Please delete

[MemoryDealers]

I'm sad to report that Bitcoinstore.com has encountered our first scammer:



**************************************************
**************************************************
******Contact details removed until things cool down*****
**************************************************
**************************************************
**************************************************


He ordered a video card earlier this week,  but insisted that we declare it as $0 dollars for customs.
Legally we are not allowed to do this,  so we offered to declare the full amount,  or refund his money.

******* asked for a refund which was promptly sent.

Unfortunately an extra 4.5119 was also sent to him that he is refusing to return. (I understand that this is partially Bitcoinstore's fault)

The Bitcoin address and payments in question are:  http://blockchain.info/address/1H4UR5M72Ybpo4zrqWe8JKKYSeN1gxqBcU

He has refused to refund the money when asked via email,  and when I called on the telephone,  he hung up on me as soon as I told him my name.

Other than the reputational enforcement from this posting,  I don't know what else can be done.  

Any ideas?

BitcoinStore customer information is normally considered private, and will only be divulged in cases of blatant attempted scamming.
Because this order was placed with Bitcoin,  we have no idea if the above is his real name,  
but we can assume that the address is valid,  and I know that the telephone number is valid as well
because when I called him,  he knew exactly who I was, and why I was calling.

[Lethn]

Don't let cunts like this guy get to you, what we need is some sort of reliable payment system, I don't think the standard is going to cut it with Bitcoin because of all the scammers.

[greyhawk]

Don't let cunts like this guy get to you, what we need is some sort of reliable payment system, I don't think the standard is going to cut it with Bitcoin because of all the scammers.

Maybe a functionality to revert payments. 

[John (John K.)]

Don't let cunts like this guy get to you, what we need is some sort of reliable payment system, I don't think the standard is going to cut it with Bitcoin because of all the scammers.

Maybe a functionality to revert payments. 

Yeah, we need to inven...Wait, it's PayPal!

[greyhawk]

Don't let cunts like this guy get to you, what we need is some sort of reliable payment system, I don't think the standard is going to cut it with Bitcoin because of all the scammers.

Maybe a functionality to revert payments.  

Yeah, we need to inven...Wait, it's PayPal!

And then add a functionality to pay directly from my banking account so I don't need to convert my money into obscure internet tokens first.

I think we've got a great thing/k going here.

[MemoryDealers]

Some kind of blockchain recording everyone's trustworthyness would be an interesting tool to try to develop.
Everyone would have a copy,  so they could instantly check to see if someone they want to do business with is trustworthy or not.

For now, I just want the world to know what a jerk and scammer this guy is.

[bitbitman]

Maybe a functionality to revert payments.  

That would bring even more scams

I'm sad to report that Bitcoinstore.com has encountered our first scammer:

*
 refund which was promptly sent.

Unfortunately an extra 4.5119 was also sent to him that he is refusing to return. (I understand that this is partially Bitcoinstore's fault)

The Bitcoin address and payments in question are:  http://blockchain.info/address/1H4UR5M72Ybpo4zrqWe8JKKYSeN1gxqBcU

He has refused to refund the money when asked via email,  and when I called on the telephone,  he hung up on me as soon as I told him my name.

Other than the reputational enforcement from this posting,  I don't know what else can be done.  

Any ideas?

BitcoinStore customer information is normally considered private, and will only be divulged in cases of blatant attempted scamming.
Because this order was placed with Bitcoin,  we have no idea if the above is his real name,  
but we can assume that the address is valid,  and I know that the telephone number is valid as well
because when I called him,  he knew exactly who I was, and why I was calling.

Thanks for the info, I have been scammed myself and i know it sucks. My thread is in here if you can help me.
I wouldn't (personaly) add contact info online such as phones or address, but i would try to find the scammer's accounts to post

[Deafboy]

I hope that action above was covered in your terms of use and privacy policy.
There was a discussion between some of my friends recently about releasing personal information by e-shop owner and most of them disagree with this kind of "revenge".
It may bring negative attention.

[Raoul Duke]

I hope that action above was covered in your terms of use and privacy policy.
There was a discussion between some of my friends recently about releasing personal information by e-shop owner and most of them disagree with this kind of "revenge".
It may bring negative attention.

He could try doing it the easy way and equal for everyone.
Publish a public list of persons who for some reason owe the company money and are late with payments.
No need to call them scammers, just a debtors list
Don't know about the US, but I know some brick and mortar shops already did this(publish debtor lists) in Portugal and there was no problem at all, quite the opposite, they even made it to the press/TV.

[Bitcoinin]

If your policy is to publicly shame with full name, address, email, and phone of those that you consider to have scammed you, please update your privacy policy to detail exactly the circumstances in which you're going to do this.  Your current privacy policy explicitly says "We will not disclose or sell your personal contact information to any third parties without your permission".

But I really wish that you would reconsider this policy:

• The name and address provided could have been someone else's and now you're publicly posting it
• It could have been some underage kid who stupidly did this and now you're posting all of their info
• As encountered on sites like Reddit, people can go on internet witch hunts with people's private info - possibly against the wrong person just because they happened to find someone with the same name on Facebook
• Do you really want the privacy-conscious Bitcoin community to have to stop and consider the possibility that ALL of their info could be released on the forums before making a purchase?

I sympathize with the fact that this guy isn't returning the excess Bitcoin, but posting _all_ of their info publicly is a bit extreme to me - and completely against your current privacy policy.

[MemoryDealers]

I sympathize with the fact that this guy isn't returning the excess Bitcoin, but posting _all_ of their info publicly is a bit extreme to me - and completely against your current privacy policy.

The current privacy policy states:


But we will disclose these information ...... to protect against misuse or unauthorized use of our website.

I think this falls pretty clearly within that.

He has also since threatened my family with the following statement that is obviously directed towards me:  "FuckingTheDeadBodyOfRogersMom"
(My name is Roger)

Does anyone have an opinion on if it would be worthwhile to try contacting the Greek police in regards to the above threat?

[Herodes]

I understand the customer got his money back, but got more BTC than he was supposed to get. At the current going, this amounts to about 50 USD. While I understand you're angry, I am not sure if making his info public is the way to go. What is a customer in the future has a dispute with you, and then you put his info public, because you think he's wrong and you're not, when in fact a 3rd party may be the cause of the problem.

This case is clear cut, he should return the BTC he got that was over the amount he was supposed to receive, however when he denies to do so, just forget the case, and make sure there are no such erroneous paybacks in the future from your company.

50 dollars just isn't worth the stress mate.

On the other hand, prospective customers may be put off by knowing that in the event of a dispute, their personal information is not necessarily safe..

[caveden]

Does anyone have an opinion on if it would be worthwhile to try contacting the Greek police in regards to the above threat?

You'll hardily achieve anything meaningful.

You'd have perhaps more chances by attempting to talk with exchanges, since you probably know the owners of many of them, asking for an eventual block of this individual if he ever tries to cash out the money he owns you. But I'm not sure exchanges would accept to do this, as it could backfire on them.

I don't know what you can do. Fortunately it's not a huge amount, it won't hurt you that much.

50 dollars just isn't worth the stress mate.

On the other hand, prospective customers may be put off by knowing that in the event of a dispute, their personal information is not necessarily safe..

This is true.

[MemoryDealers]

50 dollars just isn't worth the stress mate.

