Bitcoinica MtGox account compromised

[ninjarobot]

Maybe we should ask why all those people had that much funds there...?

Bitcoinica was the first fully licenced financial service provider that provided decent interest of 6% on both BTC and USD currency accounts. The interest on my USD account alone provided me with ~0.5 BTC per day, so I simply used it as a BTC savings account, while leaving speculation to the other customers.

This is the post (from Donald) that won me over: http://bitcoinmedia.com/first-licensed-advanced-trading-platform-for-bitcoin/

While Bitcoinica had some previous security concerns, namely where the attack on the Linode cloud hosting provider generated them a loss of 40k BTC, Bitcoinica has fully recovered from the loss and no longer depends so heavily on 3rd party platforms. The Bitcoinica reigns have been taken up by the recognized development group called the Bitcoin Consultancy which have a record of solid security in the tumultuous world of Bitcoin.

On a personal level:

I did not commit any sizeable deposits until Bitcoinica got their new ToS, status as registered FSP in NZ and contracted the Bitcoin Consultancy, who at the time were regarded as some of the best and reputable in the business.

I found Zhou to be responsive, honest and helpful in his communication with customers and the bitcoin community. The fact that he was able to deal with the first hack to the complete satisfaction of the entire customerbase only bolstered my confidence that this was not a scam operation and assumed he learned a costly lesson in security that would not be repeated.

I was impressed by Bitcoinica as a service, it worked very well for my needs. I secured my account with a strong unique password + Google 2-factor authentication and Bitcoinica stated they did not keep deposits on site but at MtGox. Little did I know that while providing strong user facing security features they did not have adequate security measures internally (No offsite backups, cheap VPN, no OTP on their MtGox, root password reset broadcast to a mailinglist, etc.)

I realized this was one of my riskier investments since the legal status of Bitcoin is uncertain and Bitcoinica was still a largely unproven business. I did my due diligence to the best of my ability. I did my risk assessment. I decided the risk/reward was worth it.

I was wrong. Mea Culpa. http://youtu.be/NmFo-LKHGY0

So far this has been an painful and protracted lesson in counterparty risk. Now I see no option left apart from considering joining possible legal action and feeding the lawyercats. I admit I don't like it one bit, but the alternative is to sit around like a fool and I tried that strategy for the last 2 months without much success.

[1713572592]

1713572592

[k]

Why was the bitcoin stored on MtGox anyway? Why not secure in their own wallet.
This reliance on third parties where the Bitcoinica credentials can be spoofed seems to be at the root of all the hacks.

I'm sorry for all involved. I have to say that bitcoin really is the most amazing geek soap opera. If the bitcoin value was backed by drama it would be stratospheric.

[paulie_w]

Why was the bitcoin stored on MtGox anyway? Why not secure in their own wallet.
This reliance on third parties where the Bitcoinica credentials can be spoofed seems to be at the root of all the hacks.

I'm sorry for all involved. I have to say that bitcoin really is the most amazing geek soap opera. If the bitcoin value was backed by drama it would be stratospheric.

i was wondering this too. some technical reason?

[World]

what's going on behind the scenes Tihan,  Zhou,  Patrick, Donald, Amir, or anyone else with access to Bitcoinica money ??
pls write the truth

[dancingnancy]

And Zhou sold that trust to the highest bidder. At least his mortgage is paid off!

He did the right thing, walk away from a business that become to big to manage.

I agree.  Good for him.  Unfortunately, we are in a shit position, but I am not entirely sure if this could have been avoided anyhow.  Perhaps not to this extent.  I feel confident still that things will be resolved in the end by Zhou T.  He seems like one of the few very stand-up people around here. 

[paulie_w]

something tells me that you guys should add videos to accompany these kinds of announcements. people need to be able to see into your eyes and see your sorrow and regret, to know that you're telling the truth.

we'd not have so much of this finger-pointing if that were the case, i'll bet.

[Vladimir]

As a Bitconica customer:

• I had no positions, no leverage, and was using it as an interest bearing savings account.

And now *THIS* happens?

When will you people learn that there is ONLY ONE VIABLE TYPE OF BTC SAVING ACCOUNT --> heavily encrypted and backed up bitcoin wallet/brainwallet/paperwallet in a secure place ?

[Vladimir]

something tells me that you guys should add videos to accompany these kinds of announcements. people need to be able to see into your eyes and see your sorrow and regret, to know that you're telling the truth.

we'd not have so much of this finger-pointing if that were the case, i'll bet.

Yep, one hour long Bruce Wagner "I'm sorry I pushed ya to put all your money in mybitcoin" style video would do wonders.  

[BadBitcoin (James Sutton)]

As a Bitconica customer:

• I had no positions, no leverage, and was using it as an interest bearing savings account.

