pyedpyper
|
|
April 07, 2013, 08:23:05 PM |
|
Dear Boussac,
Firstly, thank you for starting an open process of communication with Instawallet users. This is a very good start.
However, ... <trimmed for brevity>
pyedpyper, Your letter was well written and captured my own posture on the matter very closely. I found almost all of the questions asked to be fair and realistic. My losses are not great and not as great as yours. In my case, they are a small fraction of my BTC holdings, and partially out of a desire to promote the general health of the Bitcoin network which defines the value of my main stash it would be worthwhile to me to see attacks on the system resolved as thoroughly and professionally as possible. Thus, I feel inclined to join you in any formal and well thought out efforts to proceed on this adventure if necessary and if my participation may be helpful. Hopefully the organization responsible for Instawallet will demonstrate professionalism in reaching the best resolution possible and nothing very onerous or expensive will be necessary. While I always considered the funds I had with Instawallet to be disposable, the fact that it was associated with an organization which appeared to be on a healthy business trajectory played a part in my decisions about how much to keep there. Further, the fact that 'Paymium family' choose to continue to operate Instawallet with their name on it was, to me, a valid reason to believe that they considered it security hardened enough to withstand attack. Please feel free to PM me if need be. I'm an American citizen BTW. Thanks - lets stay in touch if this needs to be taken further.
|
|
|
|
pyedpyper
|
|
April 07, 2013, 08:25:29 PM |
|
pyedpyper: I thank you for putting into words exactly how I also feel about this affair, I am sure that many of us could not have penned such a letter any better. Boussac for your information please also consider me a signatory to this letter which has my support too.
Noted - thank you. For the record I have also emailed Paymium (for attention Gonzague Grandval) with a copy of the post as well as further invitation to dialog.
|
|
|
|
pyedpyper
|
|
April 07, 2013, 08:36:39 PM |
|
Dear Boussac,
......... Sincerely,
PyedPyper
As thoughtful as this letter is- it might not be possible for them to answer. Even if there had been no funny-business any legitimate company would hire a lawyer that would advise answering none of these questions. What if they were to answer you wrongly about one of these questions? Perhaps just from not 100% understanding the situation? You or someone else would turn around and go after them about that later. It's a legitimate letter, but I think any lawyer would advise "no comment". It's just too risky to tell you the truth- innocent or not. Indeed, perhaps the things you point out in your letter about their "50BTC" limit, or "first come first serve" might be the result of them trying to come up with a clear, concise, and honest communication to the community, as quick as possible, the only result of which is more accusations and mistrust. Valid point. However, to prove their good faith I will still expect a response to each point, even if that response is "our legal counsel has advised us to not answer this question". The sum total of their responses will certainly reveal if these guys are being straight. And if there is any sign that they are not being straight then I feel it is prudent to take this to the relevant authorities. In offering the services they do they have a direct fiduciary obligation to both exercise care in the management of funds and to communicate transparently with their clients. The latter has certainly not been happening. And despite what any legal counsel may propose, their obligation remains. And certainly we have a right to know the truth. Frankly at this point no-one even knows if there genuinely even was a hack.
|
|
|
|
pyedpyper
|
|
April 07, 2013, 08:37:37 PM |
|
Dear Boussac,
......... Sincerely,
PyedPyper
As thoughtful as this letter is- it might not be possible for them to answer. Even if there had been no funny-business any legitimate company would hire a lawyer that would advise answering none of these questions. What if they were to answer you wrongly about one of these questions? Perhaps just from not 100% understanding the situation? You or someone else would turn around and go after them about that later. It's a legitimate letter, but I think any lawyer would advise "no comment". It's just too risky to tell you the truth- innocent or not. Indeed, perhaps the things you point out in your letter about their "50BTC" limit, or "first come first serve" might be the result of them trying to come up with a clear, concise, and honest communication to the community, as quick as possible, the only result of which is more accusations and mistrust. This is true, and is a good point. In that case I would expect the lawyer to draft the response or at the very least to give verifiable evidence that the matter is being perused with the utmost professionalism and in a way that would be most likely to result in a resolution which is favorable to the effected parties. Failing that, it is completely reasonable to expect at some fraction of effected customers will do everything in their power to achieve an outcome which is in their best interests, and in doing so could add inefficiency to what could otherwise be a more smooth process. Exactly.
|
|
|
|
pyedpyper
|
|
April 07, 2013, 08:47:03 PM |
|
Disclaimer : I have no affiliation with Paymium. I am only a customer of Bitcoin Central. 1. Please state your full real name and your current position with Paymium (and whether you are a shareholder, director or employee).
