Bitcoin Forum
December 09, 2016, 05:44:13 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 [72] 73 74 75 76 77 78 79 80 »
  Print  
Author Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation  (Read 201816 times)
bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
May 25, 2012, 11:43:41 AM
 #1421

* Goes to get the popcorn and claim $ 1 million on claims.bitcoinica.com *

What's up ? Cheesy

In all seriousness, how long do you think this will take ( months / weeks ) ?

This is all affecting the price even if I don't have anything in Bitcoinica.

You don't need anything in Bitcoinica when you just took them for 18K BTC ...

hey man i'm just doing what your sig told me to  Grin

Seems to me the hacker is a small group of people from which an individual should easily be identified.

Why has this not happened ? It is not like the hacker was some unknown entity out of the blue.

Read the thread : the only thing I had in the bucket shop is $1 bonus I got from zhoutong Cheesy

Not going to give my info to a bunch of incompetents to get it back anyway.
1481305453
Hero Member
*
Offline Offline

Posts: 1481305453

View Profile Personal Message (Offline)

Ignore
1481305453
Reply with quote  #2

1481305453
Report to moderator
1481305453
Hero Member
*
Offline Offline

Posts: 1481305453

View Profile Personal Message (Offline)

Ignore
1481305453
Reply with quote  #2

1481305453
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481305453
Hero Member
*
Offline Offline

Posts: 1481305453

View Profile Personal Message (Offline)

Ignore
1481305453
Reply with quote  #2

1481305453
Report to moderator
1481305453
Hero Member
*
Offline Offline

Posts: 1481305453

View Profile Personal Message (Offline)

Ignore
1481305453
Reply with quote  #2

1481305453
Report to moderator
realnowhereman
Hero Member
*****
Offline Offline

Activity: 504



View Profile
May 25, 2012, 11:46:04 AM
 #1422

I wasn't sure whether talking about the database was even permitted, so I skipped such questions. Now genjix has already said that, because either:

- He didn't communicate much with the rest of the team (i.e. doesn't understand why we are hiding)
Or
- He was granted the right to talk (I don't know)

I see you're ignoring my (and others) advice to stop airing your internal business disagreements publicly.

Throughout the whole event, I have always been following Bitcoinica Consultancy's standard of disclosure. The reason that database deletion was not disclosed is that they were afraid of inaccurate claims that would worsen the losses.

That's understandable, but irrelevant.  As muyuu points out: the loss of the database had been guessed at (unless you think people where asking about the database backups because they were totally confident it existed?).

I believe that any claims or claims modifications submitted after this point should be treated as false unless very concrete evidence has been given.

I'm afraid that this attitude reveals your naivete on security.  All claims should be treated as false unless concrete evidence is available.  Not "after this point"... all of them.  You don't trust anything or anyone.  What other way is there of running a secure system?

The hacker later restored the emergency image so he should possess a copy of the database. After that, he deleted all servers and all files in Cloud Files (like S3) including server backups.

If only the hacker had lived up to his promise that we should "expect a mass leak", eh?  His copy of that database would come in very handy.  Are you listening Mr Hacker?  Do us all a favour and drop a copy somewhere.  You've had your money; and you've effectively destroyed Bitcoinica's business... now you're just making life for the rest of us difficult.

According to the information I have, returning funds to clients is not impossible. I suggested some ideas but they were rejected by Bitcoinica Consultancy for different reasons. I understand their situation though, and my offer to take over remains open.

To be honest; now that we know what the difficulty is, I really don't see what magic wand you think you can wave to recreate records faster than the Bitcoin Consultancy team.  To me, it seems that this is going to be a matter of a long hard slog of manually reconciling claim requests with deposit and withdrawal records.

Further, despite your wonderboy reputation, it seems that you are the more fundamentally at fault (technically) here than Bitcoin Consultancy -- it's true that they left the door open to their own systems, but it's you who have had many months to prepare for and mitigate against disasters and didn't.  Even without considering hackers; what if Rackspace had gone unexpectedly bust?  What if a natural disaster wiped out electricity to their datacentre?  Mistakes in the heat of the moment are forgivable, mistakes made with time available for consideration are less so -- especially when they are easily foreseen mistakes.


