[Payout Updates] Bitcoinica site is taken offline for security investigation

[bremer-btc-user]

I don't know Patrick or Donald at all, and I even do not know Amir at all, but Amir's history in posts, interviews or anything wich is to find in the net don't draw a picture of a criminal mind at all.
This does not mean that in the case of Patrick or Donald i can say worse, but only theres ist not an as clear picture to draw about them than in Amir's case.

I really can't imagine that they all together or one of them alone planned something like this, if so they or the one person failed here too. That pile of shit that now hits the fan really can't have been the intention of them...

I just assume they totally are not in control of the situation, they probable are not same minded or don' had a good communication, and as for seen they don't pull in the same direction...

maybe at one time you were the victims too, but you don't have to be suprised if all the other victims here claim you as the criminals now due to be so scariyfing ineffiecient and underskilled to even secure the remaining funds after the first hack early day in May...

in an earlier post i said this:

If Bitcoinica's business model was viable, why shut it down? Why not fix the security problem and use the business profits to replace the stolen funds?

Bitcoinica will come back after a complete rewrite and all claims are processed.

It would be nice if there would be more progress in processing payouts. I made my claim about 4 weeks ago when I understood there will no normal login and withdrawing my btc-ammount after a restart of bitcoinica... this was when i read that the database was lost without the possibility to restore it from any backups.


2012-05-11 bitcoinica. stated at it's homepage that the thief stole from bitcoinica not from any user at all and that all withdrawal requests will be honoured...

If this statement ist true, I assume that all claims should be paid out even if it's not possible to verify them more than to check if they had an account at all... fraudulent claims should be the risk of the owners...  If i remeber right then at one statement at this thread there was told that  all claims together had an ammunt of 125% of the original holdings in bitcoin before the hack... not too much penatly for a poor security-concept in my opinions...

Now I think this would have been one of the best ways to solve the problem at all, though it would have been painfully for you... to fund this it maybe would have been neccasary to require a new partner at intersango, but how will you run intersango in the future when some of the victims will draw you to courts, I don't know what the establishment in form of Judges an lawers will decide...but probably they are not your natural friends at all...

[1713483817]

1713483817

[1713483817]

1713483817

[1713483817]

1713483817

[1713483817]

1713483817

[kokjo]

poll about scammer tag: https://bitcointalk.org/index.php?topic=93119.0 , please vote.

[PatrickHarnett]

IANAL. But in UK this potentially could be classified as "gross negligence" and this can be used to pierce the veil of limited liability. Absence of timely police report would be a major blow to any attempt to defend this. The fact that the company structure was established so sloppily and immediately before "money evaporation" does not help at all either.

Catching up due to a prompt from BadBitcoin, but wanted to note Vladimir's point above.  While their terms of service might state protection against negligence, "gross negligence" is not usually able to be contracted out.  Could be a case to lump these guys together.

[repentance]

This should have been put into the hands of a liquidator and a police report filed months ago.  But...Bitcoin isn't an excuse - computer intrusions which delete or otherwise damage critical data are illegal in and of themselves and liquidators are perfectly capable of selling assets to pay creditors (after having first secured the assets).  The only real question is what entity should have filed for insolvency, and that's not clear even now. 

This whole process should be turned over to a liquidator/administrator now - it's the only way there's going to be a thorough and transparent accounting of the remaining assets and a public examination of what happened in the months leading up to the insolvency.  NZ insolvency law allows for a liquidator to apply to have their fees paid out of a fund specifically set aside for that purpose so that creditors are not unfairly disadvantaged by liquidator fees.

It is absurd that law enforcement is not being involved in investigating these thefts.  There's no financial institution or company which would not report such large thefts to law enforcement even if they chose not to make those losses public.  The "let's just put it behind us and move forward" attitude only encourages more attempts at theft.  People have been prosecuted for stealing virtual furniture on Habbo Hotel, FFS.  Anonymous members were prosecuted for the HB Gary intrusion (no data or funds were lost).  And yet Bitcoin businesses remain reluctant to involve law enforcement even when intrusions cause a significant loss of user funds.  Why the hell wouldn't you want to see someone prosecuted for those thefts?

Hand the claims process over to a liquidator and the investigation process over to law enforcement - it's the only way that either has a chance of being done competently.

FWIW, I do believe that Amir, Patrick and Donald probably didn't know what they were getting into.  A month simply isn't enough time to do adequate due diligence when you're setting up multiple entities which have varying degrees of liability and the nominal owners are not actually running the business (the reason Tihan keeps repeating that his role was hands off is because he'd lose safe harbour protection from liability if he took part in the day to day running of the company).

