For these reasons, I personally will never use Rackspace Cloud again unless they address all of these issues. AWS is way more secure than them.
But that's still no excuse for not having offline backups. If you weren't online to notice the unauthorized rackspace session, the Rackspace admin "delete servers" bug (unable to disable) would still be an unknown bug/feature. As for AWS, remember last year when bitomat.pl lost 17k BTC (iirc) in the blink of an eye when their AWS VPS was rebooted? MtGox bought them out and gauranteed depositor funds. Don't trust a "cloud". (this is opposed to: first I trusted Linode, then I trusted Rackspace, and after getting burnt by Rackspace I finally decided to trust Amazon Web Services). Live and learn. We have off-site backups in a different DC. It's managed by Rackspace. If the server crashed, we have no problems of recovering. There are a lot of backups of all our main servers. It's just that these backups were deleted by the hacker. |
|
|
|
The week is coming to end and I believe you have said that by the end of the week some people will get refunded. So how is it?
Even though I'm in their mailing list, I don't have any official progress information. I wasn't involved in the process except for very little moderation work. I think they are almost ready now. Hope someone from Bitcoinica Consultancy can post an update soon. |
|
|
|
The entire Cloud Sites FTP structure is backed up every four hours, which totals six daily backups. Those backups are rolled into a nightly backup, which are retained for two days. However, these backups are for disaster recovery on the server side. If for any reason a storage node on our side were to crash, our backups will be there to replace any lost data.
That said, we recommend that you make periodic backups of your site and data to your local computer since we are unable to extract an individual site's data from the nightly backups. Was it, or was it not, possible to recover lost data from Rackspaces servers during that first 48 hour window? I don't understand how Rackspace is able to recover data from their servers following a "disaster" yet unable to after a phone call is made to them about data being erased by other means. I'm puzzled! ~Bruno~ According to an unknown source, the data retention for deleted servers is 12 hours. However, Rackspace suspended the servers made me feel that they are "safe", because I couldn't do anything against the servers. No one, not even the Rackspace manager knew that the servers can be deleted. When I was ready to re-start the servers and continue Bitcoinica operations I found everything gone. And it's 17 hours since deletion. |
|
|
|
I almost forgot to mention, I know people who work at rackspace and I've talked to them. Your logs & database being deleted is effectively a non-issue, it's a pain to recover but you can bet that they have the capability of recovering every last byte of missing information. This has bugged me as well. Until this episode I had the impression that Rackspace was a serious hosting provider. Not some garage with a couple of racks on UPS and a fat ADSL line. A serious hosting provider keep multiple backups of customer data off-site, because losing a lot of customer data due to some catastrophic event means losing their business. Unlinking it from a web page just makes the data a bit more inconvenient to get to. Impossible for the customer, but in no way impossible for Rackspace. The data may be older than current, but I find it hard to believe that off-site backups were instantly deleted along with the servers. Backup systems just aren't built for easy deletion. Perhaps someone from Bitoinica can comment on how they have worked with Rackspace to rescue data? We have talked to a manager and he confirms that no data can be recovered. We have even offered a $10,000 tip for any information recovered, but later they got the bad news again. Rackspace shouldn't be used for serious applications, because of the following "features": - You can own all servers in an account with an email. - You can't force someone to log out, not even any Rackspace employee. - You can suspend the servers through customer support. They will say it's safe. But anyone can delete the servers. - When you delete something, even in Cloud Files, it's permanent. - When the thief is in your account, you can't do anything to prevent him from doing anything destructive. For these reasons, I personally will never use Rackspace Cloud again unless they address all of these issues. AWS is way more secure than them. |
|
|
|
Reputation is more then a pseudonym and a high post count on some forum. The assumption here is that this equals honesty. I'm not so sure myself, especially when money is at stake. I paid for my ticket on this titanic. There was only 1 class when I signed up.
I would like to see some (relative) numbers:
* How many claims has Bitcoinica received? How does this stack up against the total amount of customers?
* Does the amount of claims exceed the amount of deposits? If so by what margin?
