NEWS FLASH : EPIC THOMAS PAYS RESTITUTIONThis thread is insane, I am drowning trying to drink from this firehose...
I have news to share and I also need to discuss / understand some of the comments about EpicThomas made since I posted my "interm report". I have skimmed (and not fully read / digested) these just now trying to catch up. Let me try to organize this chaotic situation by posting links to the background that I want to talk about:
My first reply to Epic Thomas when he (not me) brought up the subject of restitution (pg 697):
https://bitcointalk.org/index.php?topic=345619.msg4291567#msg4291567My "interim report" that summarizes the "four possible scenarios" that we are trying to choose among as being "the truth" (pg 728):
https://bitcointalk.org/index.php?topic=345619.msg4321533#msg4321533Discussion of scenario 4 (Stolen NXT is in accounts that NOBODY has passcode for, put there by software bug / unintentional consequences of hacked code):
https://bitcointalk.org/index.php?topic=345619.msg4328711#msg4328711https://bitcointalk.org/index.php?topic=345619.msg4329153#msg4329153https://bitcointalk.org/index.php?topic=345619.msg4329460#msg4329460https://bitcointalk.org/index.php?topic=345619.msg4329542#msg4329542So... are we officially now saying Scenario 4 (darkNXT created accidentally during heist) is the lead theory at this point? THIS IS REALLY IMPORTANT because there is a big difference between (1) a hacker that trashed 300K of NXT by accident but only actually accessed accounts of 1000K or less (as claimed by EpicThomas here:
https://bitcointalk.org/index.php?topic=345619.msg4271857#msg4271857 ) and (2) a hacker that has actually does have control of 300K NXT and is denying it while facing the threat of being turned over to the FBI.
I still haven't had time to do a detailed timeline (soon, I promise) but there is still the Framewood loss that occurred before any of EpicThomas's links that comes from either (1) an attack we haven't either identified yet or (2) a darkNXT accident. EITHER ONE OF THESE SCENARIOS IS UNACCEPTABLY SCARY AND MUST NOT GET LOST IN THE SHUFFLE.
Plus, EpicThomas now says he only posted poisoned links on Dec 31 and not in his earlier "Raspberry Pi" post on Dec 28. If true, this leaves the smaller 4 transfers to 16204974692852323982 also unexplained.
I know this is all picky details, but THESE DETAILS MATTER. Not everything that is going on here is attributable to what EpicThomas did on Dec 31. Something SCARY is going on that we STILL do not understand. We must not lose sight of this fact.
OK, changing gears here. My original "interim report" listed all correspondence that has been exchanged between EpicThomas and myself. Yesterday I got another personal message from him in response to the last message I had sent him. Here it is:
*********** BEGIN MESSAGE FROM EPIC THOMAS ********************
Editing the client is no difficult thing. Everyone with some experience in java could do it, which I was trying to proof.
The developers didn't even try to protect their code.
The client was only posted here in the nxt topic on 31/12.
I don't have a version of the posted client anymore.
The code I changed is still available here on the forum if that is what you need.
I have received the nxt from dgex and I have transferred it to the address you gave me a few days ago.
I hope you will divide this in a fair way amongst the victims.
At this point I am searching for different mirrors of nxt clients to find out who could have done it.
Most mirrors do not exist anymore and the person who took your nxt has probably taken his links down if that is the way he did it.
Still it is the only thing I can do.
Because of the current exchange rate the total will be a bit more then 50k.
I still haven't gotten all of my btc together.
*********** END MESSAGE FROM EPIC THOMAS ********************
I can indeed verify (as can anyone using the block explorer at
http://87.230.14.1/nxt/nxt.cgi?action=34 ) that EpicThomas has sent 47,960 NXT to my account 16092180239932658439 as discussed in the very first link posted above. For the record, he transferred it out of account 10430154458458844041 which is now at zero. This apparently came from Dgex, so Graviton could start investigating his cash flow there starting with this account number. That might turn up something interesting, always follow the money.....
Anyway, now I'm sitting on a bunch of NXT that ain't mine. Somebody send me a link to the right ratios that were applied to the charity split between the four remaining people who lost NXT (I think PaulyC is whole already, right) and as soon as I get account numbers for them I'll transfer this NXT from EpicThomas to them.
This is a victory, folks. Celebrate!
This is WAY more in the way of loss recovery than I thought we would ever get out of this situation.
However, it is not enough to fully compensate those besides PaulyC who have suffered losses. So I am going to repeat what I said in my "interim report" : I am reading about unclaimed coins about to be distributed here by NXT leaders.
I vote that plasticAiredale, Framewood, sparta_cuss, and newcn receive sufficient unclaimed coins on top of charity already received to bring their account balances back up to their original starting totals (PaulyC is already there) - particularly if there is a possibility of a bug sending NXT where it is not supposed to go .
Which brings us to the final thing I want to discuss - what is the group feeling on what we should do about EpicThomas in light of the fact that the 300K NXT in the bandit accounts is increasingly looking like darkNXT that he never really had his hands on. EpicThomas commited a crime, period. Is paying almost 48K NXT in restitution enough to where we just pillory him verbally in the forum and send him on his way in shame? Or do you want to go for blood and have me file something officially with the FBI?
It is quite possible that the thief(s) have the passwords to the darkNXT accts and are waiting for the heat (you) to cool down and then activate the accts with the keys they have used to generate the acct numbers. Until that happens, it is not possible to know whether it is truly darkNXT, so these are unconfirmed darkNXT.
This is why I suggested to freeze these accts for a while until we get to the bottom of the true mystery. However, from what I have seen, there is reluctance to set a precedent of freezing an acct for whatever reasons, even this.
