Bitcoin Forum
December 04, 2016, 12:03:26 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 [59] 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 »
  Print  
Author Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation  (Read 201499 times)
nrd525
Legendary
*
Offline Offline

Activity: 1182


View Profile
May 23, 2012, 07:50:31 PM
 #1161

>I only have US dollars at Bitcoinica.  I'm hoping that US dollar accounts were unaffected by this.  How were >the US dollars stored?

>>Seriously? Can't tell if a joke or not.

Not a joke.   There has been a lack of information for users whose primary assets are in US dollars.  Most of the discussion is centered on BTC and I'm wondering if US dollars are a different situation?

I guess the US dollars have to be stored in an account somewhere and are probably secure. But if they were on a credit card account or paypal, I'm guessing they could be compromised just like BTC could.  Although they should be returned by charge backs.

Were they storing the US dollars on MtGox?    If so, they could have been converted to BTC and withdrawn.

Don't day trade.
1480809806
Hero Member
*
Offline Offline

Posts: 1480809806

View Profile Personal Message (Offline)

Ignore
1480809806
Reply with quote  #2

1480809806
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
BTC_Bear
B4 Foundation
VIP
Sr. Member
*
Offline Offline

Activity: 364


Best Offense is a Good Defense


View Profile WWW
May 23, 2012, 08:14:59 PM
 #1162

>I only have US dollars at Bitcoinica.  I'm hoping that US dollar accounts were unaffected by this.  How were >the US dollars stored?

>>Seriously? Can't tell if a joke or not.

Not a joke.   There has been a lack of information for users whose primary assets are in US dollars.  Most of the discussion is centered on BTC and I'm wondering if US dollars are a different situation?

I guess the US dollars have to be stored in an account somewhere and are probably secure. But if they were on a credit card account or paypal, I'm guessing they could be compromised just like BTC could.  Although they should be returned by charge backs.

Were they storing the US dollars on MtGox?    If so, they could have been converted to BTC and withdrawn.

I think what your missing is the difference between USD positions and BTC positions on Bitcoinica is the same. They were just numbers on a machine that was compromised. So, poof gone like magic if the data to all positions was lost. There was no physical cash on the system, just the positions and to whom it belonged. The cash, for the most part, is in the bank if they had cash to store in the bank.

So, yes presumably there is 'cash' somewhere but who it belongs to is another matter and part of the problem as I see it.

However,

You bring up a good way of validating something but it might not make people happy. If you funded via a Fiat currency, you should be able to show that funds were sent there. There are 'records' via other institutions and they would be able to show fiat currencies sent back to parties. The difference could at least be a case for refunds if in fact all data was lost. This however doesn't, initially, help people that transferred in using BTC or what they sent out using BTC.

Without data and proof of accounts and positions, this is/could be one big mess.

We're all speculating here though. Not much in the way of official communications from those in authoritative positions.

Corporations have been enthroned, An era of corruption in high places will follow and the money power will endeavor to prolong its reign by working on the prejudices of the people until wealth is aggregated in a few hands and the Republic is destroyed. ~Abe Lincoln 1ApJdWUdSWYw8n8HEATYhHXA9EYoRTy7c4
Smoovious
Hero Member
*****
Offline Offline

Activity: 504

Scattering my bits around the net since 1980


View Profile
May 23, 2012, 08:33:29 PM
 #1163

We had written a long post however we are prevented from posting it due to limitations. We are very sorry. We are trying to resolve this matter however we are limited in our capacities.
And, you guys weren't able to just put the post up on your own home page, and post a link to it here, instead?

Guys, I've stayed pretty quiet through this whole mess, but, ya keep dropping the ball, and don't seem to be trying very hard.

So the post was long.

Post it somewhere else, and link to it.

Break it up into a couple parts, and post it that way.

There are ways to do it. Just giving up, with a "limited in our capacities", is starting to speak more about other capacities that you are limited in, that have nothing to do with forum limitations.