In no way is it about the money for me, I've already spent hundreds of dollars worth of time on this,  but I'm incredibly driven by the moral principle behind it.

[nethead]

I got mailed by Zlatko Bijelic (Support) at 6.46pm

Nikolaos,

I hope that you are doing well.

You may have noticed that you received about 4.50932664 BTC coins today (2012-12-19 01:35:38) - this was due to a mistake on our end by giving the customer an incorrect Bitcoin Address for payment. I would like to ask if you can send us those Bitcoins?

Thank you in advance, I hope that you have a great day!

My reply:

WOW thats kinda sad, for both of us because it was an anonymous receiving address from my online wallet. Should I give my permanent address to forward payments to??? It would be great!!

I didnt receive anything, someone else got lucky today, but let me remind you thats its your fault in the first place that you didnt want to sent me what i bought. Im not lying here, that is my real name here and im from my real ip address.

After a while got that back from "Roger" (AND THIS EXPLAINS WHAT HE CLAIMS TO BE A THREAT FOR HIS FAMILY....)

Nikolaos,

I looked up your address with Blockchain, and %100 for sure the funds were sent to a Bitcoin address that you control.

Here is the proof of the link to your account corresponding with Bitcoin address: 1H4UR5M72Ybpo4zrqWe8JKKYSeN1gxqBcU

-redacted by request-

You need to send back my 4.5119 BTC to:
18yDbzddGVEr1Vyp4NXrP6mqAmUTesAg9a

right away.

I'm sorry Zlatko made the mistake in refunding you too much money to begin with.
Thank you for doing the right thing and returning the money,

Roger Ver

This right here is my personal SECRET information on blockchain.info.
(There i changed MY SECRET KEY to "...RogersMom" for blockchain, for him to see........and its totaly not a threat, (about contacting Greek police, for a threat LIKE THAT (?!) that i could maybe "kill"(?!?) someone from your family from Greece to US, they would just laugh)

After informing that what he did IS illegal (at least moraly, because we talk for bitcoins, where there is no law) he told me that:

Nethead, I own 25% of blockchain.info
I also own 15% of Bitinstant.com
%100 of Bitcoinstore.com
%100 or Memorydealers.com
I also own a % of coinlab.com, ripple.com ogrr.com and I am the largest single donor to bitcoinfoundation.org

I'm Roger Ver, the post prolific Bitcoin investor the world has ever seen:
http://www.forbes.com/sites/jonmatonis/2012/04/24/coinlab-attracts-500000-in-venture-capital-for-bitcoin-projects/


Stop trying to steal from me, I caught you %100.


This is your final chance to do the right thing and send my money back.

18yDbzddGVEr1Vyp4NXrP6mqAmUTesAg9a (4.5119 BTC)

Do it now, and both our lives will be easier, and you will be a better person for it.

With the very best intentions,

Roger Ver

In no way i got his money, and even if i did WHAT THE FUCK?? This incident i trully want to stay online, and on request i will pastebin all the conversation regarding this subject, im in a sok and i dont know what else to write. Ask me if i forgot anything.


I believe you just lost your reputation as Roger with what you did, YOU must repair mine.

[Herodes]

Yes, and I understand this. However, I think the time and effort can be used better. I also fought a fight a few months back, reclaiming a petty sum, using a lot more time and effort to win it back. In the end, I won. I was right on principle, and I got the money back, but was it worth it ? I could probably have used my time better and been productive with other things. Principles are all good, but sometimes it's just a fight not worth fighting.

50 dollars just isn't worth the stress mate.

In no way is it about the money for me, I've already spent hundreds of dollars worth of time on this,  but I'm incredibly driven by the moral principle behind it.

[MemoryDealers]

i spammed the newbie section a little so i can post here. leave me some time to make my post explaining PLEASE.
My point of view has to be heard. I am totaly not a scammer.

As i write it i kindly request all my info gets removed now. You decide later if you have to post it or if its legal to do so.

If you agree to refund my money if that is what the community thinks you should do, I will gladly remove all your information now.

I'm also happy to talk about it on the phone if you don't hang up on me again.

[CharlieContent]

He has also since threatened my family with the following statement that is obviously directed towards me:  "FuckingTheDeadBodyOfRogersMom"
(My name is Roger)

Does anyone have an opinion on if it would be worthwhile to try contacting the Greek police in regards to the above threat?

Hahaha. Yes, yes please call the greek police. Make sure to report back here and let us all know how you get on. And record the call.

Also fuck dealing with you, ever. What type of company outs their customers personal information on a forum over a customer service dispute?

This guy didn't scam you. Scamming is where people deceive you into giving them money. You FUCKED UP. Obviously this guy should give you the money back, but this situation wouldn't have happened without your mistake. It doesn't give him the right to keep your money, but if I was you I'd just be like "Well, I screwed up here." and move on.

It's like if you ran a store, and you gave someone too much change in a transaction, and they just left without letting you know. Would you put up a picture of the person from the security camera on a noticeboard calling them a thief? Of course not. No shop keeper would. They'd admit their mistake, take the hit from it, and move on.

This guy should give you the money back, but you posting this makes you look like a joke. Your comment about getting in touch with the greek police makes you look like a manchild who is out of touch with reality, and all this post serves to do is draw attention to your own lack of competence.

Act like a professional, stupid.

[Bitcoinin]

I sympathize with the fact that this guy isn't returning the excess Bitcoin, but posting _all_ of their info publicly is a bit extreme to me - and completely against your current privacy policy.

The current privacy policy states:

But we will disclose these information ...... to protect against misuse or unauthorized use of our website.

I'm not quite sure how that clause applies to the current situation: extra funds were sent to someone and you want them back - how is that misuse of the website?  If this is your policy then please be explicit about it and detail the exact circumstances.  For example, if a refund is necessary and you send too much, but can't get a hold of the person to get your money back will you publicly release all their info?  What if they happened to have just been on holiday for a week or two and that was why you couldn't reach them?  What if you call but the person hangs up because the person that picked up the phone didn't speak English?  There are all kinds of possible misunderstandings that could happen and it'd be nice to know which ones might trigger the completely public release of information.

[MemoryDealers]

Your comment about getting in touch with the greek police makes you look like a manchild who is out of touch with reality,

Maybe you missed the part where he implied killing my mother.

[nethead]

my previous post edited please see

[Herodes]

Your comment about getting in touch with the greek police makes you look like a manchild who is out of touch with reality,

Maybe you missed the part where he implied killing my mother.

That happens on the internet, every day of the week.

[nethead]

Your comment about getting in touch with the greek police makes you look like a manchild who is out of touch with reality,

Maybe you missed the part where he implied killing my mother.

I "implied" what you say in my SECRET key on blockchain. OH WOW! Come on. Please, im not trying to top you but man, at first you got my anonymous bitcoin address(1 time use) in your payment system, IT NOT MY FAULT, after that you show me MY SECRET key of blockchain?!!

Not to mention that AFTER the failed transaction i had with you, i requested to REMOVE my account from your site, but you did not!

[ThomasV]

I hope that action above was covered in your terms of use and privacy policy.
There was a discussion between some of my friends recently about releasing personal information by e-shop owner and most of them disagree with this kind of "revenge".
It may bring negative attention.

