CRYPTSY stopping withdraw locking accounts without notifying users! Class Action

[Xandrah]

They should stop calling it a cold wallet if they have the machine directly connected to the net.

Again this is total horse shit, an exchange that does not audit altcoin source code should not be allowed to trade, its common practice!
The whole excuse saying a infected wallet caused this is just cover up, they are grasping at straws now.

[DrxGxr]

Only a retard thief would use a cherry picker to get the hard-to-reach fruit (coins in a cold wallet) but not touch the low-lying fruit (~133 BTC worth of bitcoins in a hot wallet)

I think it was smart to not touch the hot wallet (with public address, right?) and only empty the cold(?) wallet of which the address was not known.

cold wallet needs at least two people to make withdrawals from it though right? how did the hacker get those keys besides how did he hack the btc wallet itself ?or am i missing something here? i already pointed this out to them in their chat box that any claims that any coins are missing is a bare faced lie and their admins says no coins missing just withdrawal process messed up . so everyone that works at cryptsy is a criminal. and must be dealt with appropriatly.

[Gleb Gamow]

Only a retard thief would use a cherry picker to get the hard-to-reach fruit (coins in a cold wallet) but not touch the low-lying fruit (~133 BTC worth of bitcoins in a hot wallet)

I think it was smart to not touch the hot wallet (with public address, right?) and only empty the cold(?) wallet of which the address was not known.

A real thief wouldn't give a shit, but your sentiment is true if an inside job which even a retard in a coma can see that this is the case.

[DrxGxr]

They should stop calling it a cold wallet if they have the machine directly connected to the net.

Again this is total horse shit, an exchange that does not audit altcoin source code should not be allowed to trade, its common practice!
The whole excuse saying a infected wallet caused this is just cover up, they are grasping at straws now.

yes they already made a statement long ago about how they can add any coins they feel like adding . so even if anything was stolen what has that got to do with anyones funds? it is the companies problem and responsibility . has of now we practically own that company all depositors . and why didn't he report the theft in the first place .i think this man is insane look at the stupid pathetic lie he expects us to believe.

[GoldSeal]

http://www.coindesk.com/class-action-lawsuit-filed-digital-currency-exchange-cryptsy/

So this genius apparrently deposited 84 million dogecoin into Cryptsy on Dec 27 2015.
according to class action suit. WTF?  84 freakin million!!!   Are you shitting me?? deposit  $14,000  worth of crypto into an exchange
that has not been processing bitcoin withdrawals for PAST 3 MONTHS !!!!  HELLO? Jeezus... the stupid..it hurts!!  

Well they were paying a premium. Sometimes it can be really tempting to pick up nickels in front of a steam roller.

I'm just pissed that I left 17 sprouts in there. On top of the $0.04 I lost to MTGOX, I'm just destroyed inside.

[craptsy_sucks]

2014-07-29 18:55:43: https://www.walletexplorer.com/wallet/0c07e0bec1002bd2



2014-07-29 18:55:43: https://www.walletexplorer.com/wallet/Cryptsy.com-old?page=1198



Only a retard thief would use a cherry picker to get the hard-to-reach fruit (coins in a cold wallet) but not touch the low-lying fruit (~133 BTC worth of bitcoins in a hot wallet), then not spend the loot for a year and a half even though no police report was filed, meanwhile Cryptsy continued to conduct business as usual as if a theft didn't occur, treating the incident like some pesky gnat buzzing around the office with hopes that cryptocurrency community members not banned from participating will opine a solution to rid the critter once and for all if a 1000 BTC reward is put on the table.

I wholeheartedly disagree. If they're smart, they just sat and watched Paul and Mullick's workflow and learned how they fill hot wallets with cold wallet funds, manage the servers, and isolate wallets from each other (if they do/did). If they saw an way to get access to the cold wallets, either by moving horizontally within the Cryptsy internal network to some server that controlled cold wallet funds, or by setting up a trojan for Paul to download from the servers and use it to steal cold wallet keys from his computer, than that payoff would obviously be much better than stealing a hot wallet. If we are to believe they have monitoring set up to make sure the funds don't suddenly disappear, which I think is reasonable even for Cryptsy, and the thief saw evidence of that, then they'd know to go for the jackpot (cold wallet) instead of stealing 133 BTC and immediately setting off alarms, shutting off further access.

Here's another idea, by the way. They obviously have to have another wallet set up on (presumably) another computer to send the cold wallet funds. What if Paul downloaded the Lucky7Coin wallet there, either for personal use or for making a cold wallet for it? That's a MUCH easier and more likely way to pwn their cold wallets than moving horizontally within the network or dropping another payload for Paul to download and then break in.