I'm sorry folks, but this is becoming a circus, and you're going to have to do better than this.

-- Smoov
bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
May 23, 2012, 11:16:30 PM
 #1164

Watching this mess.

Where is my popcorn ? Cheesy

That is why I keep coming to this forum ( and the mining aspect ) : the drama. Just like SolidCoin !

At this point, I think it is not very likely people will get their BTCs back.

USD ? Sure they will 100% but they can steal all the BTCs and nobody can do a thing.  Undecided

Crypt_Current
Hero Member
*****
Offline Offline

Activity: 686


Shame on everything; regret nothing.


View Profile
May 23, 2012, 11:50:14 PM
 #1165

Watching this mess.

Where is my popcorn ? Cheesy


How about chex mix?

Better yet... how about MY FUCKING MONEY??   Angry

10% off at CampBX for LIFE:  https://campbx.com/main.php?r=C9a5izBQ5vq  ----  Authorized BitVoucher MEGA reseller (& BTC donations appreciated):  https://bitvoucher.co/affl/1HkvK8o8WWDpCTSQGnek7DH9gT1LWeV5s3/
LTC:  LRL6vb6XBRrEEifB73DiEiYZ9vbRy99H41  NMC:  NGb2spdTGpWj8THCPyCainaXenwDhAW1ZT
Smoovious
Hero Member
*****
Offline Offline

Activity: 504

Scattering my bits around the net since 1980


View Profile
May 24, 2012, 12:03:43 AM
 #1166

At this point, I think it is not very likely people will get their BTCs back.

USD ? Sure they will 100% but they can steal all the BTCs and nobody can do a thing.  Undecided
I dunno... if the records about who had which BTC has indeed been deleted, I imagine those same records also kept track of how much USD/EUR/etc was in everyone's accounts too.

The fact that they even bothered to put up a claims page at all, suggests that they have no idea at all who is supposed to get what. Otherwise, there would be little reason to put up a claims page since they'd still have the records of who gets what.

-- Smoov
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 24, 2012, 12:04:57 AM
 #1167

Wonder if Rackspace can retrieve deleted backups...

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
imsaguy
General failure and former
VIP
Hero Member
*
Offline Offline

Activity: 574

Don't send me a pm unless you gpg encrypt it.


View Profile WWW
May 24, 2012, 12:25:42 AM
 #1168

Wonder if Rackspace can retrieve deleted backups...

Glad I'm not the only one thinking this.  Rackspace should have had their own set of backups for business continuity reasons (they don't want to tell a bunch of their clients that a server died and had data loss) so if a person contacts them ASAP, there's chance of recovery.  I also know they won't want to keep many versions, so a guy will want to contact them sooner than later.  In fact, if the consultancy hasn't already contacted them to ask, its probably too late.  Just my .02 btc.

Coming Soon!™ © imsaguy 2011-2013, All rights reserved.

EIEIO:
https://bitcointalk.org/index.php?topic=60117.0

Shades Minoco Collection Thread: https://bitcointalk.org/index.php?topic=65989
Payment Address: http://btc.to/5r6
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 24, 2012, 12:27:43 AM
 #1169

Wonder if Rackspace can retrieve deleted backups...

Glad I'm not the only one thinking this.  Rackspace should have had their own set of backups for business continuity reasons (they don't want to tell a bunch of their clients that a server died and had data loss) so if a person contacts them ASAP, there's chance of recovery.  I also know they won't want to keep many versions, so a guy will want to contact them sooner than later.  In fact, if the consultancy hasn't already contacted them to ask, its probably too late.  Just my .02 btc.
Yeah, it's likely they would only keep a day or a week's worth of backups.  Hopefully, that was on the forefront of whoever was dealing with this mess on day 1.  I know backups would've been the first thing I would ask about in the event that all of my servers got deleted.
tvbcof
Legendary
*
Offline Offline

Activity: 1974


View Profile
May 24, 2012, 12:48:03 AM
 #1170

Wonder if Rackspace can retrieve deleted backups...