1AAZ4xBHbiCr96nsZJ8jtPkSzsg1CqhwDa
Blitz­
Donator
Legendary
*
Offline Offline

Activity: 1596


"Cut Your Loose"


View Profile
May 25, 2012, 11:49:03 AM
 #1423

Suggestion:

Offer a 18.5k BTC bounty for whoever releases a copy of the database.

"Bitcoin had been transformed from an anarachistic challenge to the financial status quo, to the crypto spawn of Satan, fuelled by cut-throat greed and delusions of avarice." - MatTheCat
"these people don't seem to want to stop till Bitcoin is completely destroyed and left like an old cum rag in the corner of the room." - ShroomsKit
Crypt_Current
Hero Member
*****
Offline Offline

Activity: 686


Shame on everything; regret nothing.


View Profile
May 25, 2012, 11:49:50 AM
 #1424


Seems to me the hacker is a small group of people from which an individual should easily be identified.

Why has this not happened ? It is not like the hacker was some unknown entity out of the blue.


Gooooooooood question; like most good questions though, it needs to be asked more than once or twice.  So yeah I am wondering this as well.

Read the thread : the only thing I had in the bucket shop is $1 bonus I got from zhoutong Cheesy

Not going to give my info to a bunch of incompetents to get it back anyway.

yeah nah dude i've read every letter -- right there with ya.  just joshin' around, munchin' my corn   Smiley

10% off at CampBX for LIFE:  https://campbx.com/main.php?r=C9a5izBQ5vq  ----  Authorized BitVoucher MEGA reseller (& BTC donations appreciated):  https://bitvoucher.co/affl/1HkvK8o8WWDpCTSQGnek7DH9gT1LWeV5s3/
LTC:  LRL6vb6XBRrEEifB73DiEiYZ9vbRy99H41  NMC:  NGb2spdTGpWj8THCPyCainaXenwDhAW1ZT
realnowhereman
Hero Member
*****
Offline Offline

Activity: 504



View Profile
May 25, 2012, 11:50:36 AM
 #1425

Suggestion:

Offer a 18.5k BTC bounty for whoever releases a copy of the database.

The database isn't worth 18.5k.  Your suggestion would just add another cost.

A bounty isn't crazy though; enough to cover the cost of the manual work of restoration and perhaps a bit extra for the benefit to goodwill.

1AAZ4xBHbiCr96nsZJ8jtPkSzsg1CqhwDa
Crypt_Current
Hero Member
*****
Offline Offline

Activity: 686


Shame on everything; regret nothing.


View Profile
May 25, 2012, 11:51:51 AM
 #1426

Suggestion:

Offer a 18.5k BTC bounty for whoever releases a copy of the database.

Effectively paying the hacker 36.5K BTC ?   Huh

well you've been sarcastic about this before.  yes let's pay all the haxors and shorting all teh coinz   Grin

10% off at CampBX for LIFE:  https://campbx.com/main.php?r=C9a5izBQ5vq  ----  Authorized BitVoucher MEGA reseller (& BTC donations appreciated):  https://bitvoucher.co/affl/1HkvK8o8WWDpCTSQGnek7DH9gT1LWeV5s3/
LTC:  LRL6vb6XBRrEEifB73DiEiYZ9vbRy99H41  NMC:  NGb2spdTGpWj8THCPyCainaXenwDhAW1ZT
bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
May 25, 2012, 11:52:02 AM
 #1427

Offer a bounty for the database ? The hacker would be most stupid to release it as that could identify him pretty quickly.

Also, it seems to me that zhoutong is not at fault here but the incompetence of "InterSCAMgo" as shadow puts it.

Too bad there are no other UK exchanges ...  
Blitz­
Donator
Legendary
*
Offline Offline

Activity: 1596


"Cut Your Loose"


View Profile
May 25, 2012, 11:53:01 AM
 #1428

Suggestion:

Offer a 18.5k BTC bounty for whoever releases a copy of the database.

