I am filing a small claims suit against crypsty for not making a honest effort to verify my user identity and protect my deposits on file on their system. I really dont care if i win or lose, but a trip to delray is in my future. looking to see if anyone else has had the same problems and want to help me force cryptsy to make customer relation changes. I am filinf within a week, reply and tell me your story....
from my cryptsy support ticket .. "
yes, that is the ip address that also hacked my gmail. my question is WHY would you allow such activity? why would your site CODE not stop someone from resetting a password and within moments draining the account, all from a IP address that has never been used to log in before. see this is what pisses me off, i was logged on when that guy (or gal) reset my password, and it logged me off, but i didn't realized it as i was on another tab in IE. 2 minutes later i clicked back on the cryptsy tab and i had been logged out. I didnt know why but i tried to log back in. but it said wrong password, which at the time i didnt understand that the hacker had reset it with the "forgot password" email reset. , so i had to reset my password again, and was able to log in, and then noticed my coins were gone.
So my question is, DO YOU NOT THINK IT IS STUPID to allow an IMMEDIATE withdraw, directly after reseting a password, and from a UNKNOWN never used IP address?
do you not think it would be a good idea to lock all withdraws after a password reset for at least 1 hour or until identity can be confirmed? do you not think your system is very weak in letting anyone reset a password and sell off ALL the coins and then change the BTC withdraw address, all while logged in from a never before seen IP? I MEAN YOU HAD SEVERALSTEPS IN WHICH CRYPSY COULD HAVE HALTED the action!
I mean, really? i think my 2 year old son could write code that would recognize that as suspicious behavior! ALL YOU WOULD HAVE TO DO IS PUT some kind of delay in the system, had you delayed that withdraw 5 minutes i could have stopped it. but no. you have demonstrated #1 a lack of concern, #2 a lack of responsibility, #3 a lack of common sense!
SERIOUSLY this is MONEY WE ARE TALKING ABOUT! imagine if my (USD) bank aloud activity such as that, imagine how fast my bank would go out of business if it let anyone come in, flash any id that matches and withdrew all the money and leave. and the teller just said, 'oh, they musta stole your idenity, nothing we can do' i mean come on, if you are going to offer a , i will assume, professional service, on the web, to the whole world, don't you think you need to take the responsibility to make sure you handle peoples money professionally?
How about this, I know it was only $30, but look, it is the 4th time someone was able to steal coins from me, i have had paypal scam me, i have had someone lift a private key from a paper wallet and drain the coins, if we can figure out how to secure cryptocoins in some manner, they will never ever amount to anything main stream, i don't like using money that tends to disappear. So if your going to be involved in such a new exciting trend, then why not work to make it better? why no write some simple fucking code that makes you wait 1 hour to withdrawl your coins after resting your password? i mean duh?? how hard would it be for cryptsy website to figure out that if a user #1 resets a password, then #2 sells all coins and converts to BTC, then #3 changes the withdraw address to a new never seen BTC address, then #4 withdrawals every fucking dime, all while #5 logged in from a never seen IP address, = THEFT and stop or pause the transaction until you can confirm the users identity. I mean if your going to accept money and hold it in a 'account' then you suggest that you demonstrate the responsibility to handle that money in a secure manner.
NOW since i have made several attempts to get you to make positive changes to your services, and you have suggested that, there is really nothing you can do..... this is what i am thinking.... I really think i will just fucking SUE YOU for $30, plus damages, all on principle. See it all seems like common sense to me. And i think other people will see it my way. I don't think you have demonstrated an honest effort to protect my money. Now you may think i am not serious, you may think why would i spend $3000 in legal fees to teach you a lesson? well its because I think you need to be taught a lesson. I think you really don't know what your doing, business wise, I think you know some stuff about cryptocoins, but I bet you don't know much about legal issues and customer service, and a thing called implied security. You see, implied security is where my bank takes my money and I assume they are going to protect it. This is why i put it in a bank. I mean, i could leave my coins lay around anywhere and get them stolen. But your service implies that you are making an honest effort to protect them. which when such obvious red flag behavior is allowed to go unchecked through your system, you obliviously have NO security.
So now, we have 2 choices, you can work to correct this situation, or, I SWEAR TO GOD ON ALL THAT IS HOLY I WILL SUE THE SHIT OUT OF YOU. and I DONT CARE IF I WIN MY $30 back or not, I will spend $3000 to drag your name through the mud to get you to do what you should do. You see any good business would automatically take responsibility, and correct the situation to keep good PR, and it seems to me you could use ALOT OF GOOD PR. I mean really, I haven't found one good thing on any google search i have done, I mean there are litterally thousands of negative comments and feedback all over the WWW, hell just google cryptsy. goto the second page and start reading....
So do you want to fix this or do you want to set there and tell me how there aint shit you can do about it?
