Mt. Gox user details for sale

[darkmule]

Like I said in another thread, the database dump of 500,000 verified customers who uploaded minimum 2 documents ( suppose the average size is 1MB ) would be of 1000 GB size, not 20 GB.

Only if they stored them at full size.  You could probably batch process shrinking them all to some standard size.  Not saying Gox actually did this, or that this current thing isn't a scam.

[1714739620]

1714739620

[1714739620]

1714739620

[darkmule]

Look, the point is, its a bit like blaming a home owner when there house is left unlocked and subsequently burgled. Just because they made it easier through some inaction, at the end of the day it is the perpetrator of the crime who is the real villain.

Bullshit.

You have no responsibility to anyone but yourself (and perhaps your family) to lock your own front door.

When you take other people's money in trust, you have a fiduciary duty to protect it.  Incompetence is a breach of that duty.  Outright fraud is an even more unconscionable malfeasance.  Karpeles and Gox (if they even are separate) utterly failed to carry out the duty they'd agreed to by accepting deposits.

This is assuming, of course, that he isn't actually the thief himself, and frankly, I'd put him at the top of any suspect list.

[devthedev]

BTC-E is not based in Tokyo, like the email states.

[GIANNAT]

Shortly after I MtGox incident, I started getting a lot of phishing mails with fake "Bitstamp" and "BTC-e" messages. So obviously someone seems to have access to the very same email address I used on MtGox.

I get those mail on a mail acc which isn't attacched to any exchange, the fault is somewhere else 100%, not btc-e, not bitstamp
You should probably use the following method when you register on shady sited (but even on legit)
"usual_mail"+"site_name"@yourprovider.com
Unfortunately I started using this only recently so I don't know which site was compromised

[promojo]

I wonder if anybody has been kidnapped/ransomed/threatened etc. from the amount of BTC they have?  There has been a lot of talk going around about that.


promoJo

[glendower]

Look, the point is, its a bit like blaming a home owner when there house is left unlocked and subsequently burgled. Just because they made it easier through some inaction, at the end of the day it is the perpetrator of the crime who is the real villain.

When you take other people's money in trust, you have a fiduciary duty to protect it.  Incompetence is a breach of that duty.  Outright fraud is an even more unconscionable malfeasance.  Karpeles and Gox (if they even are separate) utterly failed to carry out the duty they'd agreed to by accepting deposits.

Is it not the case that Bitcoin exchanges are unregulated? As such, isn't it the case that their fiduciary duty extends to doing what they see fit to keep customers assets secure?

Perhaps what we need is some regulation, or at the very least, a code of practice that exchanges are prepared to sign up to that will ensure that exchanges are not able to let such a situation arise again. 

[darkmule]

Is it not the case that Bitcoin exchanges are unregulated? As such, isn't it the case that their fiduciary duty extends to doing what they see fit to keep customers assets secure?

No, a fiduciary duty is determined by the circumstances, not by formalities.  Some formalities, such as actually being a banker, have statutorily established financial duties, but whether a fiduciary duty exists is a case by case determination.  Service providing bailees have some form of a fiduciary duty, have duties to protect the assets entrusted to them, and are liable for failure to do so.

Whether or not Gox was a registered or an illegal operation, it acted as a currency exchanger, and can't really fall back on "but I was lying and I was really running an illegal operation" as a defense.  The relationship was that people would deposit money (BTC or fiat) into Gox, which would hold it for them, and charge them for the service of exchanging it for another currency, then allow it to be withdrawn.

I.e. that money never belonged to Gox in the first place.  They solely held it for the benefit of another, and it was there for the purpose of Gox providing services, for which they were paid, to the real owner of the funds.  That establishes a fiduciary duty pretty much anywhere.

(Note:  I have not read the Mt. Gox TOS or other such documents, and can't seem to find them.  They might try to disclaim such a duty in there, which would have been wise considering how they were running their "business.")

[dexX7]

Also do not email us asking to confirm what information we have about you.

Interesting how this is the opposite of what he said before.

Afaik nobody has proven to be in possession of such data yet (please correct me if I'm wrong).
I'm starting to think this is all a scam.

Haha, I just noticed this part.

Probably related to:

I hereby confirm that the data the alleged seller nanashi___ tries to sell is not legit or from Gox.

Someone on IRC requested a sample and the data he received was a public available living address that one may link to his email account. Nothing more, nothing less, but certainly not the data he submitted during his registration at Gox nor during the verification. The contact stopped after doubts were raised.

My best guess: an imposter who tried to scam a few coins in the shadow of the real Gox hack.

[yefi]

It is not Karpeles fault that a criminal is trying to sell your data.  The perpetrators of crime are the criminals, and in this case MtGox & its customers are the victims.  In fact, if someone hadn't been defrauding them via the malleability exploit, we wouldn't be in this situation.

So, how about we start actually blaming this fiasco on the perpetrators rather than the victims.

Don't tell us you believe that smokescreen on malleability? His testimony makes no sense.

[Evil-Knievel]

This message was too old and has been purged

[V4Vendettas]

The math doesnt add up.

20GB wouldnt be many decent scans.  mtgox had how many users?

A database of usernames and other details like address and email maybe but not the actual verification scans those would take up heaps of space.

