Public STATEMENT Regarding Bitcoinica account hack at MtGox

[Aggro]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* On Friday, July 13 I was notified by MtGox that somebody had gain unauthorized access to Bitcoinica's MtGox account. I was also notified that most of the redeemable codes used in the heist were exchanged through AurumXchange on July 12.
* At the time I was on an extended weekend vacation with very limited internet access. I immediately notified Mark Karpeles at MtGox as well as Charlie Shrem at Bitinstant that I would take a closer examination of the situation on Tuesday upon my return.
* Upon closer examination of our database on Tuesday, I discovered that the hacker had indeed exchanged the MtGox coupons to Liberty Reserve through our instant exchange facility. The hacker had also exchanged Liberty Reserve back to MtGox presumably in an effort to conceal and/or "launder" the funds.
* Over all, the hacker exchanged a total of $61,875 USD from MtGox to Liberty Reserve, and a total of $17,500 Liberty Reserve to MtGox, for a grand total of $44,375 MtGox to Liberty Reserve. After our fees, this number amounts to approximately $40,000 USD.
* These orders were placed on our systems between 2012-07-12 11:46:48 and 2012-07-12 19:41:27 UTC.
* The IP addresses used by the hacker belong to TOR exit nodes to my understanding, and are as follows:

31.172.30.1
31.172.30.2
31.172.30.4
77.247.181.165
146.164.91.248
78.108.63.44

* The Liberty Reserve account used by the hacker is U9236056.
* The email address used by the hacker was stevejobs807@gmail.com.
* To my surprise, upon further examination of our order system, I found an order from Zhou Tong to sell Liberty Reserve to us for the amount of USD 40,000, requesting a wire to his bank account in Singapore. The amount for the order closely matches the total USD exchanged through us (after fees) using the MtGox USD codes stolen from the Bitcoinica account.
* This order was placed the next day the hacking attempts occurred. In addition, it should be noted that Zhou Tong has never dealt with us before as an exchange customer.
* This information was immediately sent to our two biggest trusted business partners: MtGox and Bitinstant in an effort to join forces to further investigate this situation.
* Mark Karpeles indicated that there was an account opened at MtGox using the email stevejobs807@gmail.com sometime in 2011.
* Mark replied stating that there was activity on this account, that the account was opened using an IP address belonging to Microsoft Singapore, that Zhou Tong was known to have worked for said company at said location, that the email stevejobs807@gmail.com have been verified, and that ALL activity on this account is linked to the MtGox account belonging to Zhou Tong.
* Mark has also indicated that the very first operation on the MtGox account opened with email stevejobs807@gmail.com was the redeeming of a 10 BTC MtGox code generated from Zhou Tong's account.
* Charlie indicated that Erik Vorhees (a well known member of this community) has emails he exchanged with Zhou using the email address stevejobs807@gmail.com.

At this time, it appears that there is an overwhelming amount of evidence linking Zhou Tong personally to the Bitcoinica account hack at MtGox. Our legal department has advised us to freeze the funds for the exchange order mentioned above until further investigation by the authorities and/or legal proceedings are concluded.

Both Charlie and Mark have informed the current Bitcoinica owners of the situation and advised to start legal proceedings as soon as possible.

Posts corroborating this information from both MtGox and BitInstant will follow. I am technically on vacation until mid august with limited internet access, however, I will attempt to answer any questions the community might have as often as possible. Please understand that some information will not be released until all legal proceedings have been concluded.

Sincerely,

Roberto Gutierrez
General Manager
The AurumXchange Company
https://www.aurumxchange.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG

iQEcBAEBAgAGBQJQEMmpAAoJECR5FGDHgkwDCqMH/Awy/Tjtqw9p/vzVh/ewoYgq
CPCSjWn1OUZGGkCMeA/ZwkPHV8/FgsQqBTfHJKy7OBZPaRyL7KTynFo6/BfUSCiO
tWz4QtRXE8hAV5uJNq6BtUvsSD9LXUFWanSEOZS9mApsmP5jmDc3S7JfBEDHli1w
zE9DXJR5jHQmvloRgafIQNxQq8BK7DKG25LpltXCURpVqWFkmulGsMuCqZ9wV0cb
fP92Hf4U+FnwSiM5TfZDwtOhbub9E6ilzPHBmfOjuneSEN1S49Zq3wl1wv0sHUda
2fJ4jVONpOc6S3pvGN7Jb0pdcUJQtujiOcnc+YbKa1EFBjZYY0WBnJL1EVARy4Q=
=TFJe
-----END PGP SIGNATURE-----

[1715206958]

1715206958

[1715206958]

1715206958

[MagicalTux]

As representative of MtGox, I do confirm the following facts:

• Upon hack of Bitcoinica's account on our platform, a large number of redeemable codes have been issued. Seeing a large volume of codes emitted by Bitcoinica didn't alert us at first as we assumed those were funds returned to Bitcoinica customers, however we were made aware it was not the case upon posting on this forum by Genjix about the account hack. We noticed that most of those codes were sent to AurumXchange.
• Codes were all generated from IP 184.22.31.180 (184-22-31-180.static.hostnoc.net)
  
• During the investigation, AurumXchange asked us if we knew anything about email address stevejobs807@gmail.com which was used by the hacker according to AurumXchange. We found an account under this email which had some activity back in 2011, with access from both an IP at Microsoft Singapore then an IP at Amazon EC2 and which initial funds are deposited from an account known to belong to Zhou Tong.

.
While we have no definitive proof at this time, there is a definitive need for a proper investigation of what happened there. We have got no reply at this time from Bitcoinica LP and its representatives/owners regarding this matter despite many requests.

[Yankee (BitInstant)]

We would like to make a few points:

• I want to thank Roberto for leading the investigation on this one with Mark and myself. We pooled together our resources to connect the dots and paper trail. This just shows that even competitors can work together for the better of the Bitcoin community.
• I can confirm that both Tihan from Bitcoinica LP and Patrick from Bitcoin Consultancy were both alerted about this investigation personally face-to-face by me. I urged them to seek legal action and request clarification from Zhou. I also requested that they decline him further access to any funds in any of the accounts.
• Both assured me separately that action is being taken on this front and on the claims front. They assured me that the claims process will continue pending legal clarifications.
• As you can imagine, we had to keep this information to ourselves for 10 days or so until we can completely verify all the information we presented here.

As more information comes to light and verified, we will release it to you as soon as possible.

Thanks,

Charlie, Bitinstant.

[LightRider]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* On Friday, July 13 I was notified by MtGox that somebody had gain unauthorized access to Bitcoinica's MtGox account. I was also notified that most of the redeemable codes used in the heist were exchanged through AurumXchange on July 12.
* At the time I was on an extended weekend vacation with very limited internet access. I immediately notified Mark Karpeles at MtGox as well as Charlie Shrem at Bitinstant that I would take a closer examination of the situation on Tuesday upon my return.
* Upon closer examination of our database on Tuesday, I discovered that the hacker had indeed exchanged the MtGox coupons to Liberty Reserve through our instant exchange facility. The hacker had also exchanged Liberty Reserve back to MtGox presumably in an effort to conceal and/or "launder" the funds.
* Over all, the hacker exchanged a total of $61,875 USD from MtGox to Liberty Reserve, and a total of $17,500 Liberty Reserve to MtGox, for a grand total of $44,375 MtGox to Liberty Reserve. After our fees, this number amounts to approximately $40,000 USD.
* These orders were placed on our systems between 2012-07-12 11:46:48 and 2012-07-12 19:41:27 UTC.
* The IP addresses used by the hacker belong to TOR exit nodes to my understanding, and are as follows:

31.172.30.1
31.172.30.2
31.172.30.4
77.247.181.165
146.164.91.248
78.108.63.44

* The Liberty Reserve account used by the hacker is U9236056.
* The email address used by the hacker was stevejobs807@gmail.com.
* To my surprise, upon further examination of our order system, I found an order from Zhou Tong to sell Liberty Reserve to us for the amount of USD 40,000, requesting a wire to his bank account in Singapore. The amount for the order closely matches the total USD exchanged through us (after fees) using the MtGox USD codes stolen from the Bitcoinica account.
* This order was placed the next day the hacking attempts occurred. In addition, it should be noted that Zhou Tong has never dealt with us before as an exchange customer.
* This information was immediately sent to our two biggest trusted business partners: MtGox and Bitinstant in an effort to join forces to further investigate this situation.
* Mark Karpeles indicated that there was an account opened at MtGox using the email stevejobs807@gmail.com sometime in 2011.
* Mark replied stating that there was activity on this account, that the account was opened using an IP address belonging to Microsoft Singapore, that Zhou Tong was known to have worked for said company at said location, that the email stevejobs807@gmail.com have been verified, and that ALL activity on this account is linked to the MtGox account belonging to Zhou Tong.
* Mark has also indicated that the very first operation on the MtGox account opened with email stevejobs807@gmail.com was the redeeming of a 10 BTC MtGox code generated from Zhou Tong's account.
* Charlie indicated that Erik Vorhees (a well known member of this community) has emails he exchanged with Zhou using the email address stevejobs807@gmail.com.

At this time, it appears that there is an overwhelming amount of evidence linking Zhou Tong personally to the Bitcoinica account hack at MtGox. Our legal department has advised us to freeze the funds for the exchange order mentioned above until further investigation by the authorities and/or legal proceedings are concluded.

Both Charlie and Mark have informed the current Bitcoinica owners of the situation and advised to start legal proceedings as soon as possible.

Posts corroborating this information from both MtGox and BitInstant will follow. I am technically on vacation until mid august with limited internet access, however, I will attempt to answer any questions the community might have as often as possible. Please understand that some information will not be released until all legal proceedings have been concluded.

Sincerely,

Roberto Gutierrez
General Manager
The AurumXchange Company
https://www.aurumxchange.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG

iQEcBAEBAgAGBQJQEMmpAAoJECR5FGDHgkwDCqMH/Awy/Tjtqw9p/vzVh/ewoYgq
CPCSjWn1OUZGGkCMeA/ZwkPHV8/FgsQqBTfHJKy7OBZPaRyL7KTynFo6/BfUSCiO
tWz4QtRXE8hAV5uJNq6BtUvsSD9LXUFWanSEOZS9mApsmP5jmDc3S7JfBEDHli1w
zE9DXJR5jHQmvloRgafIQNxQq8BK7DKG25LpltXCURpVqWFkmulGsMuCqZ9wV0cb
fP92Hf4U+FnwSiM5TfZDwtOhbub9E6ilzPHBmfOjuneSEN1S49Zq3wl1wv0sHUda
2fJ4jVONpOc6S3pvGN7Jb0pdcUJQtujiOcnc+YbKa1EFBjZYY0WBnJL1EVARy4Q=
=TFJe
-----END PGP SIGNATURE-----

As representative of MtGox, I do confirm the following facts:

• Upon hack of Bitcoinica's account on our platform, a large number of redeemable codes have been issued. Seeing a large volume of codes emitted by Bitcoinica didn't alert us at first as we assumed those were funds returned to Bitcoinica customers, however we were made aware it was not the case upon posting on this forum by Genjix about the account hack. We noticed that most of those codes were sent to AurumXchange.
• Codes were all generated from IP 184.22.31.180 (184-22-31-180.static.hostnoc.net)
  
• During the investigation, AurumXchange asked us if we knew anything about email address stevejobs807@gmail.com which was used by the hacker according to AurumXchange. We found an account under this email which had some activity back in 2011, with access only from an IP at Microsoft Singapore and which initial funds are deposited from an account known to belong to Zhou Tong.

While we have no definitive proof at this time, there is a definitive need for a proper investigation of what happened there. We have got no reply at this date from Bitcoinica LP and its representatives/owners regarding this matter despite many requests.

We would like to make a few points:

• I want to thank Roberto for leading the investigation on this one with Mark and myself. We pooled together our resources to connect the dots and paper trail. This just shows that even competitors can work together for the better of the Bitcoin community.
• I can confirm that both Tihan from Bitcoinica LP and Patrick from Bitcoin Consultancy were both alerted about this investigation personally face-to-face by me. I urged them to seek legal action and request clarification from Zhou. I also requested that they decline him further access to any funds in any of the accounts.
• Both assured me separately that action is being taken on this front and on the claims front. They assured me that the claims process will continue pending legal clarifications.
• As you can imagine, we had to keep this information to ourselves for 10 days or so until we can completely verify all the information we presented here.

As more information comes to light and verified, we will release it to you as soon as possible.

Thanks,

Charlie, Bitinstant.

Wow.

How long until Zhou claims gmail account hack?

I'm gathering some information and a statement will be posted soon.

stevejobs807@gmail.com was indeed my email account used for anonymous testing purpose, however I haven't been using it for a long time. I'm logging in the account to check the suspicious activity and I'll post relevant details as well.

The $40,000 I exchanged at AurumXchange was indeed from a friend. Later I can also post proof that I exchanged another $30,000 at other exchanges during the same period. The total amount far exceeds the stolen amount claimed in the OP. My own Liberty Reserve account number is U7097615.

My email stevejobs807@gmail.com was last accessed from 62.113.219.5 on July 13. The password has not been changed by the hacker (but I have changed just now).

There was an auto-forwarding to ryan@xwaylab.com (which is another email address of mine). However it has been changed to bitcoinicasucks@hotmail.com (which is the email that was used to send the "Bitcoinica is done" email to verify@bitcoinica.com). Of course I couldn't be notified about any email since the change.

The email account had a heavily-reused password (for the sites that I don't intend to share any private data), *at least* it was used on LinkedIn and many other websites.

I have several email communications between stevejobs807@gmail and other email accounts controlled by me, including a testing ticket for Bitcoinica's ZenDesk trial. The email address has never been publicised.

Important discovery in recent emails (all times are in UTC+8):

The hacker registered a Liberty Reserve account U9236056 at Jul 12, 2012 9:42 PM.

There was several emails from Liberty Reserve mentioning "Verification PIN". It can be seen that the liberty reserve account was accessed by at least: 78.108.63.44, 212.84.206.250 and 31.172.30.1.

There were many transactions done at F1ex.com, possibly used to launder Bitcoin. (I checked just now, F1ex.com provides anonymous fixed-rate BTC exchange service.)

The hacker signed up for OKPAY, with IP 31.172.30.1.

The hacker requested a sell-order on AurumXchange, totalling $5000, using the suspicious Liberty Reserve account mentioned by OP. A Chinese bank account was used (Account name: LIU HAIPENG, Account number: 6222020903006086032, Bank: INDUSTRIAL AND COMMERCIAL BANK OF CHINA).

Order link: https://www.aurumxchange.com/order/view/34011/e5b466248e041ebdf2ae793181a840dc

The hacker has also opened a ticket under his own name: https://www.aurumxchange.com/help/ticket.php?track=NLY-9AG-E468&Refresh=24195

He mentioned that I sold him the Mt. Gox codes at half price, which is absolutely not true. It seems that the hacker was trying to relate this event to me as an individual, and this possibly explains the reason that he wanted to "hijack" the email account. All my other email accounts did not have any suspicious access records and their passwords are all secure and different.

This is my *own* genuine transaction at AurumXchange: https://www.aurumxchange.com/order/view/33100/3c05a9a572379bf91620302cc9dd7d22

And my ticket to question the funds: https://www.aurumxchange.com/help/ticket.php?track=J6W-EY3-ZY2U&Refresh=47091

It's important to note that the first time I gained any knowledge about the email being misused is through this thread. Neither AurumXchange nor Mt. Gox has provided me any specific information about the suspicion. Otherwise I could have checked that email account earlier.

I'm willing to co-operate with any ongoing investigation and obviously I'm not trying to run away from this. I have already provided Mt. Gox with my certified copy of passport in an attempt to unlock my account with some Bitcoin balance.

Not long at all!

I have located a suspect, his name is 陈建海(Chen Jianhai). He's NOT my friend and we have never met in person. He was one of my previous business associates because he's very familiar with credit card fraud and he advised me a lot (in terms of fraud prevention, of course) when I built my virtual goods payment processor in late 2010.

He has knowledge of my secret gmail address and I have once re-used the password in his web shop

His English is not very proficient and I'm sure that he's not reading this forum at the moment. I'm giving him a call now to persuade him to admit his wrong-doing and return the funds.

I'll post another thread soon.

An interesting development.

[John (John K.)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* On Friday, July 13 I was notified by MtGox that somebody had gain unauthorized access to Bitcoinica's MtGox account. I was also notified that most of the redeemable codes used in the heist were exchanged through AurumXchange on July 12.
* At the time I was on an extended weekend vacation with very limited internet access. I immediately notified Mark Karpeles at MtGox as well as Charlie Shrem at Bitinstant that I would take a closer examination of the situation on Tuesday upon my return.
* Upon closer examination of our database on Tuesday, I discovered that the hacker had indeed exchanged the MtGox coupons to Liberty Reserve through our instant exchange facility. The hacker had also exchanged Liberty Reserve back to MtGox presumably in an effort to conceal and/or "launder" the funds.
* Over all, the hacker exchanged a total of $61,875 USD from MtGox to Liberty Reserve, and a total of $17,500 Liberty Reserve to MtGox, for a grand total of $44,375 MtGox to Liberty Reserve. After our fees, this number amounts to approximately $40,000 USD.
* These orders were placed on our systems between 2012-07-12 11:46:48 and 2012-07-12 19:41:27 UTC.
* The IP addresses used by the hacker belong to TOR exit nodes to my understanding, and are as follows:

31.172.30.1
31.172.30.2
31.172.30.4
77.247.181.165
146.164.91.248
78.108.63.44

* The Liberty Reserve account used by the hacker is U9236056.
* The email address used by the hacker was stevejobs807@gmail.com.
* To my surprise, upon further examination of our order system, I found an order from Zhou Tong to sell Liberty Reserve to us for the amount of USD 40,000, requesting a wire to his bank account in Singapore. The amount for the order closely matches the total USD exchanged through us (after fees) using the MtGox USD codes stolen from the Bitcoinica account.
* This order was placed the next day the hacking attempts occurred. In addition, it should be noted that Zhou Tong has never dealt with us before as an exchange customer.
* This information was immediately sent to our two biggest trusted business partners: MtGox and Bitinstant in an effort to join forces to further investigate this situation.
* Mark Karpeles indicated that there was an account opened at MtGox using the email stevejobs807@gmail.com sometime in 2011.
* Mark replied stating that there was activity on this account, that the account was opened using an IP address belonging to Microsoft Singapore, that Zhou Tong was known to have worked for said company at said location, that the email stevejobs807@gmail.com have been verified, and that ALL activity on this account is linked to the MtGox account belonging to Zhou Tong.
* Mark has also indicated that the very first operation on the MtGox account opened with email stevejobs807@gmail.com was the redeeming of a 10 BTC MtGox code generated from Zhou Tong's account.
* Charlie indicated that Erik Vorhees (a well known member of this community) has emails he exchanged with Zhou using the email address stevejobs807@gmail.com.

At this time, it appears that there is an overwhelming amount of evidence linking Zhou Tong personally to the Bitcoinica account hack at MtGox. Our legal department has advised us to freeze the funds for the exchange order mentioned above until further investigation by the authorities and/or legal proceedings are concluded.

Both Charlie and Mark have informed the current Bitcoinica owners of the situation and advised to start legal proceedings as soon as possible.

Posts corroborating this information from both MtGox and BitInstant will follow. I am technically on vacation until mid august with limited internet access, however, I will attempt to answer any questions the community might have as often as possible. Please understand that some information will not be released until all legal proceedings have been concluded.

Sincerely,

Roberto Gutierrez
General Manager
The AurumXchange Company
https://www.aurumxchange.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG

iQEcBAEBAgAGBQJQEMmpAAoJECR5FGDHgkwDCqMH/Awy/Tjtqw9p/vzVh/ewoYgq
CPCSjWn1OUZGGkCMeA/ZwkPHV8/FgsQqBTfHJKy7OBZPaRyL7KTynFo6/BfUSCiO
tWz4QtRXE8hAV5uJNq6BtUvsSD9LXUFWanSEOZS9mApsmP5jmDc3S7JfBEDHli1w
zE9DXJR5jHQmvloRgafIQNxQq8BK7DKG25LpltXCURpVqWFkmulGsMuCqZ9wV0cb
fP92Hf4U+FnwSiM5TfZDwtOhbub9E6ilzPHBmfOjuneSEN1S49Zq3wl1wv0sHUda
2fJ4jVONpOc6S3pvGN7Jb0pdcUJQtujiOcnc+YbKa1EFBjZYY0WBnJL1EVARy4Q=
=TFJe
-----END PGP SIGNATURE-----

We would like to make a few points:

• I want to thank Roberto for leading the investigation on this one with Mark and myself. We pooled together our resources to connect the dots and paper trail. This just shows that even competitors can work together for the better of the Bitcoin community.
• I can confirm that both Tihan from Bitcoinica LP and Patrick from Bitcoin Consultancy were both alerted about this investigation personally face-to-face by me. I urged them to seek legal action and request clarification from Zhou. I also requested that they decline him further access to any funds in any of the accounts.
• Both assured me separately that action is being taken on this front and on the claims front. They assured me that the claims process will continue pending legal clarifications.
• As you can imagine, we had to keep this information to ourselves for 10 days or so until we can completely verify all the information we presented here.

As more information comes to light and verified, we will release it to you as soon as possible.

Thanks,

Charlie, Bitinstant.

As representative of MtGox, I do confirm the following facts:

• Upon hack of Bitcoinica's account on our platform, a large number of redeemable codes have been issued. Seeing a large volume of codes emitted by Bitcoinica didn't alert us at first as we assumed those were funds returned to Bitcoinica customers, however we were made aware it was not the case upon posting on this forum by Genjix about the account hack. We noticed that most of those codes were sent to AurumXchange.
• Codes were all generated from IP 184.22.31.180 (184-22-31-180.static.hostnoc.net)
  
• During the investigation, AurumXchange asked us if we knew anything about email address stevejobs807@gmail.com which was used by the hacker according to AurumXchange. We found an account under this email which had some activity back in 2011, with access from both an IP at Microsoft Singapore then an IP at Amazon EC2 and which initial funds are deposited from an account known to belong to Zhou Tong.

.
While we have no definitive proof at this time, there is a definitive need for a proper investigation of what happened there. We have got no reply at this time from Bitcoinica LP and its representatives/owners regarding this matter despite many requests.

My email stevejobs807@gmail.com was last accessed from 62.113.219.5 on July 13. The password has not been changed by the hacker (but I have changed just now).

There was an auto-forwarding to ryan@xwaylab.com (which is another email address of mine). However it has been changed to bitcoinicasucks@hotmail.com (which is the email that was used to send the "Bitcoinica is done" email to verify@bitcoinica.com). Of course I couldn't be notified about any email since the change.

The email account had a heavily-reused password (for the sites that I don't intend to share any private data), *at least* it was used on LinkedIn and many other websites.

I have several email communications between stevejobs807@gmail and other email accounts controlled by me, including a testing ticket for Bitcoinica's ZenDesk trial. The email address has never been publicised.

Important discovery in recent emails (all times are in UTC+8):

The hacker registered a Liberty Reserve account U9236056 at Jul 12, 2012 9:42 PM.

There was several emails from Liberty Reserve mentioning "Verification PIN". It can be seen that the liberty reserve account was accessed by at least: 78.108.63.44, 212.84.206.250 and 31.172.30.1.

There were many transactions done at F1ex.com, possibly used to launder Bitcoin. (I checked just now, F1ex.com provides anonymous fixed-rate BTC exchange service.)

The hacker signed up for OKPAY, with IP 31.172.30.1.

The hacker requested a sell-order on AurumXchange, totalling $5000, using the suspicious Liberty Reserve account mentioned by OP. A Chinese bank account was used (Account name: LIU HAIPENG, Account number: 6222020903006086032, Bank: INDUSTRIAL AND COMMERCIAL BANK OF CHINA).

