I really hope so because to date both services have fallen well short of the mark in keeping users informed.

I think they've done a lot wrong, but right now there is no evidence whatsoever that anyone's funds have been "stolen".

They're not going to stop while the price is high.  They're going to increase, along with fraud attempts and attempted hacks.

Bitcoin has had a ton of positive publicity recently and nobody ever complains when positive publicity is based on hyperbole rather than fact.

Bitcoin is absolutely being traded like a commodity at the moment.  It's naive to believe that the majority of people speculating on Bitcoin prices right now intend to hold them long term or use them to purchase things.  Many of them will dump their coins when there's little volatility.

Yes, there's a lot of lazy journalism.  This applies to both the good and the bad.  Time after time inaccurate articles start off on arstechnica or wired and nobody does any fact-checking before they start appearing everywhere else.  That's equally true of mainstream news stories.

For every person who wants Bitcoin to "go mainstream", there's another Bitcoin user who thinks that could kill Bitcoin and that the emphasis should be on it being a disruptive technology.

There's no cohesive "Bitcoin agenda".  Nor does there need to be.  People want and expect different things from Bitcoin and they use it for different reasons and in different ways.  It's not surprising, then, that media reporting regarding Bitcoin is all over the place and rarely balanced.

It's pretty much up to each of the groups with an agenda (whether it's the "mainstreamers" or the crypto-anarchists), to take responsibility for getting the kinds of stories they'd like to see about Bitcoin published - bearing in mind that each group will likely be displeased by a report regarded as "positive" by the other.

Alex, you mentioned the verification issue.

It's really unclear to me what is going to happen with this when US/Canadian users get transferred to CoinLab.  Will the accounts which are currently awaiting verification still be verified by MtGox or will US/Canadian customers be verified by CoinLab following the transition (ie, will those US/Canadian customers currently awaiting verification by MtGox need to start the verification process again with CoinLab)?  

The lack of recent information about the transition is worrying as customers were initially told that they needed to agree to CoinLab's ToS if they wanted to use MtGox following the transition but the information on the CoinLab site says that the funds of US/Canadian customers will automatically be transferred to the US.  

This implies that people will need to withdraw their funds from MtGox before the transition if they don't want those funds transferred to the US bank (which may present difficulties for unverified customers given the backlog on verification) or they'll have to register as a CoinLab user whether they want to or not in order to withdraw their funds.

It was previously stated that MtGox user data would not be transferred to CoinLab without user agreement (ie, MtGox users accepting CoinLab's ToS), but if the funds are being transferred automatically then how will users be able to access them without using CoinLab?

I know you have a lot going on, but the transition to CoinLab has to the potential to be disastrous if you don't keep your users fully informed and - quite frankly - you don't need any more things happening right now which undermine people's confidence in you.

Yep, this is a risk with anything which has a relatively small market cap.  You don't need to buy up everything in order to be able to manipulate the market. 

Copyright law and patent law are two separate beasts.  You're not inspiring a whole lot of confidence in your legal capabilities.  Even if you have some special insight, what standing do you have to represent anyone else in court?  In most jurisdictions you cannot practise law without a licence.  You can choose to represent yourself in a legal action, but you can't generally act on behalf of someone else unless you're a properly qualified and licensed lawyer in the relevant jurisdiction.

Right now it hasn't even been confirmed that funds have been lost. 

Also, Interpol is a clearing house.  The relevant local law enforcement agencies need to be involved before Interpol can be used to facilitate co-operation between the different national agencies involved.

Whether or not anything was stolen from Instawallet (and that's unclear right now), a computer crime has likely been committed.  I'd certainly like to know to which authorities Instawallet has reported that crime or whether they're not going to report it because they don't want the service they were operating coming under scrutiny.

They previously stated that they had exclusive control of the wallet and that user funds were safe.  They've said nothing so far to indicate that's not still the case.  The issue here seems to be how they return funds to legitimate users when the database has been compromised.  You're obviously going to fall into the "case by case" category, but at this stage they're saying they can start returning funds after a 90 day claim period and not that there are missing funds.

In my opinion, they need to make very clear that no user funds have been lost (or none that they can't replace out of their own pockets) if that's the case.  If user funds have been lost then they need to be truthful about that because no-one wants to sit around thinking they're going to get their funds in 90 days only to find in 3 months time that there's a shortfall.

Sorry to hear than Phin.  I guess I just kind of assumed that you above all people would be especially wary of leaving funds with third party services after the Bitcoinica debacle.

