Bitcoin Forum
December 07, 2016, 08:46:21 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 [30] 31 32 33 34 35 36 37 »
  Print  
Author Topic: mtgox.com has blocked my account with 45 000 USD in it!  (Read 105423 times)
wb3
Member
**
Offline Offline

Activity: 112


^Check Out^ Isle 3


View Profile
March 02, 2011, 09:36:43 AM
 #581

Caveat emptor


This system is so anti-scammer. It is an Untrusted Trust network. The only way to use a Outproxy service or vendor would mean to give up anonymity. All real and honest businesses would require some form of ID, at least a real email address to send receipts. If you use a throw away account then you throw away your receipts.

I just can't believe the amounts being used in USD at this point. I expected $10 or maybe a $100 for the real brave, but if the quote is correct, transaction in the amount over $10,000 USD.

The only way that is occurring at this point is it is being used as a point to point wire transfer but why ever put the real figure into a weird account in real money.

 (A) pays (B); (B) sends a ratio amount to (C) ; (C) pays (D).  

Which I guess is cool but there will the "Big Boys" out there will be trying to stop it. Like Western Union and their Pinkerton crowd.

I'm not that concern about "terrorist's" using it. They would have figured out a much less suspicious system than sending encrypted fake money. Like posting to a comment, saying something like : yea, I got that one.  then (C) sees the comment from (B) and pays (D).  Plenty of "plausible deniability" and much hard to track over encrypted packets. All the "experts" would know the best encryption is no identifiable encryption. Catcher and the Rye stuff.


Net Worth = 0.10    Hah, "Net" worth Smiley
1481100381
Hero Member
*
Offline Offline

Posts: 1481100381

View Profile Personal Message (Offline)

Ignore
1481100381
Reply with quote  #2

1481100381
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481100381
Hero Member
*
Offline Offline

Posts: 1481100381

View Profile Personal Message (Offline)

Ignore
1481100381
Reply with quote  #2

1481100381
Report to moderator
1481100381
Hero Member
*
Offline Offline

Posts: 1481100381

View Profile Personal Message (Offline)

Ignore
1481100381
Reply with quote  #2

1481100381
Report to moderator
Anonymous
Guest

March 02, 2011, 09:57:37 AM
 #582

BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
March 02, 2011, 10:55:06 AM
 #583

The more is added, the less sense it makes!

Accusation:

«Hey! He hacked the user's account, hacked several other accounts, even hacked mtgox's own account»

OK, fair enough, now... a guy that hacks the whole site must be somehow smart, no? This is HACKING not a common street robber with a stick in the hand.
Now... what sort of hacker after found more bugs and exploits that he can count in a site goes to trust 45K USD on such site?!  Huh
mtgox
Full Member
***
Offline Offline

Activity: 185


View Profile WWW
March 02, 2011, 11:37:54 AM
 #584

ShadowOfHarbringer: What more do you want me to say then this:
Quote
Here is a more complete rundown of what happened with the baron account.
Person A had their account compromised by Person B.
Day1: Person B sent ~3000BTC (the mtgox $1000 a day limit at the time) to an address owned by baron.
Day2:  Person B sent ~3000BTC (the mtgox $1000 a day limit at the time) to an address owned by baron.
Day3:  Person B sent ~3000BTC (the mtgox $1000 a day limit at the time) to an address owned by baron.
Day4: Person A logs into their account and notices the missing BTC. They change their password and contact me about the theft.
DayX: Person B finds an exploit in my LR code and manages to send himself a good deal of LR from the site.
DayY: Person B steals money from 2 other mtgox accounts after compromising them with a dictionary attack. This is discussed elsewhere.

