MyBitcoin has started spending our stolen coins

[tvbcof]

You've made it clear you want no government involvement. Personally, I feel the same.

I still don't see how that prompts you to act as if neither fraud nor theft occurred here.

I suppose that what 'prompts me' to act that way is to capture the attention of anyone who might be tempted to trust more than they can afford to lose in the future.  I can just about promise that as long as Bitcoin survives in it's present form, 'Tom Williams's will be out there and particularly well represented in the Bitcoin community given the features of the solution.  And when they succeed, it is bad for Bitcoin and for me as a holder of them.

Beyond that, I honestly feel that it was indeed very negligent for people to lose more than a few BTC.  I was around at that time.  I was devising a deep storage solution which necessitates my traveling to another state to even get access a bulk of my BTC.  From the time I understood Bitcoin, there was no way I would have used on on-line wallet for anything but a bit of spending money.  There's a happy medium between my level of paranoia and a more reasonable level of care, but anyone who lost anything significant at MyBitcoin was way on the wrong side of caution.  Those who lost a 'reasonable' amount really should have half-way expected it and should shrug it off.  I say that only because I am damn sure that is what I would do.

So, although I do believe that what MyBitcoin did was both fraud and theft, I really don't see it as much more significant someone stealing someone elses open wi-fi simply because of the negligence.

Just to get a hold on your complete view, what's your stance on, specifically, the legitimacy of voluntary options (like a bounty to out the owner of Mybitcoin?)

If somehow 'Tom Williams' ended up getting in trouble for generalized wire-fraud, I would welcome it.

If the guy ended up with a double hemispherectomy on account of 'fair play' meaning different things to different people from different parts of the world, I would have pretty much the same amount of sympathy as I do for those who lost money in his scam.  Once again, one should understand what they are getting into and stay out of the kitchen if they cannot stand the heat.

[1714146769]

1714146769

[1714146769]

1714146769

[BkkCoins]

There are several online wallets now that allow you to control the private keys. blockchain.info is one and bitaddress.org another (without transaction abilities). Also some new "light" wallets apps allow use without blockchain bloat.

These are good if you verify the javascript and save local copies to use. But using the online javascript without code signed verification on each use leaves you open to similar problems of trust. A typical web user doesn't have a simple way to know that the javascript hasn't been changed and hence the confidentially of the keys maintained.

Is there a Firefox plugin that would allow storing signatures of site content and verify any changes on each use? That would be a good thing for people using browser based wallets.

[Jan]

Unfortunately we are in a phase now where it is becoming less practical for people to protect themselves in the 'real' way (by running a bitcoin client) due to bloat, but as far as I am aware there are not any on-line wallet services which allow the customer to control their private keys.

There are several such services.
Checkout BitcoinSpinner

[sadpandatech]

If the guy ended up with a double hemispherectomy on account of 'fair play' meaning different things to different people from different parts of the world, I would have pretty much the same amount of sympathy as I do for those who lost money in his scam.  Once again, one should understand what they are getting into and stay out of the kitchen if they cannot stand the heat.

Thank you for that clarification!

  I was a little miffed at some of your earlier statements as well. Make no mistake that a large portion of the user base agrees that we don't want big brother to come wipe our asses. Sadly, unless we would like for Bitcoin to forever remain the domain of anonymous geeks, we will find some necessity to 'trust' third parties. Meaning that the majority of mainstream people are going to want as much familiarity in services, like banks, as they have now.  I believe Mybitcoin was in the rare position then of having been around for a while already and having the 'trust' given to them because of that. I would think, or atleast hope that now people will demand more transparency from those they entrust with their funds. Some good has come, as others have pointed out, in the newer services that allow the end user control of their priv keys, etc. People are also much more cautious about who they are dealing with.

 That said, LE is obvisouly not what the majoirty of people want who were defrauded here. There is no reason however that we should discourage them seeking alternative means of recourse....  On that same note, you can bet your sweet ass, that the perps are reading here. And any information given publicly will be used to better hide themselves and their actions.

 A bounty for investigation is an excellent idea. Though not a victim to Mybitcoin, I will gladly donate some bticoins, time, travel, etc to aiding that cause. Just pick yourselves a few trusted people to consolidate information with and move on from there....

cheers,
  Derek

[tvbcof]

If the guy ended up with a double hemispherectomy on account of 'fair play' meaning different things to different people from different parts of the world, I would have pretty much the same amount of sympathy as I do for those who lost money in his scam.  Once again, one should understand what they are getting into and stay out of the kitchen if they cannot stand the heat.

Thank you for that clarification!