I agree. Posting the private information of one of your customers will bring negative attention to your business, and it will not get your money back. Not very professional, IMO.

If want to do something about a scammer, report him to the police. Do not try to be your own police, or your business will be affected.

[wikiaki]

Posting the private information of one of your customers will bring negative attention to your business, and it will not get your money back. Not very professional, IMO.

+1

[nethead]

I hope that action above was covered in your terms of use and privacy policy.
There was a discussion between some of my friends recently about releasing personal information by e-shop owner and most of them disagree with this kind of "revenge".
It may bring negative attention.

I agree. Posting the private information of one of your customers will bring negative attention to your business, and it will not get your money back. Not very professional, IMO.

If want to do something about a scammer, report him to the police. Do not try to be your own police, or your business will be affected.

what police, why, READ my post in the first page PLEASE!

[nethead]

i repost as noone seems to have read that


I got mailed by Zlatko Bijelic (Support) at 6.46pm

Nikolaos,

I hope that you are doing well.

You may have noticed that you received about 4.50932664 BTC coins today (2012-12-19 01:35:38) - this was due to a mistake on our end by giving the customer an incorrect Bitcoin Address for payment. I would like to ask if you can send us those Bitcoins?

Thank you in advance, I hope that you have a great day!

My reply:

WOW thats kinda sad, for both of us because it was an anonymous receiving address from my online wallet. Should I give my permanent address to forward payments to??? It would be great!!

I didnt receive anything, someone else got lucky today, but let me remind you thats its your fault in the first place that you didnt want to sent me what i bought. Im not lying here, that is my real name here and im from my real ip address.

After a while got that back from "Roger" (AND THIS EXPLAINS WHAT HE CLAIMS TO BE A THREAT FOR HIS FAMILY....)

Nikolaos,

I looked up your address with Blockchain, and %100 for sure the funds were sent to a Bitcoin address that you control.

Here is the proof of the link to your account corresponding with Bitcoin address: 1H4UR5M72Ybpo4zrqWe8JKKYSeN1gxqBcU

-redacted-

You need to send back my 4.5119 BTC to:
18yDbzddGVEr1Vyp4NXrP6mqAmUTesAg9a

right away.

I'm sorry Zlatko made the mistake in refunding you too much money to begin with.
Thank you for doing the right thing and returning the money,

Roger Ver

This right here is my personal SECRET information on blockchain.info.
(There i changed MY SECRET KEY to "...RogersMom" for blockchain, for him to see........and its totaly not a threat, (about contacting Greek police, for a threat LIKE THAT (?!) that i could maybe "kill"(?!?) someone from your family from Greece to US, they would just laugh)

After informing that what he did IS illegal (at least moraly, because we talk for bitcoins, where there is no law) he told me that:

Nethead, I own 25% of blockchain.info
I also own 15% of Bitinstant.com
%100 of Bitcoinstore.com
%100 or Memorydealers.com
I also own a % of coinlab.com, ripple.com ogrr.com and I am the largest single donor to bitcoinfoundation.org

I'm Roger Ver, the post prolific Bitcoin investor the world has ever seen:
http://www.forbes.com/sites/jonmatonis/2012/04/24/coinlab-attracts-500000-in-venture-capital-for-bitcoin-projects/


Stop trying to steal from me, I caught you %100.


This is your final chance to do the right thing and send my money back.

18yDbzddGVEr1Vyp4NXrP6mqAmUTesAg9a (4.5119 BTC)

Do it now, and both our lives will be easier, and you will be a better person for it.

With the very best intentions,

Roger Ver

In no way i got his money, and even if i did WHAT THE FUCK?? This incident i trully want to stay online, and on request i will pastebin all the conversation regarding this subject, im in a sok and i dont know what else to write. Ask me if i forgot anything.


I believe you just lost your reputation as Roger with what you did, YOU must repair mine.

[CharlieContent]

Your comment about getting in touch with the greek police makes you look like a manchild who is out of touch with reality,

Maybe you missed the part where he implied killing my mother.

I'd hardly call it a death threat.

You are a fool. He has taken $50 from you. That is your fault. He has now also taken hours of your time, which you could have spent making money or doing something that is important to you. That is also your fault.

You now also look like an idiot to at least one potential customer. Again, your fault.

Why in God's name didn't you cut your losses at the fifty measly bucks?

[nethead]

Did anyone actually read what i wrote?

[MemoryDealers]

Nikoloas,

As part owner, I have admin access to Blockchain.info,  so depending on the notification settings you have for your wallet there, I can look up accounts based on a Bitcoin address.  %100 for sure that bitcoin address is owned and controlled by you,  and you received the funds from me.

Now do the right thing and send them back:

4.5119 BTC to 18yDbzddGVEr1Vyp4NXrP6mqAmUTesAg9a

Once you do that,  I will delete the rest of your information from this public thread and we can both put this behind us.

I caught you %100 red handed lying about this.

For those who are interested,  here is the full support ticket history.  Read it from the bottom to top:


Roger TODAY 08:23 PM
Should I consider this a threat that should be turned over to the authorities?

"FuckingTheDeadBodyOfRogersMom"

I'm still waiting for your lawyer's contact information.

Roger


Roger TODAY 07:37 PM
When can I have your lawyer's contact details?
As promised, I have made this public for the world to know exactly what you have done:
https://bitcointalk.org/index.php?topic=131574.0

With the best intentions, (unlike you)

Roger Ver


Roger TODAY 06:48 PM
I will gladly contact your lawyer about this.
Please provide his contact details.

Thank you,

Roger Ver


Nethead TODAY 06:40 PM
You are on block list, you will only speak with my lawyer for what you have done so far. Everything is logged. Subject closed


Nethead TODAY 06:26 PM
Your mail does not prove anything, anyone can mail to anyone from any domain you want. Expose me? Do it.
You have failed my friend because you shouldnt touch that information, BlockChain TOS does not say so as of today. I know i didnt touch your bitcoins. ITS your fault that you added the address i gave you on the payment system, not mine. So if you say that you are a co-owner and you still say its a permanent address then i do not have anything else to say. Do whatever you want, but be careful where you put my information, thats a little hint.

Have a nice day man i hope you get your bitcoins.
As of now im out of this game


Roger TODAY 06:16 PM
To prove to you my ownership stake in blockchain.info, I just sent you an email from my roger@blockchain.info email address.

Do the right thing and send me back my money.

Roger


Nethead TODAY 06:02 PM
I know the name "Roger", but EVEN if you OWN (which you do not) you SHOULDNT toutch ANY personal info. Both bitcoinstore AND blockchain (which YOU involved) are in trouble. I dont get it "my last chance"? "to make my life easier"? Explain

As i said i do not have OR had any of your money. I really hope i didnt ever came to your failstore.


Roger TODAY 05:56 PM
Nethead, I own 25% of blockchain.info
I also own 15% of Bitinstant.com
%100 of Bitcoinstore.com
%100 or Memorydealers.com
I also own a % of coinlab.com, ripple.com ogrr.com and I am the largest single donor to bitcoinfoundation.org

I'm Roger Ver, the post prolific Bitcoin investor the world has ever seen:
http://www.forbes.com/sites/jonmatonis/2012/04/24/coinlab-attracts-500000-in-venture-capital-for-bitcoin-projects/

Stop trying to steal from me, I caught you %100.