Order link: https://www.aurumxchange.com/order/view/34011/e5b466248e041ebdf2ae793181a840dc

The hacker has also opened a ticket under his own name: https://www.aurumxchange.com/help/ticket.php?track=NLY-9AG-E468&Refresh=24195

He mentioned that I sold him the Mt. Gox codes at half price, which is absolutely not true. It seems that the hacker was trying to relate this event to me as an individual, and this possibly explains the reason that he wanted to "hijack" the email account. All my other email accounts did not have any suspicious access records and their passwords are all secure and different.

This is my *own* genuine transaction at AurumXchange: https://www.aurumxchange.com/order/view/33100/3c05a9a572379bf91620302cc9dd7d22

And my ticket to question the funds: https://www.aurumxchange.com/help/ticket.php?track=J6W-EY3-ZY2U&Refresh=47091

It's important to note that the first time I gained any knowledge about the email being misused is through this thread. Neither AurumXchange nor Mt. Gox has provided me any specific information about the suspicion. Otherwise I could have checked that email account earlier.

I'm willing to co-operate with any ongoing investigation and obviously I'm not trying to run away from this. I have already provided Mt. Gox with my certified copy of passport in an attempt to unlock my account with some Bitcoin balance.

The important truths

Truth 1: My $40K LR transaction is legitimate at AurumXchange, associated with a friend in Singapore.
Truth 2: All my assets at Mt. Gox, my wallet balances, my recent Bitcoin transactions and the 5,000 BTC compensation are from legitimate sources.
Truth 3: I had no knowledge of myself being suspicious until the public statement was posted by AurumXchange. There's no possible way of me being involved in the investigation earlier.
Truth 4: Even though there's evidence showing that I'm linked to this hack, I have absolutely no relationship with all previous hacks.
Truth 5: If either AurumXchange or Mt. Gox had communicated their investigation with me earlier, there wouldn't be so many wrong interpretations and assumptions and this thread could have come out much earlier.
Truth 6: I didn't steal the money.

Who is Chen Jianhai?

Chen Jianhai is my previous business associate. He was very familiar with credit card fraud and by my observations he's quite active in financial black markets. He didn't know much technical stuff personally but he has many technical people working with him everyday. He heard about Bitcoin from me last year from a random chat, and I have not communicated with him this year.

Did he admit the wrong-doing?

Surprisingly, yes. He strongly denied at first, but he changed his attitude entirely when I mention that this matter is an international-scale crime, and intelligent netizens from all over the world are actively investigating this matter. And I also told him that the accidentally exposed a bank account number. (He claimed that it was a debit card purchased from black market.)

He used my secret identity because he felt that "it would be impossible to discover the hacker" and "it would be much easier to deny if the suspect account is an insider because you (Zhou Tong) can always distract people from investigating". I have repeatedly said that I have zero tolerance in this matter and I will report all his information, including his real bank account number and address to the police once the official investigation has started.

How did he do it?

He said one of his co-workers was quite active in Chinese Bitcoin community and he had noticed the source code of Bitcoinica being leaked. The reason that he (the technical guy) knew the correlation between the Mt. Gox API key and the LastPass master password remains unknown. I have only communicated this password in-person with Tihan in Chimelong Hotel (Guangzhou) lobby once in February this year and I'm quite sure that no one else has paid any attention to our conversation.

He was unwilling to share more information about the specifics of the hack, but he remembered that he only thought of using my secret identity *after* he was able to withdraw money from Mt. Gox. It was possible that he only withdrew the Bitcoins first, and then a few moments later, the USD.

Also he revealed an important piece of information not mentioned in the public statements: He used the Mt. Gox account of Chris Heaslip, which is a verified account, to deposit some Mt. Gox code and buy Bitcoins with the money, and withdrew all of them. This account's credentials were also in the LastPass account.

In the entire process, he used My Wallet (Blockchain.info) with Tor to access the Bitcoins, and he transferred some Bitcoins to his servers in United States as well. The IP 184.22.31.180 (which was used to access Mt. Gox accounts) is actually zeraba.ddns.info. This is actually a public SSH proxy server for some Chinese users to bypass the national firewall with randomly rotating passwords. He had attempted to access the Mt. Gox accounts with Tor and he failed (note: Mt. Gox bans all Tor exit nodes).

How about the money?

He's a multi-millionaire in China living with a family. I'm not sure how much of his money comes from illegal sources but he has a genuine interest in relic collections and he has made a lot of money from speculating precious collections.

After my warning, he seemed unwilling to return the funds. However, I have threatened him with reporting his information to the police. He later more or less agreed to return the funds to Bitcoinica users, under the condition that Bitcoinica will no longer pursue the case (and Bitcoinica isn't pursuing at the moment) and I keep his other personal information secret.

I'm currently in a moral dilemma because even though I don't have definitive proof that Chen Jianhai is indeed a long-time criminal with an active presence in stolen credit cards and possibly other hacks, it might be worthwhile to pursue with police investigation so that justice can be served. However doing that will significantly delay the claiming process of Bitcoinica and the Chinese police may not be willing or capable to effectively investigate or co-operate in this matter. Otherwise I can always get all the stolen funds from him first. The only evidence in my email account was a credit card fraud case of only a few hundred dollars, which isn't very significant compared to the Bitcoinica hack.

Currently I'm very willing to co-operate with any investigation because this is the only way I can completely prove my innocence. However the non-reponse from Bitcoinica side is indeed worrying. I have gathered some data to estimate the amount that can be recovered from Chen Jianhai:

USD: about $140,000 + $5000 frozen at AurumXchange (under SJ account)
BTC: about 20,000 BTC

There's an unknown amount of funds left in Chris Heaslip's account and I have no way of knowing the exact balance.

It's important to note that the pending $40,000 transaction at AurumXchange is my genuine transaction, so it can be used to offset the USD payment. And also all Bitcoin balances in my Mt. Gox account are mine, and it shouldn't be used to further compensate Bitcoinica customers as well.

However, my previous donation of 5,000 BTC and community donation of 101 BTC were entirely separate from this matter and the claimants can rightfully hold on to the full amount. These funds come from my profits of previous sale at Bitcoinica, and I genuinely feel that Bitcoinica users deserve the early compensation due to them being affected by the inefficiencies of Bitcoinica's operations.

Chen Jianhai was only able to offer the above-mentioned amount due to the cost of his laundering activities and also the significantly lower Bitcoin price when he cashed out. If Bitcoinica or the community wants him to cover the full amount at today's prices, I'm willing to co-operate with any police investigation. But either case, my previous donation should have pretty much covered the difference.

It's up to Bitcoinica to appoint a bank account and also a Bitcoin address so that Chen Jianhai (or possibly I) can return the funds. AurumXchange can either return the $40,000 to me, or send the funds to Bitcoinica's nominated account (in which case another $100,000 will be sent to Bitcoinica from Chen Jianhai or me).

About my situation

I'm not asking him to transfer to me or to anyone else the amount today because it can be illegal to possess such funds until Bitcoinica has provided any written form of authorisation and/or agreement (so that I won't be wronged again because of arranging the return of the stolen funds).

It's important to note that I have been, I am and I will always be standing on the side of Bitcoinica customers, regardless of my position and situation at Bitcoinica. I have absolutely no tolerance of illegal activity of any kind, especially those damaging my personal reputation.

I promise that I have honestly reported the amounts and 100% of those recovered from Chen Jianhai will be returned to Bitcoinica's customers. At the same time, I have to emphasise that Bitcoinica should return the amounts to customers as quickly as possible, so that the company and related people will not get into serious legal troubles. It's my best interest to make Bitcoinica's customers happy so that this issue will not have further impact on my future careers.

I have no problem of either formal police investigation, or returning the funds without police investigation. I would prefer the former so that my name can be cleared, but I guess that some Bitcoinica customers may choose the latter.

Sitenote: I have released an improved design of NameTerrific (https://www.nameterrific.com/), which I finished during my lunch break, until AurumXchange's statement was posted.

I have located a suspect, his name is 陈建海(Chen Jianhai). He's NOT my friend and we have never met in person. He was one of my previous business associates because he's very familiar with credit card fraud and he advised me a lot (in terms of fraud prevention, of course) when I built my virtual goods payment processor in late 2010.

He has knowledge of my secret gmail address and I have once re-used the password in his web shop

His English is not very proficient and I'm sure that he's not reading this forum at the moment. I'm giving him a call now to persuade him to admit his wrong-doing and return the funds.

I'll post another thread soon.

Updated with notable quotes.

[sadpandatech]

HOLY FUGGIN SHIZ...  Well, that explains why they(reamining Bitcoinica admin) finally decided to lock out some of the access ZT said he still had just a few days ago.



WOW, just speachless.



THANK YOU a thousand times, Roberto Gutierrez and crew!!!!!





Question;  Are you able to query LR for more info on the U9236056 account?




ZT, man. For being such a highly intelligent guy, you are not so bright. And I don't mean for getting caught. I mean for assuming these people aorund here won't travel to your ass.......

[TheButterZone]

Quick, someone check if that gmail account has the same pass as the API key!

[MrTeal]

Sigh... kiba, what say you now?

[repentance]

It's good to see the exchanges co-operating with each other for the benefit of the community.

While it's obvious that users won't get their funds back any time soon, if at all, at least people now have a clearer idea of what really went down.  

[phungus]

Oh wowie! I had a feeling!

[kiba]

Very interesting information.

However, I will reserve all judgement as a member of this community until the criminal/civil legal proceeding is complete. The accusation is heavy for a person who have his whole life ahead of him. If Zhou Tong is responsible for the theft, I hope he will do the right thing and return the funds promptly and quickly as possible so that bitcoinica customers can move on with their lives.

[theymos]

It seems proven that Zhou Tong owns stevejobs807@gmail.com, but how did you verify that the hacker controls this email address?

* To my surprise, upon further examination of our order system, I found an order from Zhou Tong to sell Liberty Reserve to us for the amount of USD 40,000, requesting a wire to his bank account in Singapore.

How do you know that Zhou Tong owns this account?

[sadpandatech]

Very interesting information.

However, I will reserve all judgement as a member of this community until the criminal/civil legal proceeding is complete. The accusation is heavy for a person who have his whole life ahead of him. If Zhou Tong is responsible for the theft, I hope he will do the right thing and return the funds promptly and quickly as possible so that bitcoinica customers can move on with their lives.

One can sure preserve their faith in humanity and not be faulted for it. I don't blame you, m8.



Sadly, ZT's little show of guilty conscience by doing that quick 5k claim, oh I feel so bad for everyone here is a mere pitance of what I took, would tell me that he had washed himself of feeling bad and moved one at that point.  Or, it was just a lame attempt at further trying to distance himsself from the suspect spotlight.


The whole thing literally just gave me heartburn. And I lost 0 coins there. :/

[neofutur]

• Mark replied stating that there was activity on this account, that the account was opened using an IP address belonging to Microsoft Singapore, that Zhou Tong was known to have worked for said company at said location,

fyi same microsoft ip was used by zhou tong on freenode IRC #bitcoinica since October 19 2011

log extracts from October 2011

Code:

2011-10-19 12:13<  neofutur> zhoutong: I m trying bitcoinica and I like it
2011-10-19 12:13<  neofutur> but . . . i m pretty much afraid by your ip / whois
2011-10-19 12:14<  neofutur> is bitcoinica a microsoft owned or sponsored project ?
2011-10-19 12:18<  neofutur> (12:12) -!- zhoutong [~zhoutong@111.221.80.132]
2011-10-19 21:52-!- zhoutong [~zhoutong@111.221.80.132] has quit [Read error: Connection
                   reset by peer]
2011-10-19 21:54-!- zhoutong [~zhoutong@111.221.80.132] has joined #bitcoinica

[kiba]

Sigh... kiba, what say you now?

You can quibble over my judgement over previous line of evidence, but now I updated my belief about this incident to 80%(and increasing) probability of an inside job.

However, I will assume Zhou Tong innocent until the legal proceeding is resolved or Zhou Tong admit to the theft.

[repentance]

It seems proven that Zhou Tong owns stevejobs807@gmail.com, but how did you verify that the hacker controls this email address?

* To my surprise, upon further examination of our order system, I found an order from Zhou Tong to sell Liberty Reserve to us for the amount of USD 40,000, requesting a wire to his bank account in Singapore.

How do you know that Zhou Tong owns this account?

Zhou admitted on here the other day that he sold a large amount of Liberty Reserve following the hack - people had already noticed the transactions and asked him about them.  He said he did it "for a friend".

[kiba]

Zhou admitted on here the other day that he sold a large amount of Liberty Reserve following the hack - people had already noticed the transactions and asked him about them.  He said he did it "for a friend".

Can you extract the log saying why he did it?

[ElectricMucus]

To be honest that comes out not as big as a surprise....  

The only question I have is: Why wasn't that information made public sooner?

[Bitcoin Oz]

Zhou Tong has some explaining to do. Perhaps on #bitcoin-court

[kiba]

To be honest that comes out not as big as a surprise....  

The only question I have is: Why wasn't that information made public sooner?

They were...investigating? I mean, we are talking about a prominent bitcoin community member who have a big reputation(which is now busted). Would you accuse a person who seems so trustworthy without a lot of investigating? I think not.

[adamstgBit]

could Z have also been behind the other bitcoina "hacks"?

[zhoutong]

I'm gathering some information and a statement will be posted soon.

stevejobs807@gmail.com was indeed my email account used for anonymous testing purpose, however I haven't been using it for a long time. I'm logging in the account to check the suspicious activity and I'll post relevant details as well.

The $40,000 I exchanged at AurumXchange was indeed from a friend. Later I can also post proof that I exchanged another $30,000 at other exchanges during the same period. The total amount far exceeds the stolen amount claimed in the OP. My own Liberty Reserve account number is U7097615.

[ElectricMucus]

I'm gathering some information and a statement will be posted soon.

stevejobs807@gmail.com was indeed my email account used for anonymous testing purpose, however I haven't been using it for a long time. I'm logging in the account to check the suspicious activity and I'll post relevant details as well.

The $40,000 I exchanged at AurumXchange was indeed from a friend. Later I can also post proof that I exchanged another $30,000 at other exchanges during the same period. The total amount far exceeds the stolen amount claimed in the OP. My own Liberty Reserve account number is U7097615.

oh boy here we go.

[phantomcircuit]

I'm gathering some information and a statement will be posted soon.

stevejobs807@gmail.com was indeed my email account used for anonymous testing purpose, however I haven't been using it for a long time. I'm logging in the account to check the suspicious activity and I'll post relevant details as well.

The $40,000 I exchanged at AurumXchange was indeed from a friend. Later I can also post proof that I exchanged another $30,000 at other exchanges during the same period. The total amount far exceeds the stolen amount claimed in the OP. My own Liberty Reserve account number is U7097615.

https://www.youtube.com/watch?v=2g5Hz17C4is

[kiba]

I'm gathering some information and a statement will be posted soon.

stevejobs807@gmail.com was indeed my email account used for anonymous testing purpose, however I haven't been using it for a long time. I'm logging in the account to check the suspicious activity and I'll post relevant details as well.

The $40,000 I exchanged at AurumXchange was indeed from a friend. Later I can also post proof that I exchanged another $30,000 at other exchanges during the same period. The total amount far exceeds the stolen amount claimed in the OP. My own Liberty Reserve account number is U7097615.

I will give you the benefit of the doubt until the very end even if nobody else will, but it is up to you to defend yourself.

[repentance]

Zhou admitted on here the other day that he sold a large amount of Liberty Reserve following the hack - people had already noticed the transactions and asked him about them.  He said he did it "for a friend".

Can you extract the log saying why he did it?

Roberto has linked the relevant posts.

I'll quote in case of edits.

Since my name has been mentioned I would just reply in this thread anyway. I'll explain this, for once and for all.

As I explained in the QQ Group where the trades happened, I was cashing out for a Singaporean friend who has $100K in total in several LR accounts. I was able to get much better USD/SGD exchange rates than any bank customers. (I was able to get "interbank" rates: https://bitcointalk.org/index.php?topic=76156.0)

I was not "in a hurry". Even on today I have done a deal with someone. (7 days is not "hurry".)

The rate was not bad. Most e-currency exchanges charge 1.5%-2% plus wire fees (about $50 per transaction including routing fees). USD/CNY exchange rate is highly stable and I can access to discounted exchange rate through my Chinese bank as well. I actually got a better deal.

And it's definitely not $40K (which is the stolen USD amount that Bitcoinica claims). I have also placed a single $40K AurumXchange order during the same period.

I still have an operating business in Singapore (http://www.sgitcoin.com/) and this service is actually quite popular (top Google result for "buy bitcoin in singapore"). Therefore I regularly deal with foreign exchange, money transfers and e-currencies.

This kind of transactions are very common to me. It happens all the time before the hack. (For example, trading over $20K with UserXXX: https://bitcointalk.org/index.php?topic=93109.msg1039996#msg1039996)

The only question I have is: Why wasn't that information made public sooner?

Be thankful it's been released at all.  This is a criminal matter and the exchanges are under no obligation whatsoever to pass on any information they have to anyone other than law enforcement.

[Bitcoin Oz]

What is the punishment for theft in Singapore ?

[kiba]

What is the punishment for theft in Singapore ?

Dunno. It's time to read up on the Singaporean legal system I guess. I am hoping when they do a trial, we will be able to see transparently every piece of evidence, opinions, etc, or something like that.

[Bitcoin Oz]

What is the punishment for theft in Singapore ?

Dunno. It's time to read up on the Singaporean legal system I guess. I am hoping when they do a trial, we will be able to see transparently every piece of evidence, opinions, etc, or something like that.

This ids a good time to use http://judge.me

[repentance]

I'm gathering some information and a statement will be posted soon.

stevejobs807@gmail.com was indeed my email account used for anonymous testing purpose, however I haven't been using it for a long time. I'm logging in the account to check the suspicious activity and I'll post relevant details as well.

The $40,000 I exchanged at AurumXchange was indeed from a friend. Later I can also post proof that I exchanged another $30,000 at other exchanges during the same period. The total amount far exceeds the stolen amount claimed in the OP. My own Liberty Reserve account number is U7097615.

So are you saying that you used a different email when you sold the LR for your friend?

How would a hacker benefit from using the SJ email to have a wire sent to your bank account?

This ids a good time to use http://judge.me

Judge me is intended to operate as a mediation service in civil matters.  It's not intended to handle criminal matters such as embezzlement.

[kiba]

I am thinking this could be a setup job by Zhou's 'friend'. Based on previous history, Zhou shows lot of integrity but not much "wise judgement".

But without evidence to back it up, it is a baseless speculation and we're relying on Zhou's word that it's a "friend". I hope a proper investigation will reveal more.

[Transisto]

Zhou 5k giveaway was very very suspicious of me,  He basicaly sent BTCs to anyone, affected or not.   Oh and BTW he didn't sent me shit.

[LoupGaroux]

Stunned that anybody can suspend dis-belief in this matter to even type the words that Zhou might be innocent in this. Scammer Boy just got caught red-handed, time for some biblical justice to get served up.

[Bitcoin Oz]

I'm gathering some information and a statement will be posted soon.

stevejobs807@gmail.com was indeed my email account used for anonymous testing purpose, however I haven't been using it for a long time. I'm logging in the account to check the suspicious activity and I'll post relevant details as well.

The $40,000 I exchanged at AurumXchange was indeed from a friend. Later I can also post proof that I exchanged another $30,000 at other exchanges during the same period. The total amount far exceeds the stolen amount claimed in the OP. My own Liberty Reserve account number is U7097615.

So are you saying that you used a different email when you sold the LR for your friend?

How would a hacker benefit from using the SJ email to have a wire sent to your bank account?

This ids a good time to use http://judge.me

Judge me is intended to operate as a mediation service in civil matters.  It's not intended to handle criminal matters such as embezzlement.

Its hard to say which jurisdiction will handle this . Interpol?

[stochastic]

Stunned that anybody can suspend dis-belief in this matter to even type the words that Zhou might be innocent in this. Scammer Boy just got caught red-handed, time for some biblical justice to get served up.

Agree, he better stay in China if he does not want to be extradited.

[ArticMine]

What is the punishment for theft in Singapore ?

I believe it can be a fine, imprisonment or caning. http://en.wikipedia.org/wiki/Caning_in_Singapore

[kiba]

I believe it can be a fine, imprisonment or caning. http://en.wikipedia.org/wiki/Caning_in_Singapore

Wikipedia article doesn't contains the word "embezzlement".

[kiba]

Stunned that anybody can suspend dis-belief in this matter to even type the words that Zhou might be innocent in this. Scammer Boy just got caught red-handed, time for some biblical justice to get served up.

Everybody have the right to a trial and due process of law, no matter how douchebag or guilty a person is.

[zhoutong]

My email stevejobs807@gmail.com was last accessed from 62.113.219.5 on July 13. The password has not been changed by the hacker (but I have changed just now).

There was an auto-forwarding to ryan@xwaylab.com (which is another email address of mine). However it has been changed to bitcoinicasucks@hotmail.com (which is the email that was used to send the "Bitcoinica is done" email to verify@bitcoinica.com). Of course I couldn't be notified about any email since the change.

The email account had a heavily-reused password (for the sites that I don't intend to share any private data), *at least* it was used on LinkedIn and many other websites.

I have several email communications between stevejobs807@gmail and other email accounts controlled by me, including a testing ticket for Bitcoinica's ZenDesk trial. The email address has never been publicised.

Important discovery in recent emails (all times are in UTC+8):

The hacker registered a Liberty Reserve account U9236056 at Jul 12, 2012 9:42 PM.

There was several emails from Liberty Reserve mentioning "Verification PIN". It can be seen that the liberty reserve account was accessed by at least: 78.108.63.44, 212.84.206.250 and 31.172.30.1.

There were many transactions done at F1ex.com, possibly used to launder Bitcoin. (I checked just now, F1ex.com provides anonymous fixed-rate BTC exchange service.)

The hacker signed up for OKPAY, with IP 31.172.30.1.

The hacker requested a sell-order on AurumXchange, totalling $5000, using the suspicious Liberty Reserve account mentioned by OP. A Chinese bank account was used (Account name: LIU HAIPENG, Account number: 6222020903006086032, Bank: INDUSTRIAL AND COMMERCIAL BANK OF CHINA).

Order link: https://www.aurumxchange.com/order/view/34011/e5b466248e041ebdf2ae793181a840dc

The hacker has also opened a ticket under his own name: https://www.aurumxchange.com/help/ticket.php?track=NLY-9AG-E468&Refresh=24195

He mentioned that I sold him the Mt. Gox codes at half price, which is absolutely not true. It seems that the hacker was trying to relate this event to me as an individual, and this possibly explains the reason that he wanted to "hijack" the email account. All my other email accounts did not have any suspicious access records and their passwords are all secure and different.

This is my *own* genuine transaction at AurumXchange: https://www.aurumxchange.com/order/view/33100/3c05a9a572379bf91620302cc9dd7d22

And my ticket to question the funds: https://www.aurumxchange.com/help/ticket.php?track=J6W-EY3-ZY2U&Refresh=47091

It's important to note that the first time I gained any knowledge about the email being misused is through this thread. Neither AurumXchange nor Mt. Gox has provided me any specific information about the suspicion. Otherwise I could have checked that email account earlier.

I'm willing to co-operate with any ongoing investigation and obviously I'm not trying to run away from this. I have already provided Mt. Gox with my certified copy of passport in an attempt to unlock my account with some Bitcoin balance.

[zhoutong]

So are you saying that you used a different email when you sold the LR for your friend?

How would a hacker benefit from using the SJ email to have a wire sent to your bank account?

I use my own Liberty Reserve account for all my own transactions, including those on behalf of my friend.

I placed the order from my own LR to send to my own bank account, and it's a genuine transaction unrelated to the hack.

The hacker has attempted to withdraw money from the SJ email to his bank account or another bank account that he controls. I have posted the detailed information in the statement.

[repentance]

Its hard to say which jurisdiction will handle this . Interpol?