The database isn't worth 18.5k.

No, it is actually worth much more than that, since quite a few people will be suing Bitcoinica if their balance does not satisfy them.

You better negotiate a good deal with the hacker, or you are pretty sure to be made insolvent.

edit:

bulanula, there are ways to anonymously release the database along with a Bitcoin address.

"Bitcoin had been transformed from an anarachistic challenge to the financial status quo, to the crypto spawn of Satan, fuelled by cut-throat greed and delusions of avarice." - MatTheCat
"these people don't seem to want to stop till Bitcoin is completely destroyed and left like an old cum rag in the corner of the room." - ShroomsKit
bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
May 25, 2012, 11:54:17 AM
 #1429

Suggestion:

Offer a 18.5k BTC bounty for whoever releases a copy of the database.

The database isn't worth 18.5k.

No, it is actually worth much more than that, since quite a few people are going will be suing Bitcoinica if their balance does not satisfy them.

You better negotiate a good deal with the hacker, or you are pretty sure to be made insolvent.

Show me one case where people have been sued due to BTC otherwise you are FUDging.

Sue for USD ? Most likely but if tomorrow Intersango ran with all the BTC they had nobody could do a thing.
Blitz­
Donator
Legendary
*
Offline Offline

Activity: 1596


"Cut Your Loose"


View Profile
May 25, 2012, 11:57:04 AM
 #1430

Bitcoins are as much of a property as WoW Gold, potatoes or USD, you retard. The law doesn’t care what it is, as long as a contract exists.

BTW, don’t you have 25 BTC to repay?

"Bitcoin had been transformed from an anarachistic challenge to the financial status quo, to the crypto spawn of Satan, fuelled by cut-throat greed and delusions of avarice." - MatTheCat
"these people don't seem to want to stop till Bitcoin is completely destroyed and left like an old cum rag in the corner of the room." - ShroomsKit
bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
May 25, 2012, 12:00:19 PM
 #1431

Bitcoins are as much of a property as WoW Gold, potatoes or USD, you retard. The law doesn’t care what it is, as long as a contract exists.

BTW, don’t you have 25 BTC to repay?

BTC is electrons in a computer mate as far as the law is concerned or a crypto message not money or a possession.

Stop trying to divert the discussion offtopic and show me one entity that has been brought to justice due to "stealing" BTC.

Not shakaru, not mybitcoin, not MrMoon, not bitcoin7, not bitomat, not bitcoinica ...

What did the security "investimagation" reveal as according to the topic title. The hacker couldn't have erased all the logs. There must be some IPs left. Where the police called to investigate ?

Maybe Rackspace had some logs left from him accessing the control panel ?
shad0wbitz
Full Member
***
Offline Offline

Activity: 182


View Profile WWW
May 25, 2012, 12:13:32 PM
 #1432

By the way, good luck to ever get a VC company or individual to ever invest in a Bitcoin project, ever again!

Thank you InsterSCAMgo! You have further fucked Bitcoin's future by your gross negligence!

GOX SUX COX!
The true faces of the Bitcoinica / Intersango SCAM! - Bitcoin was born in the shad0ws, for the shad0ws.
muyuu
Donator
Legendary
*
Offline Offline

Activity: 924



View Profile
May 25, 2012, 12:16:09 PM
 #1433

Remember when I said I had already pulled all my moniez from Bitcoinica? I was kidding, actually I had 10000 BTC.

*Runs to fill the claim*  Grin

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 25, 2012, 12:19:38 PM
 #1434

Per standard practice, Bitcoin Consultancy entered into a non-disclosure agreement which extends to Bitcoinica's proprietary systems and processes. They are free to discuss their role and history with the company.
Thank you for this. We are incredibly happy. We will need to clear up some distinctions and make sure the account is in fact Tihan's account. He can do so via confirmation in email or on skype. We also need clarification as to what "role and history mean".
Heh, it would be kind of ironic if someone was actually running a sock donator account under his name. At least you are covering that angle to be sure it is him.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490


View Profile WWW
May 25, 2012, 12:34:04 PM
 #1435

Suggestion:

Offer a 18.5k BTC bounty for whoever releases a copy of the database.

