Bitcoinica MtGox account compromised

[Phinnaeus Gage]

The question remains why there hasnt been a police report initiated by the owners of bitcoinica. Shouldnt it be them and not yourself that initiates such a thing ? When else do you arbitrarily "inform the police " without the actual people involved doing it ?

We are still discussing this with our legal counsel actually, however filing the theft details pre-emptively from our side may make things easier and faster, and may protect us and our other customers too.

Japan local time when post was:

7:45 AM
Saturday, July 21, 2012
( observing Standard Time )

(Sorry for the 12pt font size)

~Bruno~

[1714099781]

1714099781

[1714099781]

1714099781

[1714099781]

1714099781

[1714099781]

1714099781

[Phinnaeus Gage]

As far as Mt.Gox is concerned and as Genjix explained, we did not suffer any breach or any hack, all other account are safe and the thief only targeted Bitconica's account. Mark (MagicalTux) has been in contact with many Bitcoin players since this announcement and offered any help we can give, but unfortunately all funds (USD & BTC) are no longer within our reach.

Once again, someone with a US IP succeed to get Bitcoinica's account credential which did not trigger any alarms since they were fully identified. Since Bitconica's account was a verified account the owner of this account asked (This happened when Zhou was still controlling Bitconica) to have his limits lifted to the maximum possible, giving the possibility to the thief to move Bitcoinica's assets to another external account (External to MtGox).

Despite our effort on securing Mt.Gox and protecting everyone's asset I would like to remind everyone that it is also your responsibility to secure your account with a very strong password and use either a Yubikey or Google Auth (You can even use both at the same time).

Mt.Gox

-- EDIT --

We would like to stress that Mt.Gox Verified Bitconica as a Company and NOT as an Individual.

to what (bank-)account was the usd sent to? ie. where can we find the guy, and beat him?

We wish things could be so simple, unfortunately they are not! But if you read a little further we explain that we know how and where the money goes and we will give all these details to the appropriate authorities to get this done right. Despite what some want to believe we are at Mt.Gox extremely furious about this situation a lot of good people and very close friends lost a LOT of money. We have of course nothing to do with what happen and will help the community has much as we can on this matter.

Did you just go from did to will?

[Bitcoin Oz]

Im still amazed no police report has been filed since the first hack. Given what we know about the statist views of the intersango guys who want to regulate bitcoin and who use government protection in a limited liability company formation.

If someone can explain this little doozy I will eat my hat.

[Phinnaeus Gage]

Adding to my previous post agreeing with bitcoinBull. If it was an inside job it wasn't Patrick or Amir.

First we had this.
https://bitcointalk.org/index.php?topic=81045.msg894435#msg894435

Please don't blame genjix. It's definitely not his fault.

He's not in our mailing list so it couldn't be him.

Well, shit just happens and it's not anyone's fault or incompetence here. I'm the only guy awake when the incident happens.

and now we have this

Posting an update soon.

good news?

If it's related to my previous email to the Bitcoinica team, no, it's a bad news.

This was a pointless and malicious comment.

Are you trying to further harm their reputation or your own? Because they're not entirely separate.

No, I was merely stating a fact. I discovered something unusual and I emailed them. They promised an update. And that's it.

I don't have the right to update you publicly because I have some advantage in obtaining insider information.

I'm not part of the "bad news" and I'm not involved in Bitcoinica. If I didn't tell them they will discover the problem anyway.

Someone care to explain to a dumb guy(me) how is it that a guy who isn't "involved in Bitcoinica" discovers a theft of almost $400k before the ones who are involved in Bitcoinica?

TWICE!

FTFY!

I'm the only guy awake when the incident happens.

What I learnt today: Siesta time in Germany is 2PM.

~Bruno~

[Bitcoin Oz]

Zhou Tong isnt involved in bitcoinica in the same way mark karpeles isnt involved in mt gox.

[Justin00]

if its true that friends were paid out in full first, there should be no need for a discussion. It prooves people are dishonest and should be locked up.

anyways why doesnt a mod just renumber this thread to page 80 or something... and we can all just stop discussing and just wait for the next "hack"

[jcp]

Having friends paid out in full and then requesting that others take a 30% haircut sounds pretty darn illegal in nearly all jurisdictions involved.

[Bitcoin Oz]

Having friends paid out in full and then requesting that others take a 30% haircut sounds pretty darn illegal in nearly all jurisdictions involved.

http://en.wikipedia.org/wiki/Clawback  if they are forced into liquidation the administrator can do this including any funds paid to employees like ZhouTong...I think any money he made when selling the site would be included.

[Justin00]

yeah employees are fine.... friends (that aren't employees) are not...

[repentance]

The question remains why there hasnt been a police report initiated by the owners of bitcoinica. Shouldnt it be them and not yourself that initiates such a thing ? When else do you arbitrarily "inform the police " without the actual people involved doing it ?

We are still discussing this with our legal counsel actually, however filing the theft details pre-emptively from our side may make things easier and faster, and may protect us and our other customers too.