I strongly believe Boussac's real name is Pierre Noizat, COO and co founder of Paymium. Evidences : http://www.e-ducat.fr/sample-page/ http://fr.linkedin.com/pub/dir/Pierre/Noizat (login to confirm the picture is the same) 2. Please confirm that you have formal authorisation from the board of Paymium to be communicating on behalf of the company on this forum.
He has. See above 3. Please provide the case number and filing date of the report you state Paymium has filed with the police.
There is no such thing as a "case number" in France. He could probably post a scan of the report, but I believe it would contain information that right now it would not be wise to publish. (Like what exactly happened, who they suspect if it is an insider job, and so on) 4. Please provide Paymium’s formal contact details: office address and telephone number.
The legal address if Paymium is : 73 Rue du Chateau 92100 BOULOGNE BILLANCOURT ( see here) They don't have a public phone number in the french phone book5. Please state whether (...)
Can't answer the other questions since I have no more information than anybody here. Appreciated However I want all of this from Boussac directly - goes to integrity of the communication process. Regarding your statement that "There is no such thing as a "case number" in France", I find that hard to believe. How could they track or administer anything if there is no unique file number (or similar identifier) associated with each case?? Even if that is the case, the point is for Paymium to provide verifiable proof that a case has actually been opened with the French police. Whatever it takes they must do it. Otherwise more cases will be filed I can guarantee.
|
|
|
|
pyedpyper
|
|
April 07, 2013, 09:16:23 PM |
|
However I want all of this from Boussac directly - goes to integrity of the communication process. Regarding your statement that "There is no such thing as a "case number" in France", I find that hard to believe. How could they track or administer anything if there is no unique file number (or similar identifier) associated with each case?? Even if that is the case, the point is for Paymium to provide verifiable proof that a case has actually been opened with the French police. Whatever it takes they must do it. Otherwise more cases will be filed I can guarantee.
What I say is that this kind of procedure is mostly "paper based" here. If a record number exists it will be local to the police station that filed it and it will not be a proof of anything. And also between the time when you report something, and the time when the police contacts you back to file the report "for real", it can take weeks if not months (I know it I am myself in such a case right now). What you could do - and any user of Instawallet also - is file a complaint, in french (it will be better) or in english (not sure that it will be fast) - and address it to "Monsieur le Procureur de la République - 4 Boulevard du Palais - 75055 Paris Cedex 01". Do not accuse anybody of anything. Simply state the facts and ask them for help, saying you are a victim of a scam (in french " escroquerie"). Your case will be given to the same officer that manages Paymium's case right now, and in a few weeks (or months ...) you will be contacted by a police officer if they need more information or if they have something for you. At some point you probably will need the help of a french attorney ... Very useful - thanks. My feeling is to remain in a position of "good faith" and file nothing yet, while giving Paymium a clear opportunity to give solid and verifiable information that we can all trust. I really think they should have that opportunity. However, should they not take that opportunity to start treating their Instawallet clients with a little more respect than they have so far, and continue to demonstrate dodgy communication / behavior then I think it would be fine for criminal and civil suits to fly in their direction from all 4 corners of the earth. Personally I do not think they want that at all - and I do not want it for them. I would rather it all be resolved nicely and easily. But they need to give solid assurance that that is happening first.
|
|
|
|
pyedpyper
|
|
April 07, 2013, 09:20:19 PM |
|
If you check street view for that address it doesn't look like much more than apartments. Like I said before I would be happy to take a trip to Paris along with any other forum members if they wanted to come.
All donations from US members to go toward the trip would be repaid in full when I get my coins back.
Obviously if anyone knows of a forum member already in Paris that would make it easier but I think I can get there for about 2.5-3 btc
I live in Paris. Yes it looks like a residential building. It might be the personal home of G. Grandval and not the place where the offices are located - but I doubt so since they are supposed to declare all offices as separate locations in the official company database (infogreffe.fr/societe.com). Anyhow for all legal stuff it is the address that should be used. And I might go there to see what happens if needed. If you felt moved to pay them a visit and have a face to face conversation that may be very useful. Truth is made more plain in that circumstance. Do you have coin in Instawallet personally?
|
|
|
|
tvbcof
Legendary
Offline
Activity: 4732
Merit: 1277
|
|
April 07, 2013, 09:23:14 PM |
|
However I want all of this from Boussac directly - goes to integrity of the communication process. Regarding your statement that "There is no such thing as a "case number" in France", I find that hard to believe. How could they track or administer anything if there is no unique file number (or similar identifier) associated with each case?? Even if that is the case, the point is for Paymium to provide verifiable proof that a case has actually been opened with the French police. Whatever it takes they must do it. Otherwise more cases will be filed I can guarantee.