The database isn't worth 18.5k.

No, it is actually worth much more than that, since quite a few people will be suing Bitcoinica if their balance does not satisfy them.

You better negotiate a good deal with the hacker, or you are pretty sure to be made insolvent.

edit:

bulanula, there are ways to anonymously release the database along with a Bitcoin address.

Assume that 99% of the balances have already been claimed, the extra loss due to over-claims is less than 18.5k BTC. This is my speculation based on the information I have though. I haven't verified them.

The following is my suggestion to Bitcoinica, I can disclose it because it won't make resolving problems more difficult:

Now the thing needed to do is to filter the false claims using the resources we already have, including:

- Support emails
- Outgoing transactional emails (deposit, withdrawal and order execution notifications)
- Previous accounting reports
- Partner records, including Mt. Gox, BitInstant, banks
- Block chain (We roughly know what addresses we have based on the transactional emails)

The reputation of the account owner can also be taken into consideration, i.e. if you have demonstrated consistent integrity in the community, you should get your funds back at first opportunity. If the database (which might be leaked) records suggest discrepancies, you should feel comfortable returning the extra.

If the claimed account balance is tiny, such as 1 BTC or $1 USD, you should also receive a refund as long as the account ownership can be verified.

If there are no outgoing transactional emails sent (within 60 days), no support emails ever, no passport photo uploaded, we will have to use extra evidence (Bitcoin address ownership and Mt. Gox code history) to prove account ownership. Most likely the claims are illegitimate. We have unlikely to have inactive users with large amount funds.

The most questionable claims will be the ones without reported positions but with large balances from people who are not reputable. Most likely these people are trying to hide their unrealized losses in the claims after knowing that database has been deleted.

I know there's some personal judgement involved in the suggestion, but that will be my way of handling this. It will keep the majority of people happy while reducing most false positives. If my suggestion is accepted, the general rule is, you can get your funds more fully (partial payments are possible), sooner and less evidence is required if:

--- Disclaimer: Pure suggestion. NOT OFFICIAL ---

- Your bitcointalk.org profile or Bitcoin-OTC rating shows you as reputable and trustworthy. (50 Points)
- You can supply at least one transactional email you have received which perfectly matches our outgoing transactional email records. (30 Points)
- You can provide passport scans and you have provided to Bitcoinica (even if it's pending verification). (40 Points)
- The order of magnitude of your reported balance is consistent with our outdated accounting records. (30 Points)
- You can recall the balances exactly or very precisely. (20 Points)
- You have reported a losing position, with precise details. (20 Points)
- You have contacted Bitcoinica Support at least once since September 2011. (10 Points)
- Your email can be searched online and matches your identity. (10 Points)
- You can provide proof of Bitcoin address ownership (signature), Mt. Gox code you have used/obtained or accurate details of large transaction records (>2500 BTC) that match our hedging activity. (10 Points each kind of evidence)
- Another reputable member supports your claim. (10 Points)
- You have used wire transfer, BitInstant or AurumXchange to deposit/withdraw funds and they can verify the records. (10 Points)
- You have submitted the claim within the first 24 hours since the announcement. (10 Points)

If there are no transactional emails or support emails ever sent to the claimed address, 0 Points for now.

If you get >= 100 Points, you should be refunded immediately.
If you get >= 50 Points, you can expect partial refunds first. The percentage of partial payments will be calculated using the formula (let P be the points you get):

Partial payment in % = (P/10)^2

e.g. If you get 90 Points, you receive 81% of the claimed amount first. If you get 50 Points, you receive 25% of the claimed amount first.

The rest of the claimed amount will be honored after every request has been processed. Then we can use cross reference to match the remainder records, and hopefully a copy of database can be obtained or leaked. If needed, we can also use external moderation to decide asset ownership.

