the plot thickens.  Will somebody just admit whether there is a backup of the user database or not? Man up zhou. |
|
|
|
Not a movie, but anyone who hasn't seen the series Wall Street Warriors should do so (free on hulu): http://www.hulu.com/wall-street-warriorsIt was filmed right at the '07 peak and downturn. No wonder why they stopped at season 2  With the benefit of hindsight, it is plagued with lol moments. Hilarious throughout.  |
|
|
|
It actually stands for "Expect Mass Leak when African warlords see excellent online way to keep dollars tucked, knowing not everyone has right key, reveal wallet quietly, vexed Zhou is 4cibly hushed, soon his extravagant system exposed." LMAO! Now try this one: 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM Dope kilos? You bet. Everyone knows that. 5BTC sent, to golden dropbox travels value. Seventually, anyone questions whether 6ilk Road quietly extracts payment after various national senates relent, yielding harmless opinion, yes marijuana. haha. someone should write a script to translate these vanity acronyms. |
|
|
|
What have you done?
Nothing. I didn't mean to belittle all that you've done and accomplished, so sorry if it comes across that way. My only quibble is that seems overstated and exaggerated at times. Your claim to have written a second implementation of the bitcoin protocol "from scratch" is arguable (I highly doubt that you wrote libbitcoin without referencing anything but Satoshi's whitepaper, but I don't care enough to perform code analysis/comparison with the satoshi client under gavin's management). And to nitpick even further, a couple lines of bash script included in the bitcoin core project doesn't quite qualify one as a core bitcoin developer, strictly speaking, to my mind. That is all. To the person above, here's what happened: - Bitcoinica has an internet mailing list called info@bitcoinica.com- It was the email for the website and all sensitive accounts. - You could request a password for that email. In a production system, that should never be possible. - Several people had access to this mailing list (non-admins and business people included). - Patrick got added. - His personal email was compromised. Normally this shouldn't be a big deal; I use my personal email at internet cafes and public computers. - Attacker was able to request a new password and login to rackspace. The assumption here was that info@bitcoinica.com did not have access to critical infrastructure. Lastly, it was my fault Patrick's email server got compromised. I had a VPS for programming and development which many people had access to - randoms from #c++ IRC, people from this forum, beginners I was teaching .etc It's a public VPS for development. The SSH key on there was added to Patrick's server because we were developing the bitcoinconsultancy.com website on there (that's why it's now down). My SSH key was stolen and he ssh'ed into the box. Then had access to his emails. Thank you genjix. This honesty and forwardness is what inspires confidence. Now, how about the bitcoinica user database? Are there any copies? EDIT: one additional note just because, with this new disclosure, I do agree with genjix's original post that Zhou was dragging their name through the mud. Everyone remember zhou's original excuse for losing the 40k BTC in the Linode compromise? It was because "the ruby gem didn't support wallet encryption". Zhou has a lot more to learn to than he likes to admit. |
|
|
|
-Are there any backups left?: Is the database intact?
This is the key question. The following is pure speculation. I'm speculating that there were and are no offsite backups of the database. This would make the claim process nearly impossible (or maybe there is one but it is old, and the older it is the more difficult the claims process). (the hacker is probably submitting claims for each account from various IP addresses, just for lulz). If there were a backup of the database, users could claim their funds simply and quickly using their passwords, which were securely encrypted in the database. (there is of course the possibility of complications making this more difficult, eg if the hacker captured some passwords in plaintext before deleting the database). If there is no recent offsite database backup is zhou's fault and he knows it, but he is doing damnedest to throw mud at Bitcoin Consultancy and save his ego. If he made no offsite backup could be blamed on his plain-as-day arrogance (why boast that he made the site in four days?) combined with lack of experience (after all, the Linode theft wasn't his fault but at the same could have been prevented had he done sufficient contingency planning). Of course, Bitcoin Consultancy shares equal blame and the mud sticks. I've had my doubts about them ever since I first heard them claiming to be "core bitcoin developers" (I found precisely one commit by genjix to the satoshi client code, and it was a bash script). Refactoring the satoshi client into libbitcoin wouldn't exactly be easy, but a more productive (and difficult) project would've been bitcoinjs. Patrick may be able to find some vulnerabilities, but he didn't secure his own mail server. Also funky that he would offer a bounty to fix a bug in 80 lines of javascript because he is "not interested in chasing bugs in something I'm not familiar with". Aside from creating and operating Intersango (which by itself is commendable, obviously), they haven't done much to inspire confidence that they can handle running bitcoinica (quite the opposite recently). One optimistic possibility is that Zhou did make an offsite backup, but he is not sharing it with Bitcoin Consultancy out of pure anger and spite at their fuck-up (Patrick not securing his own e-mail). If he has one, that would make it easy to for him to process claims (they probably do have plenty of coin in cold storage). If he already shared it with Bitcoin Consultancy, god knows why they are dragging their feet in such an incredibly lame way instead of just processing the claims. (maybe they thought they could buy time so they can re-launch the site before users withdraw their claims and deposit them with competitors supposedly launching soon). |
|
|
|
|
And the obvious purpose of him starting this thread was just to suck in more bag-holders until he's ready to cash out.
