Bitcoin Forum
December 05, 2016, 02:51:19 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 [74] 75 76 77 78 79 80 »
  Print  
Author Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation  (Read 201568 times)
dimitry765
Newbie
*
Offline Offline

Activity: 13


View Profile
May 25, 2012, 03:46:14 PM
 #1461

Could you please tell us, When it's gonna be solved finally?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
elux
Legendary
*
Offline Offline

Activity: 1454



View Profile
May 25, 2012, 04:07:55 PM
 #1462


Your email would be the evidence, but the 0 point is reserved for unknown account holders, like Blitz.
As long as we sent anything to your email, we know that you're a customer and other points criteria should apply.

Also Mt. Gox codes can prove your account ownership as well. We have all deposit records since February.

Makes sense. Has anyone using gmail found bitcoinica emails marked as spam?
Didn't notice I was "missing" emails before today. Still a little worried. Undecided
naima53
Hero Member
*****
Offline Offline

Activity: 616



View Profile
May 25, 2012, 04:18:17 PM
 #1463

Well ... I was right  Cry My avatar illustrates the current situation ..
https://bitcointalk.org/index.php?topic=81045.msg919558#msg919558
https://bitcointalk.org/index.php?topic=81045.msg919639#msg919639

Donate me) 16f6iWHHkVEnDReeBQPT9GwCNwUfPTXrp2
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490


View Profile WWW
May 25, 2012, 04:28:52 PM
 #1464


Your email would be the evidence, but the 0 point is reserved for unknown account holders, like Blitz.
As long as we sent anything to your email, we know that you're a customer and other points criteria should apply.

Also Mt. Gox codes can prove your account ownership as well. We have all deposit records since February.

Makes sense. Has anyone using gmail found bitcoinica emails marked as spam?
Didn't notice I was "missing" emails before today. Still a little worried. Undecided

It shouldn't. We use a 3rd party emailing service to ensure deliverability and we have proper DKIM signatures and SPF records set up.

Mt. Gox deposit never sends emails. Only for Bitcoin and Wire deposits, all withdrawals and orders that you request for notification by default.

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
coinft
Full Member
***
Offline Offline

Activity: 187



View Profile
May 25, 2012, 04:44:10 PM
 #1465


Your email would be the evidence, but the 0 point is reserved for unknown account holders, like Blitz.
As long as we sent anything to your email, we know that you're a customer and other points criteria should apply.

Also Mt. Gox codes can prove your account ownership as well. We have all deposit records since February.

Makes sense. Has anyone using gmail found bitcoinica emails marked as spam?
Didn't notice I was "missing" emails before today. Still a little worried. Undecided

It shouldn't. We use a 3rd party emailing service to ensure deliverability and we have proper DKIM signatures and SPF records set up.

Mt. Gox deposit never sends emails. Only for Bitcoin and Wire deposits, all withdrawals and orders that you request for notification by default.

A fool's reliance on certification and a false belief in easy to get signatures. Means shit if your content looks like spam. Those signatures just prove the domain owner is sending the mail, *nothing* about its content -- and in light of recent hacks maybe not even that.

I know first hand that a mail server running dspam put all my bitcoinica mails into spam. Training was/is done with personal data and a few spamtrap adresses.

-coinft

Piper67
Legendary
*
Offline Offline

Activity: 1008



View Profile
May 25, 2012, 04:48:09 PM
 #1466

Bitcoins are as much of a property as WoW Gold, potatoes or USD, you retard. The law doesn’t care what it is, as long as a contract exists.

BTW, don’t you have 25 BTC to repay?

BTC is electrons in a computer mate as far as the law is concerned or a crypto message not money or a possession.



So is a CAM file of The Avengers....

So is child porn...
guruvan
Hero Member
*****
Offline Offline

Activity: 518

ShastaFarEye Prospectors mazaclub & mazacha.in


View Profile WWW
May 25, 2012, 04:59:48 PM
 #1467

Wow. Just wow.

First they won't admit they're the general partners at bitcoinica 9phantomcircuit keeps saying it's too complicated, and that's why they wouldn't tell anyone) - then it comes out that they've completely lost all the data, as previously suspected.

Congratulations.

If you'd follow zhoutong's process, you'd have minimal fraud, and expedite the process. That'll probably save you several lawsuits.

People with BTC may or may not be out of luck with governments and courts (thought Blitz' comment that it's still "property" is quite valid) but the people who had fiat currencies are likely to start taking legal action. Some certainly already have.


Mine at the Maza Club! with ShastaFarEye Prospectors! Mazacoin PPS & P2pool mining, and more services coming soon!
Maza Means Money! Check yours at the mazacha.in!