What I say is that this kind of procedure is mostly "paper based" here. If a record number exists it will be local to the police station that filed it and it will not be a proof of anything. And also between the time when you report something, and the time when the police contacts you back to file the report "for real", it can take weeks if not months (I know it I am myself in such a case right now). What you could do - and any user of Instawallet also - is file a complaint, in french (it will be better) or in english (not sure that it will be fast) - and address it to "Monsieur le Procureur de la République - 4 Boulevard du Palais - 75055 Paris Cedex 01". Do not accuse anybody of anything. Simply state the facts and ask them for help, saying you are a victim of a scam (in french " escroquerie"). Your case will be given to the same officer that manages Paymium's case right now, and in a few weeks (or months ...) you will be contacted by a police officer if they need more information or if they have something for you. At some point you probably will need the help of a french attorney ... Thanks for your input. From what you say, it sounds like it would be prudent to just go ahead and file a complaint ASAP regardless of what actions Paymium or their attorneys take (short of returning our funds.) In your estimation, would it be a positive or a negative for each effected (and interested) user to file a complaint independently, or group them together in some fashion. Perhaps it would make more sense to retain a French attorney operating on behalf of a group of effected parties from the get-go, and again, ASAP? What would be your thoughts on this? Lastly, for anyone familiar with such things, does it make sense for me to involve my attorney here in the US to interact with a French attorney, or is it possible to simply work with a French one directly for something like this. Lastly (for real), is there such thing as a 'paralegal' who could reliably handle the natural first steps of filing a complaint and thus lessen the financial and organizational overhead? Thanks again for any thoughts on the matter.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
tvbcof
Legendary
Offline
Activity: 4732
Merit: 1277
|
|
April 07, 2013, 09:34:14 PM |
|
If you check street view for that address it doesn't look like much more than apartments. Like I said before I would be happy to take a trip to Paris along with any other forum members if they wanted to come.
All donations from US members to go toward the trip would be repaid in full when I get my coins back.
Obviously if anyone knows of a forum member already in Paris that would make it easier but I think I can get there for about 2.5-3 btc
I live in Paris. Yes it looks like a residential building. It might be the personal home of G. Grandval and not the place where the offices are located - but I doubt so since they are supposed to declare all offices as separate locations in the official company database (infogreffe.fr/societe.com). Anyhow for all legal stuff it is the address that should be used. And I might go there to see what happens if needed. If you felt moved to pay them a visit and have a face to face conversation that may be very useful. Truth is made more plain in that circumstance. Do you have coin in Instawallet personally? IANAL, but my gut sense is that it would be counter-productive to take any actions which could in any way be construed or framed as harassment or intimidation. Such a thing could come back to bite one on the ass in the unfortunate event that it is necessary to move this through the legal system. Worse, if the Paymium crew turn out to be the perps and end up on the wrong side of some fellow criminal's actions I personally would want nothing whatsoever to drag me into a now greatly expended investigation.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
pyedpyper
|
|
April 07, 2013, 09:46:11 PM |
|
However I want all of this from Boussac directly - goes to integrity of the communication process. Regarding your statement that "There is no such thing as a "case number" in France", I find that hard to believe. How could they track or administer anything if there is no unique file number (or similar identifier) associated with each case?? Even if that is the case, the point is for Paymium to provide verifiable proof that a case has actually been opened with the French police. Whatever it takes they must do it. Otherwise more cases will be filed I can guarantee.
What I say is that this kind of procedure is mostly "paper based" here. If a record number exists it will be local to the police station that filed it and it will not be a proof of anything. And also between the time when you report something, and the time when the police contacts you back to file the report "for real", it can take weeks if not months (I know it I am myself in such a case right now). What you could do - and any user of Instawallet also - is file a complaint, in french (it will be better) or in english (not sure that it will be fast) - and address it to "Monsieur le Procureur de la République - 4 Boulevard du Palais - 75055 Paris Cedex 01". Do not accuse anybody of anything. Simply state the facts and ask them for help, saying you are a victim of a scam (in french " escroquerie"). Your case will be given to the same officer that manages Paymium's case right now, and in a few weeks (or months ...) you will be contacted by a police officer if they need more information or if they have something for you. At some point you probably will need the help of a french attorney ... Thanks for your input. From what you say, it sounds like it would be prudent to just go ahead and file a complaint ASAP regardless of what actions Paymium or their attorneys take (short of returning our funds.) In your estimation, would it be a positive or a negative for each effected (and interested) user to file a complaint independently, or group them together in some fashion. Perhaps it would make more sense to retain a French attorney operating on behalf of a group of effected parties from the get-go, and again, ASAP? What would be your thoughts on this? Lastly, for anyone familiar with such things, does it make sense for me to involve my attorney here in the US to interact with a French attorney, or is it possible to simply work with a French one directly for something like this. Lastly (for real), is there such thing as a 'paralegal' who could reliably handle the natural first steps of filing a complaint and thus lessen the financial and organizational overhead? Thanks again for any thoughts on the matter. I feel it would be better to wait until Thursday noon. Let's give them genuine opportunity to convince us that they are straight and that all is well. I really think they should have that opportunity. If they fail to make use of it, then for sure, the gloves are off. If they are straight (which I hope) then an avalanche of civil and criminal cases directed at them may make it a lot harder for them to just get on with it and solve it. So I recommend let's not be too hasty.