The number of claims received is about 25% less than total number of paid customers. The value of claims exceed the total assets by 35%. However, taking into account the original insolvency resulted from the hacks, the margin is only about 15%. It's manageable and I think they can handle it very well. How much do those missing claims represent? While it's likely a lot of people won't bother making low-value claims, from an accounting viewpoint you need to make provision for them. If you add that value to the other numbers, how do they change? Also, do you mean that the value of claims exceeds the total deposits by 35% rather the total of Bitcoinica's assets (which should be more than just the total of user deposits-whether user deposits could even be classed as Bitcoinica assets is an interesting question in itself as generally speaking they would be regarded as a liability from an accounting viewpoint)? I know that you're talking somewhat informally, but just be careful about using terms like assets and insolvency - it could really bite you on the ass down the track if people are unhappy with the way this is ultimately resolved. I mean assets when I talk about assets. It's the accounting term. Assets = BTC cold storage + Mt. Gox balances + Bank balances Customer deposits are liabilities, but we have customer unrealized profits (liabilities) and customer unrealized losses (contra-liabilities) as well. Bitcoinica is insolvent for obvious reasons. It's in insolvency state. The investor promised to chip in, which exceeds his legal responsibility. But before the money arrives, Bitcoinica is insolvent. Claimed amount also has nothing to do with actual liabilities. It's what the creditors claim. |
|
|
|
Reputation is more then a pseudonym and a high post count on some forum. The assumption here is that this equals honesty. I'm not so sure myself, especially when money is at stake. I paid for my ticket on this titanic. There was only 1 class when I signed up.
I would like to see some (relative) numbers:
* How many claims has Bitcoinica received? How does this stack up against the total amount of customers?
* Does the amount of claims exceed the amount of deposits? If so by what margin?
I also wonder about the ratio of USD to BTC deposits. While we know that they're going to be holding back 18k+ Bitcoins, there's no way of knowing how much in USD is being held back (it could be in the hundreds of thousands of dollars if significantly more people have USD on deposit). Both USD and BTC deposits are highly concentrated to a few people. The ratio is mostly determined by these people's deposits. |
|
|
|
Reputation is more then a pseudonym and a high post count on some forum. The assumption here is that this equals honesty. I'm not so sure myself, especially when money is at stake. I paid for my ticket on this titanic. There was only 1 class when I signed up.
I would like to see some (relative) numbers:
* How many claims has Bitcoinica received? How does this stack up against the total amount of customers?
* Does the amount of claims exceed the amount of deposits? If so by what margin?
The number of claims received is about 25% less than total number of paid customers. (We have a huge number of long-tail accounts with less than 1 USD value. So no problem with this number of claims.) The value of claims exceed the total assets by 35%. However, taking into account the original insolvency resulted from the hacks, the margin is only about 15%. It's manageable and I think they can handle it very well. |
|
|
|
No part of the claim form asked for a link to any other community. Please explain how you are securely linking claims to "community reputation".
Please tell me you aren't using "username on bitcoinica = username on bitcointalk". And "high post count on bitcointalk".
Do you people know anything about security?
Since I have not yet resigned, I still have access to the moderation system and the accounting reports. From what I know, most of the claims, and almost all high-value claims have records present in at least one of the accounting reports that we have. These reports have various degrees of currency. I have moderated a few accounts, and it seems that some claims are really trustworthy, because of the claim details exactly matches our records and the account owners were extremely co-operative. Some people even sent us their full Mt. Gox logs and bank statements. I personally have no reason to delay payments for these people. I believe that what they are trying to do is to find more cases like this and refund them immediately. |
|
|
|
Did the hacker also retrieve the username using the compromised email account - you need the username in order to reset the password for cloud hosting services and you need the account number/username to reset the password for managed services.
The hacker didn't know anything about Bitcoinica. He first requested the username, then requested a password reset. I have to say that Rackspace Cloud's security protection for customers is not very up to standard - you can re-use the password reset link after it's already used! And password changes don't have any effect on the sessions. (Usually everyone should be logged out once there's a password change, but it didn't happen at all.) I'm not blaming Rackspace here. Just a kind warning to those who wish to use them for anything serious. |
|
|
|
Who had the most to loose if there were records in Bitcoinica that pointed to fraud on Zhou's part. Or maybe it wasn't monetary fraud, but simply a big ego damaged!
