Bitcoin Forum
March 19, 2024, 07:27:26 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 [72] 73 74 75 76 77 78 79 »
  Print  
Author Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation  (Read 224548 times)
bulanula
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500



View Profile
May 25, 2012, 11:52:02 AM
 #1421

Offer a bounty for the database ? The hacker would be most stupid to release it as that could identify him pretty quickly.

Also, it seems to me that zhoutong is not at fault here but the incompetence of "InterSCAMgo" as shadow puts it.

Too bad there are no other UK exchanges ...  
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1710833246
Hero Member
*
Offline Offline

Posts: 1710833246

View Profile Personal Message (Offline)

Ignore
1710833246
Reply with quote  #2

1710833246
Report to moderator
N12
Donator
Legendary
*
Offline Offline

Activity: 1610
Merit: 1010



View Profile
May 25, 2012, 11:53:01 AM
 #1422

Suggestion:

Offer a 18.5k BTC bounty for whoever releases a copy of the database.

The database isn't worth 18.5k.

No, it is actually worth much more than that, since quite a few people will be suing Bitcoinica if their balance does not satisfy them.

You better negotiate a good deal with the hacker, or you are pretty sure to be made insolvent.

edit:

bulanula, there are ways to anonymously release the database along with a Bitcoin address.
bulanula
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500



View Profile
May 25, 2012, 11:54:17 AM
 #1423

Suggestion:

Offer a 18.5k BTC bounty for whoever releases a copy of the database.

The database isn't worth 18.5k.

No, it is actually worth much more than that, since quite a few people are going will be suing Bitcoinica if their balance does not satisfy them.

You better negotiate a good deal with the hacker, or you are pretty sure to be made insolvent.

Show me one case where people have been sued due to BTC otherwise you are FUDging.

Sue for USD ? Most likely but if tomorrow Intersango ran with all the BTC they had nobody could do a thing.
N12
Donator
Legendary
*
Offline Offline

Activity: 1610
Merit: 1010



View Profile
May 25, 2012, 11:57:04 AM
 #1424

Bitcoins are as much of a property as WoW Gold, potatoes or USD, you retard. The law doesn’t care what it is, as long as a contract exists.

BTW, don’t you have 25 BTC to repay?
bulanula
Hero Member
*****
Offline Offline

Activity: 518
Merit: 500



View Profile
May 25, 2012, 12:00:19 PM
 #1425

Bitcoins are as much of a property as WoW Gold, potatoes or USD, you retard. The law doesn’t care what it is, as long as a contract exists.

BTW, don’t you have 25 BTC to repay?

BTC is electrons in a computer mate as far as the law is concerned or a crypto message not money or a possession.

Stop trying to divert the discussion offtopic and show me one entity that has been brought to justice due to "stealing" BTC.

Not shakaru, not mybitcoin, not MrMoon, not bitcoin7, not bitomat, not bitcoinica ...

What did the security "investimagation" reveal as according to the topic title. The hacker couldn't have erased all the logs. There must be some IPs left. Where the police called to investigate ?

Maybe Rackspace had some logs left from him accessing the control panel ?
shad0wbitz
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile WWW
May 25, 2012, 12:13:32 PM
 #1426

By the way, good luck to ever get a VC company or individual to ever invest in a Bitcoin project, ever again!

Thank you InsterSCAMgo! You have further fucked Bitcoin's future by your gross negligence!

GOX SUX COX!
The true faces of the Bitcoinica / Intersango SCAM! - Bitcoin was born in the shad0ws, for the shad0ws.
muyuu
Donator
Legendary
*
Offline Offline

Activity: 980
Merit: 1000



View Profile
May 25, 2012, 12:16:09 PM
 #1427

Remember when I said I had already pulled all my moniez from Bitcoinica? I was kidding, actually I had 10000 BTC.

