MemoryDealers.com founder Roger Ver abuses admin access at Blockchain.info

[ThomasV]

It should also be noted that ThomasV runs a competitor to Blockchain.info

That is correct, but Electrum is not a commercial operation.
It is a free software project, that involves multiple developers, not just me.

[Jouke]

Secret passphrases not being secret ..

[MemoryDealers]

All you have to do is read what Roger Ver himself wrote in that thread. He said himself that he has access to a lot of information about account holders and their accounts, and we can see for ourselves in the email chain he posted that he was prepared to leverage this information to resolve a customer service dispute in a completely unrelated business.

You have this wrong.
The only information I threatened to leverage was the information from Bitcoinstore,  the business directly involved in the incident.
I never made any of the information from Blockchain public.

[CharlieContent]

All you have to do is read what Roger Ver himself wrote in that thread. He said himself that he has access to a lot of information about account holders and their accounts, and we can see for ourselves in the email chain he posted that he was prepared to leverage this information to resolve a customer service dispute in a completely unrelated business.

You have this wrong.
The only information I threatened to leverage was the information from Bitcoinstore,  the business directly involved in the incident.
I never made any of the information from Blockchain public.

You leveraged it in private.

Also

If I knew his passphrase,  I could have logged into his account,  and taken my money back.

[meowmeowbrowncow]

While taking advantage of privileged information is bad this is getting overblown.

Let's stop the masterbatorial frothing.

[MemoryDealers]

You leveraged it in private.

He told me he didn't own the bitcoin address in question.
I told him in private that he did,  and gave him the proof that I knew he did.
I don't see this as inappropriate.

[mccorvic]

masterbatorial frothing

My idea of a good time btw.

[Rob E]

What ^ are you worried Bout guy? why are you crying.

[DannyHamilton]

You leveraged it in private.

He told me he didn't own the bitcoin address in question.
I told him in private that he did,  and gave him the proof that I knew he did.
I don't see this as inappropriate.

It is inappropriate for someone who has admin access at blockchain.info to use that information for the benefit of some other business.  As a matter of fact it is explicitly against the blockchain.info privacy policy:

We will . . . distribute . . . your personal information to third parties unless we have your permission or are required by law to do so.

This is why blockchain.info has removed your access.  They do not allow it to be used in this way, and you violated their trust.

In this instance bitcoinstore.com is a third party, and you have distributed the personal information of one of their users to that third party without the user's permission and without being required by law to do so.

EDIT: blockchain.info has acted in a responsible way and removed from MemoryDealers all future access to personal information.  As such this post has been edited to make it clear that blockchain.info is not responsible for the actions of this particular ex-employee.

[teste]

You leveraged it in private.

He told me he didn't own the bitcoin address in question.
I told him in private that he did,  and gave him the proof that I knew he did.
I don't see this as inappropriate.

It is inappropriate for someone who has admin access at blockchain.info to use that information for the benefit of some other business.  As a matter of fact it is explicitly against the blockchain.info privacy policy:

We will . . . distribute . . . your personal information to third parties unless we have your permission or are required by law to do so.

In this instance bitcoinstore.com is a third party, and blockchain.info has distributed the personal information of one of their users to that third party without the user's permission and without being required by law to do so.

+1

[teste]

Hope this episode serve as a lesson to improve the services of blockchain.info and bitcoinstore.

[DannyHamilton]

I can not recommend bitcoinstore.com to anybody.  I understand that they are frustrated with the loss of the bitcoins that they accidentally sent, and I realize that the "right thing to do" for the person who received those bitcoins was to return them.  However, that does not make your abuse of special access to blockchain.info allowed you as an employee any less inappropriate.  As far as I'm concerned the abuse of this access was at least as inappropriate as the failure of the person receiving the extra bitcoin to return them.

EDIT: blockchain.info has acted in a responsible way and removed from MemoryDealers all future access to personal information.  As such this post has been edited to make it clear that blockchain.info is not responsible for the actions of this particular ex-employee.

[Deafboy]

Hope this episode will serve as a lesson to improve the services...

In fact, the same mistakes will be done over and over again. And history will repeat.
Am I too pessimistic?  

[teste]

As far as I knew blockchain.info and bitcoinstore.com were 2 completely separate and unrelated businesses.  As far as I'm concerned, it is absolutely not appropriate for someone from one business to be using "admin access" at another business to gain special privileges.

