MemoryDealers.com founder Roger Ver abuses admin access at Blockchain.info

[Axios]

What I understand from reading the first thread:

1. MemoryDealers accidentally had Bitcoins sent to nethead's Bitcoin address, rather than his own.
2. MemoryDealers asked for the Bitcoins back. A reasonable request, but he did mess up, and it is his own fault, with all due respect.
3. nethead lied about having the Bitcoins.
4. MemoryDealers accessed his account information on another server (Blockchain.info) for the purpose of verifying that nethead did, indeed, have the Bitcoins. It is worth noting that MemoryDealers did not have access to nethead's Bitcoins. He posted personal information of nethead's and his key to disable two-factor authentication, albeit without noting that's what the phrase could be used for.
5. nethead said the phrase was his secret key.
6.
7. Shit storm.

So basically, MemoryDealers was angry and did some things he shouldn't have. He shouldn't have posted nethead's information, and he should probably have just sucked up that about $50 of his was gone.

But nethead also should have paid up. nethead should not have lied above all else.

Correct. But by realeasing the private information he broke few agreements which probably cost a lot more than $60. Also it isn't his money, these are BitPay's funds.

And everyone's Blockchain.info funds are safe. Those can't be stolen from you by an admin just through database lookup. I will continue to use Blockchain.info for this reason.

They can be stolen by modifying the webpage.

[1714941928]

1714941928

[1714941928]

1714941928

[1714941928]

1714941928

[1714941928]

1714941928

[DannyHamilton]

. . . everyone's Blockchain.info funds are safe. Those can't be stolen from you by an admin just through database lookup. I will continue to use Blockchain.info for this reason.

Agreed, nobody's funds were ever at risk in this event.  Their personal information on the other hand certainly was. Fortunately, blockchain.info has acted in a responsible manner removing access to personal information from the person who abused that access.

Unfortunately, once a business's (or person's) reputation is damaged, it can be difficult to repair it.  This is why many people value their reputation and go to great lengths to protect it.

EDIT: blockchain.info has acted in a responsible way and removed from MemoryDealers all future access to personal information.  They could not know in advance that MemoryDealers would abuse the access allowed them as an employee.  As such this post has been edited to make it clear that blockchain.info is not responsible for the actions of this particular ex-employee.

[piuk]

It is unclear if "access to this information" means specifically "access to the admin panel" or "access to all personal information".  It could still be possible for Roger to access personal information without access to the admin panel depending on blockchain.info's network and database security.

Roger has never had access to the database, backups or any server access. He now has no elevated privileges over normal users.

[Axios]

Everything is mostly on spot except 4, where Roger sent the info privately to nethead/bitbitman , where he then posted them himself amidst the confusion at the forums.

Roger posted private information about nethead and deleted afterwards. What he sent privately was the JSON response from blockchain.info.

The case is simple:

Roger broken his own privacy agreement by posting the private information about nethead on this forum.
Blockchain.info broken their own agreement by giving the private information about nethead to Roger.
The funds that were sent to nethead were sent from Bitpay's address.

Nethead should return funds back to Bitpay, not Roger.

[BCB]

Weren't some of the bitcoinica hacks caused in part because too many clueless people had admin access?  Will we ever learn?

Come on Roger.  Fifty bucks??!!

The only thing we have in this community, after our bitcoins,  is our trust and integrity.  

Unfortunately this action speaks volumes.

[John (John K.)]

Everything is mostly on spot except 4, where Roger sent the info privately to nethead/bitbitman , where he then posted them himself amidst the confusion at the forums.

Roger posted private information about nethead and deleted afterwards. What he sent privately was the JSON response from blockchain.info.

The case is simple:

Roger broken his own privacy agreement by posting the private information about nethead on this forum.
Blockchain.info broken their own agreement by giving the private information about nethead to Roger.
The funds that were sent to nethead were sent from Bitpay's address.

Nethead should return funds back to Bitpay, not Roger.

I was referring to John Maguire's 4th statement where he stated that the information from blockchain.info was published in this forum.