Interpol is just a clearing house which co-ordinates co-operation between the law enforcement agencies of different nations.  Jurisdiction would belong to the nation from which the crime is deemed to have been committed or to have taken place (where there are multiple jurisdictions involved, one place can cede jurisdiction to another).

Jurisdiction doesn't become an issue until a criminal investigation has been conducted.  Mt Gox is the only party so far which acknowledges having filed a police report.  I suspect that the release of this information will prompt people to file reports with the appropriate computer crime units in their own countries (I know one person had already reported the Bitcoinica hacks to the DoJ in the US).  It's those law enforcement agencies who'll determine if any charges are laid and where.

It would certainly be wise for Zhou to retain a lawyer at this point.

[k9quaint]

Stunned that anybody can suspend dis-belief in this matter to even type the words that Zhou might be innocent in this. Scammer Boy just got caught red-handed, time for some biblical justice to get served up.

Agree, he better stay in China if he does not want to be extradited.

Does all the Bitcoinica drama actually boil down to "I gave some BTC to some guy in China, and he won't give them back!" ??

[zhoutong]

could Z have also been behind the other bitcoina "hacks"?

No, none of the hacks was performed by me.

[Transisto]

could Z have also been behind the other bitcoina "hacks"?

No, none of the hacks was performed by me.

Thanks for this useful post.

[fellowtraveler]

I feel compelled to write, that people should be very careful about their words and actions.

The amounts of money involved here -- people are murdered over these sorts of things every day.

The Bitcoin community needs to get its act together on security. Censorship-resistant is good, but it's not enough.

All it will take is one Bitcoin-related murder, and things will change in our community forever.

Even though many are murdered for dollars every day.

[ArticMine]

Here is the link to the official Singapore Government Website http://statutes.agc.gov.sg/ There are many offenses for which caning is part of the punishment.

[LightRider]

I feel compelled to write, that people should be very careful about their words and actions.

The amounts of money involved here -- people are murdered over these sorts of things every day.

The Bitcoin community needs to get its act together on security. Censorship-resistant is good, but it's not enough.

All it will take is one Bitcoin-related murder, and things will change in our community forever.

Even though many are murdered for dollars every day.

Such is the aberrant behavior promoted and supported by the distorted values of a monetary system.

[Transisto]

I feel compelled to write, that people should be very careful about their words and actions.
...
All it will take is one Bitcoin-related murder, and things will change in our community forever.
...

Good advice, the community could change in a good way too.

It's sometime impressive the things peoples think getting away with. (with a legal slap on the hand)

[MemoryDealers]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bitcoinica Hacker,

I am owed 24841 BTC by Bitcoinica,
So far I have received 1549.3209 back from Zhou Tong and 1 BTC from an anonymous donor.

Please return the remaining 23,290.6791 BTC to 16HMoS4TryH7wWsAv2PtvxiHX8QGXMGczi

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJQEOIqAAoJEClapCtxKMpSZIIQAIQdd+cJtQTqzWMwGQY4gr3o
Z58XHXvsuancxrZPfPTive66oAle30zUpbZnMEcOjRKGAcQAItFHrcnBKxkr0Cic
32frmzVBJvnx2c7zmNrc4mYSk0kwnuJ8gE3vuK6RL0OaarH7v7tewhwqfDF1zRn/
v9TLSpU97vo1qXp5AuGjzeVuZNfznx/a9ozazwzDXaRVrPIHO1Fu6bWKPLlZfiGU
EKRKTA+95hccvS7SyNu/W+pSQXNMfv81ZsPb2Y9JLGrqNMnArCNzbUZgpH+zPo2n
SCo4cw5Texjm1tiruRCBfDT74SdhO1GxiJOmkGkph4i4+aBA3FolNCJcc22le/lp
Q9lYaqbTJ9WxTxfi8K9PSD01xV/BhNFGbmqKjuE1j9OnoCfQq1g3VprDSaGMjBoD
9hG5eq52pWsCwpYvm0/kjeiNQBCfnM4V15MUHrQI47RlUC5k1UYXHlX/hZWiKfIs
0hF3vcnrcghY+r7QYU7c2y2FxmuJ4P8S3GAMXBZgEH4iBiuns7H1jblqZwp4/DQj
YcZQznpcw7VYEixdv41X/qyiz9rGkeH7taPmRDfiYsLbASCiGMwxhTfgYJRHXFXp
oHjwjpgDLIF1yNisDSXYEwS50LjMRKCJv194jalsci91xUNz00Nf5JVwFHepZqrD
AldwR2KFkeMV2g2hA9x4
=cq/J
-----END PGP SIGNATURE-----

[zhoutong]

So are you saying that you used a different email when you sold the LR for your friend?

How would a hacker benefit from using the SJ email to have a wire sent to your bank account?

I use my own Liberty Reserve account for all my own transactions, including those on behalf of my friend.

I placed the order from my own LR to send to my own bank account, and it's a genuine transaction unrelated to the hack.

The hacker has attempted to withdraw money from the SJ email to his bank account or another bank account that he controls. I have posted the detailed information in the statement.

Let me see if I understand this correctly. You are claiming that the VERY next day from the hack, you exchanged an ungodly amount of Liberty Reserve "for a friend" using three different well known Liberty Reserve exchangers (as per your own admission on our ticket system), and yet, this is totally unrelated and purely coincidental?

By the way, you have stated on a previous post that the amount exchanged in Liberty Reserve is "far superior" to the one stated in the OP. What you failed to mention is that BTC were also stolen from the Bitcoinica account, and that those bitcoins can be easily converted to LR using a plethora of services online (including the one that the "hacker" who allegedly hacked your email account) used.

We have been in business since 2007 and have never froze a single payment. Believe me when I say that the information (both publicized and some kept private for legal reason) is absolutely overwhelming.

I must be extremely stupid to hack the Mt. Gox account and cash out the very next day at an exchange with very close ties with Bitcoin community. (Isn't that shooting myself?) I used three different exchangers because some of them didn't have sufficient reserves in their bank and I didn't fully trust them either. AurumXchange was the exchange I trusted the most because Bitcoinica had a close business partnership with you previously.

There's nothing coincidental about your evidence.

Also, if you shared this with me earlier in the ticket instead of posting a "statement" like this I could co-operate with the investigation much better. I didn't have a single clue that you are indeed correlating the hack with my private transaction at your exchange.

[repentance]

Zhou, whether you're innocent or guilty you need to get a lawyer and shut the fuck up.  There is no way in which continuing to post here regarding this incident can possibly benefit you at this time.

You posted the other day that what you feared most from the Bitcoinica clusterfuck was criminal charges which would affect your future.  That's now a distinct possibility, so stop worrying about arguing with people on the internet and spend your time and energy on engaging a lawyer who can help you defend yourself against these accusations.  This isn't a game.

[crazy_rabbit]

I feel compelled to write, that people should be very careful about their words and actions.

The amounts of money involved here -- people are murdered over these sorts of things every day.

The Bitcoin community needs to get its act together on security. Censorship-resistant is good, but it's not enough.

All it will take is one Bitcoin-related murder, and things will change in our community forever.

Even though many are murdered for dollars every day.

I think it's fair enough to also mention that people shouldn't immediately discount the possibility that if Zhou is responsible that he could have been forced somehow into doing it. Just as the amounts of money are large enough to perhaps incite someone to take undue retribution, they are large enough to have attractive the interest of people who would extort a person for it. I know it sounds far fetched, and I'm probably grabbing at straws, but perhaps someone could have forced him to do it.

[crazy_rabbit]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bitcoinica Hacker,

I am owed 24841 BTC by Bitcoinica,
So far I have received 1549.3209 back from Zhou Tong and 1 BTC from an anonymous donor.

Please return the remaining 23,290.6791 BTC to 16HMoS4TryH7wWsAv2PtvxiHX8QGXMGczi

wow that's breathtaking.

[LoupGaroux]

Zhou, whether you're innocent or guilty you need to get a lawyer and shut the fuck up.  There is no way in which continuing to post here regarding this incident can possibly benefit you at this time.

You posted the other day that what you feared most from the Bitcoinica clusterfuck was criminal charges which would affect your future.  That's now a distinct possibility, so stop worrying about arguing with people on the internet and spend your time and energy on engaging a lawyer who can help you defend yourself against these accusations.  This isn't a game.

Good advice. Damn good advice. You need to lawyer up, shut the fuck up, and pray to whatever God you hold holy that they lunatic fringe in this community doesn't decide to take it out you one coin at a very painful time.

And stop telling lies that will further entrap you. You are not good at fabricating bullshit, and when this all gets brought out in court you are going to go down faster than a ten cent whore on payday.

[MagicalTux]

I must be extremely stupid to hack the Mt. Gox account and cash out the very next day at an exchange with very close ties with Bitcoin community. (Isn't that shooting myself?) I used three different exchangers because some of them didn't have sufficient reserves in their bank and I didn't fully trust them either. AurumXchange was the exchange I trusted the most because Bitcoinica had a close business partnership with you previously.

There's nothing coincidental about your evidence.

Also, if you shared this with me earlier in the ticket instead of posting a "statement" like this I could co-operate with the investigation much better. I didn't have a single clue that you are indeed correlating the hack with my private transaction at your exchange.

Whatever the circumstances may be, AurumXchange deemed the situation too dangerous to decide to unlock the funds.

As long as you can prove the origin of the funds you've been transferring, there shouldn't be any issue.

[jimbobway]

Crazy times.

[dancingnancy]

Damn.  I have trust in ZT for reason still.  Innocent until proven guilty, IMO.  There is a chance there could be someone close to him fucking him over.  It would have to be someone real close, perhaps the person you were giving this money to?  He would know this would look suspicious because he timed it as such.

If there is a way for GMail to get involved to hash out the IP situation that would be ideal.  

ZT- if you did this buddy, best thing to do is to seriously pay everyone back and accept whatever leaner penalties come your way.  Way too much ahead in your life to be messing around with $200,000.  In your best years ahead that would be a monthly take home easy.  I am still giving you the benefit of the doubt, but if you really did man, well seriously, it is time to give up and return it all now.  You can still salvage your life.

[zhoutong]

I must be extremely stupid to hack the Mt. Gox account and cash out the very next day at an exchange with very close ties with Bitcoin community. (Isn't that shooting myself?) I used three different exchangers because some of them didn't have sufficient reserves in their bank and I didn't fully trust them either. AurumXchange was the exchange I trusted the most because Bitcoinica had a close business partnership with you previously.

There's nothing coincidental about your evidence.

Also, if you shared this with me earlier in the ticket instead of posting a "statement" like this I could co-operate with the investigation much better. I didn't have a single clue that you are indeed correlating the hack with my private transaction at your exchange.

Whatever the circumstances may be, AurumXchange deemed the situation too dangerous to decide to unlock the funds.

As long as you can prove the origin of the funds you've been transferring, there shouldn't be any issue.

I'll try to ask my friend if he's okay with publicizing the related transactions, or I can wait until the investigation is concluded (or the real hacker being found).

Anyway I have already sent out the certified copy of my AML documents and they should arrive in 2-3 days. I hope my Mt. Gox account can be unblocked then.

[kiba]

I'll try to ask my friend if he's okay with publicizing the related transactions, or I can wait until the investigation is concluded (or the real hacker being found).

Anyway I have already sent out the certified copy of my AML documents and they should arrive in 2-3 days. I hope my Mt. Gox account can be unblocked then.

No offense, you should shut up and get a lawyer? Well, if you're still posting after that, I doubt no advice will help you now.

[naima53]

wow .... This is an attempt to falsely accuse Zhou ... What are you afraid? This man is not so stupid as to use the clean ip address. And publish his photos after it ... In any case, now it is excluded from the list.

[zhoutong]

Damn.  I have trust in ZT for reason still.  Innocent until proven guilty, IMO.  There is a chance there could be someone close to him fucking him over.  It would have to be someone real close, perhaps the person you were giving this money to?  He would know this would look suspicious because he timed it as such.

If there is a way for GMail to get involved to hash out the IP situation that would be ideal.  

ZT- if you did this buddy, best thing to do is to seriously pay everyone back and accept whatever leaner penalties come your way.  Way too much ahead in your life to be messing around with $200,000.  In your best years ahead that would be a monthly take home easy.  I am still giving you the benefit of the doubt, but if you really did man, well seriously, it is time to give up and return it all now.  You can still salvage your life.

There's no reason that I'd forgo my integrity and all the reputation for just $200,000 at such a young age. I was working very hard for my new project (and a new homepage design will be deployed today) and it's simply outside my attention to commit such a thing.

I'll commit any reasonable effort to get justice back.

[zhoutong]

I'll try to ask my friend if he's okay with publicizing the related transactions, or I can wait until the investigation is concluded (or the real hacker being found).

Anyway I have already sent out the certified copy of my AML documents and they should arrive in 2-3 days. I hope my Mt. Gox account can be unblocked then.

No offense, you should shut up and get a lawyer? Well, if you're still posting after that, I doubt no advice will help you now.

I requested the corporate address of AurumXchange so that I can possibly engage a lawyer to deal with their investigation. However they released this "statement" without notifying me. I was totally shocked because I didn't have a single clue about their investigation. It's really unfair that they are willing to release information to the public but not me.

[kiba]

There's no reason that I'd forgo my integrity and all the reputation for just $200,000 at such a young age. I was working very hard for my new project (and a new homepage design will be deployed today) and it's simply outside my attention to commit such a thing.

I'll commit any reasonable effort to get justice back.

Now, if you really are innocent, you seem to have exercised very poor judgement about pretty much everything.(your friend, not taking advice of security professionals, etc) And if you're cleared, you still have the reputation of high integrity, but nobody would ever trust you because you lack wisdom. (At least, I wouldn't)

[MagicalTux]

There's no reason that I'd forgo my integrity and all the reputation for just $200,000 at such a young age. I was working very hard for my new project (and a new homepage design will be deployed today) and it's simply outside my attention to commit such a thing.

I'll commit any reasonable effort to get justice back.

Considering the number of elements published so far, the criminal behind this is someone with really close ties to Bitcoinica and/or you. We have some more evidence that we haven't published yet but also points in that direction.

We will comply (and I am sure AurumXchange will too) with any investigation aiming at solving this mess.

[stochastic]

Damn.  I have trust in ZT for reason still.  Innocent until proven guilty, IMO.  There is a chance there could be someone close to him fucking him over.  It would have to be someone real close, perhaps the person you were giving this money to?  He would know this would look suspicious because he timed it as such.

If there is a way for GMail to get involved to hash out the IP situation that would be ideal.  

ZT- if you did this buddy, best thing to do is to seriously pay everyone back and accept whatever leaner penalties come your way.  Way too much ahead in your life to be messing around with $200,000.  In your best years ahead that would be a monthly take home easy.  I am still giving you the benefit of the doubt, but if you really did man, well seriously, it is time to give up and return it all now.  You can still salvage your life.

There's no reason that I'd forgo my integrity and all the reputation for just $200,000 at such a young age. I was working very hard for my new project (and a new homepage design will be deployed today) and it's simply outside my attention to commit such a thing.

I'll commit any reasonable effort to get justice back.

When I was young these guys from my high school thought they could rob a McDonald's safe by using a blowtorch and cut a hole through it.  They did it because they thought they would not get caught.  Unfortunately, the McDonald's caught on fire from the grease and my uncle was killed in the fire (he was a firefighter).

[LightRider]

There are no winners in the game of money.

[kiba]

Considering the number of elements published so far, the criminal behind this is someone with really close ties to Bitcoinica and/or you. We have some more evidence that we haven't published so far but also points in that direction.

We will comply (and I am sure AurumXchange will too) with any investigation aiming at solving this mess.

Can you confirm or deny that a police investigation is ongoing?

[MagicalTux]

Considering the number of elements published so far, the criminal behind this is someone with really close ties to Bitcoinica and/or you. We have some more evidence that we haven't published so far but also points in that direction.

We will comply (and I am sure AurumXchange will too) with any investigation aiming at solving this mess.

Can you confirm or deny that a police investigation is ongoing?

As of today, we have received no contact from any involved party stating a police investigation is ongoing, nor any contact from any law enforcement agency regarding anything related to Bitcoinica.

[dancingnancy]

Is there anyway someone could "spoof" an IP Address to make it seem like it was coming from somewhere it really wasn't?

[MagicalTux]

Is there anyway someone could "spoof" an IP Address to make it seem like it was coming from somewhere it really wasn't?

TCP (and therefore HTTP) makes this extremely difficult.

[Vladimir]

Is there anyway someone could "spoof" an IP Address to make it seem like it was coming from somewhere it really wasn't?

Highly unlikely, these are TCP/IP connections we are talking about.

[repentance]

There's no reason that I'd forgo my integrity and all the reputation for just $200,000 at such a young age. I was working very hard for my new project (and a new homepage design will be deployed today) and it's simply outside my attention to commit such a thing.

I'll commit any reasonable effort to get justice back.

Now, if you really are innocent, you seem to have exercised very poor judgement about pretty much everything.(your friend, not taking advice of security professionals, etc) And if you're cleared, you still have the reputation of high integrity, but nobody would ever trust you because you lack wisdom. (At least, I wouldn't)

Meh. Wisdom comes with age.  If Zhou has made mistakes which have made it possible for someone else to perpetrate this crime (a suggestion I make only because my own children share way too much information with others without thinking about how it might be used), I doubt he'll still be making them by the time he's 30.  Throughout all of this, Zhou has acted with great maturity at some times and like a petulant teenager at others - which is to be expected.  If he's found innocent of any wrong-doing, this isn't going to haunt him in the long term.

[LoupGaroux]

I'll try to ask my friend if he's okay with publicizing the related transactions, or I can wait until the investigation is concluded (or the real hacker being found).

Anyway I have already sent out the certified copy of my AML documents and they should arrive in 2-3 days. I hope my Mt. Gox account can be unblocked then.

No offense, you should shut up and get a lawyer? Well, if you're still posting after that, I doubt no advice will help you now.

I requested the corporate address of AurumXchange so that I can possibly engage a lawyer to deal with their investigation. However they released this "statement" without notifying me. I was totally shocked because I didn't have a single clue about their investigation. It's really unfair that they are willing to release information to the public but not me.

Businesses that have been victimized by criminals rarely provide notice to the number one suspect in the crime before bringing charges. I suspect that given the level of cooperation between the businesses targeted here, and the level of sophistication of the folks running those businesses, that this statement was made only after evidence was provided to the applicable law enforcement agencies, and all their ducks were in a row preparing for the prosecution of the criminal behind this theft. There is no consideration of warning any suspect, and I believe that even Zhou would have to agree that he is Suspect Number One in this circumstance.

[kiba]

Meh. Wisdom comes with age.  

I am not much older than Zhou Tong is. I am only 21. I believe wisdom is often obtained by learning of others' experience. (Mybitcoin hack incident, bitcoinica hack incident, etc)

After the last theft, I secure all my online bitcoin accounts with 2 factor authentication.

[LightRider]

We would like to make a few points:

• I want to thank Roberto for leading the investigation on this one with Mark and myself. We pooled together our resources to connect the dots and paper trail. This just shows that even competitors can work together for the better of the Bitcoin community.
• I can confirm that both Tihan from Bitcoinica LP and Patrick from Bitcoin Consultancy were both alerted about this investigation personally face-to-face by me. I urged them to seek legal action and request clarification from Zhou. I also requested that they decline him further access to any funds in any of the accounts.
• Both assured me separately that action is being taken on this front and on the claims front. They assured me that the claims process will continue pending legal clarifications.
• As you can imagine, we had to keep this information to ourselves for 10 days or so until we can completely verify all the information we presented here.

As more information comes to light and verified, we will release it to you as soon as possible.

Thanks,

Charlie, Bitinstant.

This post is pretty light on statements of fact. Is there anything of substance regarding the incident that can be shared right now?

[dancingnancy]

There's no reason that I'd forgo my integrity and all the reputation for just $200,000 at such a young age. I was working very hard for my new project (and a new homepage design will be deployed today) and it's simply outside my attention to commit such a thing.

I'll commit any reasonable effort to get justice back.

Now, if you really are innocent, you seem to have exercised very poor judgement about pretty much everything.(your friend, not taking advice of security professionals, etc) And if you're cleared, you still have the reputation of high integrity, but nobody would ever trust you because you lack wisdom. (At least, I wouldn't)

Meh. Wisdom comes with age.  If Zhou has made mistakes which have made it possible for someone else to perpetrate this crime (a suggestion I make only because my own children share way too much information with others without thinking about how it might be used), I doubt he'll still be making them by the time he's 30.  Throughout all of this, Zhou has acted with great maturity at some times and like a petulant teenager at others - which is to be expected.  If he's found innocent of any wrong-doing, this isn't going to haunt him in the long term.

I would agree.  I mean honestly if ZT really did pull this heist and the subsequent others, he is truly one hell of a master manipulator and social engineering genius at a young age.  If he really did all this I can see a bright future in one of the USA's alphabet agencies.  I am also the last person in the room to accuse anyone of wrong doing tbh..

[zvs]

Damn.  I have trust in ZT for reason still.  Innocent until proven guilty, IMO.  There is a chance there could be someone close to him fucking him over.  It would have to be someone real close, perhaps the person you were giving this money to?  He would know this would look suspicious because he timed it as such.

If there is a way for GMail to get involved to hash out the IP situation that would be ideal.  

ZT- if you did this buddy, best thing to do is to seriously pay everyone back and accept whatever leaner penalties come your way.  Way too much ahead in your life to be messing around with $200,000.  In your best years ahead that would be a monthly take home easy.  I am still giving you the benefit of the doubt, but if you really did man, well seriously, it is time to give up and return it all now.  You can still salvage your life.

There's no reason that I'd forgo my integrity and all the reputation for just $200,000 at such a young age. I was working very hard for my new project (and a new homepage design will be deployed today) and it's simply outside my attention to commit such a thing.

I'll commit any reasonable effort to get justice back.

I made over $200,000 selling Everquest stuff when I was in high school.  Barely worth my time, really.  I mean, when I'm 17, $200,000 is just like some peanuts

[Nefario]

I would say it is wise for someone to press criminal charges in Singapore immediately(that is where he is living right?), fraud/embezzelment/money laundering (this is what it's called when you transfer money "for a friend", lots of USD involved not just bitcoin), doesn't really matter. He should have his passport taken from him by the police to prevent him fleeing as once he is back in Main land China or another country it will be very difficult to catch him.

If he is innocent then he has nothig to worry about, it will all show in court. The time for talking on the forums has ended and the time for using the justice system that is available has arrived.

Nefario.

[kiba]

I would say it is wise for someone to press criminal charges in Singapore immediately(that is where he is living right?), fraud/embezzelment/money laundering (this is what it's called when you transfer money "for a friend", lots of USD involved not just bitcoin), doesn't really matter. He should have his passport taken from him by the police to prevent him fleeing as once he is back in Main land China or another country it will be very difficult to catch him.

AFAIK, he attends school in Australia.

[dancingnancy]

Damn.  I have trust in ZT for reason still.  Innocent until proven guilty, IMO.  There is a chance there could be someone close to him fucking him over.  It would have to be someone real close, perhaps the person you were giving this money to?  He would know this would look suspicious because he timed it as such.

If there is a way for GMail to get involved to hash out the IP situation that would be ideal.  

ZT- if you did this buddy, best thing to do is to seriously pay everyone back and accept whatever leaner penalties come your way.  Way too much ahead in your life to be messing around with $200,000.  In your best years ahead that would be a monthly take home easy.  I am still giving you the benefit of the doubt, but if you really did man, well seriously, it is time to give up and return it all now.  You can still salvage your life.

There's no reason that I'd forgo my integrity and all the reputation for just $200,000 at such a young age. I was working very hard for my new project (and a new homepage design will be deployed today) and it's simply outside my attention to commit such a thing.

I'll commit any reasonable effort to get justice back.

