MemoryDealers.com founder Roger Ver abuses admin access at Blockchain.info

[Phinnaeus Gage]

To be clear, I agree with Roger that the dude deserves the scammer tag.  It's not his money...

bulanula got it, so should this dude.

What about that guy that got overpaid by Mt Gox last year?

[Phinnaeus Gage]

WWW.DRAMATALK.ORG

lol

You two freaked me out for a second. I clicked the link and the first thing I saw was my name at the top. Then I realized what page I was on.

[mc_lovin]

WWW.DRAMATALK.ORG

lol

You two freaked me out for a second. I clicked the link and the first thing I saw was my name at the top. Then I realized what page I was on.

lmfao classic. 

[Stephen Gornick]

private information (phone number) has been disclosed from the blockchain.info database.

Source?

[Edit: What you are probably assuming is that the person's info (phone number) posted in another thread came from blockchain.info.  It did not.  Blockchain.info doesn't hold that information regardless.   Oops, forgot, if you have SMS notification then they do have that information.]

[OpenYourEyes]

private information (phone number) has been disclosed from the blockchain.info database.

Source?

[Edit: What you are probably assuming is that the person's info (phone number) posted in another thread came from blockchain.info.  It did not.  Blockchain.info doesn't hold that information regardless.]

Source: https://bitcointalk.org/index.php?topic=131574.msg1409056#msg1409056

Nikolaos,

I looked up your address with Blockchain, and %100 for sure the funds were sent to a Bitcoin address that you control.

Here is the proof of the link to your account
(*REMOVED AS REQUESTED*)
You need to send back my 4.5119 BTC to:
-
right away.

(3rd quote down)

Unsure if it is his phone number, but all that information came from blockchain.info database.

[DannyHamilton]

private information (phone number) has been disclosed from the blockchain.info database.

Source? . . .

Source: https://bitcointalk.org/index.php?topic=131574.msg1409056#msg1409056

Unsure if it is his phone number, but all that information came from blockchain.info database.

You are mistaken.  This was posted by Nikolaos (NetHead) publicly revealing his own phone number.  It is true that Roger of MemoryDealers.com accessed the information at blockchain.info (he no longer has the ability to do so, blockchain.info removed his admin access as soon as they discovered he was abusing it), but he did not reveal it publicly.  He only revealed it to the user whose account it was.

[Rassah]

Waiting on an answer to this https://bitcointalk.org/index.php?topic=128841.msg1409754#msg1409754

Was already answered (you must have missed it)
Guy claimed the address was not his. Roger searched for that address in blockchain.info's database, found a wallet it belonged to, and saw that the wallet was registered to the same email address as the guy's customer account. In other words, he found conclusive and irrefutable proof that the guy did indeed receive the money to the account he owns, and lied about it. The link was established with the email. No logging of IP numbers was required.

[Rassah]

The remaining achievements don't seem - to me at least - to be worth the probable damage done.  ...and this is without even discussing the possible impact on innocent people when posting information that you don't know for sure is the scammer, legal implications of releasing info, etc.

Any lessons learned are worth the damage, if only just because they wont likely be repeated again. I doubt much damage was done from this. Sure, Roger got hot headed, but I doubt people will care, and he did provide very conclusive proof that the guy accused was the scammer.

There are a million ecommerce stores on the internet who get scammed on a regular basis and have the same kinds of problems getting any kind of authority involved - even when the scammer might only be 10 miles away.  They aren't posting customer info publicly everywhere...

Maybe they should? They probably don't, because they have no way of linking a customer to the scam, since it's easy to steal credit cards, but that turned out to be easier in this case. Also, there's a store nearby with  a large section of the wall labeled Wall of Shame. It has photos of people the store caught shoplifting, whom the store banned, up there for everyone to see in public.

[ab8989]

I sincerely hope that one of the lessons learned from this whole experience is that all Bitcoin-based businesses will add the following to their TOS in big bold letters:

"NOTE: if you try to scam us ... all your information, public and private, ... will be shared with all third parties ...  and ... publicly at our discretion."

I am not sure your effort to protect bitcoin economy is targeting the right direction.

I don't recall much any cases when a scam or other activity from a consumer raised to such a level to cause any adverse effect of bitcoin or the economy as whole. Not even in this case. Yes, the consumer in this case acted quite wrong, but only towards Roger and by only 5BTC. That is nowhere big enough stuff to tarnish bitcoin-economy as whole. All the problems for bitcoin-economy and its reputation suffered were done by Roger in multiple ways.

However it is not difficult to recall two dozen cases where bitcoin-businesses, their owners or major executives have caused the reputation of bitcoin-economy to suffer significantly by doing stuff big enough to raise to the level of being able to harm the whole economy. What is the precentage of the most prominent bitcoin-businesses involved in a scandal in the last year? Double-digit percentage? Extrapolate that 5 years in the future keeping the same probabilities?

So the fix to this problem seems to be misguided.