And now *THIS* happens?

When will you people learn that there is ONLY ONE VIABLE TYPE OF BTC SAVING ACCOUNT --> heavily encrypted and backed up bitcoin wallet/brainwallet/paperwallet in a secure place ?

thats where I store my coins, besides in starfish BCB and hashking.

[proudhon]

As a Bitconica customer:

• I had no positions, no leverage, and was using it as an interest bearing savings account.

And now *THIS* happens?

When will you people learn that there is ONLY ONE VIABLE TYPE OF BTC SAVING ACCOUNT --> heavily encrypted and backed up bitcoin wallet/brainwallet/paperwallet in a secure place ?

That's exactly what I took away from this when it started several months ago, and I haven't looked back.  I control the vast majority of my bitcoins now, nobody else - paper wallets and brain wallets.  People need to internalize this.

[ninjarobot]

As a Bitconica customer:

• I had no positions, no leverage, and was using it as an interest bearing savings account.

And now *THIS* happens?

When will you people learn that there is ONLY ONE VIABLE TYPE OF BTC SAVING ACCOUNT --> heavily encrypted and backed up bitcoin wallet/brainwallet/paperwallet in a secure place ?

How about NOW? (Admittedly too late...)

[Phinnaeus Gage]

Last bit of advice: Bitcoinica should put all their USD deposits in a real bank account, with real bankers.

I assured my once friend (more like a close acquaintance), let's call him Jerry (his real first name that he goes by), to not worry about any USD he may have tied up in this Bitcoinica cluster-fuckery, for any fiat (I told him dollars) will surely be in some bank. No place else! It never occurred to me that said money would be in some Mt Gox account. Not in a thousand years. And since I'm speaking of timetables, it never occurred me in a million years that a password hack would happen a THIRD time involving Bitcoinica.

Now, you want to hear something really funny? There are people here in Sandwich that believe that I'm somehow involved with all this. Their proof: Joined this forum, of which they honestly believe is the Bitcoin homepage, around the same time as the Tom Williams hack; Currently, I'm the second highest poster on this official Bitcoin website; and, I must have made all my money from ripping off others worldwide with this invention of mine since they are all aware that I was a broke dick only two short years ago when my dad, a truly broke dick, died.

Here's the kicker: 95% of said people above who believe such nonsense don't even own or know how to operate a computer. Not even Jerry, for he get's his information from his daughter (then passes on what he learns to the others, daily), who works at the bank I bank at and, with his instructions to her, by recommendations by me, indirectly, invest a percentage of his recent financial gain into Bitcoin, choosing Bitcoinica as his most locally choice at the time.

I had no idea at all that the above took place until close to a week after Zhou Tong (no more ZT) started that thread about this recent hack about a month ago, and was approached by Jerry at my favorite restaurant that I no longer frequent as often, one I was closed to having the Albanian owner start accepting Bitcoin, with, "Why did you steal my money?" in front of the regulars of which I've known for years.

So there you have it. A guy who loves Bitcoin, only has $1,000 tied up in the currency as an investment (bought cheap enough); 0 disposable coins at the moment, but will get more so that I can play with the big boys; a $100 a month smartphone contract; three people who have ordered custom leather products from my brother-in-law but have not paid for them, keeping that information from him and the community until now, but WILL NOT mention names (Martin was paid by me via dollars, so he's not out any money); and now have the EPA on my ass because of this randomly linked article (you're smart enough to put the pieces together), turned in by one of my once close acquaintances (guess what the daily fine is that I'm looking at).

That said, they don't make a font size big enough to express what the hell I'm going through because I simply spread the good word about Bitcoin, then had it thrown back in my face. That only leaves one main orifice left, but fortunately for me, a couple family members are eyeballing that hole now, wondering why the hell I'm still monkeying around with this Bitcoin thingy, for they're now getting their uninformed information from...wait for it...our favorite restaurant's patron saints, owner and staff. I may have to hide my vintage blasting rod and Jergens, for I have this weird feeling... (humor is how I maintain my sanity--no meds, and still eat and sleep well).

Thanks for listening, all. Bless. (though not an active believer, but do express the spirit of the word)

~Bruno~

PS: Note the butterfly effect.

[iCEBREAKER]

I LOL'ed when i saw this thread. Like last time and the time before that.

Yep.  I was all

I'm sorry for all involved. I have to say that bitcoin really is the most amazing geek soap opera. If the bitcoin value was backed by drama it would be stratospheric.

I know, right?

Just when I thought nothing could be more entertaining than the epic Pirate threads/flamewars/huge side bets, along comes this.