[markm]

(the reason Tihan keeps repeating that his role was hands off is because he'd lose safe harbour protection from liability if he took part in the day to day running of the company).

He had the critical password, apparently. So while he might be able to wash his hands of responsibility for money-laundering going through his pipelines he remains a prime suspect in the theft. He could have insisted that password be changed had he wanted to wash his hands of that.

-MarkM-

[zhoutong]

(the reason Tihan keeps repeating that his role was hands off is because he'd lose safe harbour protection from liability if he took part in the day to day running of the company).

He had the critical password, apparently. So while he might be able to wash his hands of responsibility for money-laundering going through his pipelines he remains a prime suspect in the theft. He could have insisted that password be changed had he wanted to wash his hands of that.

-MarkM-

I dont think he had it alone. He was provided with this password at best, Tihan isn't really an IT developer to go through the code base, pull mtgox key and set as a master key in last pass. ZT said he didn't do it

My version of the story is, Tihan selected a password from one of the Mt. Gox API keys and we face-to-face agreed to use that. There was no plan to release the source code ever (and if I did it myself, I would at least remove the credentials). The password has never been changed for 5 months, despite the transfer of ownership.

I didn't expect to be able to log in to LastPass after Bitcoinica Consultancy took over. So I didn't try.

[Raoul Duke]

(the reason Tihan keeps repeating that his role was hands off is because he'd lose safe harbour protection from liability if he took part in the day to day running of the company).

He had the critical password, apparently. So while he might be able to wash his hands of responsibility for money-laundering going through his pipelines he remains a prime suspect in the theft. He could have insisted that password be changed had he wanted to wash his hands of that.

-MarkM-

I dont think he had it alone. He was provided with this password at best, Tihan isn't really an IT developer to go through the code base, pull mtgox key and set as a master key in last pass. ZT said he didn't do it

He is competent enough to edit source code files and push commits to github at least.

Code:

commit 0f075c054416ebba0f7c0a4809b8394d3a11cca6
Author: mode80 <github@tihan.com>
Date:   Fri May 4 16:56:05 2012 -0700

    Updates deposit page with the Core Credit wire transfer address.

commit 97bbfe51bafb0a99345fcb90000a1e2343a7ed83
Author: mode80 <github@tihan.com>
Date:   Sat Apr 21 10:54:41 2012 -0700

    Fix deposit page brokenness? (take 3)

commit d76c555941f4a7dce53a24cf03c36acf6af2b623
Author: mode80 <github@tihan.com>
Date:   Sat Apr 21 10:41:18 2012 -0700

    Fix deposit page brokenness? (take 2)

commit 47a50db07a01e6c42c858c3de138d616b51a40aa
Author: mode80 <github@tihan.com>
Date:   Sat Apr 21 10:21:43 2012 -0700

    Fixes deposit page brokenness?

commit fe493606b0bb03c212f703c9284a0d9d42416a41
Merge: 520894c 04a6fc4
Author: mode80 <github@tihan.com>
Date:   Sat Apr 21 09:55:54 2012 -0700

    Merge branch 'master' of github.com:bitcoinica/bitcoinica

And some more if you run a git log on the bitcoinica source code that genjix leaked

[sadpandatech]

I dont think he had it alone. He was provided with this password at best, Tihan isn't really an IT developer to go through the code base, pull mtgox key and set as a master key in last pass. ZT said he didn't do it

My version of the story is, Tihan selected a password from one of the Mt. Gox API keys and we face-to-face agreed to use that. There was no plan to release the source code ever (and if I did it myself, I would at least remove the credentials). The password has never been changed for 5 months, despite the transfer of ownership.

I didn't expect to be able to log in to LastPass after Bitcoinica Consultancy took over. So I didn't try.

no worries there. The fact that the password was the exact same 5 months later and was in the source that magicly got 'hacked' from Genjix's 'box' tells me that Intersango noticed upfront that the source and lastpass were the same and kept it that way intentionally for later use....
that's my version of the story. ;p

[markm]

My version of the story is, Tihan selected a password from one of the Mt. Gox API keys and we face-to-face agreed to use that. There was no plan to release the source code ever (and if I did it myself, I would at least remove the credentials). The password has never been changed for 5 months, despite the transfer of ownership.

I didn't expect to be able to log in to LastPass after Bitcoinica Consultancy took over. So I didn't try.

That nicely fits another nice little theory which is simply that the entire gameplan of buying bitcoinica from you was from the start to pull a MyBitcoin. Leaving the password unchanged would in such a storyline be deliberate, a way to tar you with the same brush they planned all along to be painting all the pots and kettles black with.