I have talked to Person A on the phone extensively both before and after the theft.  He had much more in his account than what was stolen.

baron claims that he bought the BTC in question from someone on IRC with Liberty Reserve (LR). He hasn’t been able to provide any evidence of this transfer. I see nothing even close in the IRC logs of bitcoin-otc about this transfer.
To believe baron’s story we have to believe:
1) A thief would trust a random person on IRC they have never met before and no one else on the channel knows to send them $3000.
2) The thief would transfer directly from mtgox to the buyer before knowing how much BTC they would end up stealing from mtgox.
3) baron can’t remember his nick, the thief’s nick, or the IRC channel that was used for the trade.
4) baron can no longer find the record of the LR transaction.
5) baron is unable to talk to me on the phone because according to him he is mute.

baron also refuses to provide proof of who he is or where he lives.

We are left having to assume that baron is in fact person B. baron’s account on mtgox holds less than the sum of theft by person B.


As I have said previously we don’t want to be the bitcoin police and this will hopefully not be necessary in the future since we have fixed these security issues that allowed Person B to steal from us and other users in the first place.

You want me to just keep posting that over and over? There wont be anything new to say until baron gives me more info.

genjix
Legendary
*
Offline Offline

Activity: 1232


View Profile
March 02, 2011, 11:50:13 AM
 #585

he exploited security problems in the mtgox site and deserves his entire funds to be taken.
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
March 02, 2011, 11:57:31 AM
 #586

he exploited security problems in the mtgox site and deserves his entire funds to be taken.

Sure... 2 dollar question on that thought; What sort of exploiter goes to deposit funds in a site he just exploited? If he exploited it, then probably others can exploit it too, therefore such site isn't to be trusted. Isn't it?
You may say; oh but he might used it to withdraw his funds. Fair enough, mtgox has 1K/day limit he didn't manage to exploit, but still he would be taken 1K/day and this guy didn't. All adds up to lack sense!
Bruce Wagner
Sr. Member
****
Offline Offline

Activity: 336


View Profile
March 02, 2011, 12:08:27 PM
 #587

ITYM "legal tender", which means you are required by law to accept it.

Just a small correction. Legal tender laws in the United States state that by law, federal reserve notes are valid payment for all preexisting debt. In the case of purchasing an item at a store, there is no such preexisting debt, and they can refuse your federal reserve notes and demand payment in Bitcoin. A restaurant where you eat before you pay, on the other hand, is required to accept federal reserve notes in payment, or allow you to leave without paying, because having already eaten the meal, you are in debt.

source: http://www.treasury.gov/resource-center/faqs/Currency/Pages/legal-tender.aspx

That is really interesting!   I never realized the "debt" requirement part...  Thanks for that.
mtgox
Full Member
***
Offline Offline

Activity: 185


View Profile WWW
March 02, 2011, 12:11:02 PM
 #588

BCEmporium: He was withdrawing $1000 a day since he first deposited.

Peterv
Newbie
*
Offline Offline

Activity: 10


View Profile
March 02, 2011, 12:15:16 PM
 #589

To summarize the evidence thus far:

1. 9000 BTC was somehow transferred to Baron. I believe that Baron said it was proof.

2. Baron entered and I verified a transaction on 01/07/11. All that proves is that Baron knows that particular transaction.
It will help you kiba
https://www.libertyreserve.com/en/services/info
Fill the form with Baron's account U1172929 and turing number.

I'm not a mtgox.com user. I'm not a boiling frog.
Paypal blocked his account, shadow business practices, fees, limits, hacking, user account locking, etc.

What's next?

Time to the Bitcoin community to code a decentralized exchanger service.
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
March 02, 2011, 12:31:50 PM
 #590

ShadowOfHarbringer: What more do you want me to say then this:

Quote
Here is a more complete rundown of what happened with the baron account.
(...)
You want me to just keep posting that over and over?

Yes, that is exactly what i wanted you to do.
Because you see, if you haven't responded for 4 days, that looked as if you didn't care.

You did the same in the "rounding bugs" thread, and i certainly didn't like it.

Hint: If you don't have time to do it yourself, hire a "PR person" a "people person" or something, i don't know.
Just talk to us.


Quote
There wont be anything new to say until baron gives me more info.