If we are talking about privacy and publishing it, I would think that one of the rootcauses in many cases of business and their owners harming the bitcoin economy comes from the fact that bitcoin-businesses seem to operate in huge secrecy. In the old fiat economy there are also some businesses that operate secretly, but there are also millions of companies that have no trouble publishing who are their most senior executives, who are their major shareholders, what is the financial health of the company. There are millions of people in the fiat-world that choose to do business only with companies that they have trust in because they can read who are the people running the business and also they can read quite clearly how much profit the company made last year and the risk level whether the company is going to go under in the next year can be independently calculated by all the people involved based on real world data made easily available. In bitcoin-world each consumer is pretty much forced to do business with companies that nothing is known about as there are no other kinds of companies to choose. That leads to many problems and fixing this problem is going to achieve more good for bitcoin than looking at the customers as the source of the problem. They seem not the place where the significant problem lives.

Another issue directly related privacy and personal details is the trend where some company suddenly decides they need to get huge amount of detailed personal information about their clients while keeping the customer funds ransom. This pattern of activity is I would say the most significant problem tarnishing the reputation of bitcoin economy related to the privacy and personal details. How many think the companies that have done eg. this are the companies you would be happy to trust with the power to publish all of the info in just at their discretion?

[mc_lovin]

There are a million ecommerce stores on the internet who get scammed on a regular basis and have the same kinds of problems getting any kind of authority involved - even when the scammer might only be 10 miles away.  They aren't posting customer info publicly everywhere...

Maybe they should? They probably don't, because they have no way of linking a customer to the scam, since it's easy to steal credit cards, but that turned out to be easier in this case. Also, there's a store nearby with  a large section of the wall labeled Wall of Shame. It has photos of people the store caught shoplifting, whom the store banned, up there for everyone to see in public.

Shoplifter? Scammer? I hope next time I'm at walmart and they accidently give me too much change they don't put my picture up on the wall of shame.

[thebaron]

There are a million ecommerce stores on the internet who get scammed on a regular basis and have the same kinds of problems getting any kind of authority involved - even when the scammer might only be 10 miles away.  They aren't posting customer info publicly everywhere...

Maybe they should? They probably don't, because they have no way of linking a customer to the scam, since it's easy to steal credit cards, but that turned out to be easier in this case. Also, there's a store nearby with  a large section of the wall labeled Wall of Shame. It has photos of people the store caught shoplifting, whom the store banned, up there for everyone to see in public.

Shoplifter? Scammer? I hope next time I'm at walmart and they accidently give me too much change they don't put my picture up on the wall of shame.

And if you were asked for it back and you didn't give it?

[ab8989]

And if you were asked for it back and you didn't give it?

Well, if they gave me the CORRECT change and I left the store and Mr. Walmart comes running to me later to say that they gave that guy in blue shirt by accident instructions to give you $50 later, so you better dig $50 from your pocket right now to Mr. Walmart. I would definately need to think a while at what is going on. After that Mr. Walmart comes back to say that, okay, we made a mistake when talking you earlier and it was not the guy in the blue shirt, but the lady in the red dress instead, but whatever, you better give me $50 right now.

When I have not yet met the guy or the lady nor seen any $50 yet I am pretty sure I would not rush to give anything to Mr, Walmart, but wait first what might happen with the guy in the blue shirt or the lady with red dress. Maybe they all are coming at me for me to either send me or demand that I give them all $50. Or perhaps the granny in the wheelchair also joins in who knows. I might be out of $200 if I don't hold to my own in this confusing situation and act only after everything is clear. Maybe.

This is pretty accurate analogy to this situation what happened with Roger and the client. Roger did not give the 'scammer' any extra money. Roger just maybe gave instructions to some other company to send money, or maybe they did not hear the erroneous instructions or send any. Who knows.

If I get my picture to wall of shame for this, then I would say Walmart sucks big time and never go there ever again.

[Rassah]

ab8989, the issue was that Bitcoinstore tried to resolve this problem in private, and were willing to cooperate, while nethead was not. If nethead wasn't sitting up on his high horse, and continued to discuss this with Roger, as opposed to ignoring and hanging up on him, the whole thing would have likely been resolved in private. If he still refused after their private discussions had conclusively shown that nethead stole the money, then Roger would have been in his right to ask that nethead be labeled a scammer. I am not advocating that stores immediately publicly humiliate anyone they think may have scammed them, but that they advertise the threat of being exposed to convince customers to actually discuss and negotiate,, instead of brushing it off with "What are you going  to do about it?" knowing the answer is likely nothing. It is also rather unfair that a business is typically public with a public reputation, and when it comes out that it does anything bad, it is immediately known about and acted on appropriately, while people who have any interactions with the business are expected to always have privacy, even if they are actively scamming that business. It's just way too one-sided.
I'm also a supporter of a reputation-based system. In a global environment that's the only way to do any business, and the only way to enforce punishment. If someone is untrustworthy, that should be known, and they should be denied any further business until the issue they had is settled. Lack of access to necessities works a hell of a lot better than cops and laws.