I made over $200,000 selling Everquest stuff when I was in high school.  Barely worth my time, really.  I mean, when I'm 17, $200,000 is just like some peanuts

The kid paid off his college tuition and other shit already through bitcoinica, IIRC.  Why the fuck would you ever get involved in this shit?  Yeah, people die for less than $200,000 - but for a kid, literally a kid, that has already achieved what he has to do this is truly over the top insane.  I hope it really wasn't him.  Or if it is "him," I hope he isn't whom we all think he really is.

[zvs]

I would say it is wise for someone to press criminal charges in Singapore immediately(that is where he is living right?), fraud/embezzelment/money laundering (this is what it's called when you transfer money "for a friend", lots of USD involved not just bitcoin), doesn't really matter. He should have his passport taken from him by the police to prevent him fleeing as once he is back in Main land China or another country it will be very difficult to catch him.

If he is innocent then he has nothig to worry about, it will all show in court. The time for talking on the forums has ended and the time for using the justice system that is available has arrived.

Nefario.

http://en.wikipedia.org/wiki/Penal_Code_(Singapore)#Theft

I think he'd have a pretty good defense against a theft charge.  Are bitcoins 'moveable property'?  The criminal breach of trust seems like a slam dunk, but carries a lighter sentence

[repentance]

I would agree.  I mean honestly if ZT really did pull this heist and the subsequent others, he is truly one hell of a master manipulator and social engineering genius at a young age.  If he really did all this I can see a bright future in one of the USA's alphabet agencies.  I am also the last person in the room to accuse anyone of wrong doing tbh..

I disagree that it was "brilliant" in any way - it was more opportunistic than anything.  It couldn't have happened if others had their eye on the ball - and part of the reason they didn't is because Tihan was phoning it in.  If Zhou did this, I suspect it was for the lulz above all else.

[stochastic]

Damn.  I have trust in ZT for reason still.  Innocent until proven guilty, IMO.  There is a chance there could be someone close to him fucking him over.  It would have to be someone real close, perhaps the person you were giving this money to?  He would know this would look suspicious because he timed it as such.

If there is a way for GMail to get involved to hash out the IP situation that would be ideal.  

ZT- if you did this buddy, best thing to do is to seriously pay everyone back and accept whatever leaner penalties come your way.  Way too much ahead in your life to be messing around with $200,000.  In your best years ahead that would be a monthly take home easy.  I am still giving you the benefit of the doubt, but if you really did man, well seriously, it is time to give up and return it all now.  You can still salvage your life.

There's no reason that I'd forgo my integrity and all the reputation for just $200,000 at such a young age. I was working very hard for my new project (and a new homepage design will be deployed today) and it's simply outside my attention to commit such a thing.

I'll commit any reasonable effort to get justice back.

I made over $200,000 selling Everquest stuff when I was in high school.  Barely worth my time, really.  I mean, when I'm 17, $200,000 is just like some peanuts

The kid paid off his college tuition and other shit already through bitcoinica, IIRC.  Why the fuck would you ever get involved in this shit?  Yeah, people die for less than $200,000 - but for a kid, literally a kid, that has already achieved what he has to do this is truly over the top insane.  I hope it really wasn't him.  Or if it is "him," I hope he isn't whom we all think he really is.

What he didn't get a scholarship?  

You are thinking logically, ZT had a tendency to be very arrogant in his posts.  I remember one between an exchange where he stated that his code for Bitcoinica was so good and better than their exchange's code.  Some people do illogical things because they don't think they will be caught and they believe they are smarter than other people.

[Maged]

On a lighter note, this song now has a whole new meaning:
http://www.youtube.com/watch?v=-z9Jwp2x86o

[repentance]

You are thinking logically, ZT had a tendency to be very arrogant in his posts.  I remember one between an exchange where he stated that his code for Bitcoinica was so good and better than their exchange's code.  Some people do illogical things because they don't think they will be caught and they believe they are smarter than other people.

A lot of people I know who are extremely talented in a particular field over-value their intellect and have little common sense.  They assume that because they can bamboozle others with complex knowledge, people won't question them.  In my experience, the reverse is true and the average person regards arrogant people with a considerable amount of suspicion.  There's certainly no shortage of over-confidence in the hacker/cracker community.

[zvs]

On a lighter note, this song now has a whole new meaning:
http://www.youtube.com/watch?v=-z9Jwp2x86o

haha 'waiting for my silk road medication'

i went to that site once just to see what the hype was about..  gotta admit I was tempted when I saw how much adderall sells for, seeing as how I get 120x30mg IR monthly.  I think it was like $3000 worth?

[tacotime]

could Z have also been behind the other bitcoina "hacks"?

No, none of the hacks was performed by me.

Thanks for this useful post.

can't stop laughing

[repentance]

I would say it is wise for someone to press criminal charges in Singapore immediately(that is where he is living right?), fraud/embezzelment/money laundering (this is what it's called when you transfer money "for a friend", lots of USD involved not just bitcoin), doesn't really matter. He should have his passport taken from him by the police to prevent him fleeing as once he is back in Main land China or another country it will be very difficult to catch him.

AFAIK, he attends school in Australia.

He was planning to visit the US next month. 

[Nefario]

Actually I think FellowTraveller has a point, it would actually be good for Zhou to allow this to go through the legal system, for his own safety, even if it meant he had to do time. The alternative is him having to live with a price on his head, he wouldn't be hard to track down. He would end up being the first victim of a bitcoin assasin market.

If I'm correct, not just bitcoin was stolen, but USD, and bitcoin itself at the very least could be considered property, valuable property.

Also it's currently the summer time, has Zhou moved from Singapore yet?

If criminal charges are brought against him and the Australian government/embassy is informed then they might cancel his visa.

[mc_lovin]

Whoa.  This is not exactly a surprise but it was quite a bold move to rob us a third time, Zhou, shame on you.

[Slushpuppy]

This could be one for the bitcoin history books

[greyhawk]

I like how this "hacker" is just letting all that there evidence sit around in that stevejobs mail account. Cause that's what "hackers" do. Just leave complete transaction histories laying around in easily accessible places for the "owner" of he system to find.

[dooglus]

Whoa.  This is not exactly a surprise but it was quite a bold move to rob us a third time, Zhou, shame on you.

Everyone seems to be assuming he's guilty.  I've seen no compelling evidence of that so far.  Did I miss something?

[btcprophet]

This could be one for the bitcoin history books

I keep thinking this would make a great movie, telling the story from the POV of the major players. And you won't know for sure who really did it even when the end credits roll - just like in real life.

Zhou, can I get the rest of my 50 BTC back now?

[Phinnaeus Gage]

Somebody owes me a blowjob!

And not apologizing for using 12 15 18 20pt font in bold, to boot.

I've asked this before (I believe twice), but never got an answer: Has anybody ever met Zhou Tong in person?

Watch this video (Matthew interview) again: http://www.youtube.com/watch?v=_AYlGHHnCj8 Does his voice/tone sound like to you that of a 16-year-plus-two-week-old-Asian-kid? Obviously, I'm leaning no, hence asking the question.

About him attending college in Australia. Is there any proof of that besides him stating such.

Yes, I remember the pics he posted directed at me proving who he is. I had no choice but to accept that as fact, albeit I still had, or still do, have/had doubts, but opted to drop the issue for fear of getting shunned.

Trust me, all, I'm not a nutcase. If anybody here were ever to meet me in person, you would like me. I don't mean that in an egotistical way either.

I have read every single Twitter post that Zhou has written on his handful of accounts, even translating the Chinese ones. A couple of the tweeps he avidly communicated with have recently locked their profile, of which I find weird. I can't put my finger on it, but the whole 2-3 story just doesn't feel/felt right. That's the best way I can explain it. Are there irregularities and inconsistencies? I feel yes, but it would take a hell of a lot work to prove it/them. I'll just leave it at that.

My best guess all along, again no real proof, and it was touched on a few posts up, is that this is/was a long con, started just before Bitcoin fully came onto the scene.

That's all, for the moment. Now, about that blowjob!

~Bruno~

[flatfly]

Not defending anyone (I'll leave that to the lawyers) but think about it: why would he steal the 40k usd (which is only a small fraction of the total theft) knowing full well it can easily be traced back to him?  Something doesn't make sense here.

[Maged]

Whoa.  This is not exactly a surprise but it was quite a bold move to rob us a third time, Zhou, shame on you.

Everyone seems to be assuming he's guilty.  I've seen no compelling evidence of that so far.  Did I miss something?

No, which is why you aren't seeing any cooperation on our (the forum) side. However, the question now becomes this: what would an outside hacker have needed to compromise that email address. Off the top of my head, that would mean that ZT's computer must be compromised, and that his computer was the source of all this hacking from the start. I'm curious what other ideas people might have, though.

[Rarity]

It's a shame that this lynch mob is forming based on shoddy evidence presented in an internet forum. I guess that is just the way justice works in the modern world, much like the lynch mobs going after George Zimmerman.  Zhou Tong clearly posted that his email account was hacked.  He has been the victims of hackers before and they are obviously trying to escape justice by framing their victim. It's a shame people are willing to become so manipulated instead of trying to continue to seek out the true criminals.  

[zhoutong]

I hope everyone can comment with more reasoning and less assumptions. I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case. It's possible to discover something at that direction.

I have also listed a few people who know this secret email of mine. And I'm going to question them one by one tonight.

I'm definitely on the side of Bitcoinica customers and I believe that if the real hacker really had ties with me personally like what MagicalTux said, I may be able to recover majority of the amount back if the hacker can be warned. This issue is very serious and if I'm the hacker, I would definitely return the full amount back to reduce the criminal punishment.

The hacker seems to be a Chinese because he used Chinese punctuations in his English messages in the Aurumxchange ticket.

I will provide any information needed to the police once Bitcoinica files a police report.

[Rarity]

Thank you for handling this situation so well, you are a true professional and a model for this community.

[finway]

I dont' know, a email is easy to hack, especially when you heavily reuse your password.

Bitcoinica can be hacked,  
Bitcoin Consultancy's email can be hacked,
Why can't be Zhoutong's email?

Now i don't think Zhoutong is the hacker, he can't be that stupid.

 

[Raoul Duke]

Doesn't Mike Hearn, a bitcoiner himself, work for Account Security at Google?
Maybe ask him for help with the Gmail access logs, Zhou Tong?

[repentance]

If criminal charges are brought against him and the Australian government/embassy is informed then they might cancel his visa.

Our government would not cancel someone's visa simply because they've been charged with a crime, especially a non-violent crime.  Half the time we refuse to extradite when requested.

Apparently everyone wants someone else to involve law enforcement.  Unfortunately, that means that Zhou is going to be tried in the court of public opinion rather than have the weight of the evidence against him determined by disinterested outsiders.

About him attending college in Australia. Is there any proof of that besides him stating such.

The phone number in the AurumXchange transaction which Zhou says is his is a landline in the state of Victoria.  It would certainly be possible to ring it and find out the relationship of the person answering to Zhou.

It is utterly ridiculous that people are making threats of personal harm over this.  Make a police report and let the legal process take it's course.  Taking the law into your own hands will cause more harm to the acceptance of Bitcoin and its supporters than any theft ever will.  Plus, Australian police agencies will take assassination threats very seriously if Zhou does return here.

[Ente]

I am honestly shocked by reading this.
Not shocked by the bitcoinica drama (which is almost comical by now), but by the reactions and assumptions here.

Let me sum up the general sentiment here:

- ZT programmed the bitcoinica, which was, mildly said successful. That makes him stand out of 99% of the users here alone.
- Hacks happened. Involving clever things like breaching-several-layers, TOR and the like
- Suddenly, ZTs personal verified accounts, addresses, name shoots up literally everywhere
- How much did ZT receive on his bankaccount (I assume it was stopped anyway)? 5k$? like a few percent of the whole sum? Reminds me of something.. Oh, right, Bitcoin faucet did the last hack! They provable received stolen coins!!1!

Conclusion, it must have been him then?

You seriously assume he, would he have "hacked" several hundred thousand $  out of his former project, would fucking exchange it on his own name the very next name?!?
He would not be clever enough to register a new emailaddress, apparently he had TOR installed already and knew several emailproviders?!?
He would not make everything to bitcoins and let the sit for a while?!?
He, Zhou Tong, would do all the mistakes you could imagine, although no single "hacker" of the other large scams/hacks waas ever found/proven/caught?!?

You must be fucking kidding me.

WHAT. THE. FUCK.



*breath in*
*breath out*


Seriously. I am reading here for some time. I always felt some people here are a bit quick with insults and impulsive and all that. But this really shocks me. There are less than a handfull of reasonable posts in this thread. People are touting proven fact that ZT was the thief. And/or are demanding scammertags for Amir. For today, you people disgust me. I will try hard to *always* assume to be surrounded by 10 year olds on this forum. I will only assume reason to people I personally met.
Most of you people won't care at all. But to me, this very thread (and to some extend whole forum) did a noticeable dent in my heart.

People. Please think about it for one single minute from a rational, observing, sceptical perspective. And then try to do this every so often in your life.

Ente

edit

[sadpandatech]

It's a shame that this lynch mob is forming based on shoddy evidence presented in an internet forum. I guess that is just the way justice works in the modern world, much like the lynch mobs going after George Zimmerman.  Zhou Tong clearly posted that his email account was hacked.  He has been the victims of hackers before and they are obviously trying to escape justice by framing their victim. It's a shame people are willing to become so manipulated instead of trying to continue to seek out the true criminals.  

Yes, clearly he showed proof that his email account was hacked...  


Please go read back through all the little bits of info about this email, it's uses, times and what ZT says about it, what and whne he noticed it, etc etc...

[zhoutong]

Doesn't Mike Hearn, a bitcoiner himself, work for Account Security at Google?
Maybe ask him for help with the Gmail access logs, Zhou Tong?

The hacker used Tor for all online communications. I'm looking for alternative ways to locate the person.

I have to say that it's not a good choice for AurumXchange to not include me in the investigation in the first place. I skipped a few classes this afternoon to deal with this mess. However, I have to admit that their intentions are understandable. It's just the fact that 90% of people believing me to be the hacker is driving me mad.

[FreeMoney]

Doesn't Mike Hearn, a bitcoiner himself, work for Account Security at Google?
Maybe ask him for help with the Gmail access logs, Zhou Tong?

The hacker used Tor for all online communications. I'm looking for alternative ways to locate the person.

I have to say that it's not a good choice for AurumXchange to not include me in the investigation in the first place. I skipped a few classes this afternoon to deal with this mess. However, I have to admit that their intentions are understandable. It's just the fact that 90% of people believing me to be the hacker is driving me mad.

Which classes? Just curious.

[zhoutong]

If criminal charges are brought against him and the Australian government/embassy is informed then they might cancel his visa.

Our government would not cancel someone's visa simply because they've been charged with a crime, especially a non-violent crime.  Half the time we refuse to extradite when requested.

Apparently everyone wants someone else to involve law enforcement.  Unfortunately, that means that Zhou is going to be tried in the court of public opinion rather than have the weight of the evidence against him determined by disinterested outsiders.

About him attending college in Australia. Is there any proof of that besides him stating such.

The phone number in the AurumXchange transaction which Zhou says is his is a landline in the state of Victoria.  It would certainly be possible to ring it and find out the relationship of the person answering to Zhou.

It is utterly ridiculous that people are making threats of personal harm over this.  Make a police report and let the legal process take it's course.  Taking the law into your own hands will cause more harm to the acceptance of Bitcoin and its supporters than any theft ever will.  Plus, Australian police agencies will take assassination threats very seriously if Zhou does return here.

Regarding the phone number:

The $40K transaction is mine and it's entirely legitimate. The phone number is also mine (but please don't call, I need to calm down.)

[sadpandatech]

Doesn't Mike Hearn, a bitcoiner himself, work for Account Security at Google?
Maybe ask him for help with the Gmail access logs, Zhou Tong?

The hacker used Tor for all online communications. I'm looking for alternative ways to locate the person.

I have to say that it's not a good choice for AurumXchange to not include me in the investigation in the first place. I skipped a few classes this afternoon to deal with this mess. However, I have to admit that their intentions are understandable. It's just the fact that 90% of people believing me to be the hacker is driving me mad.

NO one believes any certain person is the hacker. We just don't know really.  And yea, it is quite believable that a hacker would be sure to leave crumb trails pointing at certain parties. We all get that.


It's just the whole fucking mess is frustrating and could have been avoided in so many ways.  Is there any reason what so ever that we cannot get the friggin verified claims paid out before some other 'hack' happens???

[zhoutong]

Doesn't Mike Hearn, a bitcoiner himself, work for Account Security at Google?
Maybe ask him for help with the Gmail access logs, Zhou Tong?

The hacker used Tor for all online communications. I'm looking for alternative ways to locate the person.

I have to say that it's not a good choice for AurumXchange to not include me in the investigation in the first place. I skipped a few classes this afternoon to deal with this mess. However, I have to admit that their intentions are understandable. It's just the fact that 90% of people believing me to be the hacker is driving me mad.

Which classes? Just curious.

Math and Accounting. I scored 98% in both subjects for the previous exam, so my teachers won't be angry about this.

[FreeMoney]

Yours or your friend's?

[repentance]

Doesn't Mike Hearn, a bitcoiner himself, work for Account Security at Google?
Maybe ask him for help with the Gmail access logs, Zhou Tong?

The hacker used Tor for all online communications. I'm looking for alternative ways to locate the person.

I have to say that it's not a good choice for AurumXchange to not include me in the investigation in the first place. I skipped a few classes this afternoon to deal with this mess. However, I have to admit that their intentions are understandable. It's just the fact that 90% of people believing me to be the hacker is driving me mad.

Zhou, you are not going to convince people of your innocence with forum posts.  Worry about getting exonerated by the legal system instead of trying to prove people on the internet wrong.

[Mageant]

Why would Zhou withdraw 40k USD via the banking system which leaves traces but then donate 5k BTC to the victims?

That makes no sense to me.

He could have easily kept the 5k BTC and foregone the 40k USD instead, thus leaving no traces at all.

It seems to me somebody is trying to frame Zhou.

[finway]

Why would Zhou withdraw 40k USD via the banking system which leaves traces but then donate 5k BTC to the victims?

That makes no sense to me.

He could have easily kept the 5k BTC and foregone the 40k USD instead, thus leaving no traces at all.

It seems to me somebody is trying to frame Zhou.

^this

[MagicalTux]

I have to say that it's not a good choice for AurumXchange to not include me in the investigation in the first place. I skipped a few classes this afternoon to deal with this mess. However, I have to admit that their intentions are understandable. It's just the fact that 90% of people believing me to be the hacker is driving me mad.

Initially we were supposed to see legal action started by Bitcoinica, however nothing moved there.

I do hope that something is started soon before all those wild assumptions coming up from everywhere end causing even more harm. This means that the victims (Tihan, Bitcoin Consultancy, Bitcoinica LP, Bitcoinica users) must do the first step to declare themselves as victims before the legal machine can start moving. Unfortunately it seems that at this point, nobody has started anything.

[repentance]

Why would Zhou withdraw 40k USD via the banking system which leaves traces but then donate 5k BTC to the victims?

That makes no sense to me.

He could have easily kept the 5k BTC and foregone the 40k USD instead, thus leaving no traces at all.

It seems to me somebody is trying to frame Zhou.

Must be the Freemasons.

[zhoutong]

Doesn't Mike Hearn, a bitcoiner himself, work for Account Security at Google?
Maybe ask him for help with the Gmail access logs, Zhou Tong?

The hacker used Tor for all online communications. I'm looking for alternative ways to locate the person.

I have to say that it's not a good choice for AurumXchange to not include me in the investigation in the first place. I skipped a few classes this afternoon to deal with this mess. However, I have to admit that their intentions are understandable. It's just the fact that 90% of people believing me to be the hacker is driving me mad.

Zhou, you are not going to convince people of your innocence with forum posts.  Worry about getting exonerated by the legal system instead of trying to prove people on the internet wrong.

For now, I don't have to convince people of my innocence. Just like what I have always been, I'm taking real actions to solve the puzzle. I discovered that the hacker used my email on various sites, including many e-commerce sites to attempt credit card fraud. It shouldn't be too hard to get his name and address because I control the email anyway.

[blakdawg]

About him attending college in Australia. Is there any proof of that besides him stating such.

The phone number in the AurumXchange transaction which Zhou says is his is a landline in the state of Victoria.  It would certainly be possible to ring it and find out the relationship of the person answering to Zhou.

This proves very little in these days of VoIP. It's relatively simple to have any phone number ring anywhere on the planet that's got Internet connectivity.

[zhoutong]

I have to say that it's not a good choice for AurumXchange to not include me in the investigation in the first place. I skipped a few classes this afternoon to deal with this mess. However, I have to admit that their intentions are understandable. It's just the fact that 90% of people believing me to be the hacker is driving me mad.

Initially we were supposed to see legal action started by Bitcoinica, however nothing moved there.

I do hope that something is started soon before all those wild assumptions coming up from everywhere end causing even more harm. This means that the victims (Tihan, Bitcoin Consultancy, Bitcoinica LP, Bitcoinica users) must do the first step to declare themselves as victims before the legal machine can start moving. Unfortunately it seems that at this point, nobody has started anything.

I really appreciate your effort and I'm definitely co-operating with you in this matter.

[zhoutong]

About him attending college in Australia. Is there any proof of that besides him stating such.

The phone number in the AurumXchange transaction which Zhou says is his is a landline in the state of Victoria.  It would certainly be possible to ring it and find out the relationship of the person answering to Zhou.

This proves very little in these days of VoIP. It's relatively simple to have any phone number ring anywhere on the planet that's got Internet connectivity.

As I said, +61 3 9015 7926 is mine and the number is posted on NameTerrific.

[repentance]

For now, I don't have to convince people of my innocence. Just like what I have always been, I'm taking real actions to solve the puzzle. I discovered that the hacker used my email on various sites, including many e-commerce sites to attempt credit card fraud. It shouldn't be too hard to get his name and address because I control the email anyway.

And then you can give his name and address to the police when you report the credit card fraud.

Seriously, nobody involved with the Bitcoinica clusterfuck has done themselves any favours whatsoever by refusing to report these incidents to law enforcement.  Playing Nancy Drew is well and good but after all these incidents it actually starts to damage everyone's credibility because it make it appear like you're all afraid of outside investigation of these events or giving someone time to cover their tracks.

[markm]

I am not surprised that the hacker sent the money to Zhou, as soon as I heard that USD had been moved out my first thought was that the obvious place to move USD was to some sucker you want to incriminate, being as how USD is not all that easy to hide the movements of. Surely no sane hacker would move the USD to their own account? Maybe to some stolen accounts if they have a bunch, but do stolen accounts last long enough to move USD through them? Seems dubious. Far better to send them to Gavin's bank account if you know it, or who-ever's you do know that would be really lulzworthy to incriminate...

-MarkM-

[Phinnaeus Gage]

I hope everyone can comment with more reasoning and less assumptions. I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case. It's possible to discover something at that direction.

I have also listed a few people who know this secret email of mine. And I'm going to question them one by one tonight.

I'm definitely on the side of Bitcoinica customers and I believe that if the real hacker really had ties with me personally like what MagicalTux said, I may be able to recover majority of the amount back if the hacker can be warned. This issue is very serious and if I'm the hacker, I would definitely return the full amount back to reduce the criminal punishment.

The hacker seems to be a Chinese because he used Chinese punctuations in his English messages in the Aurumxchange ticket.

I will provide any information needed to the police once Bitcoinica files a police report.

The hacker has now been warned and has returned all the stolen funds in 5...4...3...

(I have no idea how I got two pages behind in such a short period of time, so if the above has for real happened already, forgive me)

[zhoutong]

I am not surprised that the hacker sent the money to Zhou, as soon as I heard that USD had been moved out my first thought was that the obvious place to move USD was to some sucker you want to incriminate, being as how USD is not all that easy to hide the movements of. Surely no sane hacker would move the USD to their own account? Maybe to some stolen accounts if the have a bunch, but do stolen accounts last long enough to move USD through them? Seems dubious. Far better to send them to Gavin's bank account if you know it, or who-ever's you do know that would be really lulzworthy to incriminate...