Who had the ability to send the keys to the server and simultaneously "hack" the server?
I don't exactly understand your questions. But well, the email compromise has been confirmed by everyone, and the system is solely controlled by Bitcoinica Consultancy. You can say whatever you want if you have concrete evidence or proof. I have already listed the 15 verifiable points in the other thread and you're welcome to challenge any statement that you believe is wrong.
Who had the ability to communicate directly with rackspace and potentially find some residue of the servers and databases before it was too late?
I communicated with them immediately and they locked down all the servers. However, I was in a false confidence that the data won't be affected because I can't do anything on the servers. I don't blame Rackspace for the hack, but it's a design flaw that resulted in missing the opportunity to recover data. (If they can't suspend the servers, I could probably download the backup immediately to my machine.) Who has the keys to the offline cold storage wallet?
I don't have. I don't even know how much we have in cold storage before the hack. Who was the first to know of the breach and then notify the forum/community, but not even tell his team?
They were all offline when the thing happened and I was exactly online (at about 10pm UTC+10). I told Tihan and Patrick, but not Amir. I have never communicated with Amir before the hack. I was not even recognised as the employee of Bitcoinica. Who conveniently went back to school and didn't have time for us anymore?
I'm not the owner of Bitcoinica and I'm not liable for anything that happened. Who recently made a huge move to Australia and is getting the hell out of dodge?
I decided to move to Australia in November 2011. Why are there a few bitcointalk accounts that continue to attack the Consultancy (no, I'm not taking their side) very venomously that were created after the first security audit of the Bitcoinica? Planned in advance maybe?
I don't know them. Why does Zhou so boldy claim that these accounts are not him and dares us to compare writing styles, but in another post says he has language software that gives him the ability to write in many different forms or something to that effect?
I never claimed something like that. Citation? Yes, my Mac autocorrects. Like "organisation" instead of "organization". This was pointed out by Bruno as "wrong spelling". Yeah, I know. Just a good conspiracy theory, but man I'm sure glad I followed my gut feeling a long time ago and pulled the little I had and resisted the temptation to deposit more even with the cool interest rates they had.
I didn't even initiate the interest system. Bitcoinica make profits when people trade, not when people deposit. I've lost all trust in Zhou. Maybe I'm wrong, but it will take a whole lot of convincing.
You don't have to trust me. I can't get a single cent if you trust me. |
|
|
|
|
You can complain all you want, but it's not going to solve the problem.
I have a way to make sure that at least 98% of all customers are satisfied with refunds (including you) while not incurring additional liability for the company. I have no legal obligation to resolve because I'm neither the General Partner of Bitcoinica nor a paid employee. (My employment status is unknown, but I was not paid for work since April 1.)
Bitcoinica Consultancy has three people including two technical experts. They have been working in Bitcoinica for more than one month. And they're assumed to bear all liabilities of Bitcoinica LP.
However, I have offered to take over the dispute resolution for no compensation, no future financial interest in the company, and no additional liability required. I want to be responsible for this even though I'm not legally required to do so.
Honestly, the whole situation is unfair for Bitcoinica Consultancy since they only took over the company a few weeks ago. They didn't make a single cent of profit before incurring such huge losses. I believe that Tihan chose to compensate personally (when he's not legally required to do so) because of the same consideration.
From the information I have, the data we still possess is more than enough to come up a net value for everyone within 5% range. When coupled with the claimed figures, we can even figure out the exact net value for most of the accounts. I believe that Bitcoinica Consultancy also has the ability and expertise to execute the dispute resolution process independently without my help.
|
|
|
|
|
Site note:
You can safely delete Bitcoinica from your Google Authenticator app.
The GA keys were stored in plain text, so we can't use it as an authentication method. In OTP authentication, we have to use the same key that was added to your smartphone to verify your OTP.
|
|
|
|
@zhoutong
So the accounting stuff says I had some past balance or deposit and the amount of funds I claimed was in the ballpark of this. What now? My fake claim still goes through.