Please contact me  on my  OTC registered GPG (A54E87F2) Key's email address or guruvan@shastafareye.net  and encrypt all correspondence.
bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
May 25, 2012, 05:02:03 PM
 #1468

My point still stands : they can refund all the USD and not give one satoshi back and nobody can do a damn thing.
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 25, 2012, 05:05:26 PM
 #1469

My point still stands : they can refund all the USD and not give one satoshi back and nobody can do a damn thing.
Just because there is no legal precedent for Bitcoins doesn't mean that a legal precedent won't be set.

Also, what's your point?  Why does that matter?  If they give back everyone's BTC, then they give it back.  If they don't, then they don't.  How does that change anything in the discussion here?
zhoutong
VIP
Hero Member
*
Offline Offline

Activity: 490


View Profile WWW
May 25, 2012, 05:06:06 PM
 #1470


Your email would be the evidence, but the 0 point is reserved for unknown account holders, like Blitz.
As long as we sent anything to your email, we know that you're a customer and other points criteria should apply.

Also Mt. Gox codes can prove your account ownership as well. We have all deposit records since February.

Makes sense. Has anyone using gmail found bitcoinica emails marked as spam?
Didn't notice I was "missing" emails before today. Still a little worried. Undecided

It shouldn't. We use a 3rd party emailing service to ensure deliverability and we have proper DKIM signatures and SPF records set up.

Mt. Gox deposit never sends emails. Only for Bitcoin and Wire deposits, all withdrawals and orders that you request for notification by default.

A fool's reliance on certification and a false belief in easy to get signatures. Means shit if your content looks like spam. Those signatures just prove the domain owner is sending the mail, *nothing* about its content -- and in light of recent hacks maybe not even that.

I know first hand that a mail server running dspam put all my bitcoinica mails into spam. Training was/is done with personal data and a few spamtrap adresses.

-coinft



I'm sure that the vast majority of the emails have been delivered successfully. Our email service provider (Postmark) has very strict rules about emails, and we are not even allowed to send newsletters through their platform. Bitcoinica's transactional emails all originate from trusted IPs.  

The content isn't like spam either. The HTML email template was professionally designed and the content is has a transactional nature (i.e. not sent in bulk).

I'm not sure about the support emails though.

Founder of NameTerrific (https://www.nameterrific.com/). Co-founder of CoinJar (https://coinjar.io/)

Donations for my future Bitcoin projects: 19Uk3tiD5XkBcmHyQYhJxp9QHoub7RosVb
XVacant
Newbie
*
Offline Offline

Activity: 23



View Profile
May 25, 2012, 05:08:57 PM
 #1471

--- Disclaimer: Pure suggestion. NOT OFFICIAL ---

- Your bitcointalk.org profile or Bitcoin-OTC rating shows you as reputable and trustworthy. (50 Points)
- You can supply at least one transactional email you have received which perfectly matches our outgoing transactional email records. (30 Points)
- You can provide passport scans and you have provided to Bitcoinica (even if it's pending verification). (40 Points)
- The order of magnitude of your reported balance is consistent with our outdated accounting records. (30 Points)
- You can recall the balances exactly or very precisely. (20 Points)
- You have reported a losing position, with precise details. (20 Points)
- You have contacted Bitcoinica Support at least once since September 2011. (10 Points)
- Your email can be searched online and matches your identity. (10 Points)
- You can provide proof of Bitcoin address ownership (signature), Mt. Gox code you have used/obtained or accurate details of large transaction records (>2500 BTC) that match our hedging activity. (10 Points each kind of evidence)
- Another reputable member supports your claim. (10 Points)
- You have used wire transfer, BitInstant or AurumXchange to deposit/withdraw funds and they can verify the records. (10 Points)
- You have submitted the claim within the first 24 hours since the announcement. (10 Points)

If there are no transactional emails or support emails ever sent to the claimed address, 0 Points for now.

--- Disclaimer: Pure suggestion. NOT OFFICIAL ---

I have been a Bitcoinica customer for the last several months.

I made a number of deposits to Bitcoinica from Mt.Gox, using Mt.Gox codes.
I executed dozens of trades, won some, lost some, made no withdrawals.
I never had any issues with the service so I made no complaints and sent no emails to support.

I don't seem to have received  _any_ emails from *@bitcoinica.com prior to the claims form.
I had a smooth, clean, entirely trouble free relationship with bitcoinica to the day of the last hack.

From reading zhoutongs inane unofficial suggestion I get a sinking feeling in my stomach.

Was transactional emails turned off by default? (I don't like frequent, automated emails cluttering my inbox.)
Am I looking at the wrong email address? Or am I missing something?

