[ON HOLD] Thoughts: paying hackers to get accounts back: ethical or not?

[LoyceV]

Another thing - I'm not sure that such services would be really effective. People who find their account hacked usually use link that they got to email to lock account or ask moderators to lock account. Hacker can't do anything with locked account, so he can't return account to original owner after getting ransom. Only theymos or Cyrus can recover locked account.

Global Moderator hilariousandco can unlock accounts too (he just can't unban them). It could still work if the account credentials are transfered, but it's one more hoop to jump through.

I still hope that one day theymos will release automated account recovery system and such services that you're offering wont be needed.

The last thing I read about it was "before the end of this year", but that wasn't an official announcement.

[pptIox]

Does this mean that any rank account is worth only $25? There may be some hackers who don’t think that they may get more money through account trading. In addition, some account buyers may have spent more than $25 to purchase an account, and they will not be willing to hand over the account.
Although OP's idea is great, I think this may exceed the permissions of ordinary forum users, which is equivalent to creating a new "forum rule".
To solve this problem fundamentally, maybe 2fA will be a more reasonable way.

[LTU_btc]

Global Moderator hilariousandco can unlock accounts too (he just can't unban them). It could still work if the account credentials are transfered, but it's one more hoop to jump through.

Yeah, hilariousandco can unlock accounts, but he can't restore it, so he can't help in such cases unfortunately.

[LoyceV]

~ perhaps it would put pressure on the admins to put more effort into account recoveries.

3 days later:

As an extra protection against any possible social engineering attacks, whenever^* the administration changes an account's email address from its current value, the following process occurs:
 - The change is queued.
 - It is listed in seclog.php.
 - The old email receives a warning.
 - After 7 days, the change goes through and another seclog.php entry is added.

The account stays locked throughout all of this.

This is a component of a comprehensive new set of recovery procedures which will be fully rolled out in the very near future (before the end of the year). This will allow recoveries to move forward at a reasonable pace again.

That means I can put this idea on hold now.

[Veleor]

This is a component of a comprehensive new set of recovery procedures which will be fully rolled out in the very near future (before the end of the year). This will allow recoveries to move forward at a reasonable pace again.

That means I can put this idea on hold now.

Good news!
In my opinion it is important that DT members are marking all hacked accounts, and in no case becoming a reseller between thieves and victims because this can have negative affect to the reputation of the forum.
It is necessary to entrust the restoring accounts procedure to the administrators that they make it as efficient as possible.
And I think that all members should be reminded by email that they need to write BTC addresses in the topic "Stake your Bitcoin address here" for their profiles secure.

[Quickseller]

~ perhaps it would put pressure on the admins to put more effort into account recoveries.

3 days later:

As an extra protection against any possible social engineering attacks, whenever^* the administration changes an account's email address from its current value, the following process occurs:
 - The change is queued.
 - It is listed in seclog.php.
 - The old email receives a warning.
 - After 7 days, the change goes through and another seclog.php entry is added.

The account stays locked throughout all of this.

This is a component of a comprehensive new set of recovery procedures which will be fully rolled out in the very near future (before the end of the year). This will allow recoveries to move forward at a reasonable pace again.

That means I can put this idea on hold now.

Well it sounds like this project likely served its intended purpose.

[MainIbem]

hopefully low enough not to encourage hacking accounts for the bounty, and non-negotiable ("take it or leave it").

I think you already answered your own question. This will most definitely lead to more account hacks and even though you mentioned you would keep it a fixed fee, it could also lead to higher ranked accounts(even if we use new passwords every so often to help prevent hacks) being targets for a higher ransom/reward/bounty.

I was just about to post this same line of thought. This offer will lead to an explosion of account theft. Just think of it, If I can steal 4 accounts per day, and willing to accept the $25 for recovery, then I get $100/ day. Cool deal 

As good as the steps are, it is rather an incentive for account theft than a solution. IMO