[Gleb Gamow]

Before and after the theft on July 29, 2014: https://twitter.com/cryptsy?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor



Less than two months later after losing ten million dollars: http://www.coindesk.com/digitalbtc-cryptsy-mining-platform/

DigitalBTC and Cryptsy are building a new platform called digitalX Mintsy that will offer both tradable mining contracts and mining infrastructure, enabling users to mine with their own equipment as well as the hashing power they purchase.

As part of the deal, Cryptsy will invest $250,000 in the Australia-based bitcoin mining services provider. The project will open for registration tomorrow.

Mintsy will offer mining products and services on a range of digital currency hashing algorithms, including SHA-256 and crypt. Further, it will release its first products during the fourth quarter of this year.

Cryptsy CEO Paul Vernon told CoinDesk that the goal of the new platform is to offer the trading community a broad range of investment services. At the same time, Mintsy is aimed to provide more affordable access to hashing power, factoring the cost of electricity and labor expenses into the listing price.

[Gleb Gamow]

2014-07-29 18:55:43: https://www.walletexplorer.com/wallet/0c07e0bec1002bd2



2014-07-29 18:55:43: https://www.walletexplorer.com/wallet/Cryptsy.com-old?page=1198



Only a retard thief would use a cherry picker to get the hard-to-reach fruit (coins in a cold wallet) but not touch the low-lying fruit (~133 BTC worth of bitcoins in a hot wallet), then not spend the loot for a year and a half even though no police report was filed, meanwhile Cryptsy continued to conduct business as usual as if a theft didn't occur, treating the incident like some pesky gnat buzzing around the office with hopes that cryptocurrency community members not banned from participating will opine a solution to rid the critter once and for all if a 1000 BTC reward is put on the table.

I wholeheartedly disagree. If they're smart, they just sat and watched Paul and Mullick's workflow and learned how they fill hot wallets with cold wallet funds, manage the servers, and isolate wallets from each other (if they do/did). If they saw an way to get access to the cold wallets, either by moving horizontally within the Cryptsy internal network to some server that controlled cold wallet funds, or by setting up a trojan for Paul to download from the servers and use it to steal cold wallet keys from his computer, than that payoff would obviously be much better than stealing a hot wallet. If we are to believe they have monitoring set up to make sure the funds don't suddenly disappear, which I think is reasonable even for Cryptsy, and the thief saw evidence of that, then they'd know to go for the jackpot (cold wallet) instead of stealing 133 BTC and immediately setting off alarms, shutting off further access.

Here's another idea, by the way. They obviously have to have another wallet set up on (presumably) another computer to send the cold wallet funds. What if Paul downloaded the Lucky7Coin wallet there, either for personal use or for making a cold wallet for it? That's a MUCH easier and more likely way to pwn their cold wallets than moving horizontally within the network or dropping another payload for Paul to download and then break in.

Respect your opinion, but why didn't the retard spend a single satoshi in a year and half after going through all the trouble of stealing the coins in the first place?

Here's a theory: The thief is none other than Chen Jianhai and he plans on returning the coins any minute now. Also, check out this short video: https://www.youtube.com/watch?v=LlJkec-CQRM

Here's how it'll play out: https://bitcointalk.org/index.php?topic=95795.0

Did he admit the wrong-doing?

Surprisingly, yes. He strongly denied at first, but he changed his attitude entirely when I mention that this matter is an international-scale crime, and intelligent netizens from all over the world are actively investigating this matter.

Did he admit the wrong-doing?

Surprisingly, yes. He strongly denied at first, but he changed his attitude entirely when I mention that this matter is the bitcoin community's hands forgoing an official police investigation from around the world.

[cjmoles]

It's done!....The warning signs were there....the community was pointing them out....and the concerns proved to be valid.  Now, whether or not it was a self fulfilling prophecy is up for debate.  Maybe if everybody kept quiet (not an option morally in my opinion) then the problem could have been avoided.  

At this point, it seems,  the most that can be gained from this debacle will be gained by taking advantage of the lessons learned (AGAIN!) and walking away with a deeper understanding of the frailties involved around the whole bitcoin experiment.  It's just another very disappointing event in a string of disappointments but the lessons learned are extremely valuable!  We started with bitcoin's genesis and now we're in its evolutionary stages....it's all part of the plan!

Question: What did we learn and how can we use that knowledge to foster a healthy evolution of the project?  

[owlcatz]

this are the chat handles of the cryptsy defenders i can remember . they will stalk the chat and harass anyone asking for their money i suspect some of them might just be cryptsy staff member alts who knows.



terrik


we should not allow this people to get away with  this crime.

