[Payout Updates] Bitcoinica site is taken offline for security investigation

[iamapi]

i got the same message and I'm pretty sure my password is correct.

Im getting the same message others are getting

"No password hash found please contact verify@bitcoinica.com to request manual verification".

 I have the same password that i used while the site was live and a previous confirmation email and ID.

Whats next folks?

[1715094066]

1715094066

[1715094066]

1715094066

[1715094066]

1715094066

[Matthew N. Wright]

Same message here too, to an email address -no- one knows but Bitcoinica.

[dancingnancy]

-

[mb300sd]

Would it tell me if I typed in an incorrect password? I have 3 possibilities I may have used, but its been too long to remember which one I did...

[Vladimir]

It seems that form is simply harvesting IP's and cleartext passwords and responds to everyone
with "No password hash found please contact verify@bitcoinica.com to request manual verification". Which would not be unreasonable if they just said so instead of "No password hash found", which is kind of looking like a little white lie, meaning "it is not found because we do not have db where to look for it".

Since they run it via https, do check their certificate before submitting anything. It should be issued to claims.bitcoinica.com .

[dancingnancy]

It seems that form is simply harvesting IP's and cleartext passwords and responds to everyone
with "No password hash found please contact verify@bitcoinica.com to request manual verification". Which would not be unreasonable if they just said so instead of "No password hash found", which is kind of looking like a little white lie, meaning "it is not found because we do not have db where to look for it".

Since they run it via https, do check their certificate before submitting anything. It should be issued to claims.bitcoinica.com .

I didn't receive that message.  Many others did not either.  It would most likely be that they couldn't recover your PW?  Just a guess.

[Phinnaeus Gage]

(surely, the rising exchange rate is a serious concern for them as the deal with authentic claims)

I wonder if the rate is artificially rising to take advantage of this situation. I'm not savvy enough to figure out how that could be done, let alone knowing if there's a real advantage for doing such, but do have a feeling that something doesn't smell right. Really? A near 18% gain over the past 30 days with this episode looming? One would expect the price to fall or, at the very least, remain stable as it has relatively done prior to this Bitcoinica episode.

I may be wrong, but it's something sure to think about.

I apologize for the slight aside, and I'm not the right person to start such a thread on this subject if one is warranted.

I am glad to see progress on this issue. Good job and good luck, guys.

~Bruno~

[flower1024]

Brutal Im getting a
No password hash found please contact verify@bitcoinica.com to request manual verification

same issue here.

same here

[dizzy1]

Brutal Im getting a
No password hash found please contact verify@bitcoinica.com to request manual verification

same issue here.

same here

Seriously people, If this is real, They can't find a hash cause they are probably using an old backup. How hard is that to surmise from that sentence?

[flower1024]

Brutal Im getting a
No password hash found please contact verify@bitcoinica.com to request manual verification

same issue here.

same here

Seriously people, If this is real, They can't find a hash cause they are probably using an old backup. How hard is that to surmise from that sentence?

VERY unlikely
my account is very old and i never changed my password.
also: i had a verified bitcoinica account and send my passport to verify@bitcoinica.com

this should be the best proove (even the md5 hash of both passport pdf files is the same)

[Vladimir]

Seriously people, If this is real, They can't find a hash cause they are probably using an old backup. How hard is that to surmise from that sentence?

I tried all passwords I ever had on my account, they all look like EA29l8H>hHYfP[chcfFWC){0w7K(qWKR but I somehow sure that I remember all of them correctly.

And the account in question was created in 2011. This is why I thought (rightly or wrongly) that this is simply a harvesting operation without any database to compare with.

[dizzy1]

Seriously people, If this is real, They can't find a hash cause they are probably using an old backup. How hard is that to surmise from that sentence?

I tried all passwords I ever had on my account, they all look like EA29l8H>hHYfP[chcfFWC){0w7K(qWKR but I somehow sure that I remember all of them correctly.

And the account in question was created in 2011. This is why I thought (rightly or wrongly) that this is simply a harvesting operation without any database to compare with.