Let me make myself very clear here.
There is but ONE solution where Bitcoinica does not necessarily go bust.
You have to retrieve the database!
Do it either by posting a bounty or by catching the hacker.
Every passing day without database increases the likelihood for it to be entirely forged once it is released!
Blitz out.
Your fake claim going through doesn't mean it will be approved. Everything is going to be reviewed by a human. Of course getting the database back will be a good thing, but it's definitely not worth 18k BTC (even paying everyone 10% more will be cheaper than that). Whether the hacker chooses to release the database or not it's his personal matter. I personally prefer the hacker not to leak anything though. Your money will be returned. Just don't worry about it. You can assume that we have the database now. The reconstruction work is much simpler than what I thought. |
|
|
|
YOU BETTER SOMEHOW RETRIEVE THE DB FROM THE HACKER OR THIS IS GOING TO END UP IN DISASTER!
It's not a disaster already? I mean insolvency style disaster. 18.5k BTC is nothing. What are they going to do if (and it is not really "if" – when it comes to money, people will do it if they can get away with it) there are a few hundred cunning people like me who thought the same on 20th of May? Read my IRC log. What are they going to do once the deposit claims total 500k BTC, most of them being from 100+ points users? There are only so many funds, and the fight over them is ON. Better find a way to retrieve the database before they go broke, no? We have all kinds of accounting reports. They are outdated and incomplete to restore trading, but far current enough to identify fake claims. Tihan is a careful person and he keeps all the logs when he runs his stats program. Submitting false claims will only result in delay of fund returns. The point system I proposed is used to save time and effort for people with accurate records. There isn't any reason to verify people with verified Bitcoinica account and only 1 BTC balance (and our record proves so). We should just refund the customer in full immediately. The claim process involves subjective judgements, and that's why I request for take-over. I'm obviously more familiar with the user base and I should provide as much assistance as I can. I have requested again for takeover in the Skype group and provided my working plan. If they approve within 8 hours from now I'll probably start refunding customers by early next week and finish by the end of next week. |
|
|
|
Sorry for duplicate posting (I posted this in the newbie forum initially) but I really wanted to share my concerns about the claims process as proposed by Zhou here. By now it is clear that bitcoinica had their entire db and all records (apart from PII/AML and some outdated records) wiped. This is a worst case scenario. What a royal mess and one that baffles the mind considering they were dealing with a lot of customers money on a daily basis. Having a single point of failure on a virtual server hosted by a 3rd party? Wow. just wow. If I had known I'd never have put as much money into this operation as I did. However that is all in the past so let's move forward. Zhou suggested the following approach to dealing with claims: --- Disclaimer: Pure suggestion. NOT OFFICIAL ---
- Your bitcointalk.org profile or Bitcoin-OTC rating shows you as reputable and trustworthy. (50 Points)
- You can supply at least one transactional email you have received which perfectly matches our outgoing transactional email records. (30 Points)
- You can provide passport scans and you have provided to Bitcoinica (even if it's pending verification). (40 Points)
- The order of magnitude of your reported balance is consistent with our outdated accounting records. (30 Points)
- You can recall the balances exactly or very precisely. (20 Points)
- You have reported a losing position, with precise details. (20 Points)
- You have contacted Bitcoinica Support at least once since September 2011. (10 Points)
- Your email can be searched online and matches your identity. (10 Points)
- You can provide proof of Bitcoin address ownership (signature), Mt. Gox code you have used/obtained or accurate details of large transaction records (>2500 BTC) that match our hedging activity. (10 Points each kind of evidence)
- Another reputable member supports your claim. (10 Points)
- You have used wire transfer, BitInstant or AurumXchange to deposit/withdraw funds and they can verify the records. (10 Points)
- You have submitted the claim within the first 24 hours since the announcement. (10 Points) Couple of points below: - Your bitcointalk.org profile or Bitcoin-OTC rating shows you as reputable and trustworthy. (50 Points) Wow. 50 points if you have a reputable bitcointalk.org account. Ranked higher then any verifiable things like transaction IDs, passport data, etc. I'm sorry I didn't know when I signed up with bitcoinica that it's compulsory to go to some unrelated forum and post here daily. Some people have no interest in this and have busy non-BTC related dayjobs (me). To me this is wholly unrelated. Like Bank of America returning money to customers who were good boy scouts or something? Oh you weren't in the boy scouts? tough luck. Putting this item on the top of the list introduces a kind of bias that I wholly disagree with. I also don't see how the reputation system is workable. For example I am using another username here then on