[0Th]Ozcoin Pooled Mining |DGM 1%|Stratum+VarDiff port 80|NEW CN mining|

[Raize]

There's still a significant amount missing, and there may still be a few things to follow up on if this car purchase was a legit purchase (finding the seller, finding where they were sending to, recovering any remaining funds, etc).

Perhaps at the end of this whole ordeal there will be an update with recognition for those that donated as well as some sort of reimbursement if necessary. A few days (if not weeks) will probably be needed to sort this thing out. I'd recommend giving them some time. It was an unfortunate event that's still not really over yet as the full lost amount has yet to be recovered.

[sharky112065]

So, I posted that a password reset was needed a few posts back. The problem is worse than that.

If you reset your password and use the login link on that page, it allows you to set a new password, but then whey you tell it to save, the password is not being saved on the server.

If you log out and back in again, it will not log you in.

[kano]

Could I be sent the alias of the person that you think is connected to the hacking?

Thanks

Did you bother to read the post you quoted?

Could I be sent the alias of the person that you think is connected to the hacking?

Thanks

Lulz, newb.

Toil has a vested interest in finding out who this person is, as they tried to frame him for the theft. I agree with not releasing the info to the public, but those who need to know should be made aware.

https://bitcointalk.org/index.php?action=profile;u=103188;sa=showPosts

Sorry, you are missing two things.

1) Exactly what dogisland said which is of course correct, meaning that he SHOULD not pass those details on to ANYONE without the law requiring him to - think of it this way: can anyone make up some likely story and thus ask dogisland for details of his user base?

2) Why on earth you you give out information to someone who is a member of a group of people who do such things already?
If he isn't directly involved (which there is no proof either way yet) he is certainly indirectly involved by being part of a group of people who commit these sort of crimes.

As I said early on in the discussion: "What goes around comes around"

[Graet]

I am only aware of one person with the password reset problem, we missed him in IRC when he mentioned it
roomservice posted a page or 2 ago the way passwords are hashed and stored. I always recommend using unique passwords and changing them from time to time regardless.

Re the donations, yes it could cause an awkward situation but I am/will be happy to reimburse anyone that donated in good faith thinking no coins would be returned (TBH I thought they were all gone and nearly fell off my chair with surprise when I found there was a chance to get even some coins back) at this stage 568.94BTC of 923 has been recovered leaving 354.06 still lost.

Payouts have not run yet until I am sure that miners will be paid for the payout run that went to the hacker and not miners. it is easier to be sure before we run payouts than try to fix it after.

Re: lots of things, I don't have answers to *everything* yet -some that I do, it is not yet an appropriate time to disclose - my main focus for the last few days has been to get Ozcoin back online and paying out as it should - most of you will be aware this goal is not yet achieved.

Thanks
Graeme

[Graet]

We are about to enable payouts to run
the 'stolen" balances have been restored to a PPS column in the database (due to how DGM scores are added in database this was the best way we feel.)

This will cause an offset in "total earnings" due to the system seeing the "payout" twice.

I will be topping up the wallet slowly, it will take some hours to run through everyone - the script runs every 1/2 hour

cheers
Graeme

[haveagr8day]

Graet,

Congratulations on getting some of your coins back. One thing that I noticed on the website since it relaunched is that the POT Stats are missing. Have they just not been added back in yet or am I missing something?

Thanks.

[SlaveInDebt]

Coming back home 

[Blaksmith]

Graet,

Congratulations on getting some of your coins back. One thing that I noticed on the website since it relaunched is that the POT Stats are missing. Have they just not been added back in yet or am I missing something?

Thanks.

Known cosmetic only bug, that was getting worked on when the site was hacked.. we will be getting back to it after we make sure it is all working the way it was before the hacking.

Blak

[Bitsaurus]

Congrats on at least getting some of the funds back.  Hopefully you'll be able to recover all the funds and make this a distant memory.

[sharky112065]

Graet: NVM I guess lastpass put in my email address for the login id on that first password reset. Some sites I log into use the email address so I just figured it was correct. Blakesmith helped me.

I feel so dumb now

[Graet]

Payouts have run ALL users over threshold paid up to date
we have a lot of 0 confirm payouts, if you have an email but no payout this will be the reason, patience and the Bitcoin network will get to them

With that I will breathe a big sigh of relief and move away from the keyboard for a couple of hours
Best wishes
Graeme

[chunglam]

Just point one miner to your pool and set the donation 100% to support your pool. Hope you can  going through this difficult time.

[ccbiker]

Payouts have run ALL users over threshold paid up to date
we have a lot of 0 confirm payouts, if you have an email but no payout this will be the reason, patience and the Bitcoin network will get to them

With that I will breathe a big sigh of relief and move away from the keyboard for a couple of hours
Best wishes
Graeme

I'm impressed to see you stick with this, Graeme... mad props!

And thanks to dogisland for getting him a majority of the hacked funds returned.

[kaerf]

very impressive recovery to have paid back your miners so quickly after such an incident.

[rupy]

Good job!

[Graet]

Thanks guys
planning on a good nights sleep, then working out just where the finances are at and talk to people that have loaned me coins to help out - the next phase in the recovery process
eustratum mining node should be back up within the next 12 hours

[John (John K.)]