You should have insisted they change all passwords to one you would not know. Heck in future I would consider getting that in writing, so that if at any future time it emerged they used any password that was known to you you could sue them for deliberate attempt at defamation of character and/or framing you or adding you to a suspects list.

I sure hope the Canadian Imperial Bank of Commerce data centre changed the vault combination when I left them, I'd hate to find myself swept up in a dragnet someday due to something nasty happening and it turning out they neglected that simple standard normal expectable step.

-MarkM-

[repentance]

(the reason Tihan keeps repeating that his role was hands off is because he'd lose safe harbour protection from liability if he took part in the day to day running of the company).

He had the critical password, apparently. So while he might be able to wash his hands of responsibility for money-laundering going through his pipelines he remains a prime suspect in the theft. He could have insisted that password be changed had he wanted to wash his hands of that.

-MarkM-

Why risk CoinLab in that way, though?  CoinLabs had just secured $500,000 in venture capital not long before the announcement that "the Intersango guys" (I think it's important for people to understand the distinction between Intersango itself and the role of Patrick, Donald and Amir in Bitcoinica) would be operating Bitcoinica.

I seriously think we need a flow chart of everything which has happened with Bitcoinica since the mysterious Wendon bought Bitcoinica in October 2011.  We know it was Tihan's group which brought the Intersango guys onboard in March 2012, but there's not a whole lot of information about the intervening period.  The fact that zhoutong was still being paid such a large monthly amount for his continued services to Bitcoinica also suggests that nobody else really knew how to keep it running.

[markm]

Some idiot angel venture capital investor invested $500,000 in these imbeciles!?!?!?

I had no idea any of this was connected to the whole "$500,000 to talk game companies into a scheme" plan was anything to do with the rest of this.

How skilled a con-person does one have to be to talk an angel investor out of $500,000?

This gets weirder and weirder...

-MarkM-

EDIT: Aha, who was the angel? The chronic haxor(s) who have dogged bitcoin's footsteps since way back when?

I suggest next time anyone sells some bitcoin business they bear in mind that the purchaser(s) of Bitcoinica might not be the only haxors who regret not having got into the "be a trusted site" game early like MyBitcoin and see buying an existing site as a way to make up for that lost time...

-MarkM-

[Bitcoin Oz]

(the reason Tihan keeps repeating that his role was hands off is because he'd lose safe harbour protection from liability if he took part in the day to day running of the company).

He had the critical password, apparently. So while he might be able to wash his hands of responsibility for money-laundering going through his pipelines he remains a prime suspect in the theft. He could have insisted that password be changed had he wanted to wash his hands of that.

-MarkM-

If he had the master password then he should be liable to some degree.

[Bitcoin Oz]

My version of the story is, Tihan selected a password from one of the Mt. Gox API keys and we face-to-face agreed to use that. There was no plan to release the source code ever (and if I did it myself, I would at least remove the credentials). The password has never been changed for 5 months, despite the transfer of ownership.

I didn't expect to be able to log in to LastPass after Bitcoinica Consultancy took over. So I didn't try.

That nicely fits another nice little theory which is simply that the entire gameplan of buying bitcoinica from you was from the start to pull a MyBitcoin. Leaving the password unchanged would in such a storyline be deliberate, a way to tar you with the same brush they planned all along to be painting all the pots and kettles black with.

You should have insisted they change all passwords to one you would not know. Heck in furire I would consider getting that in writing, so that if at any future time it emerged they used any password that was known to you you could sue them for deliberate attempt at defamation of character and/or framing you or adding you to a suspects list.

I sure hope the Canadian Imperial Bank of Commerce data centre changed the vault combination when I left them, I'd hate to find myself swept up in a dragnet someday due to something nasty happening and it turning out they neglected that simple standard normal expectable step.

-MarkM-

I hope my last workplace changed the keys on their factory that I had a copy of. Id hate to be blamed when the company property dissapears.

[repentance]

Some idiot angel venture capital investor invested $500,000 in these imbeciles!?!?!?

I had no idea any of this was connected to the whole "$500,000 to talk game companies into a scheme" plan was anything to do with the rest of this.

How skilled a con-person does one have to be to talk an angel investor out of $500,000?

This gets weirder and weirder...

-MarkM-

No.  CoinLab is a separate venture altogether in which Tihan is (was) involved.  While I believe that he might play hardball as a businessman, it's hard to believe that he'd intentionally fuck up Bitcoinica given the likelihood of him wanting to secure more VC for future projects.

http://www.forbes.com/sites/jonmatonis/2012/04/24/coinlab-attracts-500000-in-venture-capital-for-bitcoin-projects/

[Phinnaeus Gage]

(the reason Tihan keeps repeating that his role was hands off is because he'd lose safe harbour protection from liability if he took part in the day to day running of the company).