[Gleb Gamow]

It's done!....The warning signs were there....the community was pointing them out....and the concerns proved to be valid.  Now, whether or not it was a self fulfilling prophecy is up for debate.  Maybe if everybody kept quiet (not an option morally in my opinion) then the problem could have been avoided.  

At this point, it seems,  the most that can be gained from this debacle will be gained by taking advantage of the lessons learned (AGAIN!) and walking away with a deeper understanding of the frailties involved around the whole bitcoin experiment.  It's just another very disappointing event in a string of disappointments but the lessons learned are extremely valuable!  We started with bitcoin's genesis and now we're in its evolutionary stages....it's all part of the plan!

Question: What did we learn and how can we use that knowledge to foster a healthy evolution of the project?  

We need to educate scam artist on how to betterer execute thefts, then pen more betterer prose of words stuff so to make thier involvement less likely otherwise the world will looks at us bitcoiner peoples as being nothing but theivess and stupid, the laddder we no want thme to think of us as of.

[DrxGxr]

this are the chat handles of the cryptsy defenders i can remember . they will stalk the chat and harass anyone asking for their money i suspect some of them might just be cryptsy staff member alts who knows.



terrik


we should not allow this people to get away with  this crime.

is that his real picture? got more info on him ? post it for us we need real names and addresses

[cjmoles]

It's done!....The warning signs were there....the community was pointing them out....and the concerns proved to be valid.  Now, whether or not it was a self fulfilling prophecy is up for debate.  Maybe if everybody kept quiet (not an option morally in my opinion) then the problem could have been avoided.  

At this point, it seems,  the most that can be gained from this debacle will be gained by taking advantage of the lessons learned (AGAIN!) and walking away with a deeper understanding of the frailties involved around the whole bitcoin experiment.  It's just another very disappointing event in a string of disappointments but the lessons learned are extremely valuable!  We started with bitcoin's genesis and now we're in its evolutionary stages....it's all part of the plan!

Question: What did we learn and how can we use that knowledge to foster a healthy evolution of the project?  

We need to educate scam artist on how to betterer execute thefts, then pen more betterer prose of words stuff so to make thier involvement less likely otherwise the world will looks at us bitcoiner peoples as being nothing but theivess and stupid, the laddder we no want thme to think of us as of.

Smile...Well, we can also wait to see what Hearn comes up with while working with JP Morgan's team and try to emulate some of their solutions....?  Huh?

[Gleb Gamow]

New update!!
http://blog.cryptsy.com/post/137323646202/annoucement

Show of hands ? How many people are genuinely surprised ?

About time they came clean.

I am a bit surprised how utterly idiotic this is. Poor security practices, trying to conceal huge loss, letting the site bomb completely before coming clean... but yeah, a hack was something most predicted.

Ya like he takes a pre-compiled LuckCoin wallet and runs it on his machine with ties to millions in customer funds ?
Further more i already heard waaaay back that they have to compile the wallets themselves so that has to be a lie !

No real exchange runs precompiled wallets. First, they use Linux for backends. Windows is plain insecure. Second, to fire up a wallet released by an unknown dev without a code review? Never going to happen.

Seriously, what part of IT DID HAPPEN didn't you understand?

At one time we had a open communication with Secret Service Agent Shaun Bridges on an unrelated matter, but I think we all know what happened with him – so he was no longer somebody we could report this to.

Timeline:

July 29, 2014: $6.5M+ USD worth of BTC stolen from Cryptsy. (Don't get ahead of me!)

March 30, 2015: https://darknetmarkets.org/2-federal-agents-in-silk-road-case-face-fraud-charges/

Two former federal agents are expected to be arrested on Monday on charges of stealing money while working undercover on an investigation into Silk Road, the once-thriving black market website for drug dealing, a document shows.

The former agents are Carl Mark Force IV, who worked for the Drug Enforcement Administration, and Shaun Bridges, who worked for the Secret Service.

Paul Vernon: I didn't know where to turn or who to call when the over six million dollars was stolen because I knew nine months later Shaun Bridges was going to be arrested for ... well, I think we all know what happened with him.

Here's my take: Leroy Fodor is a 100 times more betterer thief than Paul Vernon will even be.

Well, to date nary a crypto-theme periodical has taken a few minutes to connect the dots like I have in what amounted to less than a minute of research on my part (took longer to pen it) to further prove that Paul Vernon is a Goddamn motherfuckin' serial liar just like Leroy Fodor and Marshall Long and John Fitzpatrick and Craig Wright.

[GoldSeal]

Paul Vernon was incompetent. I'm so fucking happy this guy is no longer in business.