Bit pay sent out the extra payment after Rogers's employee mistakenly instructed them to do so - hence, the losses acquired would be counted as Rogers's losses in this case.

[MemoryDealers]

Bit pay sent out the extra payment after Rogers's employee mistakenly instructed them to do so - hence, the losses acquired would be counted as Rogers's losses in this case.

I would like to clarify that the funds did not come from Bitpay.  (I was mistaken in an earlier post)
They actually came from another Bitcoinstore.com customer.
This customer was mistakenly told to send the funds to the wrong address.

I understand the confusion and anger that was caused by my using information from Blockchain.info for Bitcoinstore purposes.
I apologize for my lack of judgment in regards to this, but I think it should be noted that I simply disclosed a users own information to himself in order to prove that he was lying to me.

I never disclosed his blockchan.info information to an unrelated third party.

[DannyHamilton]

It is unclear if "access to this information" means specifically "access to the admin panel" or "access to all personal information".  It could still be possible for Roger to access personal information without access to the admin panel depending on blockchain.info's network and database security.

Roger has never had access to the database, backups or any server access. He now has no elevated privileges over normal users.

Thank you.  This is satisfactory and I will remove all my posts and signature related to this.  I hope my trust in you is not misplaced. I respect you, your business, your contributions to bitcoin, and your quick and responsible response to this event.

[Axios]

I would like to clarify that the funds did not come from Bitpay.  (I was mistaken in an earlier post)

Now to answer your private message.

Why should I believe a criminal.
Why should I believe a person who posted false information on a public forum.

[DannyHamilton]

. . .I understand the confusion and anger that was caused by my using information from Blockchain.info for Bitcoinstore purposes.
I apologize for my lack of judgment in regards to this . . .

Finally you acknowledge your mistake in this.  This goes a long way towards restoring my trust.  Mistakes and lack of judgement can occur in a heated moment.  It is important to recognize when we make such a mistake so we can learn from the event and avoid similar actions that bring our judgement into question in the future.

. . . but I think it should be noted that I simply disclosed a users own information to himself in order to prove that he was lying to me.

I never disclosed his blockchan.info information to an unrelated third party.

And then this.  

bitcoinstore.com IS a third party.  You used information that was private between the customer and blockchain.info, and disclosed it for use by bitcoinstore.com.  If you didn't have access to the admin panel and had to call Piuk up on the phone and have him look it up for you, then it would be obvious that it was disclosed to a third party.  It seems that, because you are the same person acting in two completely separate capacities, you can't see how this is disclosure of information from blockchain.info to a third party.

EDIT: blockchain.info has acted in a responsible way and removed from MemoryDealers all future access to personal information.  They could not know in advance that MemoryDealers would abuse the access allowed them as an employee.  As such this post has been edited to make it clear that blockchain.info is not responsible for the actions of this particular ex-employee.

[misterbigg]

Why am I quoting saying something I did not say?

That was a goof up when I edited the reply text. I've corrected it.

And for that matter, when did you come back from the hole?

The hole? I was never in a hole.

[greyhawk]

I would like to clarify that the funds did not come from Bitpay.  (I was mistaken in an earlier post)
They actually came from another Bitcoinstore.com customer.
This customer was mistakenly told to send the funds to the wrong address.

My inner accountant is now trying to stab his own eyes out after what he just read, and I'm not even an accountant.

[misterbigg]

The other thing that has to cease is the unwarranted delusions of self importance. You personally are not great enough to request moderators to delete the signs of your stupidity "so as not to harm bitcoin".

I have noticed exactly this delusion of self-importance in my private communications with the individual in question. I refrain from quoting the relevant messages because they are private and I haven't gotten permission to do so (Roger, may I?)

[Axios]

bitcoinstore.com IS a third party.  You used information that was private between the customer and blockchain.info, and disclosed it for use by bitcoinstore.com.  If you didn't have access to the admin panel and had to call Piuk up on the phone and have him look it up for you, then it would be obvious that it was disclosed to a third party.  It seems that, because you are the same person acting in two completely separate capacities, you can't see how this is disclosure of information from blockchain.info to a third party.