--- Disclaimer: Pure suggestion. NOT OFFICIAL ---

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
Blitz­
Donator
Legendary
*
Offline Offline

Activity: 1596


"Cut Your Loose"


View Profile
May 25, 2012, 12:34:51 PM
 #1436

Intersango/(My)Bitcoin(ica) Consultancy, you guys better offer a nice fat 18.5k BTC bounty for the database or you will likely be sued into insolvency!

There were already plenty of people who suspected a database loss. I was tempted to file a false claim a few days ago myself. Do you really think there is a way for you not to overpay some, and therefore underpay others without the database?

It is an absolute bargain since there is no other way to allocate funds without risking losing MORE funds than deposited. I hope the hacker will accept an initial offer and not abuse his position. I also hope he will not tamper with the database (maybe you can offer him another bounty since people will try to bribe their way in). Is there perhaps a checksum to prove it is the original?

Do it or die.

"Bitcoin had been transformed from an anarachistic challenge to the financial status quo, to the crypto spawn of Satan, fuelled by cut-throat greed and delusions of avarice." - MatTheCat
"these people don't seem to want to stop till Bitcoin is completely destroyed and left like an old cum rag in the corner of the room." - ShroomsKit
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 25, 2012, 12:37:32 PM
 #1437

Intersango/(My)Bitcoin(ica) Consultancy, you guys better offer a nice fat 18.5k BTC bounty for the database or you will likely be sued into insolvency!

There were already plenty of people who suspected a database loss. I was tempted to file a false claim a few days ago myself. Do you really think there is a way for you not to overpay some, and therefore underpay others without the database?

It is an absolute bargain since there is no other way to allocate funds without risking losing MORE funds than deposited. I hope the hacker will accept an initial offer and not abuse his position. I also hope he will not tamper with the database (maybe you can offer him another bounty since people will try to bribe their way in). Is there perhaps a checksum to prove it is the original?

Do it or die.
Are you the hacker looking to double your money? A bargain indeed. Right.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Blitz­
Donator
Legendary
*
Offline Offline

Activity: 1596


"Cut Your Loose"


View Profile
May 25, 2012, 12:40:13 PM
 #1438

Haha, I knew I would be accused of that.

Have you read through zhoutong’s suggestion? I had no funds at Bitcoinica and considered faking a claim a few days ago, as I suspected a db loss. I could have easily done the claim and raked in a few k BTC. I didn’t because it would be theft, but I guarantee you there are enough people here who would get enough "points" to get refunded immediately, lack any morals, and had the foresight to file a fake claim before the db loss was admitted.

I simply see no other way around insolvency.

"Bitcoin had been transformed from an anarachistic challenge to the financial status quo, to the crypto spawn of Satan, fuelled by cut-throat greed and delusions of avarice." - MatTheCat
"these people don't seem to want to stop till Bitcoin is completely destroyed and left like an old cum rag in the corner of the room." - ShroomsKit
muyuu
Donator
Legendary
*
Offline Offline

Activity: 924



View Profile
May 25, 2012, 12:41:41 PM
 #1439

Blitz: relax.

In any case you shouldn't trust a database that may have been tampered with. This wasn't a fancy encrypted or otherwise secured database. This was a Ruby on Rails step-by-step tutorial kind of database.

It doesn't make sense to be offering fat bounties around. Not that the hacker would likely take the risk.

So, take it easy.

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
May 25, 2012, 12:42:08 PM
 #1440

Haha, I knew I would be accused of that.

Have you read through zhoutong’s suggestion? I could have easily done the claim and raked in a few k BTC. I didn’t because it would be theft, but I guarantee you there are enough people here who would get enough "points" to get refunded immediately, lack any morals, and had the foresight to file a fake claim before the db loss was admitted.

I simply see no other way around insolvency.
I read his suggestion, and it makes sense because some of the info he is suggesting to use for claims cannot be faked. Very good suggestions, too.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Pages: « 1 ... 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 [72] 73 74 75 76 77 78 79 80 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!