Bitcoin Forum
December 02, 2016, 08:30:08 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 5 6 »  All
  Print  
Author Topic: Mybitcoin.com Press Release #2  (Read 12452 times)
bbit
Legendary
*
Offline Offline

Activity: 1288

Bitcoin


View Profile
August 06, 2011, 02:04:58 AM
 #1

Friday, August 5th, 2011

From the desk of Tom Williams, operator of MyBitcoin.com

For immediate release.

SECURITY BREACH DISCLOSURE

After careful analysis of the intrusion we have concluded that the software that waited for Bitcoin confirmations was far too lenient. An unknown attacker was able to forge Bitcoin deposits via the Shopping Cart Interface (SCI) and withdraw confirmed/older Bitcoins. This led to a slow trickle of theft that went unnoticed for a few days. Luckily, we do keep a percentage of the holdings in cold storage so the attackers didn’t completely clean us out. Just to clarify, we weren’t “fully” hacked aka “rooted”. You can still trust our PGP, SSL, and Tor public keys.
It appears to be human error combined with a misunderstanding of how Bitcoin secures transactions into the next block. Our programmer was under the assumption that one block was good enough to secure a transaction. Two years ago when the software was written, this single confirm myth was a popular belief.
In hindsight we should have credited deposits after one confirmation so they would show up in the transaction history, and held the deposit until it reached at least 3 confirmations. Keeping track of two balances and displaying them in the login area would have been trivial.

CLAIM PROCESS DISCLOSURE

We are in the process of building a claim procedure for the remainder of the holdings now. We expect that we will have it online soon.

The claim process will consist of a online form where the claimant will be required to enter their MyBitcoin username and password. Their balance will be displayed along with the percentage of remaining Bitcoins that we still have in our holdings. That percentage will be paid to a Bitcoin address of their choosing. This percentage will be based on our current total liabilities vs. our existing assets. We will disclose these figures as soon as they have been totaled.

Each online claim will be written to a ledger and will be manually approved within 48 hours of being filed online. We have decided to have a manual claim approval process for better security. The last thing we all need right now is for someone to breach the claim form. We are confident clients will find this satisfactory.

RECEIVERSHIP

After some research and careful consideration regarding the appointment of a receiver we have concluded that it would be very costly and slow.

Also, finding a receiver that even understands what a Bitcoin is or how to handle the claim process online would be troublesome, and would only end up in increasing our costs. Receivers are typically paid from the remaining assets and we’d like to maximize the amount that we can disperse to our clients.

We have been trying to figure out a way to appoint a 3rd party to certify the asset/liability figures, but there are many risks involved. It would involve having us trust some unknown agent that could possibly just steal the rest of the holdings out from under us. Or, we could be accused of bribing the 3rd party to agree with our figures, and on and on. Trust is a real problem with an anonymous and irrevocable currency.

It is true that we could disclose all of the Bitcoin payment addresses we manage and let everyone look them up and track the lineage of the coins. This is also troublesome due to the way that we defragment small payments to keep the processing engine speedy. Also there are the moral implications of disclosing our client’s finances. We are sure that, unknowingly to us, that our processing system has been used for nefarious purposes.

A GIFT TO THE COMMUNITY

After the claims have all been filed and dealt with we will be releasing the entire MyBitcoin processing engine into the public domain. Our only hope is that the community can improve and adapt the software to all sorts of new and interesting Bitcoin-related things.



Tom Williams
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
julz
Legendary
*
Offline Offline

Activity: 1092



View Profile
August 06, 2011, 02:11:13 AM
 #2

Seems like pretty good news to me!

I haven't lost anything.. so easy for me to say I guess.


Kudos for the public domain software release.  Great idea.


@electricwings   BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
bbit
Legendary
*
Offline Offline

Activity: 1288

Bitcoin


View Profile
August 06, 2011, 02:11:57 AM
 #3

Seems like pretty good news to me!

I haven't lost anything.. so easy for me to say I guess.


Kudos for the public domain software release.  Great idea.



Same I haven't lost anything either ...I do like the idea of having a look at the "engine" ...hopefully, this clears somethings up but I don't know really..
MemoryDealers
VIP
Legendary
*
Offline Offline

Activity: 1005



View Profile WWW
August 06, 2011, 02:12:40 AM
 #4

Tom Williams,

You better come up with %100 of everyone's bitcoins ASAP even if you need to buy them with your own money from one of the exchanges.

Those bitcoins are YOUR responsibility.

