Dumb Question : If I found a security flaw with a major bitcoin company ..

[the founder]

THEY RESPONDED

I found a security flaw which allowed a thief to steal bitcoins from a company.
I contacted them and they don't reply,  what should I do?
I want to see the security issue resolved,  and the company in question is not responding to me.

The security flaw is so stupid that it most likely got overlooked.

EDIT:  We're talking a minor exploit that at most can yield 100 coins or so.   Not thousand,  not millions,  just 100 or so bitcoins.

It's not going to destabilize bitcoin, or affect prices to any large extent.  It's a single company that has a minor problem that they haven't contacted me back yet.

That's the extent of this flaw.   I asked for advice not because I wanted to freaking start a panic,  it's just how to get a company to respond.

100 BTC at max.... that's it.. nothing more.

[rme]

Make the flaw public will be the fastest way of been fixed.

[sgravina]

I found a security flaw which allowed a thief to steal bitcoins from a company.
I contacted them and they don't reply,  what should I do?
I want to see the security issue resolved,  and the company in question is not responding to me.

The security flaw is so stupid that it most likely got overlooked.

Don't steal the coins.  You will be criminally liable for that even if you intend to return them and even if you do return them.  In fact returning them becomes evidence against you.

Just try again.

[Sukrim]

Well, if you're a customer there you might not want them to be robbed from the outside...?!

You could transfer a nontrivial but also not business threatening amount of BTC to one of your addresses (maybe ennounce that here? On the other hand it might be easy to know which business has this flaw via network analysis) and then immediately send them back - that should hopefully trigger some alerts...

[sgravina]

Make the flaw public will be the fastest way of been fixed.

This also invites a lawsuit.

[MysteryMiner]

Fuck the law, if you live in another country just grab the damn coins!

[Elwar]

Is it the MtGox one where you can put anyone else's public Bitcoin address in the url and automatically get all of their bitcoins?

[christop]

Is it the MtGox one where you can put anyone else's public Bitcoin address in the url and automatically get all of their bitcoins?

Please tell me this is a joke.

[Elwar]

Is it the MtGox one where you can put anyone else's public Bitcoin address in the url and automatically get all of their bitcoins?

Please tell me this is a joke.

 

[flix]

I found a security flaw which allowed a thief to steal bitcoins from a company.
I contacted them and they don't reply,  what should I do?
I want to see the security issue resolved,  and the company in question is not responding to me.

The security flaw is so stupid that it most likely got overlooked.

Take 100 BTC to prove it. Make it public. Return the coins when you get an apology and a thankyou.



Seriously, if I was in charge of that co. I would be desperate to be the first to know about potential flaws and would offer a sizeable bounty for anybody that pointed them out (with proof).

[the founder]

1.  I will not steal or publish the results.   

I had a few hundred coins stolen from me 2 years ago,  at today's prices it would be $20,946.88
I do not wish that to happen to anyone ever.

2.  I attempted for a second time to inform the company,  no response yet.  When it comes in I will let you guys know what I found and how the exploit happened... that's after giving the owners time to correct the problem.

I got blasted via private message on bitcointalk for not publishing the exploit and stealing coins.

I hope that a few years from now if I was on the other side of the table people would handle it like this rather than freaking stealing coins.   If people were Honourable they would reward this type of behaviour rather than sending private messages like that... 

[fcmatt]

1.  I will not steal or publish the results.   

I had a few hundred coins stolen from me 2 years ago,  at today's prices it would be $20,946.88
I do not wish that to happen to anyone ever.

2.  I attempted for a second time to inform the company,  no response yet.  When it comes in I will let you guys know what I found and how the exploit happened... that's after giving the owners time to correct the problem.

I got blasted via private message on bitcointalk for not publishing the exploit and stealing coins.

I hope that a few years from now if I was on the other side of the table people would handle it like this rather than freaking stealing coins.   If people were Honourable they would reward this type of behaviour rather than sending private messages like that... 

just remember this.

NO GOOD DEED GOES UNPUNISHED

watch your back.

[Bit_Happy]

...If people were Honourable they would reward this type of behaviour rather than sending private messages like that... 

Thank you for setting a good example.

[the founder]

whoever just tipped me .035 thank you!

[Bit_Happy]

I once worked for a guy who said "Do the right thing" pretty often.
He ended up ripping me off.

just remember this.

NO GOOD DEED GOES UNPUNISHED

watch your back.

The OP is right to be an honest person.
just remember this:
You get what you deserve.

[MiningBuddy]

1.  I will not steal or publish the results.   

I had a few hundred coins stolen from me 2 years ago,  at today's prices it would be $20,946.88
I do not wish that to happen to anyone ever.

2.  I attempted for a second time to inform the company,  no response yet.  When it comes in I will let you guys know what I found and how the exploit happened... that's after giving the owners time to correct the problem.

I got blasted via private message on bitcointalk for not publishing the exploit and stealing coins.

I hope that a few years from now if I was on the other side of the table people would handle it like this rather than freaking stealing coins.   If people were Honourable they would reward this type of behaviour rather than sending private messages like that... 

Good for you man! This is what we need, more genuine and honest people like yourself around here.
If you found a flaw in one of my sites I would be sure to buy you a beer or two at the very least!

[the founder]

No Reply to the first or second attempt. 

[MysteryMiner]

You are either attention whore trying to cause bubble burst and there is no exploit

or

You are so rich that don't care about money or reward for your unique skills.

[tysat]

You are either attention whore trying to cause bubble burst and there is no exploit

or

You are so rich that don't care about money or reward for your unique skills.

I'm guessing option #1, this combine with someone else trying to cause a panic makes more sense than either post does alone.

[bbit]

Send me all their coins?