This is your final chance to do the right thing and send my money back.

18yDbzddGVEr1Vyp4NXrP6mqAmUTesAg9a (4.5119 BTC)

Do it now, and both our lives will be easier, and you will be a better person for it.

With the very best intentions,

Roger Ver


Nethead TODAY 05:44 PM
I said what is true, you are not part-owner on blockchain, i do not have or ever had your money, annddd i said what is going to happen

Have a nice day sir, except if you have anything else to add


Roger TODAY 05:42 PM
Nikolaos,

I didn't get into any of your mail logs or your server.
I'm part owner of Blockchain.info so I can see all the addresses in your wallet, and I caught you red handed in your lie.

You have my money, and you need to send it right now to 18yDbzddGVEr1Vyp4NXrP6mqAmUTesAg9a (4.5119 BTC)

Stop lying, stop wasting both of our time, and send me back my money.

Thank you,

Roger Ver


Nethead TODAY 05:38 PM
You are going to get fined, blockchain will be involved in this. What you sent IS personal information, does not prove anything else than you are trying to threaten me, you shouldnt have that, and everything is against you.

Once again, i do not have your money, but you definitely deserved that, if i had them i would return them, i would return your fault back.

Your fine WILL exceed 10000 BTC if you want to talk in bitcoins.

Now do you have anything else to add?


Nethead TODAY 04:49 PM
Dude now you are in terrible trouble for getting to my mail (logs on MY server) AND stealling my wallet (also logged), before i sent this i have spoken to my lawyer and got all your information from your website. Also printscreened YOU sending MY information. This was not a permanent address, so you know you are in trouble.

Wait call from my lawyer

All that info is logged


Roger TODAY 04:36 PM
Nikolaos,

I looked up your address with Blockchain, and %100 for sure the funds were sent to a Bitcoin address that you control.

Here is the proof of the link to your account corresponding with Bitcoin address: 1H4UR5M72Ybpo4zrqWe8JKKYSeN1gxqBcU

[Wallet {email='nethead@spore.gr'
, guid='46f2b149-45c1-309c-98e0-af31be28175f'
, shared_key='2ea287bc-abf8-71b1-8e45-276ac034b854'
, secret_phrase='Neurobion'
, alias='nhman'
, created=Sat Dec 08 17:46:45 GMT 2012
, updated=Wed Dec 19 01:43:47 GMT 2012
, created_ip='188.95.51.84'
, updated_ip='79.107.123.47'
, sms_number='+44 7583383202'
, country='USD'}

You need to send back my 4.5119 BTC to:
18yDbzddGVEr1Vyp4NXrP6mqAmUTesAg9a

right away.

I'm sorry Zlatko made the mistake in refunding you too much money to begin with.
Thank you for doing the right thing and returning the money,

Roger Ver


Roger TODAY 02:44 PM
Nikolaos,

What anonymous receiving address service were you using?

Thank you,

Roger


Zlatko Bijelic TODAY 02:19 PM
Thank you for responding to the email.
Hopefully they use them wisely

--
Zlatko
Support Manager
www.bitcoinstore.com
www.twitter.com/bitcoinstore.com


Nethead TODAY 12:03 PM
WOW thats kinda sad, for both of us because it was an anonymous receiving address from my online wallet. Should I give my permanent address to forward payments to??? It would be great!!

I didnt receive anything, someone else got lucky today, but let me remind you thats its your fault in the first place that you didnt want to sent me what i bought. Im not lying here, that is my real name here and im from my real ip address.


Zlatko Bijelic TODAY 11:46 AM
Nikolaos,

I hope that you are doing well.

You may have noticed that you received about 4.50932664 BTC coins today (2012-12-19 01:35:38) - this was due to a mistake on our end by giving the customer an incorrect Bitcoin Address for payment. I would like to ask if you can send us those Bitcoins?

Thank you in advance, I hope that you have a great day!

--
Zlatko
Support Manager
www.bitcoinstore.com
www.twitter.com/bitcoinstore.com


Nethead YESTERDAY 11:24 AM
i confirm that. remove my account from your site, thanks


Roger YESTERDAY 11:22 AM
Your refund has been sent:
http://blockchain.info/address/1H4UR5M72Ybpo4zrqWe8JKKYSeN1gxqBcU

Thank you,
Roger


Roger YESTERDAY 11:08 AM
We are waiting to hear back from the payment processor.
Your refund will be sent as soon as possible.

Thank you,

Roger


Zlatko Bijelic YESTERDAY 11:08 AM
Nikolaos,

We have submitted your refund to our Payment processor, I will update you as soon as we receive the information from their end. I apologize for the delay.

Thank you you for your cooperation.

--
Zlatko
Support Manager
www.bitcoinstore.com
www.twitter.com/bitcoinstore.com


Nethead YESTERDAY 11:02 AM
ok now you are not even responding


Nethead YESTERDAY 10:52 AM
What is taking so long???


Nethead YESTERDAY 10:24 AM
Process it now that im awake. I paid when your site said so, i didnt reply "soon". And no im not thinking of future purchases, sadly my first one was not accepted, so keep it like that....


Zlatko Bijelic (assign) YESTERDAY 10:18 AM
Nikolaos,

We will go ahead and process your refund shortly. I apologize that it did not work out this time around, but keep us in mind for your future purchases if they make sense for you.

Have a great rest of your night and Happy Holidays!

--
Zlatko
Support Manager
www.bitcoinstore.com
www.twitter.com/bitcoinstore.com


Nethead YESTERDAY 10:12 AM
Name: Nikolaos Magiafas
E-mail: nethead@spore.gr
Telephone:

Comment: Thats great you offer refund, so im waiting for it. Im not willing to pay customs an additional half of its price.Return ALL the btc in this address 1H4UR5M72Ybpo4zrqWe8JKKYSeN1gxqBcU or the original i first sent them

[MemoryDealers]

I would also like to make it clear that I didn't make any of his Blockchain account info public.
I emailed him his own information.

He then posted it on this forum himself. (Not me)

[nethead]

Show proof! I TOLD IT WAS! Im sure you know blockchain anon addresses ARE one time use(i got one time my 32 btc), SEARCH FOR OTHER MEMBER THERE.

ALSO getting into accounts that ARE NOT yours, is spooky.

Posting my wallet also IS spooky, blockchain security you say..


PRIVACY?

I demand from the mods to remove all my contact info as we talk about it

[ThomasV]

I would also like to make it clear that I didn't make any of his Blockchain account info public.
I emailed him his own information.

He then posted it on this forum himself. (Not me)

You posted his name and address. if I was you I would remove that information asap.

You are destroying the reputation of your business for 4.5 BTC.
do not let anger guide your reactions, try to be rational.

[nethead]

I would also like to make it clear that I didn't make any of his Blockchain account info public.
I emailed him his own information.

He then posted it on this forum himself. (Not me)

And what about the threat about your family? Wasnt that MY blockchain SECRET key?
I really cannot reply to your comments, they also make me look as a child.

As a side note, this information SHOULDNT be visible even to admins, you know encryption? Just showed how weak blockchain is by that.

[Herodes]

This is pittyful to watch, the entire thread should be removed.

[MemoryDealers]

I would also like to make it clear that I didn't make any of his Blockchain account info public.
I emailed him his own information.