I can think of times in my life where I made mistakes,  and paid tens of thousands of dollars out of my own pocket to make things right.

Now it is your turn.

Do the right thing.

Taxlow
Newbie
*
Offline Offline

Activity: 21


View Profile
August 06, 2011, 02:13:12 AM
 #5

Quote
Their balance will be displayed along with the percentage of remaining Bitcoins that we still have in our holdings. That percentage will be paid to a Bitcoin address of their choosing. This percentage will be based on our current total liabilities vs. our existing assets.

This seems strangely worded, wonder what they mean?
Bazil
Full Member
***
Offline Offline

Activity: 126


View Profile
August 06, 2011, 02:17:15 AM
 #6

Well since they are bankrupting people will get what they get.  Hopefully for them they kept most of their money in cold storage.  If I were in their shoes I'd try to keep going under partial reserve untill they can recoup the BTC.  Then again their image may be so damaged at this point it's not possible.

17Bo9a6YpXN2SbwY8mXLCD43Wup9ZE4rwm
just_someguy
Full Member
***
Offline Offline

Activity: 125


View Profile
August 06, 2011, 02:18:40 AM
 #7

The tech explanation doesn't add up. Is he saying they were the victim of double spend attacks?
That's the only reason 1 vs 1000 confirmations should matter.
It would be so hard to pull off a double spend in this manner that this still smacks of BS.
lettucebee
Sr. Member
****
Offline Offline

Activity: 253



View Profile
August 06, 2011, 02:20:36 AM
 #8

He has not explained why people were being locked out of their accounts from over a month ago, nor why they received no responses to requests through the messaging system.
julz
Legendary
*
Offline Offline

Activity: 1092



View Profile
August 06, 2011, 02:21:39 AM
 #9

Well since they are bankrupting people will get what they get.  Hopefully for them they kept most of their money in cold storage.  If I were in their shoes I'd try to keep going under partial reserve untill they can recoup the BTC.  Then again their image may be so damaged at this point it's not possible.

Yes - the sad thing is.. If he'd come out with a more immediate statement, and been willing to compromise his identity (at least perhaps to certain community members if not completely publicly) - he might have been able to sell it as a going concern even with the existing liability of missing coins.

Even if the losses are huge - This could have been handled so much better.  I strongly believe there would have been investment funds available only a week or two back because the mybitcoin brand was so big.   The week's silence was devastating.

@electricwings   BM-GtyD5exuDJ2kvEbr41XchkC8x9hPxdFd
stick_theman
Sr. Member
****
Offline Offline

Activity: 372


View Profile
August 06, 2011, 02:22:53 AM
 #10

Tom Williams,

You better come up with %100 of everyone's bitcoins ASAP even if you need to buy them with your own money from one of the exchanges.

Those bitcoins are YOUR responsibility.

I can think of times in my life where I made mistakes,  and paid tens of thousands of dollars out of my own pocket to make things right.

Now it is your turn.

Do the right thing.

+1

Couldn't have said it better myself, Memory Dealers.
bitlotto
Hero Member
*****
Offline Offline

Activity: 672


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
August 06, 2011, 02:30:52 AM
 #11

<conspiracy>
OR, they've been taking Bitcoins for a long time. So far they have had enough people keeping BTC in the accounts they have been able to pay when people take BTC out. As the service had more and more people taking BTC out the wallet was getting empty. Then claim part was stolen and refund the remainder once they can no longer pay when people take BTC out.
</conspiracy>

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
Littleshop
Legendary
*
Offline Offline

Activity: 1316



View Profile WWW
August 06, 2011, 02:33:19 AM
 #12

Tom Williams,

You better come up with %100 of everyone's bitcoins ASAP even if you need to buy them with your own money from one of the exchanges.

Those bitcoins are YOUR responsibility.

I can think of times in my life where I made mistakes,  and paid tens of thousands of dollars out of my own pocket to make things right.

Now it is your turn.

Do the right thing.
I have to give that a +1 as well.  Spot on.

bitminers
Member
**
Offline Offline

Activity: 84


View Profile
August 06, 2011, 02:34:24 AM
 #13

Sounds to me that this is another story to buy time, it does not make sense at all, they should still have 100% of the coins and as mentioned above by Memory Dealers any missing coins if ANY should be replaced by mybitcoin.com and also as mentioned the double spending etc, it does not all add up.