  I was a little miffed at some of your earlier statements as well. Make no mistake that a large portion of the user base agrees that we don't want big brother to come wipe our asses. Sadly, unless we would like for Bitcoin to forever remain the domain of anonymous geeks, we will find some necessity to 'trust' third parties. Meaning that the majority of mainstream people are going to want as much familiarity in services, like banks, as they have now.  I believe Mybitcoin was in the rare position then of having been around for a while already and having the 'trust' given to them because of that. I would think, or atleast hope that now people will demand more transparency from those they entrust with their funds. Some good has come, as others have pointed out, in the newer services that allow the end user control of their priv keys, etc. People are also much more cautious about who they are dealing with.

I agree that a significant amount of good has come out of the situation and have stated it.  I just hope that the people don't forget the lessons or that the lessons escape new users.

There are a variety of ways to cut 'trust' out of the equation, and that is the direction I'd like to see things move.  I will be attracted to any solution which ensures that dishonesty harms both parties.

The amount of engineering required for an on-line wallet service to provide receipts for incoming and outgoing funds would not be huge, and they could be structured to provide legal cover under most jurisdictions.  The fact that Bitcoin is the underlying asset becomes irrelevant since our legal systems are supposed to protect anything which is appropriately structured.  I pay my taxes to enjoy this service.  If an on-line wallet service is unwilling to provide all of the tools which could protect their customers, the customer should satisfy themselves over why this might be the case.

I hasten to add that I vastly prefer a solution where I am my own wallet service for my own personal use (by running a full client) and when that becomes untenable, Bitcoin becomes a much less compelling solution to me.

That said, LE is obvisouly not what the majoirty of people want who were defrauded here. There is no reason however that we should discourage them seeking alternative means of recourse....  On that same note, you can bet your sweet ass, that the perps are reading here. And any information given publicly will be used to better hide themselves and their actions.

 A bounty for investigation is an excellent idea. Though not a victim to Mybitcoin, I will gladly donate some bticoins, time, travel, etc to aiding that cause. Just pick yourselves a few trusted people to consolidate information with and move on from there....

I personally have no interest in being involved in any vigilante actions.  Foremost because I was not directly harmed, but secondly because it would put myself at significant risk under ordinary laws in the society in which I live.  Chicken-shit?  You betcha!

I've no idea how much 'Tom Williams' took from whom, but if Bitcoin continues to rise in value, I suspect that those who were robbed will remember the theft ever more acutely.  If I were 'Tom Williams' (who's identity is pretty well established as I recall), I'd be scrambling to amass enough coins to pay off the counter-parties plus a little extra should they demand it for their troubles.  The guy probably has many years of worry about everything which 'goes bump in the night'.

[niko]

Keep at it.

Some graph analysis people might be able to find irregularities, even in coin mixing services, that can be tracked. Also, it would be good if exchanges comment whether any target addresses proven dirty are theirs.

I never had a wallet with them, but that doesn't make me a bit less angry about it. Tracking down these MyBitcoin operators would make a good example and possibly reduce the incentive for fraud. It's a real service to all of us.

These people are the real enemies of the Bitcoin community. Get them!

This is getting beyond interesting. MyBitcoin con job now results in community working hard to find innovative ways around the presumed (pseudo)anonymity of the system.

Tinfoil hat on...

[Matthew N. Wright]

Keep at it.

Some graph analysis people might be able to find irregularities, even in coin mixing services, that can be tracked. Also, it would be good if exchanges comment whether any target addresses proven dirty are theirs.

I never had a wallet with them, but that doesn't make me a bit less angry about it. Tracking down these MyBitcoin operators would make a good example and possibly reduce the incentive for fraud. It's a real service to all of us.

These people are the real enemies of the Bitcoin community. Get them!

This is getting beyond interesting. MyBitcoin con job now results in community working hard to find innovative ways around the presumed (pseudo)anonymity of the system.

Tinfoil hat on...

Shouldn't the community work hard to find innovative ways to help people protect themselves from themselves instead? I think it would be a lot more positive to focus on prevention instead of reaction and retribution.

To be an ol' fuddy duddy: An ounce of prevention is worth a pound of cure.

YOU GUYS NEED TO SEE THIS! HTTP://MYBITCOlN.COM

[DeathAndTaxes]

Tuesday, January 10th, 2012

From the desk of Tom Williams, operator of MyBitcoin.com

RESULTS OF FEDERAL INVESTIGATION

For the past several months I have been under a gag order by my government's secret service and was unable to respond to the community any further in regards to suspicion related to the penetration of MyBitcoin.com's servers.
The reason for this gag order was due to the high profile of the attacker in question, apparently an individual our law enforcement have been tracking for some many years. As of 8:00am on this very day, all evidence that has been collected from our servers, ISPs and Bitcoin exchanges, has been carefully analyized and the gag order has been released.
At this moment I would like to first apologize for my absense as it has been a heart wrenching experience for me to watch my website be destroyed not once, but twice, through hacking as well as social disapproval and unrest. I would like to say that I have done nothing wrong but if anything I could say that this cab was rare, but I thought "naw forget it, yo home to bel-air!" I pulled up to the house about seven or eight and I yelled to the cabbie "yo homes smell ya later!" Looked at my kingdom, I was finally there. To settle my throne as the prince of bel-air.
I hope this helps to ease the unrest that has formed against me in these past difficult months and I assure you that I am doing everything I can to make up for the mistakes that I have made.
Tom Williams

Nice.