*Runs to fill the claim*  Grin

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
May 25, 2012, 12:19:38 PM
 #1428

Per standard practice, Bitcoin Consultancy entered into a non-disclosure agreement which extends to Bitcoinica's proprietary systems and processes. They are free to discuss their role and history with the company.
Thank you for this. We are incredibly happy. We will need to clear up some distinctions and make sure the account is in fact Tihan's account. He can do so via confirmation in email or on skype. We also need clarification as to what "role and history mean".
Heh, it would be kind of ironic if someone was actually running a sock donator account under his name. At least you are covering that angle to be sure it is him.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
zhoutong (OP)
VIP
Hero Member
*
Offline Offline

Activity: 490
Merit: 502


View Profile WWW
May 25, 2012, 12:34:04 PM
 #1429

Suggestion:

Offer a 18.5k BTC bounty for whoever releases a copy of the database.

The database isn't worth 18.5k.

No, it is actually worth much more than that, since quite a few people will be suing Bitcoinica if their balance does not satisfy them.

You better negotiate a good deal with the hacker, or you are pretty sure to be made insolvent.

edit:

bulanula, there are ways to anonymously release the database along with a Bitcoin address.

Assume that 99% of the balances have already been claimed, the extra loss due to over-claims is less than 18.5k BTC. This is my speculation based on the information I have though. I haven't verified them.

The following is my suggestion to Bitcoinica, I can disclose it because it won't make resolving problems more difficult:

Now the thing needed to do is to filter the false claims using the resources we already have, including:

- Support emails
- Outgoing transactional emails (deposit, withdrawal and order execution notifications)
- Previous accounting reports
- Partner records, including Mt. Gox, BitInstant, banks
- Block chain (We roughly know what addresses we have based on the transactional emails)

The reputation of the account owner can also be taken into consideration, i.e. if you have demonstrated consistent integrity in the community, you should get your funds back at first opportunity. If the database (which might be leaked) records suggest discrepancies, you should feel comfortable returning the extra.

If the claimed account balance is tiny, such as 1 BTC or $1 USD, you should also receive a refund as long as the account ownership can be verified.

If there are no outgoing transactional emails sent (within 60 days), no support emails ever, no passport photo uploaded, we will have to use extra evidence (Bitcoin address ownership and Mt. Gox code history) to prove account ownership. Most likely the claims are illegitimate. We have unlikely to have inactive users with large amount funds.

The most questionable claims will be the ones without reported positions but with large balances from people who are not reputable. Most likely these people are trying to hide their unrealized losses in the claims after knowing that database has been deleted.

I know there's some personal judgement involved in the suggestion, but that will be my way of handling this. It will keep the majority of people happy while reducing most false positives. If my suggestion is accepted, the general rule is, you can get your funds more fully (partial payments are possible), sooner and less evidence is required if:

--- Disclaimer: Pure suggestion. NOT OFFICIAL ---

- Your bitcointalk.org profile or Bitcoin-OTC rating shows you as reputable and trustworthy. (50 Points)
- You can supply at least one transactional email you have received which perfectly matches our outgoing transactional email records. (30 Points)
- You can provide passport scans and you have provided to Bitcoinica (even if it's pending verification). (40 Points)
- The order of magnitude of your reported balance is consistent with our outdated accounting records. (30 Points)
- You can recall the balances exactly or very precisely. (20 Points)
- You have reported a losing position, with precise details. (20 Points)
- You have contacted Bitcoinica Support at least once since September 2011. (10 Points)
- Your email can be searched online and matches your identity. (10 Points)
- You can provide proof of Bitcoin address ownership (signature), Mt. Gox code you have used/obtained or accurate details of large transaction records (>2500 BTC) that match our hedging activity. (10 Points each kind of evidence)
- Another reputable member supports your claim. (10 Points)
- You have used wire transfer, BitInstant or AurumXchange to deposit/withdraw funds and they can verify the records. (10 Points)
- You have submitted the claim within the first 24 hours since the announcement. (10 Points)

If there are no transactional emails or support emails ever sent to the claimed address, 0 Points for now.

If you get >= 100 Points, you should be refunded immediately.
If you get >= 50 Points, you can expect partial refunds first. The percentage of partial payments will be calculated using the formula (let P be the points you get):

Partial payment in % = (P/10)^2

e.g. If you get 90 Points, you receive 81% of the claimed amount first. If you get 50 Points, you receive 25% of the claimed amount first.

The rest of the claimed amount will be honored after every request has been processed. Then we can use cross reference to match the remainder records, and hopefully a copy of database can be obtained or leaked. If needed, we can also use external moderation to decide asset ownership.