[ab8989]

I agree, the way Nethead responded was not correct and made things worse.

However Roger was already wrong from the beginning by jumping the gun and demanding that Nethead send send Roger money, while Roger could not prove Nethead had actually got any extra money yet. He could prove quite a lot of other things but not that Nethead got any extra money. I am not sure whether it was proven later, but at the time when Roger posted Netheads private information public, the situation was still very much unclear and Nethead could quite reasonably have had the position that well wait and see if there ever is extra money to be seen and who it actually belongs to and who comes to actually claiming it with a reasonable demand that it is their money.

Retaliating by publishing the name and address of Nethead was way out of line and I am not sure whether many people would respond reasonably after such an major assault has already happened and the damage was already done. It was game over already at that point when the game should have only be at warming up.

[Xenland]

http://www.quickmeme.com/meme/3s9ma6/

[DannyHamilton]

Bitcoin addresses stored for notification purposes have been deleted. Addresses are now stored as a SHA 256 hash of the address, which removes the ability to lookup a wallet by bitcoin address.

It does not. If that address has received any payment, it's trivial to brute force SHA256 hashes of all addresses on the blockchain until you find a match. If you're serious about preventing lookup by address, use a slow hash.

The secret salt used in the hash should prevent brute force of all addresses.

. . . Addresses are hashed with a secret. With access to the secret it would be possible to hash every bitcoin address with a none zero balance and use that to compare against subscribed hashes to determine addresses in a wallet. The sacrifice of some anonymity when notifications are enabled has always been stated https://blockchain.info/wallet/anonymity. However it is no longer possible for admins to lookup an arbitrary wallet by address.

[Meni Rosenfeld]

Bitcoin addresses stored for notification purposes have been deleted. Addresses are now stored as a SHA 256 hash of the address, which removes the ability to lookup a wallet by bitcoin address.

It does not. If that address has received any payment, it's trivial to brute force SHA256 hashes of all addresses on the blockchain until you find a match. If you're serious about preventing lookup by address, use a slow hash.

The secret salt used in the hash should prevent brute force of all addresses.

. . . Addresses are hashed with a secret. With access to the secret it would be possible to hash every bitcoin address with a none zero balance and use that to compare against subscribed hashes to determine addresses in a wallet. The sacrifice of some anonymity when notifications are enabled has always been stated https://blockchain.info/wallet/anonymity. However it is no longer possible for admins to lookup an arbitrary wallet by address.

My comment didn't make sense anyway, I got the process reversed. If the secret is unknown to admins it should work.

[Rassah]

However Roger was already wrong from the beginning by jumping the gun...

That I agree with. If the coins had in fact been sent to nethead's anonymous address, they could have gotten stuck in the mixer for a day or so, without nethead even being aware of them. So, I guess patience is also important.

[CharlieContent]

There are a million ecommerce stores on the internet who get scammed on a regular basis and have the same kinds of problems getting any kind of authority involved - even when the scammer might only be 10 miles away.  They aren't posting customer info publicly everywhere...

Maybe they should? They probably don't, because they have no way of linking a customer to the scam, since it's easy to steal credit cards, but that turned out to be easier in this case. Also, there's a store nearby with  a large section of the wall labeled Wall of Shame. It has photos of people the store caught shoplifting, whom the store banned, up there for everyone to see in public.

Shoplifter? Scammer? I hope next time I'm at walmart and they accidently give me too much change they don't put my picture up on the wall of shame.

And if you were asked for it back and you didn't give it?

Man that Wall of Shame thing is harsh. If someone is stealing food from a shop I feel sorry for them and I hope they get back on their feet. Thankfully something like that would be illegal here. So, of course, is shoplifting, so there's really no need for public shaming.

As many others have said, keeping the change isn't scamming. It's dishonesty. It's morally wrong. It's taking advantage of another person's honest mistake, but it's not a SCAM. A scam is a deliberate attempt to gain money from someone by deception. That is not what happened here.

All this "This guy is a THIEF and a SCAMMER and he should be vilified and Roger Ver is a poor innocent victim and should be deified" stuff is totally off the mark and at complete odds with how things actually went down.

Roger Ver made a mistake. Sometimes you need to pay for your mistakes. Sadly you can't always count on people being honest enough to help you correct your mistakes when the mistake benefits them directly. That's life. Ver has all the tools he needs to ensure it never happens again. He doesn't have to worry about being scammed or robbed again, because no one scammed or robbed him. All he has to do is make sure he (or his employee) doesn't give people the wrong amount of Bitcoins when he makes a transaction.

Roger Ver should have just asked this guy for the money back. If the guy didn't feel like being honest, too bad. Write off the loss, move on. Take it as a $50 reminder to be more careful in future. That's what any sane human being would do.

[thebaron]

9_9