He then posted it on this forum himself. (Not me)

And what about the threat about your family? Wasnt that MY blockchain SECRET key?

I didn't tell anyone that it was your blockchain secret,  I simply said that you sent me a threat.

[MemoryDealers]

This is pittyful to watch, the entire thread should be removed.

+1

I would also like to see the whole thread removed as soon as Nethead does the right thing by sending the money back.

[jasinlee]

The point is, blockchain is a site you back which supports anonymity. By posting his info and declaring yourself part owner you were simultaneously pointing out that you have access to records that can track people, and showing that you can access them at any time for someone requesting them such as the authorities. Nethead wont do the right thing, he has 9 posts assuming its not just a puppet, just scam tag him and move on, dont wreck your reputation for 50 dollars.

[nethead]

I would also like to make it clear that I didn't make any of his Blockchain account info public.
I emailed him his own information.

He then posted it on this forum himself. (Not me)

And what about the threat about your family? Wasnt that MY blockchain SECRET key?

I didn't tell anyone that it was your blockchain secret,  I simply said that you sent me a threat.

I like how we got offtopic, I like how we argue like cats..
HOW did i sent you a threat(!) if it was my password? Yes i admit i did it for you to see, but it was my SECRET key on my "SECURE" account
I do not have your money, im still here and arguing, If i did i wouldnt even reply to your employe at the first place
I never had that bitcoins
End this here.


REMOVE ALL MY INFO

[Deafboy]

I would also like to see the whole thread removed

No way. Everyone should see how Roger is destroying his business for few bucks.

[nethead]

This is pittyful to watch, the entire thread should be removed.

+1

I would also like to see the whole thread removed as soon as Nethead does the right thing by sending the money back.

The information i have about your bussiness will never be removed. I will add them later. Bussiness names, not full contact info, and how you penetrate sensitive information.

[MemoryDealers]

The point is, blockchain is a site you back which supports anonymity. By posting his info and declaring yourself part owner you were simultaneously pointing out that you have access to records that can track people, and showing that you can access them at any time for someone requesting them such as the authorities. Nethead wont do the right thing, he has 9 posts assuming its not just a puppet, just scam tag him and move on, dont wreck your reputation for 50 dollars.

All the information I posted here came from Bitcoinstore.
None of it came from Blockchain.info (until after the scammer posted it himself)

[ThomasV]

I would also like to see the whole thread removed

No way. Everyone should see how Roger is destroying his business for few bucks.

it's not just going to hurt his business, it will also hurt blockchain.info, and Bitcoin. please remove the thread ASAP

[MemoryDealers]

I would also like to see the whole thread removed

No way. Everyone should see how Roger is destroying his business for few bucks.

Do you deny that he owes me the money?

[jasinlee]

The point is, blockchain is a site you back which supports anonymity. By posting his info and declaring yourself part owner you were simultaneously pointing out that you have access to records that can track people, and showing that you can access them at any time for someone requesting them such as the authorities. Nethead wont do the right thing, he has 9 posts assuming its not just a puppet, just scam tag him and move on, dont wreck your reputation for 50 dollars.

All the information I posted here came from Bitcoinstore.
None of it came from Blockchain.info (until after the scammer posted it himself)

I am aware, I read the thread. But that does not matter, that is not what people will remember. It brings into question things like are the anonymous addresses actually anonymous? If the owners get raided for whatever reason will they just turn on all their users? I agree he owes you, but it is not worth it.

[ribuck]

Why is the "secret phrase" stored unhashed anyway? That's just asking for trouble.

[MemoryDealers]

I would also like to see the whole thread removed

No way. Everyone should see how Roger is destroying his business for few bucks.

it's not just going to hurt his business, it will also hurt blockchain.info, and Bitcoin. please remove the thread ASAP

No sensitive information from Blockchain was posted by anyone other than the blockchain account owner.

[nethead]

I would also like to see the whole thread removed

No way. Everyone should see how Roger is destroying his business for few bucks.

it's not just going to hurt his business, it will also hurt blockchain.info, and Bitcoin. please remove the thread ASAP

I will make a new thread on this subject later, and i want this information i will post to stay online

[nethead]

I would also like to see the whole thread removed

No way. Everyone should see how Roger is destroying his business for few bucks.

Do you deny that he owes me the money?

I DENY IT! IM SAYING THIS 3 PAGES NOW

[MemoryDealers]

It brings into question things like are the anonymous addresses actually anonymous? If the owners get raided for whatever reason will they just turn on all their users? I agree he owes you, but it is not worth it.

I think it was not clarified:  the address the extra bitcoins were sent to are not an anonymous address that is part of Blockchain's mixer,  it was just a normal address in his blockchain wallet.

[DannyM]

So I guess passphrase information in blockchain.info is not hashed?

[Bitcoinin]

All the information I posted here came from Bitcoinstore.
None of it came from Blockchain.info (until after the scammer posted it himself)

The point, though, is that all of this got drug out into public because of the initial post.  It is reflecting poorly on the store, Blockchain.info, possibly Blockchain.info's wallet security, the other Bitcoin businesses you're connected to, the importance your businesses place on privacy/anonymity, and the professionalism of Bitcoin businesses in general.

[nethead]

It brings into question things like are the anonymous addresses actually anonymous? If the owners get raided for whatever reason will they just turn on all their users? I agree he owes you, but it is not worth it.

I think it was not clarified:  the address the extra bitcoins were sent to are not an anonymous address that is part of Blockchain's mixer,  it was just a normal address in his blockchain wallet.

Give proof of it as i requested earlier. Sadly i havent saved a screenshot of it as i normaly do for payments
What i got from you was only my 32.something btc.

Please put an end to it, as i have to leave in about half an hour to 45 mins

[BadBear]

Dang, guess I won't be using blockchain.info anymore 

[ThomasV]

Roger, can you please cool down, blank your first post, and seek a better outcome than a flamewar?

I don't want the next news article about Bitcoin to be entitled "In the lawless Bitcoin world, business owners seek revenge by publishing customer information"

[greyhawk]

Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

[MemoryDealers]

So I guess passphrase information in blockchain.info is not hashed?

No passphrase information was leaked or is even available.

If I knew his passphrase,  I could have logged into his account,  and taken my money back.

This is not possible by design with blockchain.

[nethead]

As soon as this ends i give up the bitcoin idea entirely

All my bitcoins will be given away
I will start a thread sometime later today or max tommorow, This right here got me

[MemoryDealers]

Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.

[MemoryDealers]

Roger, can you please cool down, blank your first post, and seek a better outcome than a flamewar?

I don't want the next news article about Bitcoin to be entitled "In the lawless Bitcoin world, business owners seek revenge by publishing customer information"

Done.

[nethead]

Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

I guess but this is not the case. He admited that he has access to the given info, dont know if he can manage too

[greyhawk]

Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.

What is this then?

secret_phrase='Neurobion'

Sincere question, I've never used bitchain.

[HostFat]

I want to know every informations that an admin of blockchain.info can see.
I thought that most of them were encrypted...

[MemoryDealers]

Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.

What is this then?

secret_phrase='Neurobion'

Sincere question, I've never used bitchain.

This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request.   It in no way grants access to the account funds in any way.  

Basically it is used so Blockchain can verify that they are communicating with the actual account owner.

[John (John K.)]

Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.