|
|
|
|
pyedpyper
|
|
April 07, 2013, 09:49:48 PM |
|
If you check street view for that address it doesn't look like much more than apartments. Like I said before I would be happy to take a trip to Paris along with any other forum members if they wanted to come.
All donations from US members to go toward the trip would be repaid in full when I get my coins back.
Obviously if anyone knows of a forum member already in Paris that would make it easier but I think I can get there for about 2.5-3 btc
I live in Paris. Yes it looks like a residential building. It might be the personal home of G. Grandval and not the place where the offices are located - but I doubt so since they are supposed to declare all offices as separate locations in the official company database (infogreffe.fr/societe.com). Anyhow for all legal stuff it is the address that should be used. And I might go there to see what happens if needed. If you felt moved to pay them a visit and have a face to face conversation that may be very useful. Truth is made more plain in that circumstance. Do you have coin in Instawallet personally? IANAL, but my gut sense is that it would be counter-productive to take any actions which could in any way be construed or framed as harassment or intimidation. Such a thing could come back to bite one on the ass in the unfortunate event that it is necessary to move this through the legal system. Worse, if the Paymium crew turn out to be the perps and end up on the wrong side of some fellow criminal's actions I personally would want nothing whatsoever to drag me into a now greatly expended investigation. Hear you, but I am proposing a simple, courteous information gathering visit - no baseball bats! I think it is quite natural to visit the offices of a company that misplaced your money to enquire what is going on. Nothing sinister in that...
|
|
|
|
tvbcof
Legendary
Offline
Activity: 4732
Merit: 1277
|
|
April 07, 2013, 09:50:46 PM |
|
I feel it would be better to wait until Thursday noon. Let's give them genuine opportunity to convince us that they are straight and that all is well. I really think they should have that opportunity. If they fail to make use of it, then for sure, the gloves are off. If they are straight (which I hope) then an avalanche of civil and criminal cases directed at them may make it a lot harder for them to just get on with it and solve it. So I recommend let's not be too hasty.
I agree...as much as anything because I'm busy with other things at the moment. This will allow some time to formulate the most effective plan if Paymium fails to come through. Your Thursday deadline seems about right.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
tvbcof
Legendary
Offline
Activity: 4732
Merit: 1277
|
|
April 07, 2013, 09:55:19 PM |
|
IANAL, but my gut sense is that it would be counter-productive to take any actions which could in any way be construed or framed as harassment or intimidation. Such a thing could come back to bite one on the ass in the unfortunate event that it is necessary to move this through the legal system.
Worse, if the Paymium crew turn out to be the perps and end up on the wrong side of some fellow criminal's actions I personally would want nothing whatsoever to drag me into a now greatly expended investigation.
Hear you, but I am proposing a simple, courteous information gathering visit - no baseball bats! I think it is quite natural to visit the offices of a company that misplaced your money to enquire what is going on. Nothing sinister in that... Of course. But there is no telling how such a thing might be represented down the line. Or how it might look if some other party decided that it would be effective to play not-so-nice. This is simply my opinion on the matter and does not mean that it is the right way to proceed. I tend to be cautius about these things and try to anticipate as many future possibilities as I can. I do like to win when I choose to play.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
Herodes
|
|
April 08, 2013, 02:10:08 AM |
|
I do not have a stake in instawallet, I did not have any funds there. If I had, and it was some sizeable amount, I would go to France in person, and not leave until I was reinstated the lost funds. I don't believe in having things done through 'authorities' and lawyers. Most of the time, things are quite simple, and it's only a matter of persuading the right person to do the right thing.
I believe anything that can be done privately can be done much more efficient than dealing with any 'official agency' that will do nothing in the end anyway.
Clear tale signs of a scammer and con-man is:
* Evasiveness (don't communicate or do it very poorly) * Constant delays (to buy time) * Telling lies, and making up things.
This situation is very simple.
Instawallet has lost funds. From their records, they will be able to see how much funds they lost and how much they've got left. Let's say that 30% of the total funds has been lost as 30% was in the hot wallet and the rest in cold storage.