[sadpandatech]

I had no idea at all that the above took place until close to a week after Zhou Tong (no more ZT) started that thread about this recent hack about a month ago, and was approached by Jerry at my favorite restaurant that I no longer frequent as often, one I was closed to having the Albanian owner start accepting Bitcoin, with, "Why did you steal my money?" in front of the regulars of which I've known for years.

~Bruno~

PS: Note the butterfly effect.

That's heavy, bro.. :/


@thread Just to make sure I am following things correctly;

1. Intersango purchased or was purchasing Bitcoinica and agreed to handle returning the old customer funds?
2. Intersango was handed all the account passwords, securely encrypted in a LastPass account?
3. Intersango changed all the old passwords except for the one password that secured all the others?
4. The password for Lastpass just happened to be Bitcoinica's MtGox API key?

[Phinnaeus Gage]

Remember this:

To be honest, your age isn't a problem, because the average above-average developer is still not competent to write this sort of software. If you had been doing security and financial software since birth, I might consider putting a bit of trust in the kitty to start.

I'm going to pitch a different take than a few others: Yes, great initiative, please keep trying things and building things, but end this project now. There are no probable outcomes where you do not end up having to explain where thousands of dollars of other people's money went to some angry people. There's also very nontrivial odds of being on the wrong end of armed Federal agents, based on some of the other comments you've made here. This is a horrible, horrible first-project sort of project.

Let me put it this way: Would you be willing to convert the BitCoins in your system into cash, put it in your front window, and post daily pictures of the pile of cash to your Facebook account, set to public visibility? Because that's roughly what you're doing.

+1 to this guy.

Will you quit quoting him, for it makes me start wondering, again, how he got up to speed so quickly on having a command of the English language after reading his follow-up reply.

Yes, we have. I admit that I didn't make it visible on the site itself. But the system checks every single user every 5 seconds.
We have two metrics: net value and minimum net value. When NV < MNV, all positions are immediately liquidated. When NV < 2MNV, a warning is visible on trading panel. (Future feature: margin call email)
These metrics are completely transparent, showing in different colors to represent health status. Once you give it a try you will know.

Unless they make a Rosetta Stone on Rails I'm not aware of.

~Bruno~

[ninjarobot]

Welcome back Tihan, you have been missed since your last brief visit to this forum.

It would appear that a lot of misinformation has circulated since the date of my last post. Considering the many inconsistencies, I will assume astute readers here have already discounted the versions of facts presented by the Consultancy.

That is funny because the last time I spoke with a certain Bitcoinica representative (about a month ago) I was told that you were misrepresenting the facts and preventing them from exposing the truth because you were unwilling to nullify their NDA:

There's a PR smear campaign that might be working through sheer force but it's a bunch of lies. If you want to understand what's going on send me your phone number and I'll give you a call

So who do we believe? It seems all parties are blaming each other and no-one is in control.

The Consultancy members accepted that responsibility on April 24 as operators and General Partners of Bitcoinica LP. There is ample written documentation to confirm this.  

I believe this to be true, but would you care to back up that claim with some references?

There are still a lot of unknowns surrounding recent events but the Consultancy's responsibility for Bitcoinica and its password security is not one of them. The fund will be considering all legal options.

I assume you are considering all legal options for the benefit of Bitcoinica customers?

There's something with Tihan going on, but I am not following that because it's unneeded drama for me - it seems he got fired, although I'm not sure for what.

It appears you got fired. What is your current role with Bitcoinica LP?

[Phinnaeus Gage]

May I suggest people tuck away their lynch mob mentality for a second and instead try and use some usually a lot more productive rational thought before responding in this thread. Yes the situation is fked up but there's no need to start throwing around various threats of violence.

You all knew there was a counterparty risk involved when you decided to use their service.

(still reading and at this point now)

The only violence I've mentioned is that I may need to hide my fictitious blasting rod from my sister before she finds and lubricates it (I hope) so that she can stick it up my ass for having her go through the embarrassment she encountered at the restaurant, having me spend an hour explaining to her exactly what is going on and offering up proof that the shitload of money I make does come from the selling of smelly old barn wood and not fleecing others in the world via Bitcoin, a word she didn't even know how to spell (seriously).

~Bruno~

[Vladimir]

And now everyone imagine that it is year 2020 and 1 BTC worth 1 000 000 USD 1kg of gold.

[Clipse]

And now everyone imagine that it is year 2020 and 1 BTC worth 1 000 000 USD 1kg of gold.

First we need the americans to realise what a kilogram is.

[sadpandatech]

And now everyone imagine that it is year 2020 and 1 BTC worth 1 000 000 USD 1kg of gold.

First we need the americans to realise what a kilogram is.

is that some several thousands of grams? 


kidding, in case you arn't sure.