-MarkM-

The hacker didn't send the funds to me.

The hacker has done a transaction, sending $5000 to a Chinese bank account.

I have done another transaction, sending $40K to my own account, and it's perfectly legitimate and totally unrelated.

The popular confusion is pretty serious now...

[zhoutong]

I hope everyone can comment with more reasoning and less assumptions. I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case. It's possible to discover something at that direction.

I have also listed a few people who know this secret email of mine. And I'm going to question them one by one tonight.

I'm definitely on the side of Bitcoinica customers and I believe that if the real hacker really had ties with me personally like what MagicalTux said, I may be able to recover majority of the amount back if the hacker can be warned. This issue is very serious and if I'm the hacker, I would definitely return the full amount back to reduce the criminal punishment.

The hacker seems to be a Chinese because he used Chinese punctuations in his English messages in the Aurumxchange ticket.

I will provide any information needed to the police once Bitcoinica files a police report.

The hacker has now been warned and has returned all the stolen funds in 5...4...3...

(I have no idea how I got two pages behind in such a short period of time, so if the above has for real happened already, forgive me)

He probably doesn't know that. I have received another email just now and it seems that the hacker isn't aware of this thread at all:

https://www.aurumxchange.com/help/ticket.php?track=Y72-1AN-3Y4H&Refresh=32888

[blakdawg]

Is there anyway someone could "spoof" an IP Address to make it seem like it was coming from somewhere it really wasn't?

Highly unlikely, these are TCP/IP connections we are talking about.

But there's no particular guarantee that the person ultimately in control of the computer system is located in the same place as the computer furthest down the chain - so yes, if an exchange or an E-mail provider participates in a TCP/IP session with a computer that appears to be in China, it's very unlikely that the computer system at the other end of the TCP connection is really in Los Angeles or Moscow.

But we don't know if that computer in China is relaying packets for, or controlled by, someone who's sitting in another city on another continent and using SSH tunnels or VPN service or a rented VPS or an open (or secret) proxy to hide the origin of their activity.

The only way to figure that out is to walk up the chain, find out who was connected to the last server in the chain, then find out where that connection came from, then find out where that connection came from, and so forth.

For all we know it's going to end up at an open WiFi hotspot at some coffee shop or in some suburban neighborhood somewhere with absolutely no record of who was connected.

However, if the unknown person(s) appear to control resources that are known to be controlled by particular individuals, it's a pretty good clue that either that person was involved, or they have shitty security.

How many times will the "I guess the account got compromised, someone guessed/found my password" excuse be used?

[caveden]

If I understand this correctly, the only "missing link" that would definitely prove Zhou to be guilty is the transfer from the LR account the hacker used to withdraw from Aurum to the LR account Zhou used the next day to deposit in Aurum and request the wire.

The only entity which can provide such information with authority is Liberty Reserve itself.
AurumExchange, MtGox and Bitinstant, please, try to contact Liberty Reserve, in an official manner. If they don't respond, try to reach them via lawyers or something. I know it's possible that they'll just ignore the requests, but you'll never be sure if you don't try.

Zhou Thong, if you are innocent as you claim, I guess the best take for you is to abandon your financial privacy and make it clear, at least for the 3 exchanges above, where did the funds come from, and where they were going to. If you can prove a clean source for this money, I guess your fine. Everybody knows you're rich, so you having such money is reasonable. It is just that there are so many coincidences in place that's perfectly natural everyone to be suspicious of you.

[Phinnaeus Gage]

The email account had a heavily-reused password (for the sites that I don't intend to share any private data), *at least* it was used on LinkedIn and many other websites.

I had to back-pedal to hunt something I thought I read, and re-found the above. Here, I believe he's hinting at how his password could have been gleaned--via the LinkedIn hack. Also note he covers up as to why he uses the same password on several accounts because there're not publicly shared. What is stated in Passwords 101 again?

Will you guys quit posting for I can catch up?

~Bruno~

[blakdawg]

About him attending college in Australia. Is there any proof of that besides him stating such.

The phone number in the AurumXchange transaction which Zhou says is his is a landline in the state of Victoria.  It would certainly be possible to ring it and find out the relationship of the person answering to Zhou.

This proves very little in these days of VoIP. It's relatively simple to have any phone number ring anywhere on the planet that's got Internet connectivity.

As I said, +61 3 9015 7926 is mine and the number is posted on NameTerrific.

That's nice - as far as I can tell, if I wanted to have an Australian phone number that rang here on my desk in California it would cost me $7 USD/month for unlimited inbound calls. I'm not going to bother signing up for one, but control of a phone number does very little to prove a person's physical location these days.

[MagicalTux]

The only entity which can provide such information with authority is Liberty Reserve itself.
AurumExchange, MtGox and Bitinstant, please, try to contact Liberty Reserve, in an official manner. If they don't respond, try to reach them via lawyers or something. I know it's possible that they'll just ignore the requests, but you'll never be sure if you don't try.

Unfortunately LR will not reply unless legal action is started, which is what we are also waiting for.

AurumXchange however can (and is actually required to) block funds suspected to be in relation of known criminal activity.

True, if nobody reports anything, there won't be any crime, hacker walks away and everything's fine. Thing is we believe there is a high chance that this time legal action will be started, and within that context funds were blocked.

It is not up to any of us to judge if funds should be unlocked, we should have an actual court with an actual judge do an actual investigation first.

[stochastic]

I hope everyone can comment with more reasoning and less assumptions. I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case. It's possible to discover something at that direction.

I have also listed a few people who know this secret email of mine. And I'm going to question them one by one tonight.

I'm definitely on the side of Bitcoinica customers and I believe that if the real hacker really had ties with me personally like what MagicalTux said, I may be able to recover majority of the amount back if the hacker can be warned. This issue is very serious and if I'm the hacker, I would definitely return the full amount back to reduce the criminal punishment.

The hacker seems to be a Chinese because he used Chinese punctuations in his English messages in the Aurumxchange ticket.

I will provide any information needed to the police once Bitcoinica files a police report.

The hacker has now been warned and has returned all the stolen funds in 5...4...3...

(I have no idea how I got two pages behind in such a short period of time, so if the above has for real happened already, forgive me)

He probably doesn't know that. I have received another email just now and it seems that the hacker isn't aware of this thread at all:

https://www.aurumxchange.com/help/ticket.php?track=Y72-1AN-3Y4H&Refresh=32888

just easy simple or the biggest fake ever!!

So this superhacker is able to break into his computer yet he is this dumb now?  the hacker is smart enough to steal all this money but not smart enough to not even bother framing people as it leaves more evidence?  Come on.... or maybe steal a lot of bitcoins and make it seem like you are being framed.  It is like Basic Instinct, write a book of a crime before it occurs then it becomes the person's alibi.

[lonelyminer (Peter Šurda)]

I've asked this before (I believe twice), but never got an answer: Has anybody ever met Zhou Tong in person?

In the past I emailed with an operator of another Singaporean exchange, https://dgtmkt.com/ , and he said that even though he does not know Zhou in person, they have mutual friends.

[sadpandatech]

I hope everyone can comment with more reasoning and less assumptions. I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case. It's possible to discover something at that direction.

I have also listed a few people who know this secret email of mine. And I'm going to question them one by one tonight.

I'm definitely on the side of Bitcoinica customers and I believe that if the real hacker really had ties with me personally like what MagicalTux said, I may be able to recover majority of the amount back if the hacker can be warned. This issue is very serious and if I'm the hacker, I would definitely return the full amount back to reduce the criminal punishment.

The hacker seems to be a Chinese because he used Chinese punctuations in his English messages in the Aurumxchange ticket.

I will provide any information needed to the police once Bitcoinica files a police report.

The hacker has now been warned and has returned all the stolen funds in 5...4...3...

(I have no idea how I got two pages behind in such a short period of time, so if the above has for real happened already, forgive me)

He probably doesn't know that. I have received another email just now and it seems that the hacker isn't aware of this thread at all:

https://www.aurumxchange.com/help/ticket.php?track=Y72-1AN-3Y4H&Refresh=32888

So a hacker compromised this gmail account of yours?
How long ago did you notice someone else was using the email account?
Why did you not contact services that this email account was used for to inform them?

I would really like a better timeline on this email account..??

[defxor]

What was Zhou's "secret" email account needed for? If new exchange accounts were opened (that is, no password resets on existing ones) then the only reason would be to incriminate Zhou - unless he's guilty.

Since it added an extra step on top on everything else (gaining access to the LastPass account being one) it skews the primary purpose of all this from gaining wealth to destroying someone personally.

Of interest: The earlier Bitcoinica hack statements indicated that the purpose was to destroy Bitcoinica as being bad for Bitcoin.

Btw, Zhou's email is not in the public list of stolen LinkedIn password hashes at least. I botched that, and don't know. I found it interesting that Zhou pointed out LinkedIn specifically.

If people only understood to never, ever, re-use passwords. Anywhere. For any purpose.

[Rarity]

It is not up to any of us to judge if funds should be unlocked, we should have an actual court with an actual judge do an actual investigation first.

Agreed, although it is clear Zhou Tong is innocent this case should be handled by the government.  The beauty of having government to solve issues like this is that they have the best interests of everyone involved at heart and only seek to find the truth of the matter and arrange to punish the guilty and give whatever restitution is possible to the victims.  A greater partnership between governments and the Bitcoin community is essential for assuring a positive outcome for this amazing currency.  

[sadpandatech]

It is not up to any of us to judge if funds should be unlocked, we should have an actual court with an actual judge do an actual investigation first.

Agreed, although it is clear Zhou Tong is innocent

no it is not clear...

And please respond to this, ZT;

I hope everyone can comment with more reasoning and less assumptions. I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case. It's possible to discover something at that direction.

I have also listed a few people who know this secret email of mine. And I'm going to question them one by one tonight.

I'm definitely on the side of Bitcoinica customers and I believe that if the real hacker really had ties with me personally like what MagicalTux said, I may be able to recover majority of the amount back if the hacker can be warned. This issue is very serious and if I'm the hacker, I would definitely return the full amount back to reduce the criminal punishment.

The hacker seems to be a Chinese because he used Chinese punctuations in his English messages in the Aurumxchange ticket.

I will provide any information needed to the police once Bitcoinica files a police report.

The hacker has now been warned and has returned all the stolen funds in 5...4...3...

(I have no idea how I got two pages behind in such a short period of time, so if the above has for real happened already, forgive me)

He probably doesn't know that. I have received another email just now and it seems that the hacker isn't aware of this thread at all:

https://www.aurumxchange.com/help/ticket.php?track=Y72-1AN-3Y4H&Refresh=32888

So a hacker compromised this gmail account of yours?
How long ago did you notice someone else was using the email account?
Why did you not contact services that this email account was used for to inform them?

I would really like a better timeline on this email account..??

where else was this email account even known?  Who knew you used this email account for anything?

[caveden]

The only entity which can provide such information with authority is Liberty Reserve itself.
AurumExchange, MtGox and Bitinstant, please, try to contact Liberty Reserve, in an official manner. If they don't respond, try to reach them via lawyers or something. I know it's possible that they'll just ignore the requests, but you'll never be sure if you don't try.

Unfortunately LR will not reply unless legal action is started, which is what we are also waiting for.

They've already said that explicitly to one of you?
I imagined that AurumExchange being an important client of Liberty Reserve, they would be OK with at least saying Yes or No to the "Did such transfer happen?" question.
Anyways... guess the way is to start a criminal complaint then.

It is not up to any of us to judge if funds should be unlocked, we should have an actual court with an actual judge do an actual investigation first.

Seriously, you 3 together have done a much better investigation than any "actual investigation" most official judges or police bureaus in the world would. The only think you lack is "authority".

[caveden]

The beauty of having government to solve issues like this is that they have the best interests of everyone involved at heart and only seek to find the truth of the matter and arrange to punish the guilty and give whatever restitution is possible to the victims.

LOL

[MagicalTux]

It is not up to any of us to judge if funds should be unlocked, we should have an actual court with an actual judge do an actual investigation first.

Seriously, you 3 together have done a much better investigation than any "actual investigation" most official judges or police bureaus in the world would. The only think you lack is "authority".

We'd need details that can't be pulled out without authority to get definitive evidence.

[btcx]

Relevant?

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #intersango
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinconsultancy
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinica
[01:01] * phantomcircuit is now known as steve_bobs

[repentance]

The only entity which can provide such information with authority is Liberty Reserve itself.
AurumExchange, MtGox and Bitinstant, please, try to contact Liberty Reserve, in an official manner. If they don't respond, try to reach them via lawyers or something. I know it's possible that they'll just ignore the requests, but you'll never be sure if you don't try.

Unfortunately LR will not reply unless legal action is started, which is what we are also waiting for.

AurumXchange however can (and is actually required to) block funds suspected to be in relation of known criminal activity.

True, if nobody reports anything, there won't be any crime, hacker walks away and everything's fine. Thing is we believe there is a high chance that this time legal action will be started, and within that context funds were blocked.

It is not up to any of us to judge if funds should be unlocked, we should have an actual court with an actual judge do an actual investigation first.

If nothing else, these transactions fall very squarely within the requirements for lodging AML suspicious activity reports so there's a chance that they'll be looked at more closely by financial intelligence units even if there are no police reports made.

[sadpandatech]

ZT,

So a hacker compromised this gmail account of yours?
How long ago did you notice someone else was using the email account?
Why did you not contact services that this email account was used for to inform them?
where else was this email account even known? 
Who knew you used this email account for anything?

I would really like a better timeline on this email account..??

anyone?

[Rarity]

where else was this email account even known?  Who knew you used this email account for anything?

It seems since the account wasn't very public, the logical top suspects for who hacked it in an attempt to incriminate Zhou Tong would be the folks who just brought it's existence to our attention in a further attempt to incriminate him.  The government is going to have to consider that option when they start sorting out this mess for us.

[Matthew N. Wright]

Seriously, you 3 together have done a much better investigation than any "actual investigation" most official judges or police bureaus in the world would. The only think you lack is "authority".

Yes, such a good investigation, and yet they can't prove anything and decided to release private customer information and libel against a customer in the process.

Class act.

Zhou, get a lawyer, but get one to sue these shmucks.

It is not up to any of us to judge if funds should be unlocked, we should have an actual court with an actual judge do an actual investigation first.

Instead, it's your job to libel against customers for things you have no proof of?


I'm gonna take a break from Bitcoin for a while. When I come back, I hope to see that it's returned to being Bitcoin again and not just a microversion of the US government with a bunch of hot-head businesses eager for attention.

[Raoul Duke]

China must be a wonderful place to live. I can only imagine the mess I would get myself into if I just wired $40k "for a friend" to one of my bank accounts.

[caveden]

Seriously, you 3 together have done a much better investigation than any "actual investigation" most official judges or police bureaus in the world would. The only think you lack is "authority".

Yes, such a good investigation, and yet they can't prove anything and decided to release private customer information and libel against a customer in the process.

Class act.

You believe "the police" would do any better? They would probably just file a report and ignore it, as always. Unless some of the victims give them some incentive$ to do anything, of course.
Anyway, let's avoid derailing such a "tense" thread.

[MagicalTux]

It is not up to any of us to judge if funds should be unlocked, we should have an actual court with an actual judge do an actual investigation first.

Instead, it's your job to libel against customers for things you have no proof of?

I do believe that I have not done any libel here. I only have presented facts and answered to questions. I suggest you review the definition of libel.

[Raoul Duke]

Seriously, you 3 together have done a much better investigation than any "actual investigation" most official judges or police bureaus in the world would. The only think you lack is "authority".

Yes, such a good investigation, and yet they can't prove anything and decided to release private customer information and libel against a customer in the process.

Class act.

Zhou, get a lawyer, but get one to sue these shmucks.

It is not up to any of us to judge if funds should be unlocked, we should have an actual court with an actual judge do an actual investigation first.

Instead, it's your job to libel against customers for things you have no proof of?


I'm gonna take a break from Bitcoin for a while. When I come back, I hope to see that it's returned to being Bitcoin again and not just a microversion of the US government with a bunch of hot-head businesses eager for attention.

Hey, I know you from somewhere... Aren't you that guy who advocates public disclosure for everything?
Do you like your standards like your testicles, two of each?

[Phinnaeus Gage]

Doesn't Mike Hearn, a bitcoiner himself, work for Account Security at Google?
Maybe ask him for help with the Gmail access logs, Zhou Tong?

The hacker used Tor for all online communications. I'm looking for alternative ways to locate the person.

I have to say that it's not a good choice for AurumXchange to not include me in the investigation in the first place. I skipped a few classes this afternoon to deal with this mess. However, I have to admit that their intentions are understandable. It's just the fact that 90% of people believing me to be the hacker is driving me mad.

Which classes? Just curious.

This thread started at 4:00PM Victoria Time. I'm curious as to what time those classes started. And I thought you were still in Singapore.

~Bruno~

[Matthew N. Wright]

It is not up to any of us to judge if funds should be unlocked, we should have an actual court with an actual judge do an actual investigation first.

Instead, it's your job to libel against customers for things you have no proof of?

I do believe that I have not done any libel here. I only have presented facts and answered to questions. I suggest you review the definition of libel.

As representative of MtGox, I do confirm the following facts:

• Upon hack of Bitcoinica's account on our platform, a large number of redeemable codes have been issued. Seeing a large volume of codes emitted by Bitcoinica didn't alert us at first as we assumed those were funds returned to Bitcoinica customers, however we were made aware it was not the case upon posting on this forum by Genjix about the account hack. We noticed that most of those codes were sent to AurumXchange.
• Codes were all generated from IP 184.22.31.180 (184-22-31-180.static.hostnoc.net)
  
• During the investigation, AurumXchange asked us if we knew anything about email address stevejobs807@gmail.com which was used by the hacker according to AurumXchange. We found an account under this email which had some activity back in 2011, with access from both an IP at Microsoft Singapore then an IP at Amazon EC2 and which initial funds are deposited from an account known to belong to Zhou Tong.

.
While we have no definitive proof at this time, there is a definitive need for a proper investigation of what happened there. We have got no reply at this time from Bitcoinica LP and its representatives/owners regarding this matter despite many requests.

Mark, please post MtGox's customer privacy agreement here in this thread.

AurumXChange and BitInstant should as well.

[btcx]

China must be a wonderful place to live. I can only imagine the mess I would get myself into if I just wired $40k "for a friend" to one of my bank accounts.

China has strict limits on the amount and types of currency each person can convert annually.  It's not uncommon for Chinese small businesses with customers abroad to solicit the help of friends, relatives, employees in converting excess USD (or whatever) to CNY.

[Sant001]

I would say it is wise for someone to press criminal charges in Singapore immediately(that is where he is living right?), fraud/embezzelment/money laundering (this is what it's called when you transfer money "for a friend", lots of USD involved not just bitcoin), doesn't really matter. He should have his passport taken from him by the police to prevent him fleeing as once he is back in Main land China or another country it will be very difficult to catch him.

If he is innocent then he has nothig to worry about, it will all show in court. The time for talking on the forums has ended and the time for using the justice system that is available has arrived.

Nefario.

Press charges against a minor?

[Matthew N. Wright]

The only entity which can provide such information with authority is Liberty Reserve itself.
AurumExchange, MtGox and Bitinstant, please, try to contact Liberty Reserve, in an official manner. If they don't respond, try to reach them via lawyers or something. I know it's possible that they'll just ignore the requests, but you'll never be sure if you don't try.

Unfortunately LR will not reply unless legal action is started, which is what we are also waiting for.

AurumXchange however can (and is actually required to) block funds suspected to be in relation of known criminal activity.

True, if nobody reports anything, there won't be any crime, hacker walks away and everything's fine. Thing is we believe there is a high chance that this time legal action will be started, and within that context funds were blocked.

It is not up to any of us to judge if funds should be unlocked, we should have an actual court with an actual judge do an actual investigation first.

If nothing else, these transactions fall very squarely within the requirements for lodging AML suspicious activity reports so there's a chance that they'll be looked at more closely by financial intelligence units even if there are no police reports made.

absolutely! freeze all accounts of the involved parties until the community have clear answers!

it's just comming in my mind: is there a possibility to freeze bitcoin addresses also in the future by improving the protocol if the community decided to outlaw a bitcoin address because a hacker used it??

Yay! USD v2.0 here we come!

[repentance]

This thread started at 4:00PM Victoria Time. I'm curious as to what time those classes started. And I thought you were still in Singapore.

~Bruno~

It wouldn't tell you much.  He could have whole days where he has no lectures or tutorials and others where they're spread throughout the day and don't finish until 9pm.

[davout]

Mark, please post MtGox's customer privacy agreement here in this thread.

AurumXChange and BitInstant should as well.

This.

If information has to be released, release it to the police.

I'm quite unclear as to why the involved parties are disclosing this kind of information on a public internet forum.
At worst it might even harm an official investigation.

I'm curious about AurumExchange's and MT's actual motivations for posting all this.

[MagicalTux]

Mark, please post MtGox's customer privacy agreement here in this thread.

AurumXChange and BitInstant should as well.

Funny how one can go from talks of disclosure to non disclosure on occasions.

The points you are highlighting are hardly private (most if not all of is already publicly known), and I fail to see how this qualifies as "libel".

[Matthew N. Wright]

General

MtGox K.K. and its affiliates (hereinafter, "Mt. Gox", "we", "us" or "our") are committed to protecting and respecting your privacy.

This Privacy Policy (together with our Terms and Conditions of Use) governs our collection, processing and use of your Personal Information. We define "Personal Information" as information which identifies you personally, e.g. your name, address, e-mail address, trades etc.

The purpose of this Privacy Policy is to inform you of:
the kinds of Personal Information which we may collect about you and how it may be used;
our use of information regarding IP Addresses and our use of cookies;
any disclosure of Personal Information to third parties;
the transfer of Personal Information outside of Japan;
your ability to correct, update and delete your Personal Information; and
the security measures we have in place to prevent the loss, misuse, or alteration of Personal Information under our control.

Gathering and Use of Personal Information

We may collect your Personal Information if you use the Site, open an Account to use the Platform or perform any Transactions on the Platform. The types of Personal Information which we collect may include:
your name;
your photographic identification;
your address;
your phone number;
your e-mail address;
your banking details including account numbers;
your date of birth; and
your trades.

We may use your Personal Information for the following purposes:
to allow you to open and operate an Account on the Platform;
to enable you to complete Transactions on the Platform;
if you contact us, to reply to your queries;
to analyse use of our Site;
as required for regulatory purposes;
to provide you with information about products and promotions that may be of interest to you, from ourselves and third parties, although only if you have specifically agreed to receive such information;
for market research e.g. surveying our Members' needs and opinions on issues, such as our performance etc.

We will process your Personal Information only for the purpose(s) for which it has been provided to us.

IP Addresses

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns and does not identify any individual.

Cookies

We use a browser feature known as a "cookie", which assigns a unique identification to your computer. Cookies are typically stored on your computer's hard drive. Information collected from cookies is used by us to evaluate the effectiveness of our Site, analyse trends, and administer the Platform. The information collected from cookies allows us to determine such things as which parts of our Site are most visited and difficulties our visitors may experience in accessing our Site. With this knowledge, we can improve the quality of your experience on the Platform by recognising and delivering more of the most desired features and information, as well as by resolving access difficulties. We also use cookies and/or a technology known as web bugs or clear gifs, which are typically stored in emails to help us confirm your receipt of, and response to, our emails and to provide you with a more personalised experience when using our Site.

We use third party service provider(s), to assist us in better understanding the use of our Site. Our service provider(s) will place cookies on the hard drive of your computer and will receive information that we select that will educate us on such things as how visitors navigate around our site, what products are browsed, and general Transaction information. Our service provider(s) analyses this information and provides us with aggregate reports. The information and analysis provided by our service provider(s) will be used to assist us in better understanding our visitors' interests in our Site and how to better serve those interests. The information collected by our service provider(s) may be linked to and combined with information that we collect about you while you are using the Platform. Our service provider(s) is/are contractually restricted from using information they receive from our Site other than to assist us.