This means that all users will have to take a 30% haircut. Although users would not be happy with this, they would be happier to get 70% back, then nothing at all. This is the fair way to do it. Setting an arbitrarily limit of 50 BTC and stating that those with lesser balances should be paid in full, while those with a 50BTC+ balance will be paid on a best effort basis does not make sense. It's reasonable to believe that people storing in excess of 50 BTC on instawallet also would have more funds which they would be happy to use to seek legal action and other direct action. So letting these people taking the pain, is not a smart move.
If one is not honest about ones business operations, shit will hit the fan sooner or later - that always happens. Mistakes and fuckups can happen, but people will be more forgiving if there is good and honest communication.
The 90 day claim process is highly questionable, and it's a typical scammer way of evading and delaying the process. After 90 days, people will have 'forgotten', many give up, because they only have small amounts and so on... Lot's of accounts (read: unique urls) should be possible to verify beyond doubt given pieces of information, and should be handled manually on an ongoing basis, then those remaining in an uncertain state should be held until the 90 days are up, and then be released to the person claiming it. To avoid having to pay out to some hacker who've submitted multiple claims, some verification would be possible to do, to ensure multiple claims does not go to the same person. (I know some may have more instawallets, but it's a difference in having 2-3 and having 45...)
There are many pieces of info that could be used to determine whether it's a legitimate claim or not, and these could be handled on an ongoing basis.
For instance a user could be using the same ip for most of his access to instawallet, and he might even be able to remember transactions in or out of instawallet, and he may even have access to adresses from which he previously have sent coins, and can prove he control these, perhaps he even have screenshots from an exchange showing withdrawals to his adress, or have transaction history in a local wallet.
Also, it depends on how much information the hacker got from the database. How much does he know about the users, and how easy would it be to fake a claim ? That's rather important information needed to determine the course of action.
As for the number on the police report, even if this is on paper, and there's not a computerized database of the police report, the owners of instawallet should be able to give a reference to a contact within the french police that can confirm that the case is reported. When this reference is given, one or more members of this forum shold be able to call up the police through their official listed phone number and ask to speak with this policeman to have it confirmed that a police report is filed.
Also there was stated that independent auditing is going on, here Instawallet should be able to give permission to the auditing company to be able to confirm they're infact working with Instawallet on the issue at hand. Again forum members should be able to call the auditing firm to have this confirmed.
Since the communication from Instwallet is not the best, perhaps a 3rd party (1 or 2 forum members) that actually is trusted in the community and that have a high level of technical expertise should move in to assist with the case in determining whether a claim is legit or not. Also, the logs of the web-server should be able to give information about ip-adresses and perhaps also user-agent information. Not sure what server is used, but if it's apache, these logs are archived by default to the best of my knowledge. So it may be possible to extract some information from that. If a user states he always used his home DSL-connection, and the weblogs shows that indeed this is the truth, and the claim comes from the same ip-adress, then that is a very good indicator that the user is legit, if he also can prove ownership of some of the bitcoin-adresses used to fund his wallet, we can almost be certain that the rightful owner has made the claim. In cases of doubt, it may also be possible for the user to contact his ISP and ask them to contact Instawallet and confirm for them that he's a subscriber with them using that IP-adress.
I'm certain there are more things to think of also. For instance some might have used tor, and always accessed the wallet during work-hours, or only during weekends. Unless the hacker has acces to the web-logs, these are things he cannot simply know. Also screenshots of bookmarks to the instawalleturl could give an indication of legitimacy.
There are many datapoints that could be used to determine if a claim is valid or not, and only in cases where it can be proved 100%, or as close to 100% as you can get, the funds should be paid out early, if not there should be some waiting time. I would also suggest that stating how much remaining funds there are, and handing these funds over to one or more trusted members of the community would be a good thing to do. That way, the process would be more transparent.
If an intelligent competent person with a precise eye for details handles the verification procedure, then this should be rather safe. For those users where ownership of the account cannot be reasonably determined, then the waiting period of 90 days before a payout may be justified, but a 90 day payout period as default, that's just ridiculous.
This reminds me a lot about the bitcoinica situation, and I again very sad on behalf on the bitcoin community, and the affected users. Personally I would've ensured that security was as good as it possibly could be for a service like this, and in the event there was a breach of security, and funds were lost, I would bend over backward to have the situation resolved swiftly to the benefit of my customers. If I ran multiple services, and one service suffered a loss and customers would be out of pockets, I would promise them paybacks with earning from my other operations. It's all about being an upstanding individual and conducting business with paying attention to the ethical aspects.
Another thing with bitcoin businesses is that it's so incredible easy to say that you 'got hacked' and then run away with funds, as there is here now - there's no transparency, so we simply does not know.