*slams head into keyboard*

you got an email when you deposited money (any currency).
i am in a similar situation: i just deleted them immediatly.

but at least i did had a verified account and made a wire transfer (dont know if i am respected member...).


Strange. I got emails when I withdrawal, but no email when I deposit.
ninjarobot
Hero Member
*****
Offline Offline

Activity: 755


Mine Silent, Mine Deep


View Profile
May 25, 2012, 05:09:33 PM
 #1472

Sorry for duplicate posting (I posted this in the newbie forum initially) but I really wanted to share my concerns about the claims process as proposed by Zhou here.

By now it is clear that bitcoinica had their entire db and all records (apart from PII/AML and some outdated records) wiped. This is a worst case scenario. What a royal mess and one that baffles the mind considering they were dealing with a lot of customers money on a daily basis. Having a single point of failure on a virtual server hosted by a 3rd party? Wow. just wow. If I had known I'd never have put as much money into this operation as I did. However that is all in the past so let's move forward.

Zhou suggested the following approach to dealing with claims:

Quote
--- Disclaimer: Pure suggestion. NOT OFFICIAL ---

- Your bitcointalk.org profile or Bitcoin-OTC rating shows you as reputable and trustworthy. (50 Points)
- You can supply at least one transactional email you have received which perfectly matches our outgoing transactional email records. (30 Points)
- You can provide passport scans and you have provided to Bitcoinica (even if it's pending verification). (40 Points)
- The order of magnitude of your reported balance is consistent with our outdated accounting records. (30 Points)
- You can recall the balances exactly or very precisely. (20 Points)
- You have reported a losing position, with precise details. (20 Points)
- You have contacted Bitcoinica Support at least once since September 2011. (10 Points)
- Your email can be searched online and matches your identity. (10 Points)
- You can provide proof of Bitcoin address ownership (signature), Mt. Gox code you have used/obtained or accurate details of large transaction records (>2500 BTC) that match our hedging activity. (10 Points each kind of evidence)
- Another reputable member supports your claim. (10 Points)
- You have used wire transfer, BitInstant or AurumXchange to deposit/withdraw funds and they can verify the records. (10 Points)
- You have submitted the claim within the first 24 hours since the announcement. (10 Points)

Couple of points below:

Quote
- Your bitcointalk.org profile or Bitcoin-OTC rating shows you as reputable and trustworthy. (50 Points)

Wow. 50 points if you have a reputable bitcointalk.org account. Ranked higher then any verifiable things like transaction IDs, passport data, etc. I'm sorry I didn't know when I signed up with bitcoinica that it's compulsory to go to some unrelated forum and post here daily. Some people have no interest in this and have busy non-BTC related dayjobs (me). To me this is wholly unrelated. Like Bank of America returning money to customers who were good boy scouts or something? Oh you weren't in the boy scouts? tough luck. Putting this item on the top of the list introduces a kind of bias that I wholly disagree with.

I also don't see how the reputation system is workable. For example I am using another username here then on bitcoinica (and this is on purpose). I also chose to hide my email. How can Bitcoinica match Bitoinica users to Bitcointalk.org users? And even if they can how would they establish 'reputation'? (Read all posts by members? I think not). And giving points based on friends supporting your claim... what is this even supposed to mean? Any prudent investor/speculator will keep their deposits and positions private. I don't see how getting supports from friends promotes the claims process in any way apart from allowing you-help-me-i-help-you schemes between people making claims look more legit.

Quote
- The order of magnitude of your reported balance is consistent with our outdated accounting records. (30 Points)

The reason this won't work is because your records are outdated. In my case I sent a significant USD wire transfer to Bitcoinica that cleared only days before the hack. Yeah that is money in the bank for Bitcoinica but no 30 points for me. No sir.

Quote
- You have reported a losing position, with precise details. (20 Points)

Ah so customers that came in at the time when Bitcoinica started paying interest on deposits and used Bitcoinica as a USD+BTC savings account that had no interest in speculation (like me) will lose out here. Sounds like a great idea.

Quote
- You can recall the balances exactly or very precisely. (20 Points)

And you are going to verify this *how* exactly? Basically what you are saying is that if the user picked the 'Exact' option from the dropdown they get a free 20 points instantly. I would argue that because of daily interest on deposits combined with 5 decimals of precision, almost no account holder will know their *exact* balance.

Quote
- Your email can be searched online and matches your identity. (10 Points)

Right, because we all know that putting your email address online so they can be harvested by spammers and impersonators is best practice. +10 points.