bitcoinica (and this is on purpose). I also chose to hide my email. How can Bitcoinica match Bitoinica users to Bitcointalk.org users? And even if they can how would they establish 'reputation'? (Read all posts by members? I think not). And giving points based on friends supporting your claim... what is this even supposed to mean? Any prudent investor/speculator will keep their deposits and positions private. I don't see how getting supports from friends promotes the claims process in any way apart from allowing you-help-me-i-help-you schemes between people making claims look more legit. - The order of magnitude of your reported balance is consistent with our outdated accounting records. (30 Points) The reason this won't work is because your records are outdated. In my case I sent a significant USD wire transfer to Bitcoinica that cleared only days before the hack. Yeah that is money in the bank for Bitcoinica but no 30 points for me. No sir. - You have reported a losing position, with precise details. (20 Points) Ah so customers that came in at the time when Bitcoinica started paying interest on deposits and used Bitcoinica as a USD+BTC savings account that had no interest in speculation (like me) will lose out here. Sounds like a great idea. - You can recall the balances exactly or very precisely. (20 Points) And you are going to verify this *how* exactly? Basically what you are saying is that if the user picked the 'Exact' option from the dropdown they get a free 20 points instantly. I would argue that because of daily interest on deposits combined with 5 decimals of precision, almost no account holder will know their *exact* balance. - Your email can be searched online and matches your identity. (10 Points) Right, because we all know that putting your email address online so they can be harvested by spammers and impersonators is best practice. +10 points. - You have submitted the claim within the first 24 hours since the announcement. (10 Points) Yeah sure. Because all 5500 bitcoinica customers have nothing better to do then read 70+ post threads on bitcointalk.org all day. People have families, jobs, vactations, etc. Bitcoinica has not notified any customers by email of the claims process and the main website has been spotty at best (non www. domain did not work. Certificates were invalid suggesting the claims process could be bogus, etc.) if your user ID is less than 4500, I'll definitely make sure you get your money back Let's check my user id... hmm 47**. Well I guess I might as well wave bye bye to my money. Again I started using bitcoinica for the interest on deposits back in February. I put a large chunk of my savings here (yeah, shame on me). Please tell me why I am an inferior bitcoinica customer again? Don't get me wrong - I think Zhou did a lot of good stuff with Bitcoinica and really appreciate the information he shared during this incident given the total lack of info from Bitcoin Consultancy, but he clearly dropped the ball when it came to security and I don't think he is the right person to handle the claims process since he seems to have a personal incentive to protect his reputation that might adversely influence the process. The claims process should be based on facts. Meaning MTGOX codes, Wire Transfer Codes, Blockchain transfers, AML/PII docs and the like. It is a big Jigsaw but the only way. Bitcoinica should start working with MtGox, BitInstant, ArumXchange and other transfer services pronto. All money (be it BTC or USD) that came into Bitcoinica should be verifiable though other institutions. And if it sounds like I'm angry - It is because I am. --- Disclaimer: Assume that the suggestion is used without modification. --- Well, none of these measures work individually, for sure. That's why we need 100 Points for full refunds. If you are reputable on this forum, submitted passport scan and at least one other proof, you can get 100 points. If you're not active on forums or OTC and never verified. Never mind. If you honestly reported a losing position (and we have pretty current position reports), sent an email to us ever, gave accurate balances up to two decimal points (20+30 points) and used Mt. Gox and Bitcoin to deposit. Full refund! Even if you can't give us exact details, we can offer a partial payment for you and the remainder will come later. We are not eating your money. --- Disclaimer: Assume that the suggestion is used without modification. --- EDIT: I'd like to add one criterion for the suggested plan: Reported very close balances and positions (less than 0.5% upwards or 1% downwards) compared to our non-current records. (50 Points, but disqualify the orders of magnitude criterion) We're not telling you the date of our record, so if there're no balance changes after that date, we'll give the most recognition. This applies to interest-earning accounts with not many activities. The fact is, we have all kinds of records, so it's very hard to submit false claims without contradictions. I have spent about 100 hours in total monitoring orders execution, user balances change, deposits, withdrawals, support requests and position liquidations since the launch of Bitcoinica. The memory itself can prove something. And I have a previous project selling virtual goods and facing a lot of credit card fraud - I have trained myself identifying fraud. |
|
|
|
Your email would be the evidence, but the 0 point is reserved for unknown account holders, like Blitz.