Glad I'm not the only one thinking this.  Rackspace should have had their own set of backups for business continuity reasons (they don't want to tell a bunch of their clients that a server died and had data loss) so if a person contacts them ASAP, there's chance of recovery.  I also know they won't want to keep many versions, so a guy will want to contact them sooner than later.  In fact, if the consultancy hasn't already contacted them to ask, its probably too late.  Just my .02 btc.
Yeah, it's likely they would only keep a day or a week's worth of backups.  Hopefully, that was on the forefront of whoever was dealing with this mess on day 1.  I know backups would've been the first thing I would ask about in the event that all of my servers got deleted.

In about three seconds of looking I see it is an optional item (as I suspected.)

If I were storing a significant amount of value or sufficiently valuable secrets it is unlikely that I would trust Rackspace (or any provider) to do my backups since I could not control the tapes or whatever technology they might be using.  I'd roll my own targeted and maintainable off-site solution making appropriate use of encryption and I would test it regularly.  In fact that's exactly what I do in my work even though I don't even deal with data of particular value (which is itself not entirely accidental)

I have used Rackspace in the distant past and never expected them to provide much by way disaster recovery.  I selected redundancy where I needed it and relied on my ability to re-construct software deployments and retrieve critical data from off-site backups.


rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 24, 2012, 12:57:08 AM
 #1171

As an optional extra, I think that means backups in general. However, the machine images and all associated backups were deleted when the VMs were removed, so I don't know if there was an additional layer of backups somewhere, or whether they are lost to the aether.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
May 24, 2012, 02:03:45 AM
 #1172

I only have US dollars at Bitcoinica.  I'm hoping that US dollar accounts were unaffected by this.  How were the US dollars stored?

Seriously? Can't tell if a joke or not.

well obviously the US dollars were encrypted with Truecrypt and stored offline.
nrd525
Legendary
*
Offline Offline

Activity: 1182


View Profile
May 24, 2012, 02:12:23 AM
 #1173

>You bring up a good way of validating something but it might not make people happy. If you funded via a Fiat currency, you should be able to show that funds >were sent there. There are 'records' via other institutions and they would be able to show fiat currencies sent back to parties. The difference could at least be >a case for refunds if in fact all data was lost. This however doesn't, initially, help people that transferred in using BTC or what they sent out using BTC.

I submitted a claim today.  I hope they validate my account.  They should be able to check the US dollar transfers from MtGox.

Don't day trade.
Smoovious
Hero Member
*****
Offline Offline

Activity: 504

Scattering my bits around the net since 1980


View Profile
May 24, 2012, 02:19:43 AM
 #1174

As an optional extra, I think that means backups in general. However, the machine images and all associated backups were deleted when the VMs were removed, so I don't know if there was an additional layer of backups somewhere, or whether they are lost to the aether.
Why would someone backup to something with the word "virtual" in the name to begin with? Might as well call it a virtual backup.

What they needed was an _actual_ backup.

Sure, backup to the virtual one, but immediately when it is done, get a copy transmitted to somewhere else that isn't 'virtual'...

just askin' for trouble.

-- Smoov
Bitcoinica Consultancy
Newbie
*
Offline Offline

Activity: 14


View Profile
May 24, 2012, 04:51:53 AM
 #1175

Let me start off by saying the information in this post is gathered from already public statements, separate knowledge or, in individual cases has been preapproved. We have been disgusted by the fact that we cannot speak liberally. Once the reclaims process is finished, if we are not allowed to speak publicly we will stop all activity with bitcoinica.

Right now, we believe the best thing for all parties involved is that we continue with the reclaims process. We have investigated many of the claims but have many left. There were still claims being filed as of at least yesterday. Our intention is to have a secure platform where users can claim their accounts and everyone will be able to claims their accounts once the claims process is finished. We cannot offer a concrete timeline for exactly when this will happen but we are working as fast as possible. Please be patient. We are truly sorry for the grave inconveniences.