Japan local time when post was:

7:45 AM
Saturday, July 21, 2012
( observing Standard Time )

(Sorry for the 12pt font size)

~Bruno~

You can bet if I realised that amount of funds had gone missing from my account I'd be waking Mark up in the middle of the might.  It's also reasonable to assume that Mark immediately went about securing evidence once informed of the event.  I'm not sure why you think the time is especially significant given how many people start work early even on Saturdays.

If money had been stolen from your bank account, it would be the bank who notified the authorities (after all, they have the transaction records).  In this case, it should probably be MtGox which files the initial report.  There is zero reason to believe that attempted thefts will not continue if intruders know they will likely not be discovered and prosecuted.

[jcp]

Having friends paid out in full and then requesting that others take a 30% haircut sounds pretty darn illegal in nearly all jurisdictions involved.

http://en.wikipedia.org/wiki/Clawback  if they are forced into liquidation the administrator can do this including any funds paid to employees like ZhouTong...I think any money he made when selling the site would be included.

The principle of a clawback is known and given, however there is a de facto legal principle of "Judgement Proof". Namely, if it is impossible to know who the principles involved are (present and former owners of bitcoinica) and/or the location of their funds, it's impossible to secure the proceeds of any judgement. It's become obvious that Zhoutong already understands the risk of a clawback, which is why he seems to have been advocating prompt return of funds to deposit holders for a while (assuming we take his actions at face value and is not colluding with the current "owner").

The reason I emphasized the payment in full and requesting others take a 30% haircut issue is because this may create material liability for the Bitcoin Consultancy people if they were involved in claims processing/payment.

[chsados]

something tells me that you guys should add videos to accompany these kinds of announcements. people need to be able to see into your eyes and see your sorrow and regret, to know that you're telling the truth.

we'd not have so much of this finger-pointing if that were the case, i'll bet.

this

[bitcoinBull]

something tells me that you guys should add videos to accompany these kinds of announcements. people need to be able to see into your eyes and see your sorrow and regret, to know that you're telling the truth.

we'd not have so much of this finger-pointing if that were the case, i'll bet.

this

That doesn't matter. Everyone saw Bruce Wagner's video after mybitcoin but many still think he's Tom Williams.

[Phinnaeus Gage]

The question remains why there hasnt been a police report initiated by the owners of bitcoinica. Shouldnt it be them and not yourself that initiates such a thing ? When else do you arbitrarily "inform the police " without the actual people involved doing it ?

We are still discussing this with our legal counsel actually, however filing the theft details pre-emptively from our side may make things easier and faster, and may protect us and our other customers too.

Japan local time when post was:

7:45 AM
Saturday, July 21, 2012
( observing Standard Time )

(Sorry for the 12pt font size)

~Bruno~

You can bet if I realised that amount of funds had gone missing from my account I'd be waking Mark up in the middle of the might.  It's also reasonable to assume that Mark immediately went about securing evidence once informed of the event.  I'm not sure why you think the time is especially significant given how many people start work early even on Saturdays.

If money had been stolen from your bank account, it would be the bank who notified the authorities (after all, they have the transaction records).  In this case, it should probably be MtGox which files the initial report.  There is zero reason to believe that attempted thefts will not continue if intruders know they will likely not be discovered and prosecuted.

Copied and paste from a random website:

What are the banking hours in Japan? Most banks are open Monday to Friday, 9:00am to 3:00pm. Most are closed on Saturday's and Sunday's.

TGIF comes to mind. In this case, TGIF13.

As of an hour ago, Mt Gox has yet to file a report. Neither has those (maybe no longer plural) over at Bitcoinica.

~Bruno~

[JoelKatz]

http://en.wikipedia.org/wiki/Clawback  if they are forced into liquidation the administrator can do this including any funds paid to employees like ZhouTong...I think any money he made when selling the site would be included.

ZhouTong wasn't paid employee compensation. He transferred ownership of the company in exchange for those funds. So the rules for employee compensation or bonus clawbacks wouldn't apply.

In any event, employee compensation clawbacks generally are only available for losses that were incurred prior to the payment of the compensation. The idea is that someone who misrepresents the profitability of a business shouldn't benefit from their misconduct by getting a bonus based on the inflated profits. Nothing like that seems to have happened in this case. In many countries (including the United States) you don't have to prove the employee was at fault. It's sufficient to show that the bonus was paid based on incorrect information.

As far as a non-employee clawback goes, generally you can't clawback funds from someone who gave something of comparable value for the funds received unless you can show wrongdoing on their part or the contract specifically permitted a clawback. It's very unlikely that ZhouTong's contract would have permitted a clawback for anything other than a materially significant misrepresentation or omission on his part. And there's no evidence so far, at least as I know, that ZhouTong did anything like that.

Of course, we probably don't know anything close to the full story yet.