--- Disclaimer: Pure suggestion. NOT OFFICIAL ---

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
N12
Donator
Legendary
*
Offline Offline

Activity: 1610
Merit: 1010



View Profile
May 25, 2012, 12:34:51 PM
 #1430

Intersango/(My)Bitcoin(ica) Consultancy, you guys better offer a nice fat 18.5k BTC bounty for the database or you will likely be sued into insolvency!

There were already plenty of people who suspected a database loss. I was tempted to file a false claim a few days ago myself. Do you really think there is a way for you not to overpay some, and therefore underpay others without the database?

It is an absolute bargain since there is no other way to allocate funds without risking losing MORE funds than deposited. I hope the hacker will accept an initial offer and not abuse his position. I also hope he will not tamper with the database (maybe you can offer him another bounty since people will try to bribe their way in). Is there perhaps a checksum to prove it is the original?

Do it or die.
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
May 25, 2012, 12:37:32 PM
 #1431

Intersango/(My)Bitcoin(ica) Consultancy, you guys better offer a nice fat 18.5k BTC bounty for the database or you will likely be sued into insolvency!

There were already plenty of people who suspected a database loss. I was tempted to file a false claim a few days ago myself. Do you really think there is a way for you not to overpay some, and therefore underpay others without the database?

It is an absolute bargain since there is no other way to allocate funds without risking losing MORE funds than deposited. I hope the hacker will accept an initial offer and not abuse his position. I also hope he will not tamper with the database (maybe you can offer him another bounty since people will try to bribe their way in). Is there perhaps a checksum to prove it is the original?

Do it or die.
Are you the hacker looking to double your money? A bargain indeed. Right.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
N12
Donator
Legendary
*
Offline Offline

Activity: 1610
Merit: 1010



View Profile
May 25, 2012, 12:40:13 PM
 #1432

Haha, I knew I would be accused of that.

Have you read through zhoutong’s suggestion? I had no funds at Bitcoinica and considered faking a claim a few days ago, as I suspected a db loss. I could have easily done the claim and raked in a few k BTC. I didn’t because it would be theft, but I guarantee you there are enough people here who would get enough "points" to get refunded immediately, lack any morals, and had the foresight to file a fake claim before the db loss was admitted.

I simply see no other way around insolvency.
muyuu
Donator
Legendary
*
Offline Offline

Activity: 980
Merit: 1000



View Profile
May 25, 2012, 12:41:41 PM
Last edit: May 25, 2012, 01:42:45 PM by muyuu
 #1433

Blitz: relax.

In any case you shouldn't trust a database that may have been tampered with. This wasn't a fancy encrypted or otherwise secured database. This was a Ruby on Rails step-by-step tutorial kind of database.

It doesn't make sense to be offering fat bounties around. Not that the hacker would likely take the risk.

So, take it easy.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
May 25, 2012, 12:42:08 PM
 #1434

Haha, I knew I would be accused of that.

Have you read through zhoutong’s suggestion? I could have easily done the claim and raked in a few k BTC. I didn’t because it would be theft, but I guarantee you there are enough people here who would get enough "points" to get refunded immediately, lack any morals, and had the foresight to file a fake claim before the db loss was admitted.

I simply see no other way around insolvency.
I read his suggestion, and it makes sense because some of the info he is suggesting to use for claims cannot be faked. Very good suggestions, too.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
N12
Donator
Legendary
*
Offline Offline

Activity: 1610
Merit: 1010



View Profile
May 25, 2012, 12:45:37 PM
 #1435

I read his suggestion, and it makes sense because some of the info he is suggesting to use for claims cannot be faked. Very good suggestions, too.
Nonsense, I would easily have gotten >100 points filing my fake claim. The only thing that stopped me was my conscience.

Where is the money going to come from the other depositors will be missing? This is why I say I see no way around insolvency without the database.

You guys go ahead, though. I’ll get the popcorn for when people with 100+ points are requesting 500k BTC. Grin Grin Grin

edit: rjk, no need for that. I can get over 100 despite that missing. Also I doubt they have that email data.
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
May 25, 2012, 12:46:53 PM
 #1436

I read his suggestion, and it makes sense because some of the info he is suggesting to use for claims cannot be faked. Very good suggestions, too.
Nonsense, I would easily have gotten >100 points filing my fake claim. The only thing that stopped me was my conscience.