Even worse is that they knew this flaw was being discussed publicly, as was the StrongCoin flaw.  You can't assume that every user will read thread about security flaws but services themselves should make it their business to know when such discussions are taking place.

Is English not your first language.  They quite clearly state that your funds will be refunded after 90 days if no other claims have been filed on your account.  


1) you do need to file a claim and 2) even when you do your funds will be returned after 90 days if there are no competing claims on your account.

I have no idea why you believe that it's impossible to develop disaster plans before an incident occurs.  If you don't have a way to verify the identity of your users in the event of a disaster, then you don't have adequate ways to identify them period.  Users need to accept that the greater degree of the anonymity a service allows them, the more difficult it may be for them to ever prove ownership of funds should it become necessary and services need to clearly state the possibility of that issue arising.

Because it doesn't matter whether it was the vulnerability which was discussed last week which was exploited.  The moment it becomes public that your service has a vulnerability, there's a massive target on your back and people will not only try to exploit that particular vulnerability, they will actively look for others (and they'll look for similar vulnerabilities in other services).

The fact that it's going to take them more than 90 days to start returning user funds (and likely more if you have over 50 BTC with them) indicates that they had no adequate disaster plan in place.  How you're going to verify claims in the event of a security breach should be something you already plan for before a breach occurs and it sure as hell shouldn't involve providing information which is already known to be easily compromised.

People don't demand enough of Bitcoin services.  Half the time they know little - if anything - about the people behind them and especially about the resources they have available.  They don't bother asking service providers about their disaster plans (which is insane because very few Bitcoin services have the financial resources to simply absorb losses which occur due to security failures).  They leave amounts they can't afford to lose with services which could literally be out of business an hour from now.  No doubt some of the people who'll be impacted by this have previously lost funds to other exchange/wallet service failures (and will likely do so again in the future).

None of this means that services themselves should get a free pass when disaster strikes or that people should be ever so grateful for any steps they take to try to make users whole.

If you've read any of my posts at all then you're aware that I believe leaving your funds on any third party Bitcoin service is the height of stupidity and when this first happened I questioned how many times shit like this is going to happen before people grasp the fact that your funds can never be totally safe on such services.

That doesn't excuse services from the responsibility to ensure that their security is adequate and to immediately take measures to beef it up when they become aware of a vulnerability - especially when vulnerabilities in that service are being widely and publicly discussed.

I don't recall the fact that you could access (actually access, as opposed to theoretically) the accounts of other users being publicly discussed until last week, although when it was being discussed last week quite a few people mentioned having been aware of it for some time.

They still needed to take the service offline for a security audit when that particular vulnerability became a topic for discussion last week, because nothing was more certain than people trying to exploit that one and looking for other vulnerabilities as well (as well as looking for similar vulnerabilities in other services).

Of course you can blame them. People can't access their funds for at least 90 days because of some security breach. It's the job of those operating a service to ensure its security can't be breached and vulnerabilities in Instawallet were made public a week ago. 

To bad if you want access to your funds in the next 90 days.  There should have been a disaster plan for verifying claims in the event of a security breach.

I still want to know why the service wasn't taken offline for a security audit as soon as any vulnerability became public (whether or not it's the one which was used in this breach).

Wonder if he'll return the 30,000 G.SDICE shares he "borrowed" (base value 191 BTC).

https://bitcointalk.org/index.php?topic=162873.0

It's not a secret that they've changed the heatsinks which they were originally going to use for their ASICs - Josh posted about it the other day.

I'd say that BFL_Steven's comments in Shoutbox are probably more relevant to actual issues than whether or not the photos on the product website have been updated (yes, they should be but I doubt anyone is ordering an ASIC based solely on images of the heatsink).





https://twitter.com/BFL_News

If the funds were deposited with Britcoin, they had to have been deposited prior to August 2011 - before Bitcoinica even existed and well before Intersango became associated with Bitcoinica.

It's probably not a good idea to put funds on any exchange and leave them there for 18 months without periodically checking that you still have access to your funds, though - the vast majority of Bitcoin enterprises don't even survive that long.

There's not really any evidence that past scammers have had to "vanish" in order to avoid consequences, though.  I'm not saying that people shouldn't take whatever actions they can reasonably afford, but I think they need to keep their expectations about what results those actions might bring realistic.

I really wish that the ability to edit/delete posts was time limited and/or there was a way to confine it to the first post in a thread in certain forums.