What is this then?

secret_phrase='Neurobion'

Sincere question, I've never used bitchain.

That would be a key to retrieve wallet identifiers or disable the 2FA:

Secret Phrase
A secret phrase can be set in your "Account Details" panel after login. In the case of lost wallet identifiers, yubikeys or lost email access the secret phrase can be given to us to help verify account ownership. This is reviewed manually on a case by case basis.

The password used to encrypt the wallet containing the privkeys is not sent to the server.

[MemoryDealers]

I want to know every informations that an admin of blockchain.info can see.
I thought that most of them were encrypted...

It is all encrypted,  but it depends on  your privacy settings.

Quoted from: https://blockchain.info/wallet/anonymity

Alerts Disabled: If you have notifications disabled your public keys are stored encrypted inside your wallet. In this mode we are unable to view your public keys and hence cannot view your balance or transactions.


Alerts Enabled: When notifications are enabled your public keys are inserted in a separate table along with your email, skype handle or google talk username. This mode does sacrifice some Anonymity as we can now see your public keys and view your wallet balance. However just because a wallet contains a public key does not necessarily mean they are the owner of said key (as you can add keys without the respective private key).

In this case the scammer with my bitcoins had Alerts enabled for his wallet,  so I could easily verify %100 for sure that he has my money in his Blockchain wallet.

If he had his alerts set to Disabled,  I wouldn't know if he really had my money or not.

[ribuck]

This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request.   It in no way grants access to the account funds in any way.  

Basically it is used so Blockchain can verify that they are communicating with the actual account owner.

So obviously it needs to be securely hashed, or else anyone who compromises the database (or has authorised access to it) can impersonate the actual account owner.

[nethead]

Wait, wait, wait. So Roger Ver has access to see users wallet passwords in plaintext? So he can theoretically log in to any account on Blockchain.info and send himself whatever he wants? Blaming it on "hackers"? Is that what is happening here?

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.

What is this then?

secret_phrase='Neurobion'

Sincere question, I've never used bitchain.

This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request.   It in no way grants access to the account funds in any way.  

Basically it is used so Blockchain can verify that they are communicating with the actual account owner.

And reset their passwords? maybe?

Ill try to stay ontopic: Just a reminder I do not owe you anything. I got what i have sent you, then the address was gotten by someone else. It WAS anon. And i re-request proof which you dont give that it isnt


Also, why some people try to get into my account? I got my funds away as soon as he showed me that he has access to that info, MY info!

[Raoul Duke]

And so it started, the shitstorm: https://bitcointalk.org/index.php?topic=131608

[MemoryDealers]

And reset their passwords? maybe?

This is NO PASSWORD RESET for Blockchain.info

If you have a secure password,  your money is safe no matter what.

Otherwise I could have reset your password and taken the money you owe me.

[Deprived]

This is a secret phrase that can be used to help blockchain verify your identity in case of a lost wallet identifier or yubikey or other 2nd factor authentification reset request.   It in no way grants access to the account funds in any way.  

Basically it is used so Blockchain can verify that they are communicating with the actual account owner or a part-owner of the site or anyone else allowed to just look these up..

FYP

[Bitcoinin]

And so it started, the shitstorm: https://bitcointalk.org/index.php?topic=131608

Blockchain.info has some of the best services for newbies - can we please not scare them off and do as much damage control here as possible?

[CharlieContent]

Otherwise I could have reset your password and taken the money you owe me.

Wow. What a scumbag.

Why should anyone trust you after this? After all, you have no problems going into people's accounts and just taking what you think you are owed in a completely separate business venture. You claim not to be capable, but I'm not sure that I believe a word you say.

BlockChain.info says: "Be your own bank"

What it actually means is: "Open an account at the Roger Ver Bank."

[HostFat]

This is NO PASSWORD RESET for Blockchain.info

If you have a secure password,  your money is safe no matter what.

Otherwise I could have reset your password and taken the money you owe me.

Can you contact another admin of blockchain.info and acting as someone else that wants back his own wallet? (and giving the secretpass)
If this is an open possibility, than it's better to find a way to make it harder or better impossible.

Saving the hash of the password seems a good start.

[augustocroppo]

The Bitcoin address and payments in question are:  http://blockchain.info/address/1H4UR5M72Ybpo4zrqWe8JKKYSeN1gxqBcU

What are the transactions ID of the BTC supposedly sent to Nikolaos?

The current privacy policy states:

But we will disclose these information ...... to protect against misuse or unauthorized use of our website.

I think this falls pretty clearly within that.

That is not what the privacy policy implies. Your policy suggest that you will only disclose personal information only when legally required by a government agency. Moreover, the user did not misused the Internet page.

http://memorydealers.com/terms-and-privacy/

We will not disclose or sell your personal contact information to any third parties without your permission. But we will disclose these information when legally required to do so, at the request of governmental authorities conducting an investigation, to verify or enforce compliance with the policies governing our website and applicable laws or to protect against misuse or unauthorized use of our website.

He has also since threatened my family with the following statement that is obviously directed towards me:  "FuckingTheDeadBodyOfRogersMom"

How the threat was made and by what kind of media?

[MemoryDealers]

Otherwise I could have reset your password and taken the money you owe me.

Wow. What a scumbag.

Why should anyone trust you after this? After all, you have no problems going into people's accounts and just taking what you think you are owed in a completely separate business venture. You claim not to be capable, but I'm not sure that I believe a word you say.

BlockChain.info says: "Be your own bank"

What it actually means is: "Open an account at the Roger Ver Bank."

Please look up the difference between "could" and "would"

I would never do such a thing even if I could.

[nethead]

He has also since threatened my family with the following statement that is obviously directed towards me:  "FuckingTheDeadBodyOfRogersMom"

How the threat was made and by what kind of media?
[/quote]

Guess, blockchain secret key

[piuk]

Roger has pointed me to this thread.

Roger owns part of blockchain, so has access to the admin panel along with me. The admin panel is very basic but there is the ability to query wallets based on certain information. Recently the ability to query a wallet by bitcoin address was added, when notifications are enabled.

These queries are designed to help users recover a forgotten wallet identifier and is not supposed to be used for any other purpose.



If a wallet is found the results are shown as follows:

[Wallet {email='zootreeves@gmail.com'
, guid='abf66471-fe0a-6820-8977-55d7e8c1f6b2'
, shared_key='XXX-XXX-XXX-XXX'
, secret_phrase='My Secret'
, alias='piuk'
, created=Tue Jan 03 12:52:07 GMT 2012
, updated=Tue Dec 18 19:47:40 GMT 2012
, created_ip='81.187.238.52'
, updated_ip='127.0.0.1'
, sms_number='+44 7525431876'
, country='GBP'}
]

So you have the date the wallet was created, when it was last updated, the ip that created it and the ip that updated it. The secret phrase is the phrase required in order to reset two-factor authentication, not the password. The password, wallet balance, other addresses cannot be viewed.

I am going to change notifications to store SHA256(bitcoin_address) rather than the plain bitcoin address which will remove the ability to lookup a wallet by address entirely.

[MemoryDealers]

This is NO PASSWORD RESET for Blockchain.info

If you have a secure password,  your money is safe no matter what.

Otherwise I could have reset your password and taken the money you owe me.