As for recent incidents:

We first got involved with Bitcoinica after we discovered a security vulnerability where we could liberally withdraw and empty bitcoinica's live wallet. It became apparent to us that the site was a poorly constructed security nightmare. We started talks with bitcoinica in the hopes that they would see us as being an indispensable asset to help secure their site. The site currently is far more secure then previously.

While Zhou has made a lot of public statements, I assume his doing so has violated agreement(s) which he may have. He has stated publicly that he does have some non-disclosure agreement. Many of his posts were either untrue or certainly misleading. Many of these posts were directed at us. After being confronted on the issue, he agreed not to post anymore. After breaking that promise only hours later, we confronted him again privately.

He posted an insincere and politically worded apology.

Within the apology he made it sound as though we were trying to stop him from posting. As if he had not respected some secrecy that we wished to maintain. This of course is entirely misleading. He also posted the link to the reclaims page before it was finished and without our consent. He also continued to make very important decisions without our consent which has effected our ability to recover. In fact, even as of the 17th, we were often still in the dark and learning things through Zhou's posts on the forums. We may decide later to take action against Zhou as he has offered no public recompense. He was the owner of bitcoinica, sold bitcoinica keeping earlier profits and it seems he was paid and that he was responsible for its security until at least very recently. We even hope to release our private conversations with him if there is deemed to be no liability for us doing so. These issues should never have been made public and we took many measures speaking with him many times so that it would not get to this level. Right now though this needs to be put on the back-burner. It is immaterial until the claims process if resolved.

As for the current owners of Bitcoinica, they have by far exceeded their legal obligations in helping Bitcoinica recover from the previous hack and have pledged their continued support in seeing this incident fully resolved. I am not sure they knew how insecure the site was when they first bought it. We applaud their generosity. The inability to disclose pertinent information however we vehemently disagree with. We believe this information is critical to restoring the trust a business like bitcoinica requires.
proudhon
Legendary
*
Offline Offline

Activity: 1148



View Profile
May 24, 2012, 05:09:38 AM
 #1176

Let me start off by saying the information in this post is gathered from already public statements, separate knowledge or, in individual cases has been preapproved. We have been disgusted by the fact that we cannot speak liberally. Once the reclaims process is finished, if we are not allowed to speak publicly we will stop all activity with bitcoinica.

Right now, we believe the best thing for all parties involved is that we continue with the reclaims process. We have investigated many of the claims but have many left. There were still claims being filed as of at least yesterday. Our intention is to have a secure platform where users can claim their accounts and everyone will be able to claims their accounts once the claims process is finished. We cannot offer a concrete timeline for exactly when this will happen but we are working as fast as possible. Please be patient. We are truly sorry for the grave inconveniences.



As for recent incidents:

We first got involved with Bitcoinica after we discovered a security vulnerability where we could liberally withdraw and empty bitcoinica's live wallet. It became apparent to us that the site was a poorly constructed security nightmare. We started talks with bitcoinica in the hopes that they would see us as being an indispensable asset to help secure their site. The site currently is far more secure then previously.

While Zhou has made a lot of public statements, I assume his doing so has violated agreement(s) which he may have. He has stated publicly that he does have some non-disclosure agreement. Many of his posts were either untrue or certainly misleading. Many of these posts were directed at us. After being confronted on the issue, he agreed not to post anymore. After breaking that promise only hours later, we confronted him again privately.

He posted an insincere and politically worded apology.