Quote
- You have submitted the claim within the first 24 hours since the announcement. (10 Points)

Yeah sure. Because all 5500 bitcoinica customers have nothing better to do then read 70+ post threads on bitcointalk.org all day. People have families, jobs, vactations, etc. Bitcoinica has not notified any customers by email of the claims process and the main website has been spotty at best (non www. domain did not work. Certificates were invalid suggesting the claims process could be bogus, etc.)

Quote
if your user ID is less than 4500, I'll definitely make sure you get your money back

Let's check my user id... hmm 47**. Well I guess I might as well wave bye bye to my money. Again I started using bitcoinica for the interest on deposits back in February. I put a large chunk of my savings here (yeah, shame on me). Please tell me why I am an inferior bitcoinica customer again?

Don't get me wrong - I think Zhou did a lot of good stuff with Bitcoinica and really appreciate the information he shared during this incident given the total lack of info from Bitcoin Consultancy, but he clearly dropped the ball when it came to security and I don't think he is the right person to handle the claims process since he seems to have a personal incentive to protect his reputation that might adversely influence the process.

The claims process should be based on facts. Meaning MTGOX codes, Wire Transfer Codes, Blockchain transfers, AML/PII docs and the like. It is a big Jigsaw but the only way. Bitcoinica should start working with MtGox, BitInstant, ArumXchange and other transfer services pronto. All money (be it BTC or USD) that came into Bitcoinica should be verifiable though other institutions.

And if it sounds like I'm angry - It is because I am.
coinft
Full Member
***
Offline Offline

Activity: 187



View Profile
May 25, 2012, 05:14:44 PM
 #1473

My point still stands : they can refund all the USD and not give one satoshi back and nobody can do a damn thing.
Just because there is no legal precedent for Bitcoins doesn't mean that a legal precedent won't be set.

Also, what's your point?  Why does that matter?  If they give back everyone's BTC, then they give it back.  If they don't, then they don't.  How does that change anything in the discussion here?

He's campaigning for unpunishable BTC fraud, for selfish reasons.

bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
May 25, 2012, 05:16:21 PM
 #1474

My point still stands : they can refund all the USD and not give one satoshi back and nobody can do a damn thing.
Just because there is no legal precedent for Bitcoins doesn't mean that a legal precedent won't be set.

Also, what's your point?  Why does that matter?  If they give back everyone's BTC, then they give it back.  If they don't, then they don't.  How does that change anything in the discussion here?

He's campaigning for unpunishable BTC fraud, for selfish reasons.



I am telling Intersango and Bitcoinica to take the BTC and run !

Only give back the USD and everybody is happy.

Why should they buy up another 18K and raise the price Huh
tvbcof
Legendary
*
Offline Offline

Activity: 1974


View Profile
May 25, 2012, 05:20:28 PM
 #1475

I personally learned from ribuck to do just that too and advise all others to consider as a standard practice to never sign any NDA's ever personally.

yeah, that was a mistake on my part.

An NDA is amongst a class of thing which are worth having on one's side if one has a reasonable expectation of being able to utilize the services of a justice system.  That is to say, I'm open to the suggestion that they are useless in Bitcoin-land (and like Bitcoin that much more for it.)

I personally would not request an NDA for an interview unless I felt I needed one (which is plausible if I had a promising candidate who I wanted to try to interest...in something besides the easy-to-clean tile in the bathroom...)  But it's probably normally company policy.  One way or another, if an interview candidate was giving me grief at that phase of things, I don't even have to summarize how the rest of the interview would go:

  "Thanks for stopping by.  Have an Odwalla for the road."


disclaimer201
Legendary
*
Offline Offline

Activity: 1316


View Profile
May 25, 2012, 05:29:51 PM
 #1476

My point still stands : they can refund all the USD and not give one satoshi back and nobody can do a damn thing.
Just because there is no legal precedent for Bitcoins doesn't mean that a legal precedent won't be set.

Also, what's your point?  Why does that matter?  If they give back everyone's BTC, then they give it back.  If they don't, then they don't.  How does that change anything in the discussion here?

He's campaigning for unpunishable BTC fraud, for selfish reasons.



I am telling Intersango and Bitcoinica to take the BTC and run !

Only give back the USD and everybody is happy.

Why should they buy up another 18K and raise the price Huh

Because for one thing, they can forget their careers and close their shops if they do. In other words:

We don't know what you want. But if you are looking for ransom we can tell you we don't have any Bitcoins anymore.
But what we DO have are a very particularly set of skills, skills we have acquired over a very long career in the Bitcoin forum
Skills that make us a nightmare for people like you. If you let our BtC go now we will not look for you, we will not pursue you.
But if you don't - we will look for you, we will find you, and we will kill your reputation in and outside of the Bitcoin world.

bulanula
Hero Member
*****
Offline Offline

Activity: 518



View Profile
May 25, 2012, 05:31:45 PM
 #1477

My point still stands : they can refund all the USD and not give one satoshi back and nobody can do a damn thing.
Just because there is no legal precedent for Bitcoins doesn't mean that a legal precedent won't be set.