By using our Site you are agreeing that we may use cookies for the purposes set out above.

Disclosure of Personal Information

We use the Personal Information for the purposes indicated at the time you provide us with such information, and/or otherwise for the purposes set out in this Privacy Policy and/or as otherwise permitted by law. We may make available the Personal Information that you provide to us to our affiliates, agents, representatives, trusted service providers and contractors for these limited purposes. We may also share Members’ Personal Information with financial institutions, insurance companies or other companies in the case of a merger, divestiture, or other corporate re-organisation. We may also share Members' Personal Information with law enforcement or regulatory agencies, as may be required by law. Any third party which receives or has access to Personal Information shall be required by us to protect such Personal Information and to use it only to carry out the services they are performing for you or for Mt. Gox, unless otherwise required or permitted by law. We will ensure that any such third party is aware of our obligations under this Privacy Policy and we will enter into contracts with such third parties by which they are bound by terms no less protective of any Personal Information disclosed to them than the obligations we undertake to you under this Privacy Policy or which are imposed on us under applicable data protection laws.

Transfer of Personal Information Outside of Japan

Mt Gox will transfer Members' Personal Information to Mt. Gox K.K. as well as the third party service providers entrusted by Mt. Gox with the hosting of the Platform and other technical operations relating to the operation of the Platform. These parties may be located anywhere in the world. By accepting this Privacy Policy, you consent to such transfer of your Personal Information out of Japan. Unfortunately, the transmission of information via the internet is not completely secure and whilst we will do our best to protect your Personal Information, we cannot guarantee the security of your data transmitted to our site when it is outside of our control. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Correction/Updating/Deletion of Personal Information

You have the right to access your Personal Information and to require the correction, updating and blocking of inaccurate and/or incorrect data by sending an email to us at: support@mtgox.com.

You may also request the deletion or destruction of both the Account and Personal Information by sending an email to us at: support@mtgox.com. Mt. Gox will action your request only where this is not inconsistent with its legal and regulatory obligations.

Upon your written request, we will inform you of the Personal Information relating to you that we hold and the use and general disclosure of your Personal Information. We will also give you a copy of the Personal Information we have retained. There may be a minimal charge for accessing your Personal Information.

Security

We have implemented security measures to ensure the confidentiality of your Personal Information and to protect your Personal Information from loss, misuse, alteration or destruction. Only authorised personnel of Mt. Gox have access to your Personal Information, and these personnel are required to treat the information as confidential. The security measures in place will, from time to time, be reviewed in line with legal and technical developments.

Retention of Personal Information

We will hold your Personal Information only for as long as it is necessary for us to do so, having regard to the purposes described in this Privacy Policy and our own legal and regulatory requirements. In accordance with our record keeping obligations we will retain Accounts and Personal Information for, at least a period of five years after they are closed by Members.

Links

There may be links from our Site to other sites and resources provided by third parties. This Privacy Policy applies only to our Site. Accessing those third party sites or sources requires you to leave our Site. We do not control those third party sites or any of the content contained therein and you agree that we are in no way responsible or liable for any of those third party sites, including, without limitation, their content, policies, failures, promotions, products, services or actions and/or any damages, losses, failures or problems caused by, related to or arising from those sites. We encourage you to review all policies, rules, terms and regulations, including the privacy policies, of each site that you visit.

Marketing

You have the right to ask us not to process your Personal Information for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your Personal Information. You can exercise the right at any time by contacting us at support@mtgox.com.

Changes

Our Site policies, content, information, promotions, disclosures, disclaimers and features may be revised, modified, updated, and/or supplemented at any time and without prior notice at the sole and absolute discretion of Mt. Gox. If we change this Privacy Policy, will take steps to notify all users by a notice on our Site and will post the amended Privacy Policy on the Site.

Contact Us

If you have any questions, comments, or concerns regarding our Privacy Policy and/or practices as it or they relate to the Platform, please contact us at the following e-mail address, address and telephone number:

E-Mail support@mtgox.com


Address

Mt.Gox K.K.

Cerulean Tower 15F

Sakuragaoka-cho 26-1

Shibuya-ku

Tokyo
Japan
〒150-8512
FAO: Mark Karpeles

Telephone Number +81 3 4520 6200

Last updated: [February 2012]

Sorry Mark, I am failing to see "Public forum witch hunts" anywhere there in the Privacy Policy.

[MagicalTux]

Mark, please post MtGox's customer privacy agreement here in this thread.

AurumXChange and BitInstant should as well.

This.

If information has to be released, release it to the police.

I'm quite unclear as to why the involved parties are disclosing this kind of information on a public internet forum.
At worst it might even harm an official investigation.

I'm curious about AurumExchange's and MT's actual motivations for posting all this.

AurumXchange is blocking funds allegedly belonging to Zhou Tong without any disclosed (until now) reason. Legal advice on AurumXchange's side was to issue a statement as soon as possible to clarify the situation as it was being made public on this very forum.

In absence of any legal action from the victims of this hack, we have no course of action to contact the police, but will be held responsible if funds are released then legal processing is started at a later point.

[Matthew N. Wright]

Interestingly enough, Bitinstant doesn't even seem to have a privacy policy available on their site.

[Clipse]

What I find amusing is that everyone wanted to get to the bottom of all of this and now that more evidence is being presented a certain number of users want to throw rocks at those releasing the information to the public.

Can you people make up your mind, either you want this resolved or not. What aurum,mtgox and bitinstant did here is exactly the nature of bitcoin where a community should be able to work through arguments and evidence together and if there is a need to approach the government after no public progress then so be it.

This forum turned into a speculation forum so that even when solid arguments/evidence get presented then a few select members would start mudslinging at those presenting the evidence.

[HorseRider]

I'm going to send the Liu Haipeng's ICBC account mentioned by Zhoutong 0.01 RMB, to identify the province location of the bank account.

Just wait.


---

edit

The bank account was opened in 黑龙江省牡丹江(Mudanjiang, Heilongjiang Province. )
The Chinese name of this bank account is 刘海鹏

hopefully that this will be helpful. However, it can be a bank account bought from the black market.

[btcx]

Mark, please post MtGox's customer privacy agreement here in this thread.

AurumXChange and BitInstant should as well.

This.

If information has to be released, release it to the police.

I'm quite unclear as to why the involved parties are disclosing this kind of information on a public internet forum.
At worst it might even harm an official investigation.

I'm curious about AurumExchange's and MT's actual motivations for posting all this.

Part of the problem is that Bitcoinica's operators are AWOL.  They haven't filed a police report, which hasn't opened up the process which would allow his kind of stuff to be formally requested and provided.  Now it's either up to the investors or the users to sue for a resolution.  We all have a claim against Bitcoinica but as of this moment, the only entity with a claim against the hacker is Bitcoinica.  No criminal law enforcement agency in the world is going to pick this case up given the mess it is and, sorry to say, relatively small amount of money that is involved.  We may be able to get local cops on it after a court has sorted out who is responsible for what but that's a ways off.

Why anybody still has their money at Intersango is beyond me.

[Matthew N. Wright]

What aurum,mtgox and bitinstant did here is exactly the nature of bitcoin where a community should be able to work through arguments and evidence together

No. What they did is unprofessional, completely irresponsible (they didn't even contact the person they are claiming did something wrong--- so what is the point of the thread?), and possibly illegal.

[Matthew N. Wright]

Privacy Policy

This website is owned and operated by Aurum Capital Holdings, Incorporated doing business as The AurumXchange Company. We take your privacy seriously, and to protect it we comply with the following principles. Any information you supply for our online services will only be used in accordance with this privacy policy.

By providing us with your personal information, you agree to the collection, storage and use of your personal information by Aurum Capital Holdings Incorporated in the manner set out in this privacy policy and the Terms and Conditions set forth for our services.

This policy does not apply to the practices of companies Aurum Capital Holdings, Incorporated does not own, or control, or contrant or to people Aurum Capital Holdings, Incorporated does not employ or manage.

Privacy law.
Aurum Capital Holdings, Incorporated complies with the Data Protection Act 1998. This privacy policy meets the standards and guidelines contained in the Act.

Collection and use of personal information.
To provide you with our online services, we need to collect certain personal information about you. Details of the type of personal information that will be collected and how it will be used are explained during the transaction process or contained in the Terms and Conditions for the relevant service. Please also read the section below relating to cookies. We will not use your personal information for direct marketing purposes.

Cookies
This website does use "cookies". A cookie is a file saved on your computer that stores information about you and your activities. We use this information strictly to process your orders with us. We never track or otherwise use collected information through cookies for any other reason or purpose. Other companies' use of cookies is subject to their own privacy policies.

Disclosure of information
Aurum Capital Holdings, Incorporated will not sell your personal information or otherwise disclose it to a third party without your consent, except under the following circumstances:

If ordered by a ruling body of competent jurisdiction as recognized by Commonwealth of Dominica law.
If ordered by the issuing bank for our debit cards customers as part of their ongoing Know Your Customer verification procedures.


This web site links to other web sites. This website also embeds content from other websites. We make every effort to provide links and embedded content to high quality, reputable sites. However, we are not responsible for the privacy practices of these sites as they are not under our direct control. We cannot accept responsibility for their use of your data, the site content or the services offered to you by these sites.

Accessing personal data
You can also contact us to ask what personal data we hold about you by sending an email to compliance@aurumxchange.com. We will then furnish you with all information that we hold about your person and/or business.

Security
Security is of primary importance to Aurum Capital Holdings Incorporated. We have implemented technology and security policies, rules and measures to protect the personal data that we have under our control, both on and off-line, from improper access, use, alteration, destruction and loss.

Our online services are protected by SSL 256 bit encryption. All parts of our website are served using SSL encryption. All information provided to us by filling our online forms will be transmitted under secure SSL sockets as well.

All of your personal information, including but not limited to your name, address, phone number, scans of identification documents or wire transfers, etc. is kept securely and stored in a secured encrypted digital volume located at our offices offshore. Only management and compliance personnel are granted access to personally identifiable information and then only if they need the information to carry out a specific authorised task.

Changes to this privacy policy
Aurum Capital Holdings Incorporated may amend this policy from time to time. If we make any changes we will notify you by posting a prominent announcement on this website.

[SomeoneWeird]

This thread started at 4:00PM Victoria Time. I'm curious as to what time those classes started. And I thought you were still in Singapore.

~Bruno~

It wouldn't tell you much.  He could have whole days where he has no lectures or tutorials and others where they're spread throughout the day and don't finish until 9pm.

this. I only go to school 2 days, but those 2 days are 14 hour days.

[flatfly]

Relevant?

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #intersango
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinconsultancy
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinica
[01:01] * phantomcircuit is now known as steve_bobs

? Wtf ?  
If this log is real, this guy's got some explaining to do

[Matthew N. Wright]

I demand AurumXChange provide the order by a ruling body of competent jurisdiction as recognized by Commonwealth of Dominica law that demanded that they create this thread and attempt to connect Zhou Tong to a hack (without even contacting him to ask first).

I would also strongly agree with repentance that Zhou Tong get legal representation, but mostly because it seems like AurumXChange, MtGox and BitInstant need a lesson in customer privacy laws.

[MagicalTux]

No. What they did is unprofessional, completely irresponsible (they didn't even contact the person they are claiming did something wrong--- so what is the point of the thread?), and possibly illegal.

Unlike many of the people on this forum, we act based on legal advice from seasoned lawyers.

The information disclosed here has been disclosed for some time to the people involved with Bitcoinica, but it seems that none of them has talked to Zhou about this yet, nor started any legal action (at least none that reached any of us).

[Matthew N. Wright]

No. What they did is unprofessional, completely irresponsible (they didn't even contact the person they are claiming did something wrong--- so what is the point of the thread?), and possibly illegal.

Unlike many of the people on this forum, we act based on legal advice from seasoned lawyers.

The information disclosed here has been disclosed for some time to the people involved with Bitcoinica, but it seems that none of them has talked to Zhou about this yet, nor started any legal action (at least none that reached any of us).

No legal action = you have no right to disclose it publicly.


While I'm sure we're all eager to hear Zhou Tong's response as it is unfortunate how the situation looks, it is unnecessary to make this a forum witch hunt and is becoming more and more clear that you, AurumXChange and BitInstant do not take your own privacy policies seriously.

Hold the funds privately, let Zhou Tong give up his own right to privacy by bitching about it on the forum if he chooses to, but don't go breaking laws and giving out your customer's personal information to angry internet mobs and endangering his life when you don't even have sufficient proof that he is actually anything more than a victim of identity theft. This disgusts me deeply. The Zhou hating is tolerable from this community, but if you have any sense Mark, you will remove yourself from this thread that AurumXChange seems to be only so happy to risk their entire business in posting.

[davout]

AurumXchange is blocking funds allegedly belonging to Zhou Tong without any disclosed (until now) reason. Legal advice on AurumXchange's side was to issue a statement as soon as possible to clarify the situation as it was being made public on this very forum.

Releasing a statement to ZT about his money being frozen : sounds ok to me.
Publishing a statement to an angry mob looking for a scapegoat : probably not the smartest thing.

I highly doubt that AE's legal counsel advised them to publish anything on a public internet forum.

In absence of any legal action from the victims of this hack,

This is an assumption, not a fact.

we have no course of action to contact the police, but will be held responsible if funds are released then legal processing is started at a later point.

A financial institution has to freeze funds if they suspect illegal activity/ML and report it to the authorities.
I'm not saying it would have been smart to release the funds, but maybe it isn't very smart either to release this kind of information on a public forum and not report anything to the police (AFAIK you haven't done that, have you?).

What I find amusing is that everyone wanted to get to the bottom of all of this and now that more evidence is being presented a certain number of users want to throw rocks at those releasing the information to the public.

The only rocks being thrown are being targeted at ZT. Look at it this way : what has been achieved by posting this info here ? Nothing. Will it help an actual police investigation? Probably the opposite.

[LightRider]

The beauty of having government to solve issues like this is that they have the best interests of everyone involved at heart and only seek to find the truth of the matter and arrange to punish the guilty and give whatever restitution is possible to the victims.

To what mythical organization do you refer?

[Raoul Duke]

What aurum,mtgox and bitinstant did here is exactly the nature of bitcoin where a community should be able to work through arguments and evidence together

No. What they did is unprofessional, completely irresponsible (they didn't even contact the person they are claiming did something wrong--- so what is the point of the thread?), and possibly illegal.

That's possibly illegal, but I'll tell you a couple things which are REALLY illegal:

1- Stealing $500.000 between USD and BTC.
2- Unauthorized access to computer systems.

If the above 2 illegal matters aren't reason enough to fear repercussions from law enforcement because no reports were filed, why would Bitinstant, AurumXchange or MtGox fear repercussions for what they did in this thread?

[MagicalTux]

No legal action = you have no right to disclose it publicly.

I'll let you discuss this with AurumXchange's attorneys if you really insist on this.

[repentance]

Press charges against a minor?

Most modern legal systems charge teenagers with crimes they commit (although they can allow discretion about whether to pursue charges for minor offences).  What can vary is whether or not the case gets heard in an adult court and the type of sentence imposed (diversionary programmes are often preferred for young offenders).

[davout]

No. What they did is unprofessional, completely irresponsible (they didn't even contact the person they are claiming did something wrong--- so what is the point of the thread?), and possibly illegal.

Unlike many of the people on this forum, we act based on legal advice from seasoned lawyers.

The information disclosed here has been disclosed for some time to the people involved with Bitcoinica, but it seems that none of them has talked to Zhou about this yet, nor started any legal action (at least none that reached any of us).

Ok, so what was the advice ? Publish this kind of sensitive information on a public forum? To achieve what? That's what I thought.

[LightRider]

No. What they did is unprofessional, completely irresponsible (they didn't even contact the person they are claiming did something wrong--- so what is the point of the thread?), and possibly illegal.

Unlike many of the people on this forum, we act based on legal advice from seasoned lawyers.

The information disclosed here has been disclosed for some time to the people involved with Bitcoinica, but it seems that none of them has talked to Zhou about this yet, nor started any legal action (at least none that reached any of us).

Ok, so what was the advice ? Publish this kind of sensitive information on a public forum? To achieve what? That's what I thought.

If they were entertainment industry lawyers, it probably serves to enhance the dramatainment of the bitcoinica saga.

[MagicalTux]

AurumXchange is blocking funds allegedly belonging to Zhou Tong without any disclosed (until now) reason. Legal advice on AurumXchange's side was to issue a statement as soon as possible to clarify the situation as it was being made public on this very forum.

Releasing a statement to ZT about his money being frozen : sounds ok to me.
Publishing a statement to an angry mob looking for a scapegoat : probably not the smartest thing.

I highly doubt that AE's legal counsel advised them to publish anything on a public internet forum.

I guess you're up for a surprise on this one.

In absence of any legal action from the victims of this hack,

This is an assumption, not a fact.

The fact is that at this time no party has contacted us in any way to notify us of any action (we are in contact with all the parties involved in Bitcoinica). In absence of any legal context to relate to, there is only so much we can do.

we have no course of action to contact the police, but will be held responsible if funds are released then legal processing is started at a later point.

A financial institution has to freeze funds if they suspect illegal activity/ML and report it to the authorities.
I'm not saying it would have been smart to release the funds, but maybe it isn't very smart either to release this kind of information on a public forum and not report anything to the police (AFAIK you haven't done that, have you?).

I do not know the situation on that aspect, as the funds are not held with MtGox (we are merely helping with the investigation and trying to ensure the information flows correctly to the community).

[Matthew N. Wright]

No legal action = you have no right to disclose it publicly.

I'll let you discuss this with AurumXchange's attorneys if you really insist on this.

Zhou Tong, when he gets an attorney to represent him, can talk to AurumXChange's attorneys himself about the blatant breach of privacy on their part. You worry about the breach of privacy on your part.

[Matthew N. Wright]

Let this be a warning to everyone:

If your account is hacked (email or otherwise), MtGox, AurumXChange and BitInstant might start a thread calling you a thief and a hacker publicly and just leave it up to you to find the thread and figure out a defense instead of discussing the issue with you directly or contacting any authorities.

[LightRider]

Let this be a warning to everyone:

If your account is hacked (email or otherwise), MtGox, AurumXChange and BitInstant might start a thread calling you a thief and a hacker publicly and just leave it up to you to find the thread and figure out a defense instead of discussing the issue with you directly or contacting any authorities.

I think Matt is upset because this Bitcoinica story is developing faster than a traditional print magazine can keep up with. I mean, the first one still listed Bitcoinica as a proud partner and one of Bitcoin's Greatest Hits.

EDIT: To be fair, AE did say

Zhou, I know what you are up to. This funds have been frozen as well pending investigation, and will not be released until the investigation is concluded.

in the ticket. https://www.aurumxchange.com/help/ticket.php?track=NLY-9AG-E468&Refresh=24195

That does kind of imply that Zhou is guilty of something.

[repentance]

I do not know the situation on that aspect, as the funds are not held with MtGox (we are merely helping with the investigation and trying to ensure the information flows correctly to the community).

It's been stated elsewhere on the board that MtGox has now frozen the Bitcoinica MtGox account.  Can you confirm whether that's the case (it would be a reasonable action to take, but users generally tend to disbelieve such claims as I'm sure you're aware from having to explain such situations in relation to your own financial institutions)?

[MagicalTux]

It's been stated elsewhere on the board that MtGox has now frozen the Bitcoinica MtGox account.  Can you confirm whether that's the case (it would be a reasonable action to take, but users generally tend to disbelieve such claims as I'm sure you're aware from having to explain such situations in relation to your own financial institutions)?

Yes indeed, as discussed with Bitcoinica, we have blocked Bitcoinica's account to prevent further loss, and pending legal action to determine what should be done with those funds.

[caveden]

Will it help an actual police investigation? Probably the opposite.

It might help. With everything being public, an eventual typical police inactivity would also be public. There's some incentives for them to actually do their job (even because most of the job's done already).
If everything is done entirely in private, the police could just behave as usual (i.e., do nothing useful) and that would be it.

But you do have a point. Perhaps they should have tried to contact Zhou before releasing his private data like this.

This is all quite delicate.

[xDan]

You guys are such a mob. You too, AurumExchange, Mt Gox and co. Posting inconclusive "facts" then vaguely hinting at more unrevealed details are blame spreading, lynch mob feeding tactics worth of a tabloid.

[davout]

I guess you're up for a surprise on this one.

That wouldn't be the first one
But still, that doesn't make much sense to me, from a legal POV to disclose very sensitive information to a public internet forum.

The fact is that at this time no party has contacted us in any way to notify us of any action (we are in contact with all the parties involved in Bitcoinica). In absence of any legal context to relate to, there is only so much we can do.

Absence of proof is not proof of absence, therefore : assumption. Either way my point is that you shouldn't have released anything until contacted by an official law enforcement body. Because doing so would probably qualify as a big fat breach of privacy, decency, and your own very terms.

I do not know the situation on that aspect, as the funds are not held with MtGox (we are merely helping with the investigation and trying to ensure the information flows correctly to the community).

It's not the community's role to investage, nor is it yours. I'm simply arguing that the information flow you're mentioning might not be the most appropriate, it might somehow be in your interest, but I fail to see how it's in the victims best interests.

Yes indeed, as discussed with Bitcoinica, we have blocked Bitcoinica's account to prevent further loss, and pending legal action to determine what should be done with those funds.

That sounds about right, maybe you should have stopped right there.

Let's agree to disagree

[Ente]

Let this be a warning to everyone:

If your account is hacked (email or otherwise), MtGox, AurumXChange and BitInstant might start a thread calling you a thief and a hacker publicly and just leave it up to you to find the thread and figure out a defense instead of discussing the issue with you directly or contacting any authorities.

My resumée from this:
- Bitcoinica was not run professionaly
- the professionality of Bitcoin Consultancy Group / Intersango is at question
- MtGox, AurumXChange, BitInstant are not run professionaly

I guess I better dump the little I have left on MtGox. And print out another paperwallet professionaly. I don't want to afford more than a little playmoney on MtGox by this point now.

Ente

[sturle]

[...] AurumXchange asked us if we knew anything about email address stevejobs807@gmail.com which was used by the hacker according to AurumXchange. We found an account under this email which [...] initial funds are deposited from an account known to belong to Zhou Tong.[/list]

I see three possibilities here:

• Zhou Thong created the second MtGox account himself, and were in breach of MtGox ToS by owning two accounts without prior permission.
• The attacker also had access to Zhou Tong's MtGox account and got the funds from there himself.  Zhou Thong didn't notice.
• The attacker bought a Redeemable code or BTC directly from Zhou Thong, and transferred it directly to this account.

To me the first option is most likely.

From MtGox ToS:

Members may only have one Account at any one time and may not create or use any Account other than their own. For a Member to be exempt from any of these rules, he/she must request express and prior permission from the Platform. The creation or use of Accounts without obtaining such prior express permission from the Platform will lead to the immediate suspension of all said Accounts, as well as all pending purchase/sale offers.

If Zhou Tong indeed did own this account without express permission, MtGox shall have to suspend all Zhou Thong's accounts.  If it wasn't his account, he need to explain how the funds got transferred there from his account.

[repentance]

It's been stated elsewhere on the board that MtGox has now frozen the Bitcoinica MtGox account.  Can you confirm whether that's the case (it would be a reasonable action to take, but users generally tend to disbelieve such claims as I'm sure you're aware from having to explain such situations in relation to your own financial institutions)?

Yes indeed, as discussed with Bitcoinica, we have blocked Bitcoinica's account to prevent further loss, and pending legal action to determine what should be done with those funds.

Thank you Mark.  At least we can put to rest any suggestions that they're bullshitting about that so that they can "run away with the funds".

[MagicalTux]

The fact is that at this time no party has contacted us in any way to notify us of any action (we are in contact with all the parties involved in Bitcoinica). In absence of any legal context to relate to, there is only so much we can do.