I cannot in good faith (and will not) recommend blockchain.info to anybody ever again unless they do one of the following:


Publicly and openly state in an obvious and easy to find way on their main website which other businesses have special admin access to look up information on people's accounts.

or

Immediately sever all relationships with other businesses, removing admin access from anyone who would use that access to benefit their other business.

or

Provide all users with the exact same admin access, so that they too can track down scammers as necessary.


Furthermore, I can not and will not ever recommend bitcoinstore.com to anybody.  I understand that they are frustrated with the loss of the bitcoins that they accidentally sent, and I realize that the "right thing to do" for the person who received those bitcoins was to return them.  However, that does not make bitcoinstore.com use of special access to blockchain.info any less appropriate.  As far as I'm concerned their use of this access was at least as inappropriate as the failure of the person receiving the extra bitcoin to return them.

Again +1

[misterbigg]

Are you FUCKING KIDDING ME? I wake up and read this?

In my mind this is almost as bad as the pirate shit and all the fraud going on with those exchanges. Blockchain is sold as having the utmost security and trust, with its local wallet operations, audited code base, and anonymity features.

That someone, an investor no less, would go in and take actions that are completely at odds with how the Blockchain service is marketed is very disappointing to hear. This is another black eye on the face of Bitcoin. And God knows, we certainly don't need any more of those.

Plus, isn't this MemoryDealers guy the kid who left the country because the IRS tried screw him or something? And now he does this?

To add insult to injury, this guy's responses in the thread show that he is totally irresponsible and cannot be trusted. To think that Blockchain users' personal information is available at the whim of this turncoat makes me shudder.

[Herodes]

So, blockchain.info gives out admin access to co-owners ? What would they need this access for ? Wouldn't RV be considered a 'share-holder'. Is it the norm to give 'share-holders' the key to were the business operates?

[HostFat]

The main problem here is that now it's also hard to trust Piuk ...

[DannyHamilton]

The main problem here is that now it's also hard to trust Piuk ...

Yes, when a partial owner of a business acts in a manner that damages the reputation of the business, it affects the reputation of all the stakeholders in the business.  This is why it is important to be careful about who you get involved in business with.

[gusti]

Plus, isn't this MemoryDealers guy the kid who left the country because the IRS tried to stick a dildo up his ass or something?

Maybe this talks good about Roger. Who, besides making mistakes from time to time, has an extensive history for supporting and developing Bitcoin worldwide. Trolls in this thread all summed up, have done less than 0.001% that Roger made in the benefit of the community.

And blockchain.info service and features are awesome. I support both Roger and blockchain.

[piuk]

What happened
I do not know the sepcifics but there was some disagreement between Roger and a customer of bitcoinstore.com. The customer claimed not to own a particular bitcoin address that a incorrect amount had been refunded to. Roger used his access to the blockchain.info admin panel to lookup the information on a wallet which held that bitcoin address. This email address associated with the wallet and the email address of the customer matched.

Why is even possible?
Wallet are stored fully encrypted, so they appear as random text to us. However when notifications are enabled the client extracts the public keys from a wallet and asks blockchain.info to subscribe to those addresses. The ability too lookup a wallet using this information was added so that when newbies come to us and say "I just created a bitcoin wallet, but forgot to record the wallet identifier how can get I get my money back?" we can ask for their bitcoin address or ip and and are normally able to recover the identifier.

Screenshot of Admin Panel:



Why does Roger have access to the blockchain admin panel
He owns a minority stake in the company and helps with support. His funding has been tremendously helpful in allowing me to work on the Site full time, buy new servers, security hardware and fund free features.

Who else has access to this information?
Me, Roger and a customer support agent.

What has been changed

• Roger and the support agent's access to this information has been revoked.
• Bitcoin addresses stored for notification purposes have been deleted. Addresses are now stored as a SHA 256 hash of the address, which removes the ability to lookup a wallet by bitcoin address.
• The secret phrase is now no longer shown to any admins

What other information could be used to identify a wallet
We store the ip address a wallet was created with and the ip address a wallet was last updated with.

A wallet can be looked up by SMS number or email if that information has been added in [Account Settings].

Can blockchain.info access funds the funds in my blockchain wallet?
No, the information available gives only enough information to prove the user may own a wallet with that address. He could not have accesses the wallet, even if he had wanted to. No other individuals have access to the blockchain.info servers or code apart from me.