin domain made a config error that just so happen to incorrectly redirect to the IP address of Bruce's site.  Like, why the hell would mybitcoin.com suddenly redirect to onlyonetv.com's IP address error page then suddenly fix itself?

After the 404 config error was fixed, if you went to http://mybitcoin.com you wouldn't get the 404 error any more, but you would get a landing page at arvixe.com:
https://i.imgur.com/P2llf.png

It's strange enough that mybitcoin.com is now was being hosted at arvixe.com, the same host as onlyonetv.com, but it's even stranger that an error in the configuration would point directly to Bruce's ip address and now mybitcoin.com no longer points to arvixe.com at all now.

If you go to mybitcoin.com NOW, you will see that it goes to the old page content just as if nothing had changed today.  I don't know what's going on, but it stinks.  ???

OK, now this is looking quite damning.   :-[

And you'll do what exactly if he doesn't?...  It's all well and good that you paid up when you made mistakes, but assuming others will is a recipe for being taken advantage of.


QFMFT

Just playing devil's advocate, but couldn't someone have hacked it that way to frame Bruce?

Yes, absolutely (not hacked, but the owner of the server could have just put up a redirect). It's like a David Mamet movie in here. Scammers scamming scammers with another plot twist every 10 minutes.

I stopped mining before mybitcoin shut down, and had a mybitcoin address as the payout address for some of my pooled mining accounts.

I had filed my claim had < 1.0BTC in the MyBitcoin Account, and received my 49% shortly after.

recently I checked my pooled accounts for the small amounts I had left behind, I realized I had left a mybitcoin pay out address in them and changed it.  and requested pay out.  however one of the pools required a verification e-mail of the change, and paid out to mybitcoin before I could click the verification e-mail.

its  ~ .25 BTC.  Went to try and claim again, and it says my balance is 0 and that I already made my claim.

also someone/thing still checks the wallet and sends deposits. Here my old Mybitcoin address.

1L6LCHkgVox1aRoDywwrZrXq1G6E3C9LEA