However, anyone who got any money back from Bitcoinica should be aware that this money could be subject to clawbacks. Once Bitcoinica knew that they couldn't make full repayments, they had an obligation to prioritize their debts and protect the interests of other creditors. If they paid some people 100% of the money they held once they knew they couldn't pay back everyone, that could be subject to a clawback.

[Littleshop]

http://en.wikipedia.org/wiki/Clawback  if they are forced into liquidation the administrator can do this including any funds paid to employees like ZhouTong...I think any money he made when selling the site would be included.

ZhouTong wasn't paid employee compensation. He transferred ownership of the company in exchange for those funds. So the rules for employee compensation or bonus clawbacks wouldn't apply.

In any event, employee compensation clawbacks generally are only available for losses that were incurred prior to the payment of the compensation. The idea is that someone who misrepresents the profitability of a business shouldn't benefit from their misconduct by getting a bonus based on the inflated profits. Nothing like that seems to have happened in this case. In many countries (including the United States) you don't have to prove the employee was at fault. It's sufficient to show that the bonus was paid based on incorrect information.

As far as a non-employee clawback goes, generally you can't clawback funds from someone who gave something of comparable value for the funds received unless you can show wrongdoing on their part or the contract specifically permitted a clawback. It's very unlikely that ZhouTong's contract would have permitted a clawback for anything other than a materially significant misrepresentation or omission on his part. And there's no evidence so far, at least as I know, that ZhouTong did anything like that.

Of course, we probably don't know anything close to the full story yet.

However, anyone who got any money back from Bitcoinica should be aware that this money could be subject to clawbacks. Once Bitcoinica knew that they couldn't make full repayments, they had an obligation to prioritize their debts and protect the interests of other creditors. If they paid some people 100% of the money they held once they knew they couldn't pay back everyone, that could be subject to a clawback.

Agreed.  ZhouTong is probably safe from clawbacks as Bitcoinica was not in the red at the point at which he sold it.  Payments made after the hacks that put Bitcoinica in the red are the issue. 

[Luceo]

Just want to say I'm glad MtGox has filed a police report. Cretins like this thief need to be caught.

[bitcoinBull]

[...]
Of course, we probably don't know anything close to the full story yet.

However, anyone who got any money back from Bitcoinica should be aware that this money could be subject to clawbacks. Once Bitcoinica knew that they couldn't make full repayments, they had an obligation to prioritize their debts and protect the interests of other creditors. If they paid some people 100% of the money they held once they knew they couldn't pay back everyone, that could be subject to a clawback.

Well, they only found out they couldn't make full repayments since just before genjix's announcement in the first post of this thread. So from what you say, the repayments made before that aren't subject to clawback.

I would like to hear from Tihan (or Andrew Thornbury, or whoever the owner is) whether they intend for users to take the 30% cut of their funds. As the owners, they are legally obligated to return users 100% of their funds. That Bitcoinica Consultancy was in charge of security doesn't matter, Tihan is equally at fault since he assigned them the job.

Tihan invested $500k in CoinLab, he should get that back for bitcoinica users if his VC fund is out of funds. CoinLab was a waste of money (mining coins with gamer's GPUs isn't close to competitive with FPGA's and ASICs).

[Bitcoin Oz]

What the fuck was 40 000 bitcoins doing sitting at mt gox. After the first hack it was claimed 80% of funds were sitting in cold storage.

Someone told lies about this too. Can someone dig up the original thread where they promised the coins were in cold storage ?

[jcp]

In any event, employee compensation clawbacks generally are only available for losses that were incurred prior to the payment of the compensation. The idea is that someone who misrepresents the profitability of a business shouldn't benefit from their misconduct by getting a bonus based on the inflated profits. Nothing like that seems to have happened in this case. In many countries (including the United States) you don't have to prove the employee was at fault. It's sufficient to show that the bonus was paid based on incorrect information.

As far as a non-employee clawback goes, generally you can't clawback funds from someone who gave something of comparable value for the funds received unless you can show wrongdoing on their part or the contract specifically permitted a clawback. It's very unlikely that ZhouTong's contract would have permitted a clawback for anything other than a materially significant misrepresentation or omission on his part. And there's no evidence so far, at least as I know, that ZhouTong did anything like that.

Tort law doesn't work that way. Prior principals can be liable, and there is a mountain of case law in common law jurisdictions where this is the case. If full payout was not returned to deposit holders, then there may be liability due to negligence from a lack of due diligence with the buyer / current owner of Bitcoinica. Further, as you implied, if the seller received compensation significantly higher than the true NPV/MTM of the equity, the difference may likely be subject to legal claims even if Zhoutong acted in good faith if the current owners convinced Zhoutong to sell his company so the current owners can strip/steal all the deposits (as the non-disclosure of the ownership transfer was proximate cause for the loss).

It is in Zhoutong's personal best interests to ensure that Bitcoinica client funds are returned in full if he is not colluding with the present owners, otherwise there will be significant economic incentives for deposit holders to investigate the identity of Zhoutong and all parties involved.