My BTC Lend LLC,
www.btclend.org Experience:
The company BTC Lend LLC organized in Delaware file # 5650922
CEO Carmelo Millian
Registered MSB via FinCEN: 31000064289192 for Money transmitter and Other.
BTCLend provides Peer 2 Peer, bankless, virtual currency loans and related services. Through their web platform
www.btclend.org. The company holds customer deposits, loans virtual currencies to its users, allows its users to loan virtual currencies to each other, as well as other virtual currency related services.
Loans/Registration/Payments
I had a few problems with registration, and then some issues with my documents being approved for the account and lending verification. Carmelo generally took care of them but it was sort of a pain to get my account verified to a high enough level in order to have a decent reputation to start out.
A reputation loan is a non-collateralized loan given from BTC Lend or one of its users to another of its users. Reputation loans use a scoring model or algorithm based on a user's reputation score. The score is based on things such as identification provided, previous history, and presence in the community as well as other factors.
I had my first reputation loan funded Jan 24 for 0.15 BTC. It doesn't seem to stand out as having any issues. I paid the loan back a few days later to build my reputation score. I had to link my coinbase account every time I wanted to make a transaction, and disable coinbase two factor authentication (2FA) for the transaction then enable it again or it wouldn't go through.
My second reputation loan was for for 0.95 BTC I made the First payment of 0.34754167 BTC a couple of days early, it never registered on my account then showed late and resulted in my reputation score going down.
I made the next payment this time on the day it was due. Also showed as late, resulting in losing more reputation score through no fault of my own. I had to email BTCLend CEO Carmelo Millian directly with all of the payment information and it took several emails for him to fix the issue with my account and reputation/profile.
Then I made a larger loan request for 2 BTC (~$500 USD). It was funded and again I needed to manually authorize the coinbase API, disable Coinbase 2FA, make the withdraw, re-enable 2FA. I made my payments on time etc. eventually decided that I didn't want to deal with the payment system anymore, so I paid off my loan off entirely early just to be done.
Staking
Paycoin, symbol XPY, is a virtual currency created based off of the Peercoin source code. While the original virtual currency Bitcoin is based of Proof-of-Work which requires vast computational power to generate new coins Peercoin and paycoin are based on Proof-of-Stake which requires a user to have stake or an investment in the coin in order to generate new coins. Staking is the systematic process of generating new coins. BTCLend began offering a "staking wallet" or "staking service" for Paycoin.
In the meantime as the XPY staking wallet launched I moved the bulk (at that time) of my XPY holdings to BTCLend to stake. I had very few if any issues technically speaking during that time.
As time went on and I saw ideas like LendCoin (LCN), a virtual currency with a guaranteed $1 floor value, come and go watching how BTCLend grew I became more and more uncomfortable that they were good stewards of my deposits.
On May 20 I submitted a ticket requesting that my XPY be unlocked and that my account be deleted. I looked for any TOS I could find and the one I found had no mention of unlocking the staked XPY or any mention of penalty.
After 6 days of no response I emailed BTCLend CEO Carmelo Millian directly, asking for a resolution. He then informed me that he could unlock my coins, for a 20% penalty.
I still can't afford to take a 300 XPY hit, so I decided I'll just deal with it until July when they unlock anyways.
Little did I know the Coinbase API was still actually active on my account, somehow it managed to work perfectly in the end.
On May 29 I woke up to a couple of emails from coinbase that I wasn't exactly expecting:
"On May 29, 2015 you purchased 4.0000 BTC for $958.01 USD from *Bankname* - Bank *****last4.
Those bitcoins are now available in your My Wallet account!"
Followed Shortly By:
"You just sent 4.0000 BTC (worth $946.00 USD) to 1JYprFYWXWsJ2c3YFAztoX5WHoPwJQh6s3.
Attached message:
Funded by Transfer with ID: 556883126c32f9273100009b"
I immediately contacted Coinbase about my account being compromised. Given that I had 2FA my initial reaction was one of confusion and great concern. I then followed up with my bank to let them know that there was a purchase coming that was fraudulent as a result of my coinbase account being compromised.
As I calmed down over the next few minutes I started working through how the 2fa could have been bypassed. My phone had no new texts with Authy requests for new devices, as I looked at my Coinbase account further and checked the API access to my account there was that lone entry from BTCLend. The one that never worked to begin with, active with full access to my coinbase account.
After disabling it I then again contacted Coinbase and let them know I was fairly certain I knew how it happened (they had emailed me in the meantime asking if I knew about BTCLend). They also mentioned that since this was an API I authorized I was basically out of luck. I also know that if I initiated a fraud dispute with my bank over this I would lose my coinbase account. Not something I'm exactly keen on.
I then contacted Carmelo. And let him know that my personal bank account had been hit for $1,000 dollars. On BTCLendtalk a thread had been created
https://btclendtalk.org/topic/251/coinbase-hacked where a user had mentioned himself and another person had the same 4 btc taken from their coinbase via the API.
Carmelo then posted,
https://btclendtalk.org/topic/252/our-coinabse-api-was-compromised-solved, that there was a compromise and that no customer coins had been compromised. The full message regarding no customer funds compromised was later erased with no explanation given as to why. Despite that thread being active and 3 users (myself being one of the three) reporting that we in fact had coins compromised, and we were also BTCLend customers. It wasn't until he was told directly by others in a call that coins had been compromised and he needed to fix his post did he do so. In reality thousands of XPY were taken and over 25 BTC.
Carmelo then promised to pay me back, but not until the following Friday June 5th. In the meantime, My house payment was due June 1 and the payment had already been sent/authorized. My car payment was due June 1 and had already been sent/authorized.
As promised on June 5.
"You just received 4.0000 BTC (worth $899.44 USD) from an external bitcoin account."
By the time I was paid back BTC had lost value and the amount I was paid was worth almost $50 dollars less as the funds came directly out of my checking account.
So to say that this would be a financial problem would be putting it lightly. I had to borrow 4 BTC from a very generous friend and initiate a sell immediately on my coinbase account (after I finally got it unlocked)
***Continued in next post****