Absence of proof is not proof of absence, therefore : assumption. Either way my point is that you shouldn't have released anything until contacted by an official law enforcement body. Because doing so would probably qualify as a big fat breach of privacy, decency, and your own very terms.

None of the parties able to start a legal action on this have done so, or have declined to let us know. Either way that puts us in a delicate situation. It should also be noted that I speak for MtGox, not for AurumXchange.

I do not know the situation on that aspect, as the funds are not held with MtGox (we are merely helping with the investigation and trying to ensure the information flows correctly to the community).

It's not the community's role to investage, nor is it yours. I'm simply arguing that the information flow you're mentioning might not be the most appropriate, it might somehow be in your interest, but I fail to see how it's in the victims best interests.

Actually it is our role to investigate any transaction that comes or goes through our systems. However once the investigation reaches a specific point we need to forward the details to the law enforcement in charge. It was legal advice on AurumXchange's side to publish a subset of the details.

[Justin00]

if the police report hasn't been filed... has any crime been committed ?

How can anyone running a company of sorts not inform the police.. its not like we are talking $10 here.. even if the police cant do anything... how can someone of not told them yet ? That is dodgy as hell.

[Matthew N. Wright]

It was legal advice on AurumXchange's side to publish a subset of the details.

MtGox breaches customer privacy agreement with its customer due to the advice of a competing exchange's attorney?

Are you sure they weren't just trying to ruin your business?

[HorseRider]

I'm going to send the Liu Haipeng's ICBC account mentioned by Zhoutong 0.01 RMB, to identify the province location of the bank account.

Just wait.


---

edit

The bank account was opened in 黑龙江省牡丹江(Mudanjiang, Heilongjiang Province. )
The Chinese name of this bank account is 刘海鹏

hopefully that this will be helpful. However, it can be a bank account bought from the black market.

Another information: this card a debit card, and it is linked to a credit card to pay back the credit card loan automatically.

[MagicalTux]

MtGox breaches customer privacy agreement with its customer due to the advice of a competing exchange's attorney?

Are you sure they weren't just trying to ruin your business?

Actually - it may be difficult to remember as we are already on the 11th page - the announce was made by AurumXchange, not by us.

[aq]

I'm gonna take a break from Bitcoin for a while.

What does this mean for Bitcoin Magazine/Ellet/UndisclosedSecretBitcoinProjectNumber12?

In the meantime you should have noticed that Matthews rarely keeps promises exactly as stated.

And it is very interesting that one of the most vocal public disclosure persons wants to suppress an investigation in this case.
He also tries to steer the discussion away from the actual theft case to something else.
We should start asking what Matthew has to loose in this case.

[davout]

Actually - it may be difficult to remember as we are already on the 11th page - the announce was made by AurumXchange, not by us.

Second post was by you though.

And it is very interesting that one of the most vocal public disclosure persons wants to suppress an investigation in this case.
He also tries to steer the discussion away from the actual theft case to something else.
We should start asking what Matthew has to loose in this case.

7. Question motives. Twist or amplify any fact which could be taken to imply that the opponent operates out of a hidden personal agenda or other bias. This avoids discussing issues and forces the accuser on the defensive.

From : http://cryptome.org/2012/07/gent-forum-spies.htm

[repentance]

if the police report hasn't been filed... has any crime been committed ?

How can anyone running a company of sorts not inform the police.. its not like we are talking $10 here.. even if the police cant do anything... how can someone of not told them yet ? That is dodgy as hell.

I don't think anyone wants to be the one to open that particular can of worms given that there's going to be a sub-set of people using each of these services to commit financial offences.  On the one hand, you'd establish credibility about the incident having occurred.  On the other, there are likely a significant amount of people who would no longer use your service because they'd be worried that investigations might reveal their own offences to authorities.

[Matthew N. Wright]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* On Friday, July 13 I was notified by MtGox that somebody had gain unauthorized access to Bitcoinica's MtGox account. I was also notified that most of the redeemable codes used in the heist were exchanged through AurumXchange on July 12.
* At the time I was on an extended weekend vacation with very limited internet access. I immediately notified Mark Karpeles at MtGox as well as Charlie Shrem at Bitinstant that I would take a closer examination of the situation on Tuesday upon my return.
* Upon closer examination of our database on Tuesday, I discovered that the hacker had indeed exchanged the MtGox coupons to Liberty Reserve through our instant exchange facility. The hacker had also exchanged Liberty Reserve back to MtGox presumably in an effort to conceal and/or "launder" the funds.
* Over all, the hacker exchanged a total of $61,875 USD from MtGox to Liberty Reserve, and a total of $17,500 Liberty Reserve to MtGox, for a grand total of $44,375 MtGox to Liberty Reserve. After our fees, this number amounts to approximately $40,000 USD.
* These orders were placed on our systems between 2012-07-12 11:46:48 and 2012-07-12 19:41:27 UTC.
* The IP addresses used by the hacker belong to TOR exit nodes to my understanding, and are as follows:

31.172.30.1
31.172.30.2
31.172.30.4
77.247.181.165
146.164.91.248
78.108.63.44

* The Liberty Reserve account used by the hacker is U9236056.
* The email address used by the hacker was stevejobs807@gmail.com.
* To my surprise, upon further examination of our order system, I found an order from Zhou Tong to sell Liberty Reserve to us for the amount of USD 40,000, requesting a wire to his bank account in Singapore. The amount for the order closely matches the total USD exchanged through us (after fees) using the MtGox USD codes stolen from the Bitcoinica account.
* This order was placed the next day the hacking attempts occurred. In addition, it should be noted that Zhou Tong has never dealt with us before as an exchange customer.
* This information was immediately sent to our two biggest trusted business partners: MtGox and Bitinstant in an effort to join forces to further investigate this situation.
* Mark Karpeles indicated that there was an account opened at MtGox using the email stevejobs807@gmail.com sometime in 2011.
* Mark replied stating that there was activity on this account, that the account was opened using an IP address belonging to Microsoft Singapore, that Zhou Tong was known to have worked for said company at said location, that the email stevejobs807@gmail.com have been verified, and that ALL activity on this account is linked to the MtGox account belonging to Zhou Tong.
* Mark has also indicated that the very first operation on the MtGox account opened with email stevejobs807@gmail.com was the redeeming of a 10 BTC MtGox code generated from Zhou Tong's account.
* Charlie indicated that Erik Vorhees (a well known member of this community) has emails he exchanged with Zhou using the email address stevejobs807@gmail.com.

At this time, it appears that there is an overwhelming amount of evidence linking Zhou Tong personally to the Bitcoinica account hack at MtGox. Our legal department has advised us to freeze the funds for the exchange order mentioned above until further investigation by the authorities and/or legal proceedings are concluded.

Both Charlie and Mark have informed the current Bitcoinica owners of the situation and advised to start legal proceedings as soon as possible.

Posts corroborating this information from both MtGox and BitInstant will follow. I am technically on vacation until mid august with limited internet access, however, I will attempt to answer any questions the community might have as often as possible. Please understand that some information will not be released until all legal proceedings have been concluded.

Sincerely,

Roberto Gutierrez
General Manager
The AurumXchange Company
https://www.aurumxchange.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG

iQEcBAEBAgAGBQJQEMmpAAoJECR5FGDHgkwDCqMH/Awy/Tjtqw9p/vzVh/ewoYgq
CPCSjWn1OUZGGkCMeA/ZwkPHV8/FgsQqBTfHJKy7OBZPaRyL7KTynFo6/BfUSCiO
tWz4QtRXE8hAV5uJNq6BtUvsSD9LXUFWanSEOZS9mApsmP5jmDc3S7JfBEDHli1w
zE9DXJR5jHQmvloRgafIQNxQq8BK7DKG25LpltXCURpVqWFkmulGsMuCqZ9wV0cb
fP92Hf4U+FnwSiM5TfZDwtOhbub9E6ilzPHBmfOjuneSEN1S49Zq3wl1wv0sHUda
2fJ4jVONpOc6S3pvGN7Jb0pdcUJQtujiOcnc+YbKa1EFBjZYY0WBnJL1EVARy4Q=
=TFJe
-----END PGP SIGNATURE-----

As representative of MtGox, I do confirm the following facts:

• Upon hack of Bitcoinica's account on our platform, a large number of redeemable codes have been issued. Seeing a large volume of codes emitted by Bitcoinica didn't alert us at first as we assumed those were funds returned to Bitcoinica customers, however we were made aware it was not the case upon posting on this forum by Genjix about the account hack. We noticed that most of those codes were sent to AurumXchange.
• Codes were all generated from IP 184.22.31.180 (184-22-31-180.static.hostnoc.net)
  
• During the investigation, AurumXchange asked us if we knew anything about email address stevejobs807@gmail.com which was used by the hacker according to AurumXchange. We found an account under this email which had some activity back in 2011, with access from both an IP at Microsoft Singapore then an IP at Amazon EC2 and which initial funds are deposited from an account known to belong to Zhou Tong.

.
While we have no definitive proof at this time, there is a definitive need for a proper investigation of what happened there. We have got no reply at this time from Bitcoinica LP and its representatives/owners regarding this matter despite many requests.

We would like to make a few points:

• I want to thank Roberto for leading the investigation on this one with Mark and myself. We pooled together our resources to connect the dots and paper trail. This just shows that even competitors can work together for the better of the Bitcoin community.
• I can confirm that both Tihan from Bitcoinica LP and Patrick from Bitcoin Consultancy were both alerted about this investigation personally face-to-face by me. I urged them to seek legal action and request clarification from Zhou. I also requested that they decline him further access to any funds in any of the accounts.
• Both assured me separately that action is being taken on this front and on the claims front. They assured me that the claims process will continue pending legal clarifications.
• As you can imagine, we had to keep this information to ourselves for 10 days or so until we can completely verify all the information we presented here.

As more information comes to light and verified, we will release it to you as soon as possible.

Thanks,

Charlie, Bitinstant.

[Justin00]

the company is over... so why would they care anymore about lost business. except to clear name and find the hacker ?

basically if the owners dont file police report say are saying to everyone who is owed money - 'piss off, we dont care' and stopping any further investigations from happening... which means no $$ for anyone.

if the police report hasn't been filed... has any crime been committed ?

How can anyone running a company of sorts not inform the police.. its not like we are talking $10 here.. even if the police cant do anything... how can someone of not told them yet ? That is dodgy as hell.

I don't think anyone wants to be the one to open that particular can of worms given that there's going to be a sub-set of people using each of these services to commit financial offences.  On the one hand, you'd establish credibility about the incident having occurred.  On the other, there are likely a significant amount of people who would no longer use your service because they'd be worried that investigations might reveal their own offences to authorities.

[MagicalTux]

the company is over... so why would they care anymore about lost business. except to clear name and find the hacker ?

basically if the owners dont file police report say are saying to everyone who is owed money - 'piss off, we dont care' and stopping any further investigations from happening... which means no $$ for anyone.

Actually it could mean that they are legally in fault to any of Bitcoinica's customers, should any of them actually file something too.

[Matthew N. Wright]

the company is over... so why would they care anymore about lost business. except to clear name and find the hacker ?

basically if the owners dont file police report say are saying to everyone who is owed money - 'piss off, we dont care' and stopping any further investigations from happening... which means no $$ for anyone.

Actually it could mean that they are legally in fault to any of Bitcoinica's customers, should any of them actually file something too.

In re-reading Charlie Shrem's post, it seems he did not really release anything important or valuable at all and basically is just posting here for support of your AurumXChange's breach of privacy, which isn't illegal, just shady. For the time being (until Charlie surfaces to explain what exactly he did release to you or AurumXChange), I will assume that the only actual breaches happened between Zhou Tong (the customer) and both AurumXchange and Mtgox.

It's early morning where Zhou is so I don't expect a response here or on Skype, but I'll contact him to see if he plans on participating in a class action law suit. I'm not sure if it would be Tort or Civil Action against AurumXChange and Mtgox, but I'd say that this thread has no logical reason for existing other than to rile on an angry mob to cause harm to one single individual, and it's pretty obvious that they've broken their own privacy agreements. Tasteless and vile.

[HorseRider]

The bank account information is very value leads to catch the theft.

[sturle]

[A pageful of quoting with no new content]

Please shut up, if you don't have anything new to add.  This verbatim quoting without even trimming down to the parts you think are important and  telling us why, is just 100% annoying to everyone trying to follow this thread.  Delete or get ignored.  (I see you have quite a lot of ignores already.)

[aq]

[A pageful of quoting with no new content]

Please shut up, if you don't have anything new to add.  This verbatim quoting without even trimming down to the parts you think are important and  telling us why, is just 100% annoying to everyone trying to follow this thread.  Delete or get ignored.  (I see you have quite a lot of ignores already.)

Judging from all his posts in this thread one could suspect that Matthew is the mysterious friend of ZT.

[zhoutong]

Doesn't Mike Hearn, a bitcoiner himself, work for Account Security at Google?
Maybe ask him for help with the Gmail access logs, Zhou Tong?

The hacker used Tor for all online communications. I'm looking for alternative ways to locate the person.

I have to say that it's not a good choice for AurumXchange to not include me in the investigation in the first place. I skipped a few classes this afternoon to deal with this mess. However, I have to admit that their intentions are understandable. It's just the fact that 90% of people believing me to be the hacker is driving me mad.

Which classes? Just curious.

This thread started at 4:00PM Victoria Time. I'm curious as to what time those classes started. And I thought you were still in Singapore.

~Bruno~

No it was around 2pm.

[repentance]

It's early morning where Zhou is so I don't expect a response here or on Skype, but I'll contact him to see if he plans on participating in a class action law suit. I'm not sure if it would be Tort or Civil Action against AurumXChange and Mtgox, but I'd say that this thread has no logical reason for existing other than to rile on an angry mob to cause harm to one single individual, and it's pretty obvious that they've broken their own privacy agreements. Tasteless and vile.

You're getting flustered.  Zhou is in my time zone and it's currently 8:35 pm Thursday.

The forum is usually dead at this time of night.

[MagicalTux]

(I see you have quite a lot of ignores already.)

I didn't see the forum had this feature, quite nice actually. Thank you very much, sturle.

[zhoutong]

Let this be a warning to everyone:

If your account is hacked (email or otherwise), MtGox, AurumXChange and BitInstant might start a thread calling you a thief and a hacker publicly and just leave it up to you to find the thread and figure out a defense instead of discussing the issue with you directly or contacting any authorities.

I think Matt is upset because this Bitcoinica story is developing faster than a traditional print magazine can keep up with. I mean, the first one still listed Bitcoinica as a proud partner and one of Bitcoin's Greatest Hits.

EDIT: To be fair, AE did say

Zhou, I know what you are up to. This funds have been frozen as well pending investigation, and will not be released until the investigation is concluded.

in the ticket. https://www.aurumxchange.com/help/ticket.php?track=NLY-9AG-E468&Refresh=24195

That does kind of imply that Zhou is guilty of something.

You forgot that it's a ticket with the hacker, not me. I had no way to possibly read this before the public statement.

[Matthew N. Wright]

It's early morning where Zhou is so I don't expect a response here or on Skype, but I'll contact him to see if he plans on participating in a class action law suit. I'm not sure if it would be Tort or Civil Action against AurumXChange and Mtgox, but I'd say that this thread has no logical reason for existing other than to rile on an angry mob to cause harm to one single individual, and it's pretty obvious that they've broken their own privacy agreements. Tasteless and vile.

You're getting flustered.  Zhou is in my time zone and it's currently 8:35 pm Thursday.

The forum is usually dead at this time of night.

Skype was showing his time as 2am. Now it's showing 8pm. I don't understand why it does that but I remember this happening before.

Now that AurumXChange and MtGox's privacy policies have been publicly posted in this thread and it is quite obvious that MtGox at least is clearly in breach of them (as Mark stated they have not received any requests from government officials and are not aware of any official investigations) for officially confirming private facts about customer accounts, the burden of proof is now on AurumXChange to provide this order from government officials that would warrant the information being leaked, and make sure that the order mentions that this data was to be released publicly.

[aq]

...

There are 2 possible outcomes:
1) You are the hacker and can be sued. As you claim to transfer tons of money all the time, you can afford it and will replace the funds.
2) You will get of your lazy ass (sorry but it was your email account and you did not bother checking it despite that it had a (verified?) mtgox account attached) and investigate and eventually identify the hacker (as Mark said, it has to be you or one of your close (bitcoinica) "friends"). The hacker can be sues and (maybe) will replace the funds.
So I would say the future, regarding bitcoinica, looks brighter today than it has been yesterday

[zhoutong]

I have located a suspect, his name is 陈建海(Chen Jianhai). He's NOT my friend and we have never met in person. He was one of my previous business associates because he's very familiar with credit card fraud and he advised me a lot (in terms of fraud prevention, of course) when I built my virtual goods payment processor in late 2010.

He has knowledge of my secret gmail address and I have once re-used the password in his web shop

His English is not very proficient and I'm sure that he's not reading this forum at the moment. I'm giving him a call now to persuade him to admit his wrong-doing and return the funds.

I'll post another thread soon.

[repentance]

The season finale had better be good.  We don't need any more cliff-hangers.

[Blazr]

I have located a suspect, his name is 陈建海(Chen Jianhai). He's NOT my friend and we have never met in person. He was one of my previous business associates because he's very familiar with credit card fraud and he advised me a lot (in terms of fraud prevention, of course) when I built my virtual goods payment processor in late 2010.

He has knowledge of my secret gmail address and I have once re-used the password in his web shop

His English is not very proficient and I'm sure that he's not reading this forum at the moment. I'm giving him a call now to persuade him to admit his wrong-doing and return the funds.

I'll post another thread soon.

I haven't been following this hack, but from what I understand the MT Gox account was hacked because the password was hard-coded into the source code.

Are you saying that this associate, who had access to this email acount since 2010, also happened to be the first person to find the password in the source code, and then tried to frame you by using your anonymous email which you've only shared with a handful of people?

[norulezapply]

On a lighter note, this song now has a whole new meaning:
http://www.youtube.com/watch?v=-z9Jwp2x86o

I was waiting for someone to post that..

[ydenys]

I agree with Matthew here. On the other hand all this Bitcoinica-related stupidity is decidedly public and therefore highly contagious. Exchange owners may be forgiven for attempts at pig farming, for they, in a way, must regulate, especially given that none of the interested parties are willing to report this matter to the authorities.

On the topic: I find probability of Zhou being falsely implicated here @ ~99%. (~1% being reserved for a 3rd party influence/hormonal misbalance/luck of chance/intoxication or somesuch aberration - he is a young man after all). It is, sadly, normal that young people like Zhou/Amir being exploited by the real perpetrators from BC, who agree to use customers' deposits for their expenses and then delay legitimate refunds. There is no point to think we/Bitcoin/any form of financial innovation can do something to change that in a world order, rather than bring out even more greed.

[zhoutong]

I have posted another thread about Chen Jianhai: https://bitcointalk.org/index.php?topic=95795.0

[cnbtcnews]

New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

日期:2012-7-12

Ryan(11853074) 20:03:18

6.2出LR，财付通付款

Ryan(11853074) 20:13:06

要多少有多少

Ryan(11853074) 20:13:12

我帮一个朋友出的

Ryan(11853074) 20:14:06

1万美元之内都没什么问题

Ryan(11853074) 20:17:18

LibertyReserve

And  zhoutong's LR account is :
http://cnbtcnews.com/wp-content/uploads/2012/07/zhongtongLRaccount.jpg

zhoutong said The hacker registered a Liberty Reserve account U9236056 at Jul 12, 2012 9:42 PM.

So now everyone knows zhoutong is the hacker!!!

[tseale]

It would suprise me greatly if Zhou is responsible for this.

I do not have access to any first-hand evidence that would implicate Zhou.

I work on behalf of the fund that invested in Bitcoinica. I have no position of authority with Bitcoinica LP.

When it was made known to me that some suspected Zhou, my recommendation was to confront him privately for his explanation.

[zhoutong]

It would suprise me greatly if Zhou is responsible for this.

I do not have access to any first-hand evidence that would implicate Zhou.

I work on behalf of the fund that invested in Bitcoinica. I have no position of authority with Bitcoinica LP.

When it was made known to me that some suspected Zhou, my recommendation was to confront him privately for his explanation.

Thanks for posting here. I hope the puzzle can be solved soon and Bitcoinica's customers can get their claimed amount back in full.

[Littleshop]

Or........

Steve Jobs is not really dead, likes bitcoin and has taken up work at Microsoft India.  

[MagicalTux]

When it was made known to me that some suspected Zhou, my recommendation was to confront him privately for his explanation.

Would have been nice to keep me in the loop at that point, then.

Zhou's explanation sounds convincing, but as previously said it is not up to us to judge, and legal action is most likely unavoidable at this point.


Either way, I believe many here would appreciate to know who they can turn themselves to to get things moving forward.

[caveden]

New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

I'm sorry but,

• Who are you?
• Are you claiming you have evidence that LR account U9236056 is controlled by Zhou Thong? Could you really prove that?
• What do all those Chinese symbols in your post mean?

Thanks

[Jimmy2011]

New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

日期:2012-7-12

Ryan(11853074) 20:03:18

6.2出LR，财付通付款

Ryan(11853074) 20:13:06

要多少有多少

Ryan(11853074) 20:13:12

我帮一个朋友出的

Ryan(11853074) 20:14:06

1万美元之内都没什么问题

Ryan(11853074) 20:17:18

LibertyReserve

And  zhoutong's LR account is :


zhoutong said The hacker registered a Liberty Reserve account U9236056 at Jul 12, 2012 9:42 PM.

So now everyone knows zhoutong is the hacker!!!

Where was the message from? QQ Group? Please release a screenshot.

I try my best to translate the message as following:

Ryan said he/she wants to sell a lot of LR USD (maximum 10,000LR USD) at a price of 6.2 RMB per LR USD for his friend, and get cash by TenPay (http://www.tenpay.com).

[crazy_rabbit]

I continue to be flabbergasted at the Bitcoinica clusterf*ck. How on earth any one with any sense thinks they should keep posting on a public forum when the threat of legal action hangs over their heads is beyond me.

Honestly- Zhou, why are you still writing on the forum? Just post a message: "My lawyer has advised me to give no further comment" and leave it at that (and of course, actually get a lawyer). You're insane to keep writing anything here. Everyones answer to everything at this point in time should be: "no comment".

As for AurumExchange and bitInstant, I can't see how either of you have any real right to post this information in the forums either. You obviously redacted some of it, knowing that it could be sensitive in a legal setting, but I think you really open yourselves up to some sort of legal action. Imagine if all this goes to trial, Zhou is cleared and he turns around and sues for liable? I think any court would ask first and formost, if he hasn't yet been convicted- why go public?

Anyway, this is insane that it continues. I guess part of us loves the drama, but for goodness sake stop the madness. With all the posts back and forth there is no way for none of you to have not contradicted yourselves in some technical way, and lawyers for whomever your opposing party may be will definitely pick every letter written apart to find it. Everyone go get lawyers and hush the heck up!

Post the court transcripts when ready, until then- don't work so hard at extending your potential sentences!

[DarkEmi]

I continue to be flabbergasted at the Bitcoinica clusterf*ck. How on earth any one with any sense thinks they should keep posting on a public forum when the threat of legal action hangs over their heads is beyond me.

Honestly- Zhou, why are you still writing on the forum? Just post a message: "My lawyer has advised me to give no further comment" and leave it at that (and of course, actually get a lawyer). You're insane to keep writing anything here. Everyones answer to everything at this point in time should be: "no comment".

As for AurumExchange and bitInstant, I can't see how either of you have any real right to post this information in the forums either. You obviously redacted some of it, knowing that it could be sensitive in a legal setting, but I think you really open yourselves up to some sort of legal action. Imagine if all this goes to trial, Zhou is cleared and he turns around and sues for liable? I think any court would ask first and formost, if he hasn't yet been convicted- why go public?

Anyway, this is insane that it continues. I guess part of us loves the drama, but for goodness sake stop the madness. With all the posts back and forth there is no way for none of you to have not contradicted yourselves in some technical way, and lawyers for whomever your opposing party may be will definitely pick every letter written apart to find it. Everyone go get lawyers and hush the heck up!

