Bitcoin Forum

This post is intended to inform all interested parties about Linode's response to Bitcoinica.

Ouch.  That has to sting.  So "generous" of them to offer a whole year of service.  I will never do business with Linode.

They knew we would never do business with Linode again. So the credit is pretty much worthless.

WTF ?  *speechless*

Yes, getting a couple hundred thousand dollars of assets stolen is, well, inconvenient.

I'm pretty sure it is only an effort to repair the bad press that they got, since their T&C state that they aren't liable for anything.

What I'd rather see is a breakdown in excruciating detail of a) the reason it happened in the first place (security vulnerability details), b) exactly what fixes have been made to correct the issue (firing bad employee, tweaking PHP config, auditing firewall rules, etc), and c) an independent security audit and the results posted publicly.

lame, but absolutely expected

I have been using Linode for over a year now. A few months ago I went to their IRC channel and asked the people there why Linode does not accept Bitcoin and I got laughed at. That was strike one.

Then this ordeal happened. I didn't lose any money, but it was strike two.

I know of BitVPS and I am considering switching to them. Problem is I'm not a huge techie. It was a huge learning experience to build my VPS from scratch and host my website, VPN, email accounts etc. Moving to a new VPS would be a huge time commitment for me.

I may do it anyways down the road, but I'm curious, the people who DID lose money at Linode, where are they going now? What are they doing? Are they moving to BitVPS? Everybody here that is done with Linode, what are you doing? Where are you going?

LOL... "our system sucks balls and lost you a couple hundred grand, so in return we'll let you keep using our service for free."

Bitcoinica lost all this money by the fault of Linode, and chose to cover the entire cost and reimburse its customers.

Linode enabled this loss through their own malfeasance, and chose not to cover any of the cost.

Bitcoinica has my sincere respect, and they demonstrate that even in the "wild west free market" of Bitcoinland, honor and market incentive can be better safeguards against theft than any regulatory body or legal system. Thank you Zhou! I hope you earn the money back 100 fold.

I doubt he can ever earn 4 million Bitcoins.

Oh, "money", that means fiat, my bad. ;D

It's fine for LOLcat sites though  :P this Linode amateur shop.

I still say they should be sued. It happened due to their own internal policies with employees and security, not because of the customer's account security. How is that not 100% their fault?

They have actually admitted fault right there. Provided you don't accept their offer as settlement (and you don't seem to be interested) this can help in court.

Well if their terms say they aren't liable maybe not sued but definitely investigated by some external crime fighting agency. I mean are we to seriously take just their word for what exactly happened?

If it's an American company I'd contact the FBI. And if it's not it'd contact their countries respective crime fighting agency. Let's not just rollover every time someone get's their wallet stollen, these things can get investigated, if not by tracing the money, maybe they can do it by tracing the breach.

If I understood correctly, they had a backdoor in the system that their users never knew about, but the thief somehow did. This enabled theft of serious ammounts of money (sic!), and deserves serious response. 

+1

I want to have a process of backing up so smooth that restoration to a new service should be within a few commands...

We agree. Action should be taken.

if banks are not liable for contents in safety deposit box when stolen, even by bank employees or facilitated by bank employees or through gross negligence of bank employees... what makes people here think that bitcoinica has any chance of satisfaction?

They should be sued *if* they didn't (or won't) cooperate in properly reporting this as a theft (whether or not the stolen data is considered 'money' by the law) and providing all relevant information to a law enforcement agency.

I really dont think sueing them or asking fbi (or whatever) for help will make any difference.
Bitcoins are not recognized as a currency at all, or as payment method in general. So HOW is the FBI to accept that $200 000 were stolen?
My personal view is that there are only a few scenarios that can come out of sueing linode:
(ordered by probability)

1) No case gets filed
Linode has in their agreement that they arent liable to such problems AND they gave a compensation
2) A case gets filed
Linode agrees on a somewhat higher compensation: Maybe 5yrs of free service? But nothing remotely close to $200000. Since you have lost money by lost reputation and so on. Your Income isnt just what it was before.
3) A case gets filed
Bitcoins get recognized as having value, maybe a currency. So There has to be a full compensation. At this moment Bitcoins would also get a new price peak since it would become "real"... most unlikely to happen though :(

Well, it has market value, so it would at least be considered as commodity. If they rule that it has no value whatsoever, then that would mean that they won't ever be able to tax it (at least to my naive mind). It's still a win.

Good point actually

Fuck this.

IANAL, but I seem to remember that: No matter what terms and conditions there are, even if you signed a contract, "gross negligence" is still usually legally enforceable.  A party in a contract like this cannot act grossly negligent and cause harm to another party, then claim that their contract protect them from being responsible.

The question is, can you show gross negligence?  It might be worth a quarter-million dollars to try.   (assuming US).  I argue that designing a universal backdoor into a piece of software that is marketed as "secure", and not letting the users know that it exists but letting your employees know is either grossly negligent, or borderline criminal (well some employees have to know, but how many?).

I'm really saddened that everyone is so fixated on the amount of BTC that was stolen instead of the crime that was committed and the perpetrator. I want someone to investigate Linode because I don't trust their word of how this crime came about. I want someone to go there, and do an independent investigation and verify what they are saying.

I don't want to force reimbursement, I don't care about that. What I really care about is whether or not Linode really was a victim in this or not especially because that's what really matters for the rest of their clients and their future. I actually don't believe they should be forced to pay something/anything back that wasn't preagreed upon in a contract with them.

Just find out if they actually are a victim in this so their customers don't get hurt again.