It could be either but I got the same message and I opened my account only days before the breakin. But even so, what other possible legit use for our passwords could there be?

[flower1024]

Seriously people, If this is real, They can't find a hash cause they are probably using an old backup. How hard is that to surmise from that sentence?

I tried all passwords I ever had on my account, they all look like EA29l8H>hHYfP[chcfFWC){0w7K(qWKR but I somehow sure that I remember all of them correctly.

And the account in question was created in 2011. This is why I thought (rightly or wrongly) that this is simply a harvesting operation without any database to compare with.

It could be either but I got the same message and I opened my account only days before the breakin. But even so, what other possible legit use for our passwords could there be?

1) buy time
or
2) the hope that if there are duplicate claims for an account only the rightful owner will enter his password

[dizzy1]

Seriously people, If this is real, They can't find a hash cause they are probably using an old backup. How hard is that to surmise from that sentence?

I tried all passwords I ever had on my account, they all look like EA29l8H>hHYfP[chcfFWC){0w7K(qWKR but I somehow sure that I remember all of them correctly.

And the account in question was created in 2011. This is why I thought (rightly or wrongly) that this is simply a harvesting operation without any database to compare with.

It could be either but I got the same message and I opened my account only days before the breakin. But even so, what other possible legit use for our passwords could there be?

1) buy time
or
2) the hope that if there are duplicate claims for an account only the rightful owner will enter his password

The sad thing is whichever one is true will still buy some time.

[Spekulatius]

Do we even know those emails come from bitcoinica?

If not, someone is getting a lot of plain text passwords and account information.

[elux]

Do we even know those emails come from bitcoinica?

If not, someone is getting a lot of plain text passwords and account information.

Yes. Patrick Strateman:

There is now a password form on the claims page.

Please enter your password to verify you are indeed the rightful owner of the account.

[Otoh]

My claim dating from the Swap's interest introduction has been received, I would be happy to submit it to this arbitration service if Bitcoinica were willing to accept this, http://www.judge.me/

I had the same 2 emails re password authentication, I entered it on the claims page & it then changed to: Identification - True (where the password enter box was before). So that seems to have worked OK.



edit: sry, seems that the Identification: True part was there all along & that the PW entry field disappearing after entering the PW shows that it was entered correctly.

[Mushoz]

My claim dating from the Swap's interest introduction has been received, I would be happy to submit it to this arbitration service if Bitcoinica were willing to accept this, http://www.judge.me/

I had the same 2 emails re password authentication, I entered it on the claims page & it then changed to: Identification - True (where the password enter box was before). So that seems to have worked OK.

I'm getting the same "Identification - True" text, so I guess it's verified now. Now we wait. Hopefully my funds will be returned to me soon

Edit: A friend of mine just went to the claims page to enter his password, but it already said "Identification - True", while the password box was still there. The "Identification - True" field seems to be whether you said in your claim form that you are ok with providing identification to speed up verification. So I have no idea whether the password I entered was correct or if I made a typo. Hopefully the fact the field is now gone means that it was ok. We'll wait and see I guess.

[proudhon]

My claim dating from the Swap's interest introduction has been received, I would be happy to submit it to this arbitration service if Bitcoinica were willing to accept this, http://www.judge.me/

I had the same 2 emails re password authentication, I entered it on the claims page & it then changed to: Identification - True (where the password enter box was before). So that seems to have worked OK.

I'm getting the same "Identification - True" text, so I guess it's verified now. Now we wait. Hopefully my funds will be returned to me soon

I'm getting the same thing.  The only thing that worries me is that I haven't officially sent them an address to send my bitcoins to.  I'm hoping that information is requested next.

[Mushoz]

Edited my post to provide some more details. The "Identification - True" seems to be related to whether you said on your claim page whether you are ok with providing identification to speed up the verification process, as it was already there before any password was entered. I have no idea whether the password I entered was correct or if I made a typo. I hope the fact that the password field is gone means that it was correct.