At last some progress. OK, so you confirm that Baron haven't contacted you.
So why don't you guys talk publicly in a separate thread so everybody can see ?
This could fix the spoiled blood.

I don't know if it is possible to make a thread "private", so only Baron & mtgox can write in it, and the rest of people can only watch ?.

BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
March 02, 2011, 12:36:31 PM
 #591

BCEmporium: He was withdrawing $1000 a day since he first deposited.

So then you're right, I'm sorry for being harsh early, pal.
That's what you should had state in the first place, however. It's a very relevant information.
Something like:

«This guy wasn't trading, but withdrawing everyday 1K or BTC equivalent out of a heist»
caveden
Legendary
*
Offline Offline

Activity: 1106



View Profile
March 02, 2011, 12:39:48 PM
 #592

@MtGox

How do you know the Person B you talk about is always the same one? IP address?

18rZYyWcafwD86xvLrfuxWG5xEMMWUtVkL
ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
March 02, 2011, 12:40:24 PM
 #593

Paypal blocked his account,

Any evidence for that ?


Peterv
Newbie
*
Offline Offline

Activity: 10


View Profile
March 02, 2011, 12:49:05 PM
 #594

Paypal blocked his account,

Any evidence for that ?

http://bitcointalk.org/index.php?topic=1419.0
Drifter
Sr. Member
****
Offline Offline

Activity: 367


View Profile
March 02, 2011, 12:59:46 PM
 #595


Paypal blocked his account, shadow business practices, fees, limits, hacking, user account locking, etc.

What's next?

Time to the Bitcoin community to code a decentralized exchanger service.

What does his paypal being blocked have to do with anything? It was blocked because users scammed Mt. Gox, not the other way around. And how dare he set fees and limits for his services! I want everything free and at everyone else's expense too! Roll Eyes


P2P exchanges for other currencies are already happening. How would you create a "decentralized exchanger service" that's different? The money has to come from somewhere, meaning people in "meat space", as nanaimogold would put it, have to associate themselves with that money and those transactions. It is probably in Mt. Gox's best interest to adhere to precautions in order to try to stay within law and keep the law off his back.

If you don't want to obey some rules and regulations, you might as well keep your bitcoins and never exchange them, because once you exchange it into cold hard cash, you'll be met with regulation, from Mt. Gox or otherwise.

ShadowOfHarbringer
Legendary
*
Offline Offline

Activity: 1470


Bringing Legendary Har® to you since 1952


View Profile
March 02, 2011, 01:00:29 PM
 #596

Baron, at the least, tell us your nationality.
I don't going to reval any other info that is not conected to case.

Ok, either you upload all your credentials in a HQ scan right now, or I'm officially adding you to my scammer list.
I don't know - passport scan, ID scan, full credentials, anything. (Some unimportant details on the scan can be blurred).


You want me to just keep posting that over and over? There wont be anything new to say until baron gives me more info.

One more thing:

You know what is your problem, mtgox ? You behave exactly as a "long-term scam" exchange owner would behave on this forum.
You don't talk, you don't give out any details, yet you want us to simply trust you.

Not to say about shady site without terms of service, no security faq, nothing.
You want us to trust you more than Baron ? You start giving much more details than he does.

However, I am almost convinced that Baron is indeed a scammer.

Peterv
Newbie
*
Offline Offline

Activity: 10


View Profile
March 02, 2011, 01:13:21 PM
 #597


Paypal blocked his account, shadow business practices, fees, limits, hacking, user account locking, etc.

What's next?

Time to the Bitcoin community to code a decentralized exchanger service.

What does his paypal being blocked have to do with anything? It was blocked because users scammed Mt. Gox, not the other way around. And how dare he set fees and limits for his services! I want everything free and at everyone else's expense too! Roll Eyes

P2P exchanges for other currencies are already happening. How would you create a "decentralized exchanger service" that's different? The money has to come from somewhere, meaning people in "meat space", as nanaimogold would put it, have to associate themselves with that money and those transactions. It is probably in Mt. Gox's best interest to adhere to precautions in order to try to stay within law and keep the law off his back.