Also, what's your point?  Why does that matter?  If they give back everyone's BTC, then they give it back.  If they don't, then they don't.  How does that change anything in the discussion here?

He's campaigning for unpunishable BTC fraud, for selfish reasons.



I am telling Intersango and Bitcoinica to take the BTC and run !

Only give back the USD and everybody is happy.

Why should they buy up another 18K and raise the price Huh

Because for one thing, they can forget their careers and close their shops if they do. In other words:

We don't know what you want. But if you are looking for ransom we can tell you we don't have any Bitcoins anymore.
But what we DO have are a very particularly set of skills, skills we have acquired over a very long career in the Bitcoin forum
Skills that make us a nightmare for people like you. If you let our BtC go now we will not look for you, we will not pursue you.
But if you don't - we will look for you, we will find you, and we will kill your reputation in and outside of the Bitcoin world.


Funny thing is that now stealing BTC is legal but harassment like what you described above isn't.

Anyway, let's not get sidetracked here. I want my $1 bonus back !  Wink
Maged
Legendary
*
Offline Offline

Activity: 1260


View Profile
May 25, 2012, 05:49:03 PM
 #1478

In any case you shouldn't trust a database that may have been tampered with.
The suggestions about bounties for the database from the hacker are pointless; there is no way to verify its integrity now. In order to proceed forward, they will simply have to assume on good faith that the hacker is not submitting duplicate claims to poison the process.
They shouldn't absolutely trust the database, sure. But, if it matches their records, it would give them the most precise information. Also, it would give Bitcoinica all of the email addresses for their customers, which is something they could really use right now since they still haven't sent out the legally required notification that they were compromised.

Otoh
Donator
Legendary
*
Offline Offline

Activity: 1918



View Profile
May 25, 2012, 06:01:49 PM
 #1479

@Zhou Tong

zhoutong
VIP
Hero Member
*****
Posts: 808

Can you tell me when you changed your forum description here to the above please, I thought that until very recently it still said something like:

zhoutong
VIP
Hero Member
******
Founder & CEO
of Bitcoinica

This is what we continued to take you for until you recent announcement that you had secretly sold the business months ago & that it had been subsequently handed on to Bitcoin Consultancy =~ Bitcoinica Consultancy =~ Intersango

Anyone else remember when this info was changed, thanks

Node40.com is a leader in DASH hosting, dedicated exclusively to fully managed masternode hosting. Professional, organized, and responsive. I have many dozens of nodes with them.    
BTC = $c²     BTC = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc      DASH, Digital Cash = www.dash.org   
   CHARITY | MY REP | DICE
tvbcof
Legendary
*
Offline Offline

Activity: 1974


View Profile
May 25, 2012, 06:19:03 PM
 #1480


Because for one thing, they can forget their careers and close their shops if they do. In other words:

We don't know what you want. But if you are looking for ransom we can tell you we don't have any Bitcoins anymore.
But what we DO have are a very particularly set of skills, skills we have acquired over a very long career in the Bitcoin forum
Skills that make us a nightmare for people like you. If you let our BtC go now we will not look for you, we will not pursue you.
But if you don't - we will look for you, we will find you, and we will kill your reputation in and outside of the Bitcoin world.

Funny thing is that now stealing BTC is legal but harassment like what you described above isn't.


Hacking into computers to steal BTC is theft and is criminal.  The trouble is how society values the loss.  A lot of participants in the Bitcoin economy, myself included, think of Bitcoin as a way to undermine (or at least protect oneself against) the certain corrupt aspects of our current societal structures.  But most justice systems don't share the view that the fiat monetary system as corrupt and shaky, and thus don't place that much value in Bitcoin.  Probably never heard of it in fact.  And they really do have legitimate work to prioritize.  Upshot:  Theft of Bitcoin is simply not as serious a crime in practice as it is in theory, and 'in practice' is where the rubber meets the road for a lot of us.

Now, harassement is a crime and extortion is a more serious one and physical violence more serious yet.  One can throw the other details (like "but Your Honor, he stole my BTC") out the window.  The criminal justice system will and should take an active interest in such things.  I only hope that this situation remains valid for as long as possible.


Pages: « 1 ... 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 [74] 75 76 77 78 79 80 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!