As long as we sent anything to your email, we know that you're a customer and other points criteria should apply.
Also Mt. Gox codes can prove your account ownership as well. We have all deposit records since February.
Makes sense. Has anyone using gmail found bitcoinica emails marked as spam? Didn't notice I was "missing" emails before today. Still a little worried.  It shouldn't. We use a 3rd party emailing service to ensure deliverability and we have proper DKIM signatures and SPF records set up. Mt. Gox deposit never sends emails. Only for Bitcoin and Wire deposits, all withdrawals and orders that you request for notification by default. A fool's reliance on certification and a false belief in easy to get signatures. Means shit if your content looks like spam. Those signatures just prove the domain owner is sending the mail, *nothing* about its content -- and in light of recent hacks maybe not even that. I know first hand that a mail server running dspam put all my bitcoinica mails into spam. Training was/is done with personal data and a few spamtrap adresses. -coinft I'm sure that the vast majority of the emails have been delivered successfully. Our email service provider (Postmark) has very strict rules about emails, and we are not even allowed to send newsletters through their platform. Bitcoinica's transactional emails all originate from trusted IPs. The content isn't like spam either. The HTML email template was professionally designed and the content is has a transactional nature (i.e. not sent in bulk). I'm not sure about the support emails though. |
|
|
|
Your email would be the evidence, but the 0 point is reserved for unknown account holders, like Blitz.
As long as we sent anything to your email, we know that you're a customer and other points criteria should apply.
Also Mt. Gox codes can prove your account ownership as well. We have all deposit records since February.
Makes sense. Has anyone using gmail found bitcoinica emails marked as spam? Didn't notice I was "missing" emails before today. Still a little worried. It shouldn't. We use a 3rd party emailing service to ensure deliverability and we have proper DKIM signatures and SPF records set up. Mt. Gox deposit never sends emails. Only for Bitcoin and Wire deposits, all withdrawals and orders that you request for notification by default. |
|
|
|
I read his suggestion, and it makes sense because some of the info he is suggesting to use for claims cannot be faked. Very good suggestions, too.
Nonsense, I would easily have gotten >100 points filing my fake claim. The only thing that stopped me was my conscience. Where is the money going to come from the other depositors will be missing? This is why I say I see no way around insolvency without the database. You guys go ahead, though. I’ll get the popcorn for when people with 100+ points are requesting 500k BTC.  edit: rjk, no need for that. I can get over 100 despite that missing. Also I doubt they have that email data. No, you can't if there's no account activity. Remember that we have some outdated records as well so fake claims are obvious to identify. I have only listed positive points, but there will be negative points as well. You simply need more evidence if the claimed amount is nowhere near what we expect you to have. Bitcoinica balance ownership is highly concentrated, and we have quite current records some top accounts. I constantly log in to the back end and my memory can easily figure out whether I have seen the user with certain amount of money or not, especially those with support requests. The current situation is tough, but resolving it and provide at least 98% satisfaction aren't going to cost more than 18k BTC extra. |
|
|
|
i have the emails. check your spam folder.