At 8am yesterday morning the funds were intercepted when the user made a payment.

https://blockchain.info/address/1DsFCAZaxhJ9YGw5X8NCW9VkSMDZMyXzMF

Um, how does that work?  I thought strongcoin didn't control any private keys?  How can the funds be "intercepted"?

Regardless I'm glad graet has gotten a fraction of his money back.

I can only assume you pulled on him the same trick he pulled on Ozcoin - hacking the JS you delivered to his browser?  Just desserts I guess. 

This might be OT, but will this happen to regular users if strong coin is compromised? I just came to this thread after seeing this thread : https://bitcointalk.org/index.php?topic=184610.0

[QuiveringGibbage]

Public Disclosure.

On Saturday afternoon I was notified that Strongcoin was holding 568 BTC believed to be from the Ozcoin theft. Everytime you make a payment from StrongCoin the fee goes to 1STRonGxnFTeJiA7pgyneKknR29AwBM77 so any payments from strongcoin held accounts are easily traced back to the site.


I was asked by 2 separate people on this forum if I could hold the funds (Sorry to the people I didn't reply to). The evidence that these funds came from the heist seemed plausible to me.

At 8am yesterday morning the funds were intercepted when the user made a payment.

https://blockchain.info/address/1DsFCAZaxhJ9YGw5X8NCW9VkSMDZMyXzMF

I've spoken to the user in question over email. The user says he sold a car for BTC but can't reveal who to due to an NDA agreement.

Graeme and I had a conversation over the phone and some evidence came to light, that to me, made it very likely the user I have contact with was connected to the heist. I'm not going to reveal any details of the user accept to legal authorities if asked. I believe we should abide by due process.

I have sent a link to this post to the user so he/she can comment. Otherwise in the next few hours I will return the funds to Graeme, he can then decide what happens to those funds.

That's soo cool. I just signed up for a StrongCoin account.

QG

[PatMan]

At 8am yesterday morning the funds were intercepted when the user made a payment.

https://blockchain.info/address/1DsFCAZaxhJ9YGw5X8NCW9VkSMDZMyXzMF

Um, how does that work?  I thought strongcoin didn't control any private keys?  How can the funds be "intercepted"?

Regardless I'm glad graet has gotten a fraction of his money back.

I can only assume you pulled on him the same trick he pulled on Ozcoin - hacking the JS you delivered to his browser?  Just desserts I guess. 

This might be OT, but will this happen to regular users if strong coin is compromised? I just came to this thread after seeing this thread : https://bitcointalk.org/index.php?topic=184610.0

At 8am yesterday morning the funds were intercepted when the user made a payment.

https://blockchain.info/address/1DsFCAZaxhJ9YGw5X8NCW9VkSMDZMyXzMF

Um, how does that work?  I thought strongcoin didn't control any private keys?  How can the funds be "intercepted"?

Regardless I'm glad graet has gotten a fraction of his money back.

I can only assume you pulled on him the same trick he pulled on Ozcoin - hacking the JS you delivered to his browser?  Just desserts I guess. 

This might be OT, but will this happen to regular users if strong coin is compromised? I just came to this thread after seeing this thread : https://bitcointalk.org/index.php?topic=184610.0

I agree, it's not much of a Strongcoin account if someone there can just take it and pass it to whoever they like, no matter what the reason is.......

Personally, I have never and will never store ANYTHING online, especially my hard earned coins, it's just not safe - as this shows. Kind of defeats the whole purpose of Bitcoin doesn't it?

Still, each to to heir own I suppose.

[crazy_rabbit]

Public Disclosure.

On Saturday afternoon I was notified that Strongcoin was holding 568 BTC believed to be from the Ozcoin theft. Everytime you make a payment from StrongCoin the fee goes to 1STRonGxnFTeJiA7pgyneKknR29AwBM77 so any payments from strongcoin held accounts are easily traced back to the site.


I was asked by 2 separate people on this forum if I could hold the funds (Sorry to the people I didn't reply to). The evidence that these funds came from the heist seemed plausible to me.

At 8am yesterday morning the funds were intercepted when the user made a payment.

https://blockchain.info/address/1DsFCAZaxhJ9YGw5X8NCW9VkSMDZMyXzMF

I've spoken to the user in question over email. The user says he sold a car for BTC but can't reveal who to due to an NDA agreement.

Graeme and I had a conversation over the phone and some evidence came to light, that to me, made it very likely the user I have contact with was connected to the heist. I'm not going to reveal any details of the user accept to legal authorities if asked. I believe we should abide by due process.

I have sent a link to this post to the user so he/she can comment. Otherwise in the next few hours I will return the funds to Graeme, he can then decide what happens to those funds.

Despite having done the morally 'right' thing, what you have done might be illegal, and it certainly opens you up to legal liability.

How can you prove the 'thief' did not legitimately get ahold of the coins? If he had purchased them with cash, what proof would he have? Ignoring for the moment he claimed to have sold a car. (Although the user has no obligation to tell you the truth regarding where he got the coins).

In a case like this- I don't think you have the  authority to seize user funds without some sort of legal decision allowing you to do so. What criminal investigation determined the 'thief' a thief? How are you protected from this user not suing you? Did Garet file a police report for the theft? How can you prove to a judge a theft meven occurred? How could you prove it's not an elaborate ruse? (Not saying it is, but hypothetically)

I think you have opened a very dangerous Pandora's box here. You did the right thing morally, but you may have committed an even graver crime. Unlawful seizure of assets.