If you don't want to obey some rules and regulations, you might as well keep your bitcoins and never exchange them, because once you exchange it into cold hard cash, you'll be met with regulation, from Mt. Gox or otherwise.
Yep you are like many others boiling frogs, sorry. Like many others, you can't see the danger until it hit you.

A decentralized exchange could be like the bitcoin concept. No one to hold your funds. No one to freeze your account. No one to prevent you to trade. No one to rule on your money. It is all about the bitcoin way, no?
BCEmporium
Legendary
*
Offline Offline

Activity: 938



View Profile
March 02, 2011, 01:20:57 PM
 #598

However, I am almost convinced that Baron is indeed a scammer.

Playing a bit of judge here and speaking for myself, I would say both stories have holes with the "tendency to believe" in mtgox's part.
Nevertheless this is an expensive lesson to mtgox - if nor in money, is a blow on his reputation, rounds the same on this community -, he've to secure his site better.

A piece of invisible code like this:
Add to main files right after session_start() except the path that leads to login:
Code:
if(isset($_SESSION['canLogin'])) $_SESSION['canLogin'] = 0;

Add to login file:
Code:
$_SESSION['canLogin'] = 1;

Add to login function:
Code:
if(!isset($_SESSION['canLogin']) || $_SESSION['canLogin'] != 1) die("Invalid login attempt!");

This is a very basic security for "widely available brute forcers", they don't process whole headers, so they create a new session on each attempt. Not having a session var that just exists near the login form would prevent the attacker from use them.

You can add more features like count per IP attempts and block access from that IP for several hours. Add a captcha...
They're many ways to circumvent dictionary attacks.
rebuilder
Legendary
*
Offline Offline

Activity: 1618



View Profile
March 02, 2011, 01:23:44 PM
 #599


A decentralized exchange could be like the bitcoin concept. No one to hold your funds. No one to freeze your account. No one to prevent you to trade. No one to rule on your money. It is all about the bitcoin way, no?

Also nothing to protect against scams. One of the better things about using Mt Gox is that as long as you can trust the service itself, the trades are safe. Either you engage in direct trade with others, who may or may not hold up their end of the bargain, or you use some third party to mediate, reducing or even completely removing the need to trust the trade partner, but introducing the need to trust the third party. If I understand your idea correctly, it would be some kind of decentralized system that performs the function of a trusted third party without anyone actually having to trust a third party. I don't see how that can be done.

Selling out to advertisers shows you respect neither yourself nor the rest of us.
---------------------------------------------------------------
Too many low-quality posts? Mods not keeping things clean enough? Self-moderated threads let you keep signature spammers and trolls out!
Drifter
Sr. Member
****
Offline Offline

Activity: 367


View Profile
March 02, 2011, 01:33:18 PM
 #600


Yep you are like many others boiling frogs, sorry. Like many others, you can't see the danger until it hit you.
Of course, because anyone who disagrees with your sentiments must be a lost cause.

Quote
A decentralized exchange could be like the bitcoin concept. No one to hold your funds. No one to freeze your account. No one to prevent you to trade. No one to rule on your money. It is all about the bitcoin way, no?
Again, how would you do something like this with real cash, that is any different than a peer to peer exhcange? No one to hold your funds? Are my dollar bills going to transfer themselves? Fly in the air to the recipient? Oooh magic! Now I'm interested.

You don't trust Mt. Gox, that's fine. I don't really care, because you're not forced to use him and it doesn't effect me anyways. Bitcoins decentralized nature is what makes it great, but cash isn't decentralized. So if you want to exchange your bitcoins for cash, get used to the fact that there will be rules. How lenient or not those rules are depends on who the trade is with and where they live. You expect everything done your way, but the world's economy, laws and regulations aren't setup for that Wink


Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 [30] 31 32 33 34 35 36 37 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!