Exactly.

[CharlieContent]

Roger Ver has PMed me asking me to lock this thread. His desire is to cover up information that will "damage Bitcoin." Of course the only thing Roger Ver is worried about damaging is Roger Ver. What he did is corruption, pure and simple, and Bitcoin will only be served by exposing him. Allowing snakes to hide in the grass will never be for the greater good.

He may not have done anything truly unforgivable, but what he did was wrong. It was wrong enough that it shouldn't just go away. It can't. He abused his position to serve himself. I don't like that. Unsurprisingly neither did anyone else who took the time to understand it.

I'm very pleased to see Piuk's response. Roger, take notes: that is how a professional acts.

I actually use Blockchain.info myself, although I only ever keep small amounts of coins on there, and for a short amount of time, because this is Bitcoin and I trust no one. After this I was going to stop using it, but Piuk's response was spot on and enough to reassure me that there is a professional involved. I'll be continuing to use Blockchain.info, at least in the very cautious way that I'd use any web-wallet.

Still, I think it's important that Blockchain.info users, and anyone else in the Bitcoin community understands what happened today. For that reason I will not be changing or altering this thread in any way.

The other thing that has to cease is the unwarranted delusions of self importance. You personally are not great enough to request moderators to delete the signs of your stupidity "so as not to harm bitcoin".

The delusions of self importance are strong in this one. Particularly laughable is the "I am the most significant investor in Bitcoin the world has ever seen!"quote from the first thread along with a link where he is mentioned in passing on Forbes.com.

Wowee Roger! Can I have your autograph?

[misterbigg]

TL;DR version:

1) Blockchain.info investor MemoryDealers uses administrative access to get personal information connected to a particular wallet

2) Owner of MemoryDealers comes to the forum and acts like an asshat.

3) Owner of Blockchain.info sets things right.

4) Bitcoins and private keys from Blockchain.info are safe.

This about right?

[Rassah]

I sincerely hope that one of the lessons learned from this whole experience is that all Bitcoin-based businesses will add the following to their TOS in big bold letters:

"NOTE: if you try to scam us, and we find out, your account will be canceled, all your information, public and private, will be shared with all third parties we do business with, who may stop doing business with you as well, and this information may be shared publicly at our discretion."

Since Bitcoin business is done globally, some guy from China calling the police on someone in Greece is really not practical, and the threat of being even mistakenly labeled a scammer would hopefully knock these "Prove that I scammed you, asshole!" guys down a peg.

Also, I am concerned about the deceptive title damaging the reputation of blockchain.info, who, if you actually understand how they work, have absolutely no way of getting your coins even if they wanted to, the owner which was not involved in this, and who handled the issue quickly and professionally.

[SgtSpike]

@Charlie, I agree with keeping the thread, but the title SHOULD be changed.  I think everyone here agrees that blockchain.info is, once again, safe for usage.  The title would likely scare newbies away from using the service (which is the best Bitcoin wallet a person can point a new user to).  Without a good alternative, they may download QT (NOOOOO!) or try one of the other less user-friendly options, and be turned away from using Bitcoin entirely.  Many of the things discussed in this thread may not be understood by newbies, and certainly, they are not likely to read through 5 pages of discussions to find out that the issue has been resolved.

I sincerely hope that one of the lessons learned from this whole experience is that all Bitcoin-based businesses will add the following to their TOS in big bold letters:

"NOTE: if you try to scam us, and we find out, your account will be canceled, all your information, public and private, will be shared with all third parties we do business with, who may stop doing business with you as well, and this information may be shared publicly at our discretion."

Since Bitcoin business is done globally, some guy from China calling the police on someone in Greece is really not practical, and the threat of being even mistakenly labeled a scammer would hopefully knock these "Prove that I scammed you, asshole!" guys down a peg.

Sweet, I like it!!!

[teste]

I like blockchain.info service too and will still use it with precaution.
I don't want this thread be deleted. It's important keep this information on forum, to mistakes like the one from Roger never repeat.

[teste]

Change thread title. I agree