Where is the money going to come from the other depositors will be missing? This is why I say I see no way around insolvency without the database.
You have deposit and withdrawal amounts that correspond exactly with the emails that they have on hand?

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
elux
Legendary
*
Offline Offline

Activity: 1458
Merit: 1006



View Profile
May 25, 2012, 12:57:40 PM
 #1437

--- Disclaimer: Pure suggestion. NOT OFFICIAL ---

- Your bitcointalk.org profile or Bitcoin-OTC rating shows you as reputable and trustworthy. (50 Points)
- You can supply at least one transactional email you have received which perfectly matches our outgoing transactional email records. (30 Points)
- You can provide passport scans and you have provided to Bitcoinica (even if it's pending verification). (40 Points)
- The order of magnitude of your reported balance is consistent with our outdated accounting records. (30 Points)
- You can recall the balances exactly or very precisely. (20 Points)
- You have reported a losing position, with precise details. (20 Points)
- You have contacted Bitcoinica Support at least once since September 2011. (10 Points)
- Your email can be searched online and matches your identity. (10 Points)
- You can provide proof of Bitcoin address ownership (signature), Mt. Gox code you have used/obtained or accurate details of large transaction records (>2500 BTC) that match our hedging activity. (10 Points each kind of evidence)
- Another reputable member supports your claim. (10 Points)
- You have used wire transfer, BitInstant or AurumXchange to deposit/withdraw funds and they can verify the records. (10 Points)
- You have submitted the claim within the first 24 hours since the announcement. (10 Points)

If there are no transactional emails or support emails ever sent to the claimed address, 0 Points for now.

--- Disclaimer: Pure suggestion. NOT OFFICIAL ---

I have been a Bitcoinica customer for the last several months.

I made a number of deposits to Bitcoinica from Mt.Gox, using Mt.Gox codes.
I executed dozens of trades, won some, lost some, made no withdrawals.
I never had any issues with the service so I made no complaints and sent no emails to support.

I don't seem to have received  _any_ emails from *@bitcoinica.com prior to the claims form.
I had a smooth, clean, entirely trouble free relationship with bitcoinica to the day of the last hack.

Was transactional emails turned off by default? (I don't like frequent, automated emails cluttering my inbox.)
Am I looking at the wrong email address? Or am I missing something?
flower1024
Legendary
*
Offline Offline

Activity: 1428
Merit: 1000


View Profile
May 25, 2012, 01:00:16 PM
 #1438

--- Disclaimer: Pure suggestion. NOT OFFICIAL ---

- Your bitcointalk.org profile or Bitcoin-OTC rating shows you as reputable and trustworthy. (50 Points)
- You can supply at least one transactional email you have received which perfectly matches our outgoing transactional email records. (30 Points)
- You can provide passport scans and you have provided to Bitcoinica (even if it's pending verification). (40 Points)
- The order of magnitude of your reported balance is consistent with our outdated accounting records. (30 Points)
- You can recall the balances exactly or very precisely. (20 Points)
- You have reported a losing position, with precise details. (20 Points)
- You have contacted Bitcoinica Support at least once since September 2011. (10 Points)
- Your email can be searched online and matches your identity. (10 Points)
- You can provide proof of Bitcoin address ownership (signature), Mt. Gox code you have used/obtained or accurate details of large transaction records (>2500 BTC) that match our hedging activity. (10 Points each kind of evidence)
- Another reputable member supports your claim. (10 Points)
- You have used wire transfer, BitInstant or AurumXchange to deposit/withdraw funds and they can verify the records. (10 Points)
- You have submitted the claim within the first 24 hours since the announcement. (10 Points)

If there are no transactional emails or support emails ever sent to the claimed address, 0 Points for now.

--- Disclaimer: Pure suggestion. NOT OFFICIAL ---

I have been a Bitcoinica customer for the last several months.

I made a number of deposits to Bitcoinica from Mt.Gox, using Mt.Gox codes.
I executed dozens of trades, won some, lost some, made no withdrawals.
I never had any issues with the service so I made no complaints and sent no emails to support.