Not enough technical-security skills to steal bitcoins by hacking. But certainly good social engineering.
|
|
|
|
Occam's Razor: The simplest explanation to me is that he is running some kind of Bitcoin a payment processing service. He might be charging the merchant 1.5% per transaction (half of Visa/MC), and his service includes instant conversion to fiat. Based on the way he operates, he needs to hold large buffers of confrimed coins in order to accomplish this. He has no idea and doesnt care if if the price of Bitcoins is going up or down tomorrow or even over the next 6 blocks. To hedge for this uncertainty he borrows other people's Bitcoins at a weekly rate that pays for itself after the coins have churned through about 10 payments.
There are a couple more I can think of that does not involve scams.
Oh, a bitcoin payment processing service with such huge volume but nobody has heard of it? LOL! Occam's Razor: ponzi scam. |
|
|
|
Have you noticed that prices have spiked a couple of times above 5.20$ but without the needed volume to actually allow for that ?
it seems that there is something strange going on on mtgox .
I wonder if there is some price fixing / fooling going on on purpose. This could be even related to bitcoinica.
Does anyone know if bitcoinica is currently still trading on mtgox and is this outside of the normal order book.
I was not aware that there are still dark orders posible.
order-book engine glitches. Same as the BATS IPO, the Nasdaq quote issues the Friday of the FaceBook IPO, and of course the 2010 "flash crash". |
|
|
|
|
This is the same thing that was happening last year when MtGox re-launched after the breach.
I can't emphasize enough how much FIXING THIS CRAP would really help to get a rally going.
Also, ensuring that mtgoxlive is stable and fast under heavy load. Even in January it was crapping out and only like 500 people were able to connect during peak usage.
That said, after that BATS IPO lolfest, and even that Nasdaq had quote issues the Friday of the Facebook IPO, I can appreciate that it is difficult to keep an order-book fast and stable under maximum load.
|
|
|
|
And the dam has finally burst.. If I had any control: I would like Patrick to be in the team. Donald should resign. Amir didn't involve much so I don't make any judgement.
Zhou, why would you want Patrick on your team after you said that it was specifically his e-mail server being compromised which led this whole fiasco? What we want to know is: - Whether you have a database backup?
- Whether you have control of the remaining 'cold wallet' deposits?
- Whether you have control of the remaining USD deposits
- How much of the customer-owned funds are left?
- Why is the claim process taking so long? We all still know our passwords and if you've got a copy of the hashes of those passwords, we can ID ourselves. Surely a small web page to let us log in and look at our balances is about a days work? Even if we can't withdraw them yet?
- What is the name of the person or persons (not a shell company) responsible for Bitcoinica's debts? Note: the person responsible for the damned I.T. cupboard is an internal matter of your own.
+1 |
|
|
|
I have asked to be able to speak more liberally. We are still drafting the message
Thank you team for this update, however little. Very much appreciated. |
|
|
|
If everything was wiped, it could be that they do have most of the deposited funds, less of 18k.
But no easy way to figure out, and then verify, who owns what.
Actually there is an easy way. Contrast this situation to when MtGox was breached last year. MagicalTux performed a transaction of 424,424.4242 bitcoins, as requested on IRC, to prove his control of funds. I rest my case here, because this thread has turned into something it is not, and I think this is why they are not replying here anymore.
No excuse for not replying anywhere. |
|
|
|
Back to the question of WHEN WILL WE SEE THE FIRST FUNDS BACK TO THE CUSTOMERS? This timing may well lead to more volatility of bitcoin trading and to know this date would be very much appreciated.
Very good question. |
|
|
|
By the way, has anybody received any communication from Bitcoin Consultancy regarding the refund requests? I have filled one on the 16 but haven't heard anything yet.
A very good question. I haven't heard anything yet apart from an email acknowledgement of my claim.
Neither have I. Again, do you have any evidence?