Within the apology he made it sound as though we were trying to stop him from posting. As if he had not respected some secrecy that we wished to maintain. This of course is entirely misleading. He also posted the link to the reclaims page before it was finished and without our consent. He also continued to make very important decisions without our consent which has effected our ability to recover. In fact, even as of the 17th, we were often still in the dark and learning things through Zhou's posts on the forums. We may decide later to take action against Zhou as he has offered no public recompense. He was the owner of bitcoinica, sold bitcoinica keeping earlier profits and it seems he was paid and that he was responsible for its security until at least very recently. We even hope to release our private conversations with him if there is deemed to be no liability for us doing so. These issues should never have been made public and we took many measures speaking with him many times so that it would not get to this level. Right now though this needs to be put on the back-burner. It is immaterial until the claims process if resolved.

As for the current owners of Bitcoinica, they have by far exceeded their legal obligations in helping Bitcoinica recover from the previous hack and have pledged their continued support in seeing this incident fully resolved. I am not sure they knew how insecure the site was when they first bought it. We applaud their generosity. The inability to disclose pertinent information however we vehemently disagree with. We believe this information is critical to restoring the trust a business like bitcoinica requires.

Well, it's something.  At the very least, it makes me feel a bit more hopeful.  I hope everybody gets their coins back and bitcoinica can be salvaged into something more secure and more robust as a trading platform.
imsaguy
General failure and former
VIP
Hero Member
*
Offline Offline

Activity: 574

Don't send me a pm unless you gpg encrypt it.


View Profile WWW
May 24, 2012, 05:12:19 AM
 #1177

Let me start off by saying the information in this post is gathered from already public statements, separate knowledge or, in individual cases has been preapproved. We have been disgusted by the fact that we cannot speak liberally. Once the reclaims process is finished, if we are not allowed to speak publicly we will stop all activity with bitcoinica.

Right now, we believe the best thing for all parties involved is that we continue with the reclaims process. We have investigated many of the claims but have many left. There were still claims being filed as of at least yesterday. Our intention is to have a secure platform where users can claim their accounts and everyone will be able to claims their accounts once the claims process is finished. We cannot offer a concrete timeline for exactly when this will happen but we are working as fast as possible. Please be patient. We are truly sorry for the grave inconveniences.



As for recent incidents:

We first got involved with Bitcoinica after we discovered a security vulnerability where we could liberally withdraw and empty bitcoinica's live wallet. It became apparent to us that the site was a poorly constructed security nightmare. We started talks with bitcoinica in the hopes that they would see us as being an indispensable asset to help secure their site. The site currently is far more secure then previously.

While Zhou has made a lot of public statements, I assume his doing so has violated agreement(s) which he may have. He has stated publicly that he does have some non-disclosure agreement. Many of his posts were either untrue or certainly misleading. Many of these posts were directed at us. After being confronted on the issue, he agreed not to post anymore. After breaking that promise only hours later, we confronted him again privately.

He posted an insincere and politically worded apology.

Within the apology he made it sound as though we were trying to stop him from posting. As if he had not respected some secrecy that we wished to maintain. This of course is entirely misleading. He also posted the link to the reclaims page before it was finished and without our consent. He also continued to make very important decisions without our consent which has effected our ability to recover. In fact, even as of the 17th, we were often still in the dark and learning things through Zhou's posts on the forums. We may decide later to take action against Zhou as he has offered no public recompense. He was the owner of bitcoinica, sold bitcoinica keeping earlier profits and it seems he was paid and that he was responsible for its security until at least very recently. We even hope to release our private conversations with him if there is deemed to be no liability for us doing so. These issues should never have been made public and we took many measures speaking with him many times so that it would not get to this level. Right now though this needs to be put on the back-burner. It is immaterial until the claims process if resolved.

As for the current owners of Bitcoinica, they have by far exceeded their legal obligations in helping Bitcoinica recover from the previous hack and have pledged their continued support in seeing this incident fully resolved. I am not sure they knew how insecure the site was when they first bought it. We applaud their generosity. The inability to disclose pertinent information however we vehemently disagree with. We believe this information is critical to restoring the trust a business like bitcoinica requires.

First off, you switch between first and third person so often, it is difficult to know whether you speak for yourself or the consultancy.