He / They are not providing a contact email or any IRC Chat for people to discus what is actually going on, by posting stuff randomly like this it seems He / They are watching the forums, and the bitcoin-police in freenode and keeping an eye on how close people are to finding out the truth and identity and real information.

Im hope everyone gets their full return of coins, this liabilities rubbish is not the problem of the depositors that placed the coins there, liabilities are his companies problem.

Hopefully this is dealt with very quickly! Nothing makes sense though!
Piper67
Legendary
*
Offline Offline

Activity: 1008



View Profile
August 06, 2011, 02:34:52 AM
 #14

<conspiracy>
OR, they've been taking Bitcoins for a long time. So far they have had enough people keeping BTC in the accounts they have been able to pay when people take BTC out. As the service had more and more people taking BTC out the wallet was getting empty. Then claim part was stolen and refund the remainder once they can no longer pay when people take BTC out.
</conspiracy>

Yup, and dump thousands into the market in the process, bringing down prices and allowing them to buy back making a profit. Then say they managed to save a percentage, and it's better not to use that money to go into receivership.

We could be taking many tens or hundreds of thousands.
kiba
Legendary
*
Offline Offline

Activity: 980


View Profile
August 06, 2011, 02:46:37 AM
 #15

When a service go silent, people assume the worst and go on a witchhunt. (That's why all critically important service should have an offsite status page where they can communicate)

Keep a cool head and see how Tom William perform, guys.  

tvbcof
Legendary
*
Online Online

Activity: 1974


View Profile
August 06, 2011, 02:57:24 AM
 #16

If the guy's story is true, I would vote that Bruce be a trusted third party (in spite of a gigantic potential for conflict of interest.)  Maybe I am particularly gullible, but I would bet several BTC that Bruce would err on the side of caution and even against his own personal interests to see that things were wrapped up as fairly as possible.

...but then I had no account at mybitcoin.com.

jwzguy
Hero Member
*****
Offline Offline

Activity: 868



View Profile
August 06, 2011, 03:05:13 AM
 #17

Well, someone claim their account and tell us what the % is.

If it's like 96% I say all you guys learned a valuable lesson at very little cost. If it's 50%, well, at least you didn't lose it all.

19wXnWTeGuraN9g5UsMAi119sWzDCQcr7S
Bitcoin Logo shirts!
BitcoinPorn
Hero Member
*****
Offline Offline

Activity: 560


Posts: 69


View Profile WWW
August 06, 2011, 03:09:37 AM
 #18

If the guy's story is true, I would vote that Bruce be a trusted third party (in spite of a gigantic potential for conflict of interest.)  Maybe I am particularly gullible, but I would bet several BTC that Bruce would err on the side of caution and even against his own personal interests to see that things were wrapped up as fairly as possible.

...but then I had no account at mybitcoin.com.

Bruce is affected as well
The Bitcoin Show - Episode 033 - MyBitcoin, Contacting FBI, Discuss on Freenode https://bitcointalk.org/index.php?topic=34211.msg426546

And is very hands on with this situation
Make No Mistake: MyBitcoin is NOT Back Up!
https://bitcointalk.org/index.php?topic=34617.0

bbit
Legendary
*
Offline Offline

Activity: 1288

Bitcoin


View Profile
August 06, 2011, 03:44:03 AM
 #19

If the guy's story is true, I would vote that Bruce be a trusted third party (in spite of a gigantic potential for conflict of interest.)  Maybe I am particularly gullible, but I would bet several BTC that Bruce would err on the side of caution and even against his own personal interests to see that things were wrapped up as fairly as possible.

...but then I had no account at mybitcoin.com.

Bruce is affected as well
The Bitcoin Show - Episode 033 - MyBitcoin, Contacting FBI, Discuss on Freenode https://bitcointalk.org/index.php?topic=34211.msg426546

And is very hands on with this situation
Make No Mistake: MyBitcoin is NOT Back Up!
https://bitcointalk.org/index.php?topic=34617.0

I actually PM'd him the press release to find out what he thinks about it waiting word.
FlipPro
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
August 06, 2011, 03:47:58 AM
 #20

Tom Williams,

You better come up with %100 of everyone's bitcoins ASAP even if you need to buy them with your own money from one of the exchanges.

Those bitcoins are YOUR responsibility.

I can think of times in my life where I made mistakes,  and paid tens of thousands of dollars out of my own pocket to make things right.

Now it is your turn.

Do the right thing.
qft

Tweet For Coins http://uptweet.com
Pages: [1] 2 3 4 5 6 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!