I can understand that all details is not something that you would like to put in public, but perhaps now is a time to seek help from some of the most competent persons in this community, I'm sure there are several to chose from which have a high level of trust around here. Then these techheads could advise as to the best way of solving this issue.
I have no idea how many instawallets there were, and how much work it would be - but no matter how big the task would be, it must be done - and it should be done swiftly, and the claims process should start now, and be handled on an ongoing basis. Then there should be some kind of ongoing communication updated with stats, so the users can see what's going on and that there's in fact some progress.
If Instawallet owner doesn't have time for this, the work should be outsourced, and I'm sure many users rather would have their balance back now deducted a 5% claim fee (and a maximum of 0.25 BTC pr account), than having their full balance in 90 days. A claim fee could be used to pay the ones doing the manual verification job.
Let me know if there's anything I can do in this situation to help. I am not affiliated with Instawallet, nor do I hold a wallet there with coins, and I've never stored more than about 500$ worth of bitcoins there, but then for a very short amount of time.
I sincerely and genuinely hope that this situation will be solved the best way possible for all parties involved, and that users will learn from this and be wary of web-wallets in general in the future.
|
|
|
|
tvbcof
Legendary
Offline
Activity: 4732
Merit: 1277
|
|
April 08, 2013, 03:38:45 AM |
|
It just dawned on me that it may be pretty easy and effective to retain the services of a qualified attorney or para-legal via the 'services' section of this forum to at least lodge an initial complaint should Paymium or their attorneys fail to provide a satisfactory response. And pay for such services in BTC.
My feeling is that it would be fine to start right now to solicit bids for such services in case they are needed, and to better understand what the requirements of the effected parties might be (notarized letters, etc.) Ideally I would like to have something going into the French legal system by Friday.
I just about tapped out a OP on the 'services' section just now, but figured I'd see if anyone here had any suggestions or wished to work on the text. ~pyedpyper, for instance, writes in a particularly clear way.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
Herodes
|
|
April 08, 2013, 03:41:55 AM |
|
It just dawned on me that it may be pretty easy and effective to retain the services of a qualified attorney or para-legal via the 'services' section of this forum to at least lodge an initial complaint should Paymium or their attorneys fail to provide a satisfactory response. And pay for such services in BTC.
My feeling is that it would be fine to start right now to solicit bids for such services in case they are needed, and to better understand what the requirements of the effected parties might be (notarized letters, etc.) Ideally I would like to have something going into the French legal system by Friday.
I just about tapped out a OP on the 'services' section just now, but figured I'd see if anyone here had any suggestions or wished to work on the text. ~pyedpyper, for instance, writes in a particularly clear way.
The threat of legal action may or may not speed things up.
|
|
|
|
tvbcof
Legendary
Offline
Activity: 4732
Merit: 1277
|
|
April 08, 2013, 04:02:18 AM |
|
It just dawned on me that it may be pretty easy and effective to retain the services of a qualified attorney or para-legal via the 'services' section of this forum to at least lodge an initial complaint should Paymium or their attorneys fail to provide a satisfactory response. And pay for such services in BTC.
My feeling is that it would be fine to start right now to solicit bids for such services in case they are needed, and to better understand what the requirements of the effected parties might be (notarized letters, etc.) Ideally I would like to have something going into the French legal system by Friday.
I just about tapped out a OP on the 'services' section just now, but figured I'd see if anyone here had any suggestions or wished to work on the text. ~pyedpyper, for instance, writes in a particularly clear way.
The threat of legal action may or may not speed things up. I don't care. I don't expect to get my funds back at all frankly, and it's not a real big deal to me if I do or don't. I do want to see the perps suffer whoever they are. At this point I don't necessarily believe that ~bosack or ~davout are the perps, but by Thursday if they don't give us some satisfaction they will be negligent enough that I won't mind seeing them suffer simply for that reason alone.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
pyedpyper
|
|
April 08, 2013, 07:29:26 AM |
|
I do not have a stake in instawallet, I did not have any funds there. If I had, and it was some sizeable amount, I would go to France in person, and not leave until I was reinstated the lost funds. I don't believe in having things done through 'authorities' and lawyers. Most of the time, things are quite simple, and it's only a matter of persuading the right person to do the right thing.
I believe anything that can be done privately can be done much more efficient than dealing with any 'official agency' that will do nothing in the end anyway.
Clear tale signs of a scammer and con-man is:
* Evasiveness (don't communicate or do it very poorly) * Constant delays (to buy time) * Telling lies, and making up things.
This situation is very simple.
