A public apology to Donald, Patrick and Amir ("Intersango guys")

[Phinnaeus Gage]

Also, the address starts with 1EML

Expect Mass Leak

And after the 1EML part, it says wAweso
Looks like the beginning of "Awesome", not sure what the "w" is all about.

Probably was an easy to generate address in Vanitygen, it would take a while to generate 1emlawesome

Vanitygen has a little-known ability to use regex, which - if written carefully - could make the job easier. It could also be sped up by running on many GPUs.

http://en.wiktionary.org/wiki/wawe

[BIGMERVE]

Why is nobody on here talking about why the claims page isn't working. Everyone has bitched since the coins were stolen (including me) and Zhou briefly mentions "claims.bitcoinica.com" and nobody replies? Has anyone actually connected to the site and filed their claim?

[ArsenShnurkov]

You can claim your Bitcoinica account at https://claims.bitcoinica.com/ now.

Doesn't work for me. The site is not available.

Might be DNS is not yet propagated data.

[Blazr]

Why is nobody on here talking about why the claims page isn't working. Everyone has bitched since the coins were stolen (including me) and Zhou briefly mentions "claims.bitcoinica.com" and nobody replies? Has anyone actually connected to the site and filed their claim?

Was working 20 minutes ago. What did you break, Bigmerve?

[BCB]

This works.  But the cert it not valid for the ip
https://173.45.224.244/

[Blazr]

This works.  But the cert it not valid for the ip
https://173.45.224.244/

Yeah, I wouldn't use that link

[tulkos]

I have filled out the claim page, verified my email address with them and now waiting for the next step?

[rjk]

This works.  But the cert it not valid for the ip
https://173.45.224.244/

Yeah, I wouldn't use that link

It's a valid StartCom certificate that was just issued, but connecting via IP doesn't allow the browser to do various automated checks on it.

[Blazr]

I have filled out the claim page, verified my email address with them and now waiting for the next step?

They have to verify each claim manually. Wait your turn.

[GroundRod]

The hacker wrote "EXPECT MASS LEAK" in transactions from the stolen money. We can only assume he has a copy of the database, so he has access to all the information needed to make a claim.

Almost.
Unfortunatly (for the hacker) he doesn't control user's email accounts, and he has no access to users ID documents.

And he ought only have hashes of passwords.

Link me to more detail on the "EXPECT MASS LEAK" message?

http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX

This is an address some of the stolen money was sent to

Notice the transaction amounts:

1.01100101 BTC
2.01111 BTC
3.0111 BTC
4.01100101 BTC
5.01100011 BTC
6.011101 BTC
7.001 BTC
8.01101101 BTC
9.01100001 BTC
10.01110011 BTC
11.01110011 BTC
12.001 BTC
13.011011 BTC
14.01100101 BTC
15.01100001 BTC
16.01101011 BTC
17.001 BTC
18.01110011 BTC
19.01101111 BTC
20.01101111 BTC
21.0110111 BTC

The part after the decimal point is ascii binary, and it converts to: expect mass leak soon

Also, the address starts with 1EML

Expect Mass Leak

Converter:
http://www.roubaixinteractive.com/PlayGround/Binary_Conversion/Binary_To_Text.asp

(for amounts that don't have 8 decimal places you need to add in more 0's, the 116BTC transaction is irrelevant I think)

Not an expert here, just speculating...

That is really bizarre.  Behavior like this speaks allot about the nature of the one behind it's premeditation.  Juvenile for one, and why those three words?  Designed to instill fear in the minds of those that find the message.  Allot went into them being embedded in the transaction.  More than likely a troll shunned by the community here.  If this heist had been done by some group within TPTB in-order to derail BitCoin progress, I doubt they would go to all this trouble, no this is the mind of a Jack The Ripper type personality, and my guess a solo individual.  

[flower1024]

https://claims.bitcoinica.com does not work (tried chrome, ff and ie)

EDIT: direct ip does work...

[Krakonos]

https://claims.bitcoinica.com does not work (tried chrome, ff and ie)

Works for me... And is the same IP as in like above.

[flower1024]

https://claims.bitcoinica.com does not work (tried chrome, ff and ie)

Works for me... And is the same IP as in like above.

NOW it does work for me too

[check_status]

Not an expert here, just speculating...

That is really bizarre.  Behavior like this speaks allot about the nature of the one behind it's premeditation.  Juvenile for one, and why those three words?  Designed to instill fear in the minds of those that find the message.  Allot went into them being embedded in the transaction.  More than likely a troll shunned by the community here.  If this heist had been done by some group within TPTB in-order to derail BitCoin progress, I doubt they would go to all this trouble, no this is the mind of a Jack The Ripper type personality, and my guess a solo individual.  

Not an expert of what, trolling?  

[publio]

Not an expert here, just speculating...

That is really bizarre.  Behavior like this speaks allot about the nature of the one behind it's premeditation.  Juvenile for one, and why those three words?  Designed to instill fear in the minds of those that find the message.  Allot went into them being embedded in the transaction.  More than likely a troll shunned by the community here.  If this heist had been done by some group within TPTB in-order to derail BitCoin progress, I doubt they would go to all this trouble, no this is the mind of a Jack The Ripper type personality, and my guess a solo individual.  

Not an expert of what, trolling?  

criminal psych?

[BIGMERVE]

Someone tell me if I did this right. I filled out the form, submitted it and received an email. I clicked the link in the email and it brought me to a page summarizing what I had filled out. There was nothing on that page to click or enter.

[Mushoz]

Someone tell me if I did this right. I filled out the form, submitted it and received an email. I clicked the link in the email and it brought me to a page summarizing what I had filled out. There was nothing on that page to click or enter.