Can you contact another admin of blockchain.info and acting as someone else that wants back his own wallet? (and giving the secretpass)
If this is an open possibility, than it's better to find a way to make it harder or better impossible.

This is not possible.

There is no way for an admin or anyone else in the entire world other than someone who knows the current password to change the password.
If you kept your password a secret,  then no one else in the entire world has access to the funds in your blockchain wallet.

[BadBear]

I saw it just before he deleted it, nethead posted using this account then immediately deleted it. Was a typical nethead post, mentioned it was an anon account and he never got the money, then asked roger to end it as he had to leave in a few mins.  https://bitcointalk.org/index.php?action=profile;u=75200

[augustocroppo]

If I knew his passphrase,  I could have logged into his account,  and taken my money back.

You finally destroyed your moral reputation with this phrase.

[prezbo]

I would also like to see the whole thread removed

No way. Everyone should see how Roger is destroying his business for few bucks.

Do you deny that he owes me the money?

With all due respect, it was your fault and he is in no way forced to send that money back. If you made the mistake of sending the money through the conventional system to someone else it would've been just the same.

[HostFat]

@piuk
Can you do the same with secret_phrase?

[CharlieContent]

NO,  this is not possible.

If it was,  I could have just taken my money back,  and none of this would have been an issue.

You may have used the word "could", but I think this implies that you would. Otherwise how can you say "none of this would have been an issue"?

[CharlieContent]

There is no way for an admin or anyone else in the entire world other than someone who knows the current password to change the password.
If you kept your password a secret,  then no one else in the entire world has access to the funds in your blockchain wallet.

How can anyone trust you after this?

[tbcoin]

If I knew his passphrase,  I could have logged into his account,  and taken my money back.

You finally destroyed your moral reputation with this phrase.

+1

There are a 75% of blockchain.info very angry with this guy

[augustocroppo]

I saw it just before he deleted it, nethead posted using this account then immediately deleted it. Was a typical nethead post, mentioned it was an anon account and he never got the money, then asked roger to end it as he had to leave in a few mins.  https://bitcointalk.org/index.php?action=profile;u=75200

I am sorry BadBear, but I did not got it. You mean that nethead is bitbitman?

[CharlieContent]

You destroyed your entire reputation for the sake of $50 measly bucks, a loss that was your mistake in the first place.

You stupid, stupid man.

[Deafboy]

There is no way for an admin or anyone else in the entire world other than someone who knows the current password to change the password.
If you kept your password a secret,  then no one else in the entire world has access to the funds in your blockchain wallet.

How can anyone trust you after this?

You can check the source code of blockchain.info and see yourself. If the code isn't modified by purpose, owners of the site are not able to see your password.

[CharlieContent]

Ver could change the source code at any time. He could change the entire site so that all transactions go into his wallet, and he'd get everything until it was discovered.

[nethead]

I really have to leave by 5 minutes.

Please inform me for anything happens here
I will leave my account open here

I will get out of bitcoin idea after all this. I never did nothing wrong. That said, i will open a thread to max, tommorow giving away btc, to be more excact i will sent them to "bitcoin-friends" i have, and will keep some for giving out here.

Bitcoin world is dark, and today got me totaly destroyed

[nethead]

I saw it just before he deleted it, nethead posted using this account then immediately deleted it. Was a typical nethead post, mentioned it was an anon account and he never got the money, then asked roger to end it as he had to leave in a few mins.  https://bitcointalk.org/index.php?action=profile;u=75200

I am sorry BadBear, but I did not got it. You mean that nethead is bitbitman?

Im not bitman, didnt see either
but yes i would post that im going to leave in a few mins, as i did (previous post)

[tbcoin]

I just wanted to mention that a skilled blockchain.info admin can perfectly steal your funds. He just needs to change the javascript sent to your browser in order to get your password.

This is not true.

See here:  https://blockchain.info/wallet/verifier

[BadBear]

I saw it just before he deleted it, nethead posted using this account then immediately deleted it. Was a typical nethead post, mentioned it was an anon account and he never got the money, then asked roger to end it as he had to leave in a few mins.  https://bitcointalk.org/index.php?action=profile;u=75200

I am sorry BadBear, but I did not got it. You mean that nethead is bitbitman?

Yes, he accidentally posted using the wrong account that I linked. I'd recommend saving any information there, there are addresses and other info that could be helpful.  

[jasinlee]

I saw it just before he deleted it, nethead posted using this account then immediately deleted it. Was a typical nethead post, mentioned it was an anon account and he never got the money, then asked roger to end it as he had to leave in a few mins.  https://bitcointalk.org/index.php?action=profile;u=75200

I am sorry BadBear, but I did not got it. You mean that nethead is bitbitman?

Yes, he accidentally posted using the wrong account that I linked. I'd recommend saving any information there, there are addresses and other info that could be helpful.  

This too.

https://bitcointalk.org/index.php?topic=131608.msg1409227#msg1409227

[nethead]

And a new shitstorm appears. Save anything, i would like to have anything posted here if thread gets deleted.
Anyone can post "like me"

[MemoryDealers]

There is no way for an admin or anyone else in the entire world other than someone who knows the current password to change the password.
If you kept your password a secret,  then no one else in the entire world has access to the funds in your blockchain wallet.

How can anyone trust you after this?

You don't have to trust me because the code is open source.

[HostFat]

@nethead


Anyway, I don't see the scam thing of bitcoinstore so interesting (nethead is obviously dishonest)
I just really hope that all possible security holes of blockchain.info will be solved

[Photon939]

This whole thread is such a joke.

It amazes me that it all revolves around Roger's own fuckup and $50

I think I'll be staying away from MD in the future.

[MemoryDealers]

This whole thread is such a joke.

It amazes me that it all revolves around Roger's own fuckup and $50

I think I'll be staying away from MD in the future.

I think you meant to say that this all revolves around one of my employee's fuckups, a dishonest customer,  and my non-ability to let the customer get away with it.

If I had let him get away with stealing $60,  or if he had been an honest guy in the first place,  none of this would be an issue.

[Photon939]

Ok so it wasn't you who sent the excess coins.

I agree that the customer is dishonest.

I'll still be staying away from both people after all that has been shown in this thread.

[MemoryDealers]

If I knew his passphrase,  I could have logged into his account,  and taken my money back.

You finally destroyed your moral reputation with this phrase.

This point was made to show that Blockchain.info funds are secure,  not that I want to steal anyone's money.

mccorvic summed up what happend so well!

So, if I have this right.  A scammer gives blockchain.info his bitcoins for safe keeping, scams the guy who runs it, and then complains that blockchain.info might maybe want their BTC back even though that can't happen anyway?

GTFO!

I think I'm going to go buy something off bitcoinstore.com just to counteract your stupidity.

[jasinlee]

This whole thread is such a joke.

It amazes me that it all revolves around Roger's own fuckup and $50

I think I'll be staying away from MD in the future.

I think you meant to say that this all revolves around one of my employee's fuckups, a dishonest customer,  and my non-ability to let the customer get away with it.

If I had let him get away with stealing $60,  or if he had been an honest guy in the first place,  none of this would be an issue.

FTFY, get a PR person, you are doing it wrong.

[itsgoldbaby]

This thread is good actually, outing dishonest people is a good thing in the bitcoin community. So many people are clearly mad they don't get to run successful businesses like memorydealers/bitcoinstore that they jump on any little incident to try and put them down. Doesn't it state on your website already that you don't label items cheaper than sold for to save the customers money on any customs?