The kind of heaps of space that you would as a disgruntled employee have to walk out with on an external hard drive ?

[darkmule]

Quote:

"The malleability issue in bitcoin has been known for well over two years now [1]. At the time it seems to have been dismissed as ugly, but not worth bothering about."

  Not sure why it was never fixed in those two years.

Maybe they thought nobody would be stupid enough to entrust hundreds of millions of dollars to an identifier that everyone knew could be changed, especially after being personally told not to.  Most sentences that start "nobody would be stupid enough to. . ." are wrong, though.

[nanashi___]

Hello,

nanashi___ here, I am just passing by to do some PR.

Thank you for all your mails, I have received hundreds and hundreds and some people managed to escape my selloff by sending bitcoins for me to remove information about them.

I first want to tell that I am not a scam, I have hundreds of mails to answer to and I just cannot keep sending all your private data to anyone.
I can however provide the data before deletion after your payment but I just cannot prove to every one of you that I have the documents.
If you ask, I do have the documents and I am selling them at 10 BTC per 2GB or 100 BTC for the whole file, already several chunks of data were sold, you still may be a candidate for the escape.

You still can ask me to delete your information for 0.25 BTC, hurry because soon I will change the price to 0.5 BTC, supply and demand  

For those who are still skeptical, I cannot do anything for you, you are free to believe or not that I possess the file (though I have sent to early senders proof of information, maybe they can witness here).
However I personnally recommend you to pay for removal, I don't know the people to whom I sold the documents, you never know what they can do with them.

You can send me mails at [removed], however don't bother asking me stupid questions or ask me to send you your information, I will not answer and the price for extortion will be doubled for each attempt at sending these kind of mails. You have been warned.


For those who wonder, removal demands are very high and this operation has been very fruitful, I have already obtained several bitcoins from it.

[itsunderstood]

[...] Don't get hung up on vengeance against the FRAUD dealer, go after the man that pulled the trigger.

I fixed that for you.

Selling guns is legit.  Selling fraud shitcoins is not.

So, in fact, taking out both assholes, or at least beating them with rubber hoses or waterboarding them, is legal and fine, and actually moral and right.

[Taras]

Hello,

nanashi___ here, I am just passing by to do some PR.

Thank you for all your mails, I have received hundreds and hundreds and some people managed to escape my selloff by sending bitcoins for me to remove information about them.

I first want to tell that I am not a scam, I have hundreds of mails to answer to and I just cannot keep sending all your private data to anyone.
I can however provide the data before deletion after your payment but I just cannot prove to every one of you that I have the documents.
If you ask, I do have the documents and I am selling them at 10 BTC per 2GB or 100 BTC for the whole file, already several chunks of data were sold, you still may be a candidate for the escape.

You still can ask me to delete your information for 0.25 BTC, hurry because soon I will change the price to 0.5 BTC, supply and demand  

For those who are still skeptical, I cannot do anything for you, you are free to believe or not that I possess the file (though I have sent to early senders proof of information, maybe they can witness here).
However I personnally recommend you to pay for removal, I don't know the people to whom I sold the documents, you never know what they can do with them.

You can send me mails at [removed], however don't bother asking me stupid questions or ask me to send you your information, I will not answer and the price for extortion will be doubled for each attempt at sending these kind of mails. You have been warned.


For those who wonder, removal demands are very high and this operation has been very fruitful, I have already obtained several bitcoins from it.

i don't buy it

date registered ^

[h1d]

English is too good.
"Several bitcoins" is fruitful lol. Must be some teen behind it.
Doesn't the email address have some extra underscores?
Good try.

[grue]

You can send me mails at [removed], however don't bother asking me stupid questions or ask me to send you your information, I will not answer and the price for extortion will be doubled for each attempt at sending these kind of mails. You have been warned.

lol. in other words:

i have your personal info. i can't prove that i have it, but if you pay me bitcoins, i'll promise that i won't release it.

worst attempt at extortion ever. if you're going to extort someone, at least show you're serious. dissuading your victim from questioning your authenticity isn't fooling anyone.

[haploid23]

Hello,

nanashi___ here, I am just passing by to do some PR.


You still can ask me to delete your information for 0.25 BTC, hurry because soon I will change the price to 0.5 BTC, supply and demand  

...

Hello, actually I'm the real nanananashi here. All the other nanoshi's out there are fake, they just want your BTC. Feel free to send the 100btc to me instead.

[SmokeTooMuch]

I first want to tell that I am not a scam, I have hundreds of mails to answer to and I just cannot keep sending all your private data to anyone.

Well, if you have the data, why don't you make one entry of the database public? I volunteer.
I allow you to publicise a copy of my verification documents here in this thread, just black out all the personal details like name, address and so on.

If you won't, you clearly aren't in possession of that database.

[Taras]

I first want to tell that I am not a scam, I have hundreds of mails to answer to and I just cannot keep sending all your private data to anyone.

Well, if you have the data, why don't you make one entry of the database public? I volunteer.
I allow you to publicise a copy of my verification documents here in this thread, just black out all the personal details like name, address and so on.

If you won't, you clearly aren't in possession of that database.

While you're at it, "nanashi," send me my entry of the database, no censorship.