[SgtSpike]

Interesting indeed.

I wouldn't have expected a scammer to continue defending himself at this point after such a long period of silence, which almost leads me to believe that there is something to what TW says.

"The government's secret service".  Which government?  If the US, aren't the secret service only responsible for protection?  Not for fraud/theft/virtual security investigations?

[RandyFolds]

Interesting indeed.

I wouldn't have expected a scammer to continue defending himself at this point after such a long period of silence, which almost leads me to believe that there is something to what TW says.

"The government's secret service".  Which government?  If the US, aren't the secret service only responsible for protection?  Not for fraud/theft/virtual security investigations?

I am pretty certain it is a joke, what with the fresh prince lyrics and all...

[paraipan]

Tuesday, January 10th, 2012

From the desk of Tom Williams, operator of MyBitcoin.com
................

Nice.

i can smell his fear of having a whole bunch of bitcoiners hunt him down for what he's done. I didn't have anything to do with his service but he can be tracked for sure. Would be nice to have affected people post some addresses where they sent their coins to and track them down with the help of the exchanges. They could hold the coins like mtgox did and force the person to identify too.

I know this is not very much possible at the moment, giving the lack of communications between ex-changers, but I will keep dreaming it would be accomplished one day though.

[2112]

lowercase 'L' instead of uppercase 'I' in the domain name.

[Matthew N. Wright]

lowercase 'L' instead of uppercase 'I' in the domain name.

hehe. Party pooper.

[Matthew N. Wright]

I find this interesting..."The reason for this gag order was due to the high profile of the attacker in question, apparently an individual our law enforcement have been tracking for some many years" (from mybitcoin's website). It is possible the same person that hacked Tom's site hacked my wallet as well, but I/we have no way of knowing for sure.

Wtf is up with the Fresh Prince of Bel Air lyrics? Joke or his way of saying in an odd manner that he can't say anymore more on the subject?

Trolololol

[SgtSpike]

lowercase 'L' instead of uppercase 'I' in the domain name.

Lol'd.

I got taken.

[allinvain]

I find this interesting..."The reason for this gag order was due to the high profile of the attacker in question, apparently an individual our law enforcement have been tracking for some many years" (from mybitcoin's website). It is possible the same person that hacked Tom's site hacked my wallet as well, but I/we have no way of knowing for sure.

Wtf is up with the Fresh Prince of Bel Air lyrics? Joke or his way of saying in an odd manner that he can't say anymore more on the subject?

Trolololol

Oh snap..major trolololol Well played Sir.

[kokojie]

Seriously, anyone who trusted mybitcoin with significant amount of coins deserved to lose them. Online wallets are good only if they are backed by a known company, and even then, I'd still use local wallets whenever possible.

[ineededausername]

I've always been a bit confused about how exactly MyBitcoin did its marketing... they didn't have a forum presence, and they had been around since 2010.  The first mention of MyBitcoin on this forum was by Satoshi.  Did it spread through word of mouth? 

[DeathAndTaxes]

Seriously, anyone who trusted mybitcoin with significant amount of coins deserved to lose them. Online wallets are good only if they are backed by a known company, if the wallet provider has no access to the private keys

FYP.

[deepceleron]

The odd thing is the coins are not being sent in the way a normal Bitcoin client would send them, the address balances are being nibbled at and combined with other small payments from other address to new addresses, like here: http://blockexplorer.com/address/12ViYXgordxUkmPhN5PAU9vJRHwc8jftfQ. The coins are sitting in that new address. Now the question is, is that a MtGox address or still the BitThiefs? If MtGox is willing to lock accounts because coins were long before used to scam MMORPG money, they should at least be willing to find, flag, lock, and IP log coins sent directly from mybitcoin users' addresses to the exchange, disclose that those are MtGox addresses if requested, and respond to subpoenas to the identity of the thief (for private action or to be handed over to the prosecution arm of juristictional law enforcement).

Along with the magical re-appearance of "Tom Williams" at the same time, we know it's the site owner, and I have a feeling they are being transferred to the exchange for quick sell, huge sells happening right after these transfers.