[Photon939]

This thread is good actually, outing dishonest people is a good thing in the bitcoin community. So many people are clearly mad they don't get to run successful businesses like memorydealers/bitcoinstore that they jump on any little incident to try and put them down. Doesn't it state on your website already that you don't label items cheaper than sold for to save the customers money on any customs?

If this had just consisted of  "I made a mistake but now this guy is being dishonest" I would be 100% fine with it.

It went quite a bit beyond that.

[TangibleCryptography]

Unfortunately an extra 4.5119 was also sent to him that he is refusing to return. (I understand that this is partially Bitcoinstore's fault)

While it likely will be lost in the scam vs counter scam accusations but the error in the OP has a relatively simple fix.  BTW I have done the same thing and it was a LOT larger than 4.5119 BTC.  Luckily (and yes I had that sick feeling in my stomach until it was resolved) for me the person who was double paid was a regular repeat customer and stand up guy who promptly returned it.

So the relatively simple fix.   bitcoind should have a delay send feature.  An parameter which when set in configfile indicates the number of seconds a transaction should be held before sending.

Code:

delaysend=120

Before someone freaks out about "reversing payments" this would simply be client side.   (assuming delaysend=120 is set)
1) user sends x BTC to address y (x or y may be wrong)
2) client provides transaction id
3) for the next 120 seconds the tx is NOT broadcast to the network.  
4a) In the GUI a cancel button can be shown (which disapears after tx is broadcast).
4b) In bitcoind a new two new RPCs are added.

Code:

CancelDelaySend [txid].  txid is optional.  Calling it with no txid will abort all queued delay sends
OverrideDelaySend [walletpassphrase].  Wallet passphrase is required even if wallet is unlocked (see hot wallet below).

5) delaysend expires and tx is broadcast normally

Honestly I would put some coins towards a bounty (a portion for a functional patch, and another portion when included in mainline).

This would also provide some (although not complete) protection for a hot wallet.
1) hot-wallet password is NOT stored on server.
2) hot-wallet password manually entered by admin when bitcoind is started (with no expiration on locking hot-wallet)
3) DelaySend can't be modified once bitcoind is started.  changing it requires bitcoind reset (and thus admin password).
4) DelaySend can be overridden but requires admin password.

If attacker attempts to send funds using the bitcoind it will be delayed for x seconds giving admins a chance to double spend the attacker from a backup wallet and get a head start in any race.  The hotwallet password isn't available on the server in plaintext.  The wallet.dat (actual file) is still encrypted.  It can be decrypted from the key in memory but that is a slightly more sophisticated attack.  In the event the server still has outside communication admins could call the 'lockwallet' RPC to flush the decryption key from memory.  Alternatively cutting actual power to the server or power cycling (via remote PDU with separate login credentials) would result in a locked wallet and erasure of any DelaySend txs.

Note this isn't foolproof but it does raise the bar compared to the totally simplistic current attacks (login as admin, use servers own hotwallet bitcoind to send out funds or locate passphrase in code and grab a copy of wallet.dat).   It gives admins a fighting chance if the intrusion is detected early.

[elux]

If a wallet is found the results are shown as follows:

[Wallet {email='zootreeves@gmail.com'
, guid='abf66471-fe0a-6820-8977-55d7e8c1f6b2'
, shared_key='XXX-XXX-XXX-XXX'
, secret_phrase='My Secret'
, alias='piuk'
, created=Tue Jan 03 12:52:07 GMT 2012
, updated=Tue Dec 18 19:47:40 GMT 2012
, created_ip='81.187.238.52'
, updated_ip='127.0.0.1'
, sms_number='+44 7525431876'
, country='GBP'}
]

I am going to change notifications to store SHA256(bitcoin_address) rather than the plain bitcoin address which will remove the ability to lookup a wallet by address entirely.

You absolutely need to go into urgent damage control mode on this.

The wallet-query information (e-mail, phone# and IP-addresses) could, for example, be a used to make an example of some random Silk Road customers.

[thebaron]

People attacking the victim in this community and sticking up for the theif? What else is new...

[thebaron]

I don't want the next news article about Bitcoin to be entitled "In the lawless Bitcoin world, business owners seek revenge by publishing customer information"

Sure would cut down on the asshole customers.

[HostFat]

People attacking the victim in this community and sticking up for the theif? What else is new...

high positions, high responsibility

[Deafboy]

TangibleCryptography, AFAIK, there is actually an existing feature in bitcoin network allowing you to send transaction with the ability to change it later. It's currently not implemented in any client, but it could be used to review and correct one's recent transactions.

https://en.bitcoin.it/wiki/Contracts

[MemoryDealers]

If this had just consisted of  "I made a mistake but now this guy is being dishonest" I would be 100% fine with it.

Here you go:

Myself,  and others at Bitcoinstore made some mistakes but now this guy is being dishonest.

[MrTeal]

People attacking the victim in this community and sticking up for the theif? What else is new...

I wouldn't go so far as to call him the victim, but he definitely isn't a scammer either. A scumbag yes, and possibly a theif. He didn't set out to scam anyone though, there was no premeditation that he was going to try to scam coins from bitcoinstore.

Seriously Roger, this was a terrible idea. The whole thread makes you, memorydealers, bitcoinstore and blockchain.info look bad. Worse, there was no point to it. Public shaming might work against someone with a built up reputation, but this guy had to spam newbie posts just to be able to post it. As the saying goes, don't wrestle with a pig, you both end up dirty and the pig just enjoys it.

[niko]

This thread should be locked, then stickied.  So much to learn about Bitcoin, privacy, security practices, liars, scammers, incompetence, and waste of time.

[MemoryDealers]

As the saying goes, don't wrestle with a pig, you both end up dirty and the pig just enjoys it.

I think you are right. 

[thebaron]

He didn't set out to scam anyone though, there was no premeditation that he was going to try to scam coins from bitcoinstore.

Sure, but he was trying to get a business to commit fraud.

(yeah, government sucks and all that...but still)

[DannyHamilton]

As far as I knew blockchain.info and bitcoinstore.com were 2 completely separate and unrelated businesses.  As far as I'm concerned, it is absolutely not appropriate for someone from one business to be using "admin access" at another business to gain special privileges.

I cannot in good faith (and will not) recommend blockchain.info to anybody ever again unless they do one of the following:


Publicly and openly state in an obvious and easy to find way on their main website which other businesses have special admin access to look up information on people's accounts.

or

Immediately sever all relationships with other businesses, removing admin access from anyone who would use that access to benefit their other business.

or

Provide all users with the exact same admin access, so that they too can track down scammers as necessary.


Furthermore, I can not and will not ever recommend bitcoinstore.com to anybody.  I understand that they are frustrated with the loss of the bitcoins that they accidentally sent, and I realize that the "right thing to do" for the person who received those bitcoins was to return them.  However, that does not make bitcoinstore.com use of special access to blockchain.info any less appropriate.  As far as I'm concerned their use of this access was at least as inappropriate as the failure of the person receiving the extra bitcoin to return them.

[MemoryDealers]

I don't think this thread is good for Bitcoin,  and promoting Bitcoin is my number one goal. 

This thread is now locked.