Post the court transcripts when ready, until then- don't work so hard at extending your potential sentences!

If they didnt do anything we would still be in the dark.

I personnally appreciate that the exchange are willing to divulge information helping the case.

Of course it is a shame that no legal actions yet was taken or police involved, but this responsability should have been first the responsability of the INTERSANGO TEAM.. How irresponsible it is to declare nothing when you ve got 400k stolen ? At least at this point it seems they were "just" irresponsible & incompetent and are cleaned from any scam attempts.

Regarding Zhou, as the issue is going right now, It would be really early to comment at this point. He is either a very trustworthy guy or a scumbag, hard to say which one with proof. My gut feeling says he is clean but thats just a feeling. We'll have to see what happens next

[John (John K.)]

New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

日期:2012-7-12

Ryan(11853074) 20:03:18

Selling LR funds for RMB6.2 each, to be paid through TenPay (http://www.tenpay.com)

Ryan(11853074) 20:13:06

I can sell whatever amount that you require (literal: I have unlimited funds)

Ryan(11853074) 20:13:12

I'm helping a friend to sell

Ryan(11853074) 20:14:06

Amounts below $10000 USD is okay.

Ryan(11853074) 20:17:18

LibertyReserve

And  zhoutong's LR account is :


zhoutong said The hacker registered a Liberty Reserve account U9236056 at Jul 12, 2012 9:42 PM.

So now everyone knows zhoutong is the hacker!!!

New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

I'm sorry but,

• Who are you?
• Are you claiming you have evidence that LR account U9236056 is controlled by Zhou Thong? Could you really prove that?
• What do all those Chinese symbols in your post mean?

Thanks

Translated.

[sadpandatech]

New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

日期:2012-7-12

Ryan(11853074) 20:03:18

Selling LR funds for RMB6.2 each, to be paid through TenPay (http://www.tenpay.com)

Ryan(11853074) 20:13:06

I can sell whatever amount that you require (literal: I have unlimited funds)

Ryan(11853074) 20:13:12

I'm helping a friend to sell

Ryan(11853074) 20:14:06

Amounts below $10000 USD is okay.

Ryan(11853074) 20:17:18

LibertyReserve

And  zhoutong's LR account is :


zhoutong said The hacker registered a Liberty Reserve account U9236056 at Jul 12, 2012 9:42 PM.

So now everyone knows zhoutong is the hacker!!!

New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

I'm sorry but,

• Who are you?
• Are you claiming you have evidence that LR account U9236056 is controlled by Zhou Thong? Could you really prove that?
• What do all those Chinese symbols in your post mean?

Thanks

Translated.

literaly unlimted..
why bother saying they are helping a friend to sell, as it just makes a buyer leary under normal circumstances?
This was shortly before hack. Likely, right after said person realized they could still have access to fully loaded Gox account.
They likely assumed they would have no issues cleaning the place out since they had full access..

[Coinoisseur]

Why hasn't anyone in control of Bitcoinica filed a criminal complaint regarding the hacking? Multiple "hacks" and not a single criminal complaint in progress? TBH, I'm glad MTGox and AurumXChange were willing to say something. Sounds like they are just as frustrated about the lack of engagement of law enforcement in serious computer intrusion and monetary criminal behavior. And how is it libel? They state an email connected with Zhou Tong was used and even Zhou Tong acknowledges that to be the case.

Seriously, you 3 together have done a much better investigation than any "actual investigation" most official judges or police bureaus in the world would. The only think you lack is "authority".

Yes, such a good investigation, and yet they can't prove anything and decided to release private customer information and libel against a customer in the process.

Class act.

Zhou, get a lawyer, but get one to sue these shmucks.

It is not up to any of us to judge if funds should be unlocked, we should have an actual court with an actual judge do an actual investigation first.

Instead, it's your job to libel against customers for things you have no proof of?


I'm gonna take a break from Bitcoin for a while. When I come back, I hope to see that it's returned to being Bitcoin again and not just a microversion of the US government with a bunch of hot-head businesses eager for attention.

[sadpandatech]

New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

日期:2012-7-12

Ryan(11853074) 20:03:18

Selling LR funds for RMB6.2 each, to be paid through TenPay (http://www.tenpay.com)

Ryan(11853074) 20:13:06

I can sell whatever amount that you require (literal: I have unlimited funds)

Ryan(11853074) 20:13:12

I'm helping a friend to sell

Ryan(11853074) 20:14:06

Amounts below $10000 USD is okay.

Ryan(11853074) 20:17:18

LibertyReserve

And  zhoutong's LR account is :


zhoutong said The hacker registered a Liberty Reserve account U9236056 at Jul 12, 2012 9:42 PM.

So now everyone knows zhoutong is the hacker!!!

New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

I'm sorry but,

• Who are you?
• Are you claiming you have evidence that LR account U9236056 is controlled by Zhou Thong? Could you really prove that?
• What do all those Chinese symbols in your post mean?

Thanks

Translated.

literaly unlimted..
why bother saying they are helping a friend to sell, as it just makes a buyer leary under normal circumstances?
This was shortly before hack. Likely, right after said person realized they could still have access to fully loaded Gox account.
They likely assumed they would have no issues cleaning the place out since they had full access..


ZT,

So a hacker compromised this gmail account of yours?
How long ago did you notice someone else was using the email account?
Why did you not contact services that this email account was used for to inform them?
where else was this email account even known?  
Who knew you used this email account for anything?

I would really like a better timeline on this email account..??

anyone?

[rjk]

Those of you that have LastPass should take the "LastPass Security Challenge". It takes all of your stored passwords and checks to see how many times they are re-used across all your stored sites. I'm in the process of improving my score by visiting each and every stored website and changing the password from a shared one to a unique generated one. It will take a while because there are hundreds to visit. However, this hack points out the absolute reliance that most people have on email as a last form of authentication, which is a shame.

Even one of my banks has a limit of 12 character password with no symbols, and only one other bank has the option to disable email password resets.

[Vod]

I have located a suspect, his name is 陈建海(Chen Jianhai). He's NOT my friend and we have never met in person. He was one of my previous business associates because he's very familiar with credit card fraud and he advised me a lot (in terms of fraud prevention, of course) when I built my virtual goods payment processor in late 2010.

He has knowledge of my secret gmail address and I have once re-used the password in his web shop

His English is not very proficient and I'm sure that he's not reading this forum at the moment. I'm giving him a call now to persuade him to admit his wrong-doing and return the funds.

I'll post another thread soon.

I was one of the first to predict that zhoutong had taken the money in an inside job.

I'm now going to predict that he'll discover his "acquaintance" took the money and it will be returned shortly.  

And I predict there will still be people that think he is innocent in all this...

[jackmaninov]

Even one of my banks has a limit of 12 character password with no symbols, and only one other bank has the option to disable email password resets.

There is a Canadian bank that only allows a 6 character password (not sure about symbols) for its web banking. I LOLed when their form refused to allow me to enter something longer.

[repentance]

I was one of the first to predict that zhoutong had taken the money in an inside job.

I'm now going to predict that he'll discover his "acquaintance" took the money and it will be returned shortly.  

And I predict there will still be people that think he is innocent in all this...

Do keep up.  You're "predicting' stuff which was posted a couple of hours ago.

[Coinoisseur]

Wow, roflmao here.

I have located a suspect, his name is 陈建海(Chen Jianhai). He's NOT my friend and we have never met in person. He was one of my previous business associates because he's very familiar with credit card fraud and he advised me a lot (in terms of fraud prevention, of course) when I built my virtual goods payment processor in late 2010.

He has knowledge of my secret gmail address and I have once re-used the password in his web shop

His English is not very proficient and I'm sure that he's not reading this forum at the moment. I'm giving him a call now to persuade him to admit his wrong-doing and return the funds.

I'll post another thread soon.

[Mistafreeze]

I have located a suspect, his name is 陈建海(Chen Jianhai). He's NOT my friend and we have never met in person. He was one of my previous business associates because he's very familiar with credit card fraud and he advised me a lot (in terms of fraud prevention, of course) when I built my virtual goods payment processor in late 2010.

He has knowledge of my secret gmail address and I have once re-used the password in his web shop

His English is not very proficient and I'm sure that he's not reading this forum at the moment. I'm giving him a call now to persuade him to admit his wrong-doing and return the funds.

I'll post another thread soon.

I was one of the first to predict that zhoutong had taken the money in an inside job.

I'm now going to predict that he'll discover his "acquaintance" took the money and it will be returned shortly.  

And I predict there will still be people that think he is innocent in all this...

Already did.

[sadpandatech]

ZT,

So a hacker compromised this gmail account of yours?
How long ago did you notice someone else was using the email account?
You said you saw credit card fraud that used this email account, how long ago was that?
Why did you not contact services that this email account was used for to inform them?
where else was this email account even known?  
Who knew you used this email account for anything?

I would really like a better timeline on this email account..??

anyone?

[check_status]

Is this an accurate timeline?

ZhouTong builds a valuable commodity, which transacts large quantities of pseudo-money.
Security conscious users probe the Bitcoinica system and find it vulnerable.
ZhouTong was warned about some weaknesses but defends his design decissions instead of looking to improve security.
Bitcoinica is cracked and a large amount of funds are moved out of Bitcoinica.
Dust settles then Bitcoinica's MtGox account gets cracked.
2 exchanges and 1 uninvolved company partner up and provide suggestive accusations which point at ZhouTong as the culprit.
Still, nobody mentions where the coins travel or sit.

The attack could have been carried out without ZhouTong being aware that a compromise had occurred. It's possible an attacker had unnoticed access for a long period of time in order to collect information and to plan the theft. If the attack occured without ZhouTong having been a colaberator in the heist, then a large group of people are spending a lot of time pointing a finger in his direction. So far we have only seen a lot of hype and only one flimsey connection of ZhouTong's involvement. The information was presented in order to frame ZhouTong in a suggestive manner which portrays him as a criminal. You are trying cases in the court of public opinion, this is very unprofessional even if it weren't slanderous.

Did the current owners of Bitcoinica do a security audit before they got financially involved in the company?

[sadpandatech]

Is this an accurate timeline?

ZhouTong builds a valuable commodity, which transacts large quantities of pseudo-money.
Security conscious users probe the Bitcoinica system and find it vulnerable.
ZhouTong was warned about some weaknesses but defends his design decissions instead of looking to improve security.
Bitcoinica is cracked and a large amount of funds are moved out of Bitcoinica.
Dust settles then Bitcoinica's MtGox account gets cracked.
2 exchanges and 1 uninvolved company partner up and provide suggestive accusations which point at ZhouTong as the culprit.
Still, nobody mentions where the coins travel or sit.

The attack could have been carried out without ZhouTong being aware that a compromise had occurred. It's possible an attacker had unnoticed access for a long period of time in order to collect information and to plan the theft. If the attack occured without ZhouTong having been a colaberator in the heist, then a large group of people are spending a lot of time pointing a finger in his direction. So far we have only seen a lot of hype and only one flimsey connection of ZhouTong's involvement. The information was presented in order to frame ZhouTong in a suggestive manner which portrays him as a criminal. You are trying cases in the court of public opinion, this is very unprofessional even if it weren't slanderous.

Did the current owners of Bitcoinica do a security audit before they got financially involved in the company?

you're an idiot

[Coinoisseur]

Flimsy? Zhou Tong admits it was his email and is just stating it was a compromised account. The exchanges are in a serious bind since they deal with government currencies, they can't be seen to be aiding in theft or laundering. Might want to ask Intersango what the consequences can be for an exchange.

So far we have only seen a lot of hype and only one flimsey connection of ZhouTong's involvement. The information was presented in order to frame ZhouTong in a suggestive manner which portrays him as a criminal. You are trying cases in the court of public opinion, this is very unprofessional even if it weren't slanderous.

Did the current owners of Bitcoinica do a security audit before they got financially involved in the company?

[MrTeal]

* The Liberty Reserve account used by the hacker is U9236056.
* The email address used by the hacker was stevejobs807@gmail.com.
* To my surprise, upon further examination of our order system, I found an order from Zhou Tong to sell Liberty Reserve to us for the amount of USD 40,000, requesting a wire to his bank account in Singapore. The amount for the order closely matches the total USD exchanged through us (after fees) using the MtGox USD codes stolen from the Bitcoinica account.
* This order was placed the next day the hacking attempts occurred. In addition, it should be noted that Zhou Tong has never dealt with us before as an exchange customer.
* This information was immediately sent to our two biggest trusted business partners: MtGox and Bitinstant in an effort to join forces to further investigate this situation.
* Mark Karpeles indicated that there was an account opened at MtGox using the email stevejobs807@gmail.com sometime in 2011.
* Mark replied stating that there was activity on this account, that the account was opened using an IP address belonging to Microsoft Singapore, that Zhou Tong was known to have worked for said company at said location, that the email stevejobs807@gmail.com have been verified, and that ALL activity on this account is linked to the MtGox account belonging to Zhou Tong.
* Mark has also indicated that the very first operation on the MtGox account opened with email stevejobs807@gmail.com was the redeeming of a 10 BTC MtGox code generated from Zhou Tong's account.
* Charlie indicated that Erik Vorhees (a well known member of this community) has emails he exchanged with Zhou using the email address stevejobs807@gmail.com.

stevejobs807@gmail.com was indeed my email account used for anonymous testing purpose, however I haven't been using it for a long time. I'm logging in the account to check the suspicious activity and I'll post relevant details as well.

The email account had a heavily-reused password (for the sites that I don't intend to share any private data), *at least* it was used on LinkedIn and many other websites.

The email account is only used for testing purposes, has a heavily reused password and is used at sites that you don't plan to share any personal data with, except the exchanges where you move hundreds of thousands of dollars.

[defxor]

It would suprise me greatly if Zhou is responsible for this.
I do not have access to any first-hand evidence that would implicate Zhou.
I work on behalf of the fund that invested in Bitcoinica. I have no position of authority with Bitcoinica LP.
When it was made known to me that some suspected Zhou, my recommendation was to confront him privately for his explanation.

In the internal email dump from genjix you are quoted as having written the following:

Speaking of that, Zhou I wanted your thoughts on the financial situation.
As you know, Bitcoinica went from cranking out 6-figure profit one month to
a flatline the next. I covered most of the deficit from the hack on the
assumption Bitcoinica profits would quickly fill in the rest. What's
happened instead is a consistent equity leak that has remained unresolved
for two months. We've gone from being short 40k to now being short 88k.

https://bitcointalk.org/index.php?topic=93109.msg1039996#msg1039996

Has the reason for that been accurately explained? That is, did Bitcoinica ever - provably - profit to the degree that Zhou claimed it did when you bought it?

One interesting line of thought is that the only one who's ever made a profit from operating Bitcoinica is Zhou, and if the service didn't make a profit from trading the only other explanation is that the "profit" came directly out of user deposits. To cover that up regular "hacks" were simply needed.

[finway]

New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

日期:2012-7-12

Ryan(11853074) 20:03:18
6.2出LR，财付通付款

Ryan(11853074) 20:13:06
要多少有多少

Ryan(11853074) 20:13:12
我帮一个朋友出的

Ryan(11853074) 20:14:06
1万美元之内都没什么问题

Ryan(11853074) 20:17:18

LibertyReserve

And  zhoutong's LR account is :


zhoutong said The hacker registered a Liberty Reserve account U9236056 at Jul 12, 2012 9:42 PM.

So now everyone knows zhoutong is the hacker!!!

Wow, Zhoutong, how will you respond to this ?  

[cnbtcnews]

New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

I'm sorry but,

• Who are you?
• Are you claiming you have evidence that LR account U9236056 is controlled by Zhou Thong? Could you really prove that?
• What do all those Chinese symbols in your post mean?

Thanks

I am the owner of www.cnbtcnews.com. I introduce bitcoin to chinese people.
The evidence is from one person of my qq group.
zhoutong sell LR, and he buy LR from zhoutong.

[LoupGaroux]

Let us recall that Zhou himself admitted as recently as earlier this week that he still had access to the LastPass password, and was successfully entering the site.

And as to "illegal" disclosures of personal information by the various businesses involved in this... criminal action is not a defense. If Zhou is involved in this criminal situation, whether as principal scoundrel driving, or incompetent boob reusing the one password that would allow a nefarious friend of his to defeat every security barrier in the world, he cannot use the facts of that criminal act to demand compliance with user privacy policies.

[hatshepsut]

New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

I'm sorry but,

• Who are you?
• Are you claiming you have evidence that LR account U9236056 is controlled by Zhou Thong? Could you really prove that?
• What do all those Chinese symbols in your post mean?

Thanks

I am the owner of www.cnbtcnews.com. I introduce bitcoin to chinese people.
The evidence is from one person of my qq group.
zhoutong sell LR, and he buy LR from zhoutong.

http://www.youtube.com/watch?v=PDKGDPSq03A

[Jimmy2011]

New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

I'm sorry but,

• Who are you?
• Are you claiming you have evidence that LR account U9236056 is controlled by Zhou Thong? Could you really prove that?
• What do all those Chinese symbols in your post mean?

Thanks

I am the owner of www.cnbtcnews.com. I introduce bitcoin to chinese people.
The evidence is from one person of my qq group.
zhoutong sell LR, and he buy LR from zhoutong.

Can you request the screenshot for the above message from QQ group member who has the record? Of course, policemen can get the records from Tecent.

[caveden]

I am the owner of www.cnbtcnews.com. I introduce bitcoin to chinese people.
The evidence is from one person of my qq group.
zhoutong sell LR, and he buy LR from zhoutong.

How does this person know for sure Zhou Thong was behind U9236056?

[dancingnancy]

It would suprise me greatly if Zhou is responsible for this.

I do not have access to any first-hand evidence that would implicate Zhou.

I work on behalf of the fund that invested in Bitcoinica. I have no position of authority with Bitcoinica LP.

When it was made known to me that some suspected Zhou, my recommendation was to confront him privately for his explanation.

It is nice that you posted this.  I agree, even if ZT was the hacker, this was not the way to go after him.  Thank you for stating your small side to this story.  

[dancingnancy]

Relevant?

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #intersango
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinconsultancy
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinica
[01:01] * phantomcircuit is now known as steve_bobs

? Wtf ? 
If this log is real, this guy's got some explaining to do

I just read through all of this and missed if there was a follow-up to this post?

[cnbtcnews]

New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

I'm sorry but,

• Who are you?
• Are you claiming you have evidence that LR account U9236056 is controlled by Zhou Thong? Could you really prove that?
• What do all those Chinese symbols in your post mean?

Thanks

I am the owner of www.cnbtcnews.com. I introduce bitcoin to chinese people.
The evidence is from one person of my qq group.
zhoutong sell LR, and he buy LR from zhoutong.

Can you request the screenshot for the above message from QQ group member who has the record? Of course, policemen can get the records from Tecent.

He has the record.
Because zhoutong said he will make the money back from chenjianhai , now let us see how the things will go on.

[cnbtcnews]

I am the owner of www.cnbtcnews.com. I introduce bitcoin to chinese people.
The evidence is from one person of my qq group.
zhoutong sell LR, and he buy LR from zhoutong.

How does this person know for sure Zhou Thong was behind U9236056?

He buy LR from zhoutong ,zhoutong show the LR account and the total fund is $23439.57.

[dancingnancy]

I am the owner of www.cnbtcnews.com. I introduce bitcoin to chinese people.
The evidence is from one person of my qq group.
zhoutong sell LR, and he buy LR from zhoutong.

How does this person know for sure Zhou Thong was behind U9236056?

He buy LR from zhoutong ,zhoutong show the LR account and the total fund is $23439.57.

How do you know he bought it from "ZT" if it was just over electronic communication?

[cnbtcnews]

I am the owner of www.cnbtcnews.com. I introduce bitcoin to chinese people.
The evidence is from one person of my qq group.
zhoutong sell LR, and he buy LR from zhoutong.

How does this person know for sure Zhou Thong was behind U9236056?

He buy LR from zhoutong ,zhoutong show the LR account and the total fund is $23439.57.

How do you know he bought it from "ZT" if it was just over electronic communication?

Many people in China of bitcoin community knows zhoutong's qq account, so that's zhoutong.

[cryptoanarchist]

it's just comming in my mind: is there a possibility to freeze bitcoin addresses also in the future by improving the protocol if the community decided to outlaw a bitcoin address because a hacker used it??

Yay! USD v2.0 here we come!

the current situation tells me a need of this!

Dumbest fucking idea EVER...

[BitcoinBug]

I have located a suspect, his name is 陈建海(Chen Jianhai). He's NOT my friend and we have never met in person. He was one of my previous business associates because he's very familiar with credit card fraud and he advised me a lot (in terms of fraud prevention, of course) when I built my virtual goods payment processor in late 2010.

He has knowledge of my secret gmail address and I have once re-used the password in his web shop

His English is not very proficient and I'm sure that he's not reading this forum at the moment. I'm giving him a call now to persuade him to admit his wrong-doing and return the funds.

I'll post another thread soon.

Did he have an intimate knowledge of Bitcoinica business, like where the MtGox access codes were stored and what the master password of LastPass was? And another unrelated question: when was the last time you used Tor?

[guruvan]

Seriously, you 3 together have done a much better investigation than any "actual investigation" most official judges or police bureaus in the world would. The only think you lack is "authority".

Yes, such a good investigation, and yet they can't prove anything and decided to release private customer information and libel against a customer in the process.

Class act.

Zhou, get a lawyer, but get one to sue these shmucks.

It is not up to any of us to judge if funds should be unlocked, we should have an actual court with an actual judge do an actual investigation first.

Instead, it's your job to libel against customers for things you have no proof of?


I'm gonna take a break from Bitcoin for a while. When I come back, I hope to see that it's returned to being Bitcoin again and not just a microversion of the US government with a bunch of hot-head businesses eager for attention.

We can only hope the break is permanent. Maybe you'll help yourself to a dictionary while you take your break. You can learn the definition of libel, and slander, and see how they apply to your own words.

[Jimmy2011]

I am the owner of www.cnbtcnews.com. I introduce bitcoin to chinese people.
The evidence is from one person of my qq group.
zhoutong sell LR, and he buy LR from zhoutong.

How does this person know for sure Zhou Thong was behind U9236056?

He buy LR from zhoutong ,zhoutong show the LR account and the total fund is $23439.57.

How do you know he bought it from "ZT" if it was just over electronic communication?

cnbtcnews showed a screenshot for the transaction, from which it can be seen QQ member Ryan/ZT's LR account the same as ZT said today.

[hatshepsut]

Seriously, you 3 together have done a much better investigation than any "actual investigation" most official judges or police bureaus in the world would. The only think you lack is "authority".

Yes, such a good investigation, and yet they can't prove anything and decided to release private customer information and libel against a customer in the process.

Class act.

Zhou, get a lawyer, but get one to sue these shmucks.

It is not up to any of us to judge if funds should be unlocked, we should have an actual court with an actual judge do an actual investigation first.

Instead, it's your job to libel against customers for things you have no proof of?


I'm gonna take a break from Bitcoin for a while. When I come back, I hope to see that it's returned to being Bitcoin again and not just a microversion of the US government with a bunch of hot-head businesses eager for attention.

We can only hope the break is permanent. Maybe you'll help yourself to a dictionary while you take your break. You can learn the definition of libel, and slander, and see how they apply to your own words.

+1

[Herodes]

Relevant?

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #intersango
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinconsultancy
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinica
[01:01] * phantomcircuit is now known as steve_bobs

? Wtf ? 
If this log is real, this guy's got some explaining to do

I just read through all of this and missed if there was a follow-up to this post?

The IP in question is an american one, which doesn't necessarily mean anything. But it seems from that log (if legit), that phantomcircuit is given op privilegies, which means he should be identified with NickServ? AFAIK, you can authenticate from any ip, so if phantomcircuit's e-mail was compromized earlier on (as was stated on this forum), then his IRC personality