Instawallet has lost funds. From their records, they will be able to see how much funds they lost and how much they've got left. Let's say that 30% of the total funds has been lost as 30% was in the hot wallet and the rest in cold storage.
This means that all users will have to take a 30% haircut. Although users would not be happy with this, they would be happier to get 70% back, then nothing at all. This is the fair way to do it. Setting an arbitrarily limit of 50 BTC and stating that those with lesser balances should be paid in full, while those with a 50BTC+ balance will be paid on a best effort basis does not make sense. It's reasonable to believe that people storing in excess of 50 BTC on instawallet also would have more funds which they would be happy to use to seek legal action and other direct action. So letting these people taking the pain, is not a smart move.
If one is not honest about ones business operations, shit will hit the fan sooner or later - that always happens. Mistakes and fuckups can happen, but people will be more forgiving if there is good and honest communication.
The 90 day claim process is highly questionable, and it's a typical scammer way of evading and delaying the process. After 90 days, people will have 'forgotten', many give up, because they only have small amounts and so on... Lot's of accounts (read: unique urls) should be possible to verify beyond doubt given pieces of information, and should be handled manually on an ongoing basis, then those remaining in an uncertain state should be held until the 90 days are up, and then be released to the person claiming it. To avoid having to pay out to some hacker who've submitted multiple claims, some verification would be possible to do, to ensure multiple claims does not go to the same person. (I know some may have more instawallets, but it's a difference in having 2-3 and having 45...)
There are many pieces of info that could be used to determine whether it's a legitimate claim or not, and these could be handled on an ongoing basis.
For instance a user could be using the same ip for most of his access to instawallet, and he might even be able to remember transactions in or out of instawallet, and he may even have access to adresses from which he previously have sent coins, and can prove he control these, perhaps he even have screenshots from an exchange showing withdrawals to his adress, or have transaction history in a local wallet.
Also, it depends on how much information the hacker got from the database. How much does he know about the users, and how easy would it be to fake a claim ? That's rather important information needed to determine the course of action.
As for the number on the police report, even if this is on paper, and there's not a computerized database of the police report, the owners of instawallet should be able to give a reference to a contact within the french police that can confirm that the case is reported. When this reference is given, one or more members of this forum shold be able to call up the police through their official listed phone number and ask to speak with this policeman to have it confirmed that a police report is filed.
Also there was stated that independent auditing is going on, here Instawallet should be able to give permission to the auditing company to be able to confirm they're infact working with Instawallet on the issue at hand. Again forum members should be able to call the auditing firm to have this confirmed.
Since the communication from Instwallet is not the best, perhaps a 3rd party (1 or 2 forum members) that actually is trusted in the community and that have a high level of technical expertise should move in to assist with the case in determining whether a claim is legit or not. Also, the logs of the web-server should be able to give information about ip-adresses and perhaps also user-agent information. Not sure what server is used, but if it's apache, these logs are archived by default to the best of my knowledge. So it may be possible to extract some information from that. If a user states he always used his home DSL-connection, and the weblogs shows that indeed this is the truth, and the claim comes from the same ip-adress, then that is a very good indicator that the user is legit, if he also can prove ownership of some of the bitcoin-adresses used to fund his wallet, we can almost be certain that the rightful owner has made the claim. In cases of doubt, it may also be possible for the user to contact his ISP and ask them to contact Instawallet and confirm for them that he's a subscriber with them using that IP-adress.
I'm certain there are more things to think of also. For instance some might have used tor, and always accessed the wallet during work-hours, or only during weekends. Unless the hacker has acces to the web-logs, these are things he cannot simply know. Also screenshots of bookmarks to the instawalleturl could give an indication of legitimacy.
There are many datapoints that could be used to determine if a claim is valid or not, and only in cases where it can be proved 100%, or as close to 100% as you can get, the funds should be paid out early, if not there should be some waiting time. I would also suggest that stating how much remaining funds there are, and handing these funds over to one or more trusted members of the community would be a good thing to do. That way, the process would be more transparent.
If an intelligent competent person with a precise eye for details handles the verification procedure, then this should be rather safe. For those users where ownership of the account cannot be reasonably determined, then the waiting period of 90 days before a payout may be justified, but a 90 day payout period as default, that's just ridiculous.
This reminds me a lot about the bitcoinica situation, and I again very sad on behalf on the bitcoin community, and the affected users. Personally I would've ensured that security was as good as it possibly could be for a service like this, and in the event there was a breach of security, and funds were lost, I would bend over backward to have the situation resolved swiftly to the benefit of my customers. If I ran multiple services, and one service suffered a loss and customers would be out of pockets, I would promise them paybacks with earning from my other operations. It's all about being an upstanding individual and conducting business with paying attention to the ethical aspects.
