Having Patrick quit while he has done most of the refund work and may be the only one with access to the information about the process status is what sadden me the most.
Real security professionals go about their work mostly unnoticed if they do everything right.
Be sceptical about anyone making a lot of noise about their level of expertise, it smells of immaturity,and more often than not boils down to not being what they want everyone to believe they are.
Taking over a business as Bitcoinica means that if you're a security professional and wants to become the new administrator and/or owner of said business, at minimum you do the following:
* Review the source code
* Check the hosting situation esp. in regards to security and redundancy.
* Make sure all funds are safe, use two factor identification and/or cold storage for bitcoins, with multiple encrypted backups.
* Check the backup routines, and that they're satisfactorily, a backups of the live system should be done very often, at least daily, but for a site like Bitcoinica, it should perhaps be constantly mirrored to a safe server at the very least, heck if you're a sysadmin, you can even hack a bash script using mysqldump,tar,gpg and mutt to mail encrypted backups to admins. It takes 30 minutes or less to fix for the experienced admin.
* Make sure that all passwords are handled properly (change all of them, just to be sure.)
* Make sure password management is handled with an iron grip. Better to have some incovenience than to lose funds.
* Dont' use mailing lists for resets of passwords..
* Use a dedicated secure computer to access all important information.
* Use encrypted email when communication with other team members, this can easily be achived with many e-mail programs using PGP today.
* Make a set of security policies that everybody has to follow. For instance, strong encryption and good passwords for residential wifi's, restrict login to secure services to certain ip's and so on and so forth.
If you don't have the time or the resources to secure everything properly, then fuckups will happen. And in this case a real clusterfuckup happened.
Some of the points above, while not being an exhaustive list, is some of the things that a security professional should think of. Obviously from following the Bitcoinica debacle, a lot of the points above which requires no more than common sense to follow (ie. backup routines) has been breached.
I won't attack Zouthong specifically, and while I can't rule out that he's done anything wrong (everybody involved is a suspect at this point), a 17 year old doing no backups wouldn't make the headlines, but a company priding themselves with being security experts, and yet not following many of the rules above, which doesn't even require you to be a security professional, that's laughable.
Sorry to say this, but it's a complete joke.
Now, that the clowns have been revealed, the Circus need not shut down, but if the clows takes of their gowns and masks, starts talking, thinking, and flips over backwards to fix this clusterfuck, then we may have a resolution. Not doing anything about the situation at all, and even walking away, shows what kind of material those individuals are made of.
Intersango, should at this point only receive the minimal amount of attention from the bitcoin consultancy, while the Bitcoinica case should get their full attention. A plan could even be to make promises to current customers that have lost funds that they will be paid back from the profit of the continued operation of Bitcoinica, that is if the Bitcoin Consultancy still have the stomachs and nerves to continue to run Bitcoinica.
We all remember the mtGox hack, where shortly after Bitcoin Consultancy offered their services to Mark, and called Mark's exchange a complety incompetent one man show. NOW IS THE TIME FOR THE BITCOIN CONSULTANCY DUDES TO STAND UP AND SHOW THAT THEY HAVE A SPINE, AND SORT OUT THIS CLUSTERFUCK!!!
It's easy to see the faults in others, but hard to see one's own faults, and especially hard to face them when the shit hits the fan. As for the personal well beings of individuals of the Intersango team, most community members are uninterested, this is the responsibility of the individual team members of BC to get enough sun, sleep enough, eat their vitamins and food. The community is suffering, and you have a part of it, unfair or not, this is reality and have to be dealt with.
I'm sure that most people's memory is shortlived, and if you can sort out this mess in a civil manner, I'm sure many community members will be mostly grateful. Now there's even been a price increase for bitcoins, so selling those slowly off could even make for more USD to be reimbursed, and I'm sure that a lot of former members would be happy to get back their funds, in any form, even if it was the USD equvivalent of the bitcoin value when Bitcoinica closed down.
So my advise now:
1. Secure all funds, cold storage for coins, and put two factor identification on all accounts where USD is stored. Change all passwords, and let a trusted lawyer set the master password for Keepass, LastPass or whatever password management you chose.
2. Take some days off, or even a week. Announce to the community when you will be back, then leave everything that has to do with bitcoin and computes for a few days, go into nature, relax, feel the sun on your skin.
3. After the short hiatus, get back, take a deep breath, work with the lawyer (I'm sure no Bitcoinica ex-member would object to using a few bucks on a lawyer, if it means they could even get 50% or more of their funds back), ask for help from trusted community members if you needed to.
4. Work intensly on paying back all funds, let all other unnecesary leisure activites and work activities (writing articles, coding etc.) rest, and focus on the task at hand.
5. When the remaining funds have been distributed, either call it a day and go on a vacation for a month on a tropical island, or your nearest woods (whatever fits your budget).
6. Decide if you want to relaunch Bitcoinica, or forever call it a day.THEN YOU WOULD GO OUT OF THIS MESS WITH HEADS HELD HIGH!!!
Right now, it's more like a ship were all rats are jumping off, and a drunk captain is left manouvering it.Yes, you fucked up majorly, but there's always another day.
People talk as everything is lost, it is not. What really matters now is the attitude, honesty and integrity of the ones left on the ship, or which have already jumped ship, you could always climb back.
Try to put your personal EGOS, embarrassment, anger, hostility etc. to rest. Make sure everything related to payouts goes through a certified and trustworthy lawyer, as at this point, you're all suspects, even though there's no exact evidence as to who's to blame.
Failure to do this will only hurt your reputation, and continued careers, in and out of bitcoin. You may even face criminal charges down the line and serve jail time for it.
I'm sure most people in the community don't wish anything bad on your persons, but they have a right to their funds, and that's something you should honour, and that's why they're angry. If people know this is being worked on, and that something happens, then they will be much less hostile.
Updating the bitcoinica.com site with some information about the recent incident and with a plan from here would be a good way to go. You could post daily, or at least weekly reports about the work done with repayments, and ex-customers could report on this forum what they have received.
On the opposite case, there's always the possibility that you are in fact criminals, and that the remaining funds + Intersango will be emptied very soon, and you're off to a remote island with fake passports and golddigger whores. If this is the case, I hope it feels good, that you sleep well at night, and that you have a good time. A lot of people do not have a good time at this point.
Disclaimer: I had 0 funds in Bitcoinica and I have 0 funds on Intersango, but it's uneasing to see the community being hit by this, and I hope it will be sorted out. Even having 50% back is better than a 100% loss!!!