If I ever run into him, I don't care if it's in the middle of a shopping mall or during a parade for children, I will totally unzip my pants and urinate on him and run away like a little school girl. I don't think I'll be able to help myself.

[suchmoon]

Here's another idea, by the way. They obviously have to have another wallet set up on (presumably) another computer to send the cold wallet funds. What if Paul downloaded the Lucky7Coin wallet there, either for personal use or for making a cold wallet for it? That's a MUCH easier and more likely way to pwn their cold wallets than moving horizontally within the network or dropping another payload for Paul to download and then break in.

For the backdoor to work it needs to be able to connect to the perp's server. If Vern - or whoever handled the cold wallet - would only sign TX on the unconnected cold wallet computer and then broadcast it from another machine then there would be no chance for a remote attack. Although a sufficiently sophisticated trojan could probably inject something in the TX being signed but that's incredibly unlikely and you have to be a total donkey to not double check if you're sending 13k to the correct address. Once you connect the "cold" wallet to the net though - it's not cold anymore.

Even the most basic privilege separation (i.e. not running multiple wallets as root on the same instance) and network filtering would have made it so much more complicated for the attacker. Doesn't look like that was the case here. Multiple major security blunders were needed for this to happen.

That's assuming the Cryptsy blog post was at least partially true. It's still quite likely that it's just a smoke screen. We haven't seen any post mortem analysis of the breach or anything like that.

[Gleb Gamow]

Paul Vernon: I need help from the sleuth community. Here's what happened: An intruder broke into my home and my wife turned up missing. Later that night I went to the freezer (don't get ahead of me) to fetch a TV dinner and lo and behold there was Lorie Nettles stiffer than a nail, so I fucked her one last time (so I thought), then opted to not call the police because, well, you know how they are, probably blame me and all, so I kept her in the freezer thawing her our every week or so to fuck her again, then back into the freezer she went. This happened last year after the time she filed for a divorce on my scammy ass.

Here are my options:

1.) Keep the body and continue to fuck it.
2.) Rent out the body for others to fuck it, using the moneys for the Cryptsy fund.
3.) Dispose of the body, leaving me to masturbate to a nude pic of Jim Shockney donning a Texas cowboy hat.

I offer a 1000 BTC reward for the best answer.

[eddie13]

Paul Vernon: I need help from the sleuth community. Here's what happened: An intruder broke into my home and my wife turned up missing. Later that night I went to the freezer (don't get ahead of me) to fetch a TV dinner and lo and behold there was Lorie Nettles stiffer than a nail, so I fucked her one last time (so I thought), then opted to not call the police because, well, you know how they are, probably blame me and all, so I kept her in the freezer thawing her our every week or so to fuck her again, then back into the freezer she went. This happened last year after the time she filed for a divorce on my scammy ass.

Here are my options:

1.) Keep the body and continue to fuck it.
2.) Rent out the body for others to fuck it, using the moneys for the Cryptsy fund.
3.) Dispose of the body, leaving me to masturbate to a nude pic of Jim Shockney donning a Texas cowboy hat.

I offer a 1000 BTC reward for the best answer.

Those are not options.. They are Step 1, Step 2, Step3...

15jYgRVym33hQyHBXiq1sjFdQLgLaU4udZ ty

[Gleb Gamow]

Paul Vernon: I need help from the sleuth community. Here's what happened: An intruder broke into my home and my wife turned up missing. Later that night I went to the freezer (don't get ahead of me) to fetch a TV dinner and lo and behold there was Lorie Nettles stiffer than a nail, so I fucked her one last time (so I thought), then opted to not call the police because, well, you know how they are, probably blame me and all, so I kept her in the freezer thawing her our every week or so to fuck her again, then back into the freezer she went. This happened last year after the time she filed for a divorce on my scammy ass.

Here are my options:

1.) Keep the body and continue to fuck it.
2.) Rent out the body for others to fuck it, using the moneys for the Cryptsy fund.
3.) Dispose of the body, leaving me to masturbate to a nude pic of Jim Shockney donning a Texas cowboy hat.

I offer a 1000 BTC reward for the best answer.

Those are not options.. They are Step 1, Step 2, Step3...

15jYgRVym33hQyHBXiq1sjFdQLgLaU4udZ ty

Theymos just gave back control of this user account of mine to me after it was stolen stolen last year. I would have reported this earlier but you know how them FUDster Trolls can be and all so I keep quiet. This is my first post by me on this account since <insert believable date here>.

[gargouri2001]

oh shit fuck them ,
20 ltc lost and about 2 BTC . 
i need my money back fucktsy