Same here. Now we'll have to wait I guess.

[ribuck]

I have violated my promise (of "not to post anything [about Bitcoinica]") yesterday

A word of friendly advice, zhoutong: your life will be much easier and lower-stress if you leave this mess to Donald, Patrick and Amir to sort out.

I mean, we all appreciate everything you have done, and that you have been the most communicative representative of the service, but it's not your problem anymore.

So why not disable your forum login, block access to the forum in your computer's host file, back away from the keyboard, and focus on your studies and on enjoying the great lifestyle that Australia has to offer. It's not your problem anymore.

[zhoutong]

The hacker wrote "EXPECT MASS LEAK" in transactions from the stolen money. We can only assume he has a copy of the database, so he has access to all the information needed to make a claim.

Almost.
Unfortunatly (for the hacker) he doesn't control user's email accounts, and he has no access to users ID documents.

And he ought only have hashes of passwords.

Link me to more detail on the "EXPECT MASS LEAK" message?

http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX

This is an address some of the stolen money was sent to

Notice the transaction amounts:

1.01100101 BTC
2.01111 BTC
3.0111 BTC
4.01100101 BTC
5.01100011 BTC
6.011101 BTC
7.001 BTC
8.01101101 BTC
9.01100001 BTC
10.01110011 BTC
11.01110011 BTC
12.001 BTC
13.011011 BTC
14.01100101 BTC
15.01100001 BTC
16.01101011 BTC
17.001 BTC
18.01110011 BTC
19.01101111 BTC
20.01101111 BTC
21.0110111 BTC

The part after the decimal point is ascii binary, and it converts to: expect mass leak soon

Also, the address starts with 1EML

Expect Mass Leak

Converter:
http://www.roubaixinteractive.com/PlayGround/Binary_Conversion/Binary_To_Text.asp

(for amounts that don't have 8 decimal places you need to add in more 0's, the 116BTC transaction is irrelevant I think)

Great find Blazr! I wonder if the attackers are planning to leak the database in the open? Transaction information, etc.

Another point that I don't know if people thought about is, what happens with those generated MtGox codes on the database that haven't been redeemed by the users yet? Could the attacker cash them out at will (and probably already did) to hundreds of MtGox accounts, or even instantly exchange them to LR or other currencies using services like the one we  offer?

What is interesting is, Friday RIGHT before Bitcoinica went down we were trying to withdraw several thousands using MtGox (this is common practice for us since as funding partners, we usually get more Bitcoinica than what we sell, and eventually we need to turn it back into fiat). What is interested is that I was hitting the "MtGox limit temporarily reached" a lot of the times, even with small test amounts such as $100. I wonder if at that point, the attacker indeed emptied the bitcoinica MtGox account from funds.

I mean, think about it: with full access to the server, what would have prevented the hacker from issuing a whole bunch of MtGox redeemable codes and completely empty their account?

No, I was online for the entire duration of the hacking. I revoked the keys immediately. The withdrawal limit had already been reached due to normal withdrawals.

The terrible thing is, Rackspace refused to log the hacker out. They don't know how to do it.

[John (John K.)]

The hacker wrote "EXPECT MASS LEAK" in transactions from the stolen money. We can only assume he has a copy of the database, so he has access to all the information needed to make a claim.

Almost.
Unfortunatly (for the hacker) he doesn't control user's email accounts, and he has no access to users ID documents.

And he ought only have hashes of passwords.

Link me to more detail on the "EXPECT MASS LEAK" message?

http://blockchain.info/address/1EMLwAwseowTkDtKnEHRKrwQvzi4HShxSX

This is an address some of the stolen money was sent to

Notice the transaction amounts:

1.01100101 BTC
2.01111 BTC
3.0111 BTC
4.01100101 BTC
5.01100011 BTC
6.011101 BTC
7.001 BTC
8.01101101 BTC
9.01100001 BTC
10.01110011 BTC
11.01110011 BTC
12.001 BTC
13.011011 BTC
14.01100101 BTC
15.01100001 BTC
16.01101011 BTC
17.001 BTC
18.01110011 BTC
19.01101111 BTC
20.01101111 BTC
21.0110111 BTC

The part after the decimal point is ascii binary, and it converts to: expect mass leak soon

Also, the address starts with 1EML

Expect Mass Leak

Converter:
http://www.roubaixinteractive.com/PlayGround/Binary_Conversion/Binary_To_Text.asp

(for amounts that don't have 8 decimal places you need to add in more 0's, the 116BTC transaction is irrelevant I think)

Great find Blazr! I wonder if the attackers are planning to leak the database in the open? Transaction information, etc.

Another point that I don't know if people thought about is, what happens with those generated MtGox codes on the database that haven't been redeemed by the users yet? Could the attacker cash them out at will (and probably already did) to hundreds of MtGox accounts, or even instantly exchange them to LR or other currencies using services like the one we  offer?

What is interesting is, Friday RIGHT before Bitcoinica went down we were trying to withdraw several thousands using MtGox (this is common practice for us since as funding partners, we usually get more Bitcoinica than what we sell, and eventually we need to turn it back into fiat). What is interested is that I was hitting the "MtGox limit temporarily reached" a lot of the times, even with small test amounts such as $100. I wonder if at that point, the attacker indeed emptied the bitcoinica MtGox account from funds.

I mean, think about it: with full access to the server, what would have prevented the hacker from issuing a whole bunch of MtGox redeemable codes and completely empty their account?

No, I was online for the entire duration of the hacking. I revoked the keys immediately. The withdrawal limit had already been reached due to normal withdrawals.

The terrible thing is, Rackspace refused to log the hacker out. They don't know how to do it.

Err, pull the plug for the whole dedicated server is that hard?