Another thing with bitcoin businesses is that it's so incredible easy to say that you 'got hacked' and then run away with funds, as there is here now - there's no transparency, so we simply does not know.
I can understand that all details is not something that you would like to put in public, but perhaps now is a time to seek help from some of the most competent persons in this community, I'm sure there are several to chose from which have a high level of trust around here. Then these techheads could advise as to the best way of solving this issue.
I have no idea how many instawallets there were, and how much work it would be - but no matter how big the task would be, it must be done - and it should be done swiftly, and the claims process should start now, and be handled on an ongoing basis. Then there should be some kind of ongoing communication updated with stats, so the users can see what's going on and that there's in fact some progress.
If Instawallet owner doesn't have time for this, the work should be outsourced, and I'm sure many users rather would have their balance back now deducted a 5% claim fee (and a maximum of 0.25 BTC pr account), than having their full balance in 90 days. A claim fee could be used to pay the ones doing the manual verification job.
Let me know if there's anything I can do in this situation to help. I am not affiliated with Instawallet, nor do I hold a wallet there with coins, and I've never stored more than about 500$ worth of bitcoins there, but then for a very short amount of time.
I sincerely and genuinely hope that this situation will be solved the best way possible for all parties involved, and that users will learn from this and be wary of web-wallets in general in the future.
Thank you for your very insightful comments. It is good to feel your desire for this to work out well - for the people who do not have access to their funds as well as for the Bitcoin community altogether. We do not need another situation where everyone suffers a fundamental trust issue with one of the main Bitcoin operators - and one that will be continuing to function - as I'm sure Paymium certainly is. Personally I believe you can help the situation - because you give a fuck, have made very intelligent points and obviously are a clear thinker, have some technical expertise and appear to a very active member of the Bitcoin community. Perhaps you could assist with potentially co-ordinating an approach to Payium that involves maximal Instawallet account holders. Also the fact that you are not an account holder is positive I feel as it gives you some emotional "distance" from the whole thing. I am sure anyone holding coin with Paymium would be happy to compensate you for your assistance in this regard. Perhaps if other members could give their feelings about this? Personally I would be happy to drive any legal approach, including filing criminal charges against Paymium and it's individual board members IF (and only if) they choose to not come to the party (my approach via the embassies I believe will have some effect). I have a fair amount of experience in litigation and have a "pitbull" attitude once I get going - my jaws will not unlock until it's over, so I can assist that way. Let me know your feelings about how you might want to assist. ghdp lives in Paris and has offered to visit Paymium. Perhaps a co-ordinated response from a group of account holders via ghdp would be a good initial action. ghdp would you be open to this? What would you require?
|
|
|
|
pyedpyper
|
|
April 08, 2013, 07:31:23 AM |
|
It just dawned on me that it may be pretty easy and effective to retain the services of a qualified attorney or para-legal via the 'services' section of this forum to at least lodge an initial complaint should Paymium or their attorneys fail to provide a satisfactory response. And pay for such services in BTC.
My feeling is that it would be fine to start right now to solicit bids for such services in case they are needed, and to better understand what the requirements of the effected parties might be (notarized letters, etc.) Ideally I would like to have something going into the French legal system by Friday.
I just about tapped out a OP on the 'services' section just now, but figured I'd see if anyone here had any suggestions or wished to work on the text. ~pyedpyper, for instance, writes in a particularly clear way.
I agree to prepare now for action on Friday should this be required. I am hoping/trusting that Paymium are intelligent though and take steps to avert this.
|
|
|
|
tvbcof
Legendary
Offline
Activity: 4732
Merit: 1277
|
|
April 08, 2013, 07:52:45 AM |
|
It just dawned on me that it may be pretty easy and effective to retain the services of a qualified attorney or para-legal via the 'services' section of this forum to at least lodge an initial complaint should Paymium or their attorneys fail to provide a satisfactory response. And pay for such services in BTC.
My feeling is that it would be fine to start right now to solicit bids for such services in case they are needed, and to better understand what the requirements of the effected parties might be (notarized letters, etc.) Ideally I would like to have something going into the French legal system by Friday.
I just about tapped out a OP on the 'services' section just now, but figured I'd see if anyone here had any suggestions or wished to work on the text. ~pyedpyper, for instance, writes in a particularly clear way.
I agree to prepare now for action on Friday should this be required. I am hoping/trusting that Paymium are intelligent though and take steps to avert this. The initial scope of work I'm envisioning is simply to submit an effective police report (and again, only if it cannot be demonstrated convincingly that it has not already been done.) It sounds like you have much more legal experience than I...and your losses were more significant as well. Would you like to drive the set-up? I'll send a private PM as well.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
|