Thanks for the suggestion. No luck, unfortunately. Last deposit to Bitcoinica was 32 days prior to its death. (Spam-tagged messages would have been flushed.) Your email would be the evidence, but the 0 point is reserved for unknown account holders, like Blitz. As long as we sent anything to your email, we know that you're a customer and other points criteria should apply. Also Mt. Gox codes can prove your account ownership as well. We have all deposit records since February. |
|
|
|
Suggestion:
Offer a 18.5k BTC bounty for whoever releases a copy of the database.
The database isn't worth 18.5k. No, it is actually worth much more than that, since quite a few people will be suing Bitcoinica if their balance does not satisfy them. You better negotiate a good deal with the hacker, or you are pretty sure to be made insolvent. edit: bulanula, there are ways to anonymously release the database along with a Bitcoin address. Assume that 99% of the balances have already been claimed, the extra loss due to over-claims is less than 18.5k BTC. This is my speculation based on the information I have though. I haven't verified them. The following is my suggestion to Bitcoinica, I can disclose it because it won't make resolving problems more difficult: Now the thing needed to do is to filter the false claims using the resources we already have, including: - Support emails - Outgoing transactional emails (deposit, withdrawal and order execution notifications) - Previous accounting reports - Partner records, including Mt. Gox, BitInstant, banks - Block chain (We roughly know what addresses we have based on the transactional emails) The reputation of the account owner can also be taken into consideration, i.e. if you have demonstrated consistent integrity in the community, you should get your funds back at first opportunity. If the database (which might be leaked) records suggest discrepancies, you should feel comfortable returning the extra. If the claimed account balance is tiny, such as 1 BTC or $1 USD, you should also receive a refund as long as the account ownership can be verified. If there are no outgoing transactional emails sent (within 60 days), no support emails ever, no passport photo uploaded, we will have to use extra evidence (Bitcoin address ownership and Mt. Gox code history) to prove account ownership. Most likely the claims are illegitimate. We have unlikely to have inactive users with large amount funds. The most questionable claims will be the ones without reported positions but with large balances from people who are not reputable. Most likely these people are trying to hide their unrealized losses in the claims after knowing that database has been deleted. I know there's some personal judgement involved in the suggestion, but that will be my way of handling this. It will keep the majority of people happy while reducing most false positives. If my suggestion is accepted, the general rule is, you can get your funds more fully (partial payments are possible), sooner and less evidence is required if: --- Disclaimer: Pure suggestion. NOT OFFICIAL --- - Your bitcointalk.org profile or Bitcoin-OTC rating shows you as reputable and trustworthy. (50 Points) - You can supply at least one transactional email you have received which perfectly matches our outgoing transactional email records. (30 Points) - You can provide passport scans and you have provided to Bitcoinica (even if it's pending verification). (40 Points) - The order of magnitude of your reported balance is consistent with our outdated accounting records. (30 Points) - You can recall the balances exactly or very precisely. (20 Points) - You have reported a losing position, with precise details. (20 Points) - You have contacted Bitcoinica Support at least once since September 2011. (10 Points) - Your email can be searched online and matches your identity. (10 Points) - You can provide proof of Bitcoin address ownership (signature), Mt. Gox code you have used/obtained or accurate details of large transaction records (>2500 BTC) that match our hedging activity. (10 Points each kind of evidence) - Another reputable member supports your claim. (10 Points) - You have used wire transfer, BitInstant or AurumXchange to deposit/withdraw funds and they can verify the records. (10 Points) - You have submitted the claim within the first 24 hours since the announcement. (10 Points) If there are no transactional emails or support emails ever sent to the claimed address, 0 Points for now. If you get >= 100 Points, you should be refunded immediately. If you get >= 50 Points, you can expect partial refunds first. The percentage of partial payments will be calculated using the formula (let P be the points you get): Partial payment in % = (P/10)^2 e.g. If you get 90 Points, you receive 81% of the claimed amount first. If you get 50 Points, you receive 25% of the claimed amount first. The rest of the claimed amount will be honored after every request has been processed. Then we can use cross reference to match the remainder records, and hopefully a copy of database can be obtained or leaked. If needed, we can also use external moderation to decide asset ownership. --- Disclaimer: Pure suggestion. NOT OFFICIAL --- |
|
|
|
|
Show Posts