I don't seem to have received  _any_ emails from *@bitcoinica.com prior to the claims form.
I had a smooth, clean, entirely trouble free relationship with bitcoinica to the day of the last hack.

From reading zhoutongs inane unofficial suggestion I get a sinking feeling in my stomach.

Was transactional emails turned off by default? (I don't like frequent, automated emails cluttering my inbox.)
Am I looking at the wrong email address? Or am I missing something?

*slams head into keyboard*

you got an email when you deposited money (any currency).
i am in a similar situation: i just deleted them immediatly.

but at least i did had a verified account and made a wire transfer (dont know if i am respected member...).
WhatsHappening
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
May 25, 2012, 01:02:22 PM
 #1439

I have been a Bitcoinica customer for the last several months.

I made a number of deposits to Bitcoinica from Mt.Gox, using Mt.Gox codes.
I executed dozens of trades, won some, lost some, made no withdrawals.
I never had any issues with the service so I made no complaints and sent no emails to support.

I don't seem to have received  _any_ emails from *@bitcoinica.com prior to the claims form.
I had a smooth, clean, entirely trouble free relationship with bitcoinica to the day of the last hack.

From reading zhoutongs inane unofficial suggestion I get a sinking feeling in my stomach.

Was transactional emails turned off by default? (I don't like frequent, automated emails cluttering my inbox.)
Am I looking at the wrong email address? Or am I missing something?

*slams head into keyboard*

I'm in the same situation.
I only used mtgox codes to make deposits/withdrawals.

MTGox has evidence that I made a BTC deposit. Maybe MTGox could take part in verification process ?

I think most of bitcoinica users has an account in MTGox.

kokjo
Legendary
*
Offline Offline

Activity: 1050
Merit: 1000

You are WRONG!


View Profile
May 25, 2012, 01:04:05 PM
 #1440

--- Disclaimer: Pure suggestion. NOT OFFICIAL ---

- Your bitcointalk.org profile or Bitcoin-OTC rating shows you as reputable and trustworthy. (50 Points)
- You can supply at least one transactional email you have received which perfectly matches our outgoing transactional email records. (30 Points)
- You can provide passport scans and you have provided to Bitcoinica (even if it's pending verification). (40 Points)
- The order of magnitude of your reported balance is consistent with our outdated accounting records. (30 Points)
- You can recall the balances exactly or very precisely. (20 Points)
- You have reported a losing position, with precise details. (20 Points)
- You have contacted Bitcoinica Support at least once since September 2011. (10 Points)
- Your email can be searched online and matches your identity. (10 Points)
- You can provide proof of Bitcoin address ownership (signature), Mt. Gox code you have used/obtained or accurate details of large transaction records (>2500 BTC) that match our hedging activity. (10 Points each kind of evidence)
- Another reputable member supports your claim. (10 Points)
- You have used wire transfer, BitInstant or AurumXchange to deposit/withdraw funds and they can verify the records. (10 Points)
- You have submitted the claim within the first 24 hours since the announcement. (10 Points)

If there are no transactional emails or support emails ever sent to the claimed address, 0 Points for now.

--- Disclaimer: Pure suggestion. NOT OFFICIAL ---

I have been a Bitcoinica customer for the last several months.

I made a number of deposits to Bitcoinica from Mt.Gox, using Mt.Gox codes.
I executed dozens of trades, won some, lost some, made no withdrawals.
I never had any issues with the service so I made no complaints and sent no emails to support.

I don't seem to have received  _any_ emails from *@bitcoinica.com prior to the claims form.
I had a smooth, clean, entirely trouble free relationship with bitcoinica to the day of the last hack.

From reading zhoutongs inane unofficial suggestion I get a sinking feeling in my stomach.

Was transactional emails turned off by default? (I don't like frequent, automated emails cluttering my inbox.)
Am I looking at the wrong email address? Or am I missing something?
i have the emails. check your spam folder.
and im reputable and trustworthy, even though i didn't do many deals in bitcoin, im still a long time member of the bitcoin community, and i haven't cheated or lied.

"The whole problem with the world is that fools and fanatics are always so certain of themselves and wiser people so full of doubts." -Bertrand Russell
Pages: « 1 ... 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 [72] 73 74 75 76 77 78 79 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!