How about the fact that their company website has apparently disappeared now and nobody has heard anything from these bastards for almost a 7 days now? |
|
|
|
Sure, I net gross 10.65% per week and payout 5.98% on average and it really depends on how much I want to work. The process has become pretty automated lately which is nice because I can spend more time on my other projects and with the family.  So which is it? Is your "business" automated and scalable or does it really depend on "how much [you] want to work"? pirateat40 is so full of shit and getting away with it (so far), I can actually respect it. Even the irony of his username, as another forum member mentioned in a previous thread. But, a workable business model for a bitcoin-bank scheme actually occurred to me belatedly, when suckers were daring us nay-sayers in a previous thread, to put our money where our mouth is and bet on a default at betsofbitco.in. Assume that pirateat40 were to bet his reserves on the bank NOT defaulting, and assume the bank didn't default. If he put enough reserves on there to push the odds to 10:1, or 20:1, with bets week-by-week, then the counter-bets would become the interest gains for depositors. The depositors themselves could place the counter-bets as insurance on their deposits (but that insurance paid would offset their interest gains, obviously). This would be a workable model for a ponzi-bank. But unfortunately, with only about 40 BTC total in the betsofbitco.in pot and 3:1 odds against default, his claimed reserves are not in the pot so its not a bet worth making. |
|
|
|
This was originally a google groups discussion, but is now on hacker news: Debt Strike and Debt Forgiveness - Debt Strike /Kick-Stopper (groups.google.com)I'll just quote the most relevant part: Sorry everyone, I took down the original link because I wasn't sure everyone in our conversation about debt forgiveness/debt strike would feel comfortable having a wider audience read it. But I've added all the relevant info about our project below. We'll be launching it soon and could use your help spreading the word when we do. I also welcome any feedback/criticism that you might have. Thanks. -------------
Our Story
The banks got bailed out and we got sold out. It’s time for a bailout of the 99% by the 99% for the 99%. Help us raise $5,000 to launch a large-scale debt forgiveness project.
Banks sell defaulted charged-off debt as a commodity for pennies on the dollar. The banks make so much money charging interest and imposing fees that they don’t mind selling some debts to collectors at a significant loss provided that the debtors are financially ruined in the process. So here's our plan: We're going to raise as much money as possible, buy as much debt as possible, and then forgive the debt outright. If we can raise $5,000 we will be able to launch the project by forgiving $100,000-$500,000 worth of personal debt. This project is 100% legal.
The Impact
The 1% gets rich by keeping millions of hardworking people poor and in debt. Over three quarters of all Americans are in debt and one out of every seven is currently being pursued by a debt collector. Debt Fairy liberates people from some of their debt by forgiving it outright.
But the real impact will come through non-cooperation with our own oppression. Nonviolent direct action searches for the point of contact between our lives and the unjust systems which exploit us. One point of contact can be found every month when we dutifully pay the banks money they didn’t earn. The 1% could not exploit us without our cooperation. If millions of us organized to refuse to pay our debts we could bring this unjust system to a grinding halt and demand real changes. Go to the Occupy Student Debt Campaign and sign the Debtor’s Pledge of Refusal.
Other Ways You Can Help
Spread the word! Educate yourself about how debt works and how we can liberate ourselves from debt by fighting back. Attend a GA at your local occupation and join a working group.
FAQ
Q. Is this legal? A. Yes. After the savings and loan crisis in the 1980’s the government made it legal to buy and sell debt as a commodity. As the legal owner of this debt the Debt Fairy has the legal power to forgive this debt.
Q. Can you forgive my debt? A. Unfortunately there is no way to seek out a specific person and buy their debt. Before purchasing the debt there is very limited information as to whose debt it is. The Debt Fairy is a playful creature and liberates people out of the blue.
Q. Can the Debt Fairy forgive student debt? A. No. The government guarantees student loans made by private lenders like Sallie Mae which means that these private lenders will always make a profit no matter what and have no incentive to lend responsibly or to sell these debts at a discounted rate. Sometimes a private lender will lend directly to a student in excess of the amount that the government will guarantee. This usually happens under highly predatory circumstances like for-profit scam schools such as the University of Phoenix. It is somewhat hard to find, but this highly predatory kind of student loan can be purchased and forgiven.
However, we are looking in to other ways we might be able to aquire and forgive student loans. We'll keep you posted.
Q. But shouldn’t we all pay our debts? Isn’t it unfair to forgive some people’s debt? A. The 1% can always get their debts forgiven, even as they rewrite the laws to make it nearly impossible for the 99% to get out from under their debt. The 1% profits without working by keeping the rest of us in debt. The undemocratic system the 1% have built is unfair and unjust. The Debt Fairy is a small intervention to set people free from from their debt and give them a fresh start. Debt refusal or a debt strike is a way to directly confront the whole unjust system and replace it with a just system.
Q. Who/what is the Debt Fairy?
A. The Debt Fairy is a mysterious, anonymous, magical creature who playfully liberates people from their debt.
|
|
|
|
the claims process should be finished tonight. It took long because we did not want to use a 3rd party service such as Wufoo for obvious security reasons.
Now that some claims have been filled out, when and how should we expect to get our funds back?! The silence from you people is maddening. |
|
|
|
General Comment: New more compact historic form. Enjoy!
How about doing a comparison of prices starting from six months ago instead? Or are you intentionally trolling with your cherry-picked datapoints? |
|
|
|
|
If "Bitcoinica Consultancy" is handling things now, why didn't they notify us of the claims page rather than zhoutong? The more I hear from zhoutong, and less from intersango or whatever they call themselves, the more I lose confidence in the new owner/operators.
|
|
|
|
|
Show Posts