He had the critical password, apparently. So while he might be able to wash his hands of responsibility for money-laundering going through his pipelines he remains a prime suspect in the theft. He could have insisted that password be changed had he wanted to wash his hands of that.

-MarkM-

I dont think he had it alone. He was provided with this password at best, Tihan isn't really an IT developer to go through the code base, pull mtgox key and set as a master key in last pass. ZT said he didn't do it

He is competent enough to edit source code files and push commits to github at least.

Code:

commit 0f075c054416ebba0f7c0a4809b8394d3a11cca6
Author: mode80 <github@tihan.com>
Date:   Fri May 4 16:56:05 2012 -0700

    Updates deposit page with the Core Credit wire transfer address.

commit 97bbfe51bafb0a99345fcb90000a1e2343a7ed83
Author: mode80 <github@tihan.com>
Date:   Sat Apr 21 10:54:41 2012 -0700

    Fix deposit page brokenness? (take 3)

commit d76c555941f4a7dce53a24cf03c36acf6af2b623
Author: mode80 <github@tihan.com>
Date:   Sat Apr 21 10:41:18 2012 -0700

    Fix deposit page brokenness? (take 2)

commit 47a50db07a01e6c42c858c3de138d616b51a40aa
Author: mode80 <github@tihan.com>
Date:   Sat Apr 21 10:21:43 2012 -0700

    Fixes deposit page brokenness?

commit fe493606b0bb03c212f703c9284a0d9d42416a41
Merge: 520894c 04a6fc4
Author: mode80 <github@tihan.com>
Date:   Sat Apr 21 09:55:54 2012 -0700

    Merge branch 'master' of github.com:bitcoinica/bitcoinica

And some more if you run a git log on the bitcoinica source code that genjix leaked

Tihan is also smart enough to protect his cards while sitting in the #10 seat and still in a hand. This post reminds me of something I read the other day while researching Tihan, but I'm not sure how long it would take for me to re-find it. The dude knows more than what meets the eye, with securing data being one such attribute in his arsenal.

~Bruno~

[markm]

Tihan is also smart enough to protect his cards while sitting in the #10 seat and still in a hand. This post reminds me of something I read the other day while researching Tihan, but I'm not sure how long it would take for me to re-find it. The dude knows more than what meets the eye, with securing data being one such attribute in his arsenal.

~Bruno~

So his failing to have the password changed would have to have been intentional then, right, given his expertise at securing data?

-MarkM-

[Phinnaeus Gage]

Some idiot angel venture capital investor invested $500,000 in these imbeciles!?!?!?

I had no idea any of this was connected to the whole "$500,000 to talk game companies into a scheme" plan was anything to do with the rest of this.

How skilled a con-person does one have to be to talk an angel investor out of $500,000?

This gets weirder and weirder...

-MarkM-

EDIT: Aha, who was the angel? The chronic haxor(s) who have dogged bitcoin's footsteps since way back when?

I suggest next time anyone sells some bitcoin business they bear in mind that the purchaser(s) of Bitcoinica might not be the only haxors who regret not having got into the "be a trusted site" game early like MyBitcoin and see buying an existing site as a way to make up for that lost time...

-MarkM-

Believe it or not, there's a lot to be said about this post.

First, I share this. Google TS and take a close look at his mug, noting the age. 'Nough about that.

Next, there sure the hell is a major connection between Coinlabs and this debacle (damn, I'm in a good mood). Also, Coinlabs seems to have a name change(s) issue of their own, namely some Carlos dude (sorry for not providing a last name, but he keeps changing it).

~Bruno~

[Phinnaeus Gage]

Some idiot angel venture capital investor invested $500,000 in these imbeciles!?!?!?

I had no idea any of this was connected to the whole "$500,000 to talk game companies into a scheme" plan was anything to do with the rest of this.

How skilled a con-person does one have to be to talk an angel investor out of $500,000?

This gets weirder and weirder...

-MarkM-

No.  CoinLab is a separate venture altogether in which Tihan is (was) involved.  While I believe that he might play hardball as a businessman, it's hard to believe that he'd intentionally fuck up Bitcoinica given the likelihood of him wanting to secure more VC for future projects.

http://www.forbes.com/sites/jonmatonis/2012/04/24/coinlab-attracts-500000-in-venture-capital-for-bitcoin-projects/

Secure more VC? He provides VC!

[Bitcoin Oz]

If more money gets stolen its less he needs to pay out. No wonder he didnt change the password

[repentance]

Secure more VC? He provides VC!

The two aren't mutually exclusive.