Second, you claim the current owners have far exceeded their legal obligations.  Exactly what are those obligations?

Third, I believe your statement can be summed up with "Things are continuing.  We're disappointed with Zhou's actions. More stuff coming soon."  Great, so you just wasted a bunch of time.  You should instead try answering some of the questions raised in this thread.

Coming Soon!™ © imsaguy 2011-2013, All rights reserved.

EIEIO:
https://bitcointalk.org/index.php?topic=60117.0

Shades Minoco Collection Thread: https://bitcointalk.org/index.php?topic=65989
Payment Address: http://btc.to/5r6
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 966


BCJ


View Profile
May 24, 2012, 05:15:51 AM
 #1178

So let me get this straight.  You pen test a 17 year old competitors' faulty site, fine vulnerabilities and use that knowledge to muscle your way into his business.  Then it blows up in your face and you spend 13 days crafting a carefully worded "statement" which basically establishes that you are now essentially in a pissing match with this kid.  How old are you 14?  This whole think stinks.  There are 18K BTC missing and a lot of user funds tied up with this and this is how you respond.  What a fucking disaster.  No wonder bitcoin can't establish any credibility.  Your lack of clarity and inability to take any responsibility for this situation only  serves to demolish any credibility you guys may have had in this community.
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 24, 2012, 05:20:58 AM
 #1179

I think the post just outlined the fact that their hands are tied.  They can't talk about the situation directly, at this point.  They agree that it's BS that they can't answer the questions, but they aren't the ones to make the decision about what can and cannot be spoken about.
shad0wbitz
Full Member
***
Offline Offline

Activity: 182


View Profile WWW
May 24, 2012, 05:21:23 AM
 #1180

So basically what I said on my previous post of "be prepared for the blame-game" has now become a reality. Zhou shits on Bitcoin Consultancy. Bitcoin consultancy shits on Zhou AND the secret investor by vehemntly disagreeing with their silence ... an all out war basically between all parties involved.

Still some very important questions remain unanswered:

- Why was bitcoinconsultancy.com taken offline?
- Why is the sock puppet used on this forum named "Bitcoinica consultancy" and not "Bitcoin consultancy"?

Also, could you please confirm if you (intersango / bitcoin consultancy) are IN FACT the GENERAL PARTNER for Bitcoinica LP, or is Zhou lying on this post:

https://bitcointalk.org/index.php?topic=82260.msg906647#msg906647

Quote
Undoubtedly, I felt upset about some confusing commenters. I objectively disagreed with Intersango guys' ways of doing things and I think if Bitcoinica is still under my control, some of our customers' immediate issues can be addressed in a more timely manner.

However, I want to express my sincere apology to the General Partners of Bitcoinica LP, because I should not have criticized them when I should bear part of the responsibility by not doing my best in securing the system. The direct cause of the issue is not important, we shouldn't argue about "if someone didn't do X this thing wouldn't have happened", instead, we should say more about "if I did X this thing could be prevented". In this case, I can express these statements...

.....

I am also extremely grateful for the Limited Partner (an investment group) of Bitcoinica LP for exceeding their legal obligation to bear the full cost of both recent attacks. Without their active support, Bitcoinica couldn't have survived until today to serve our customers well.


Zhou seems to suggest that the mystery investor is the limited partner, while Bitcoin Consultancy is the general partner. Care to clarify?

Finally, Zhou claims he has not have had any access to the site, and has not even been officially recognized as a PR person for Bitcoinica for "quite some time now". You on the other hand, claim to have almost no control at all over Bitcoinica, and that have learned about a lot of what has transpired through Forum posts.

I hope you can see this sounds extremely psychotic, and it is incredibly confusing for Bitcoinica customers.


GOX SUX COX!
The true faces of the Bitcoinica / Intersango SCAM! - Bitcoin was born in the shad0ws, for the shad0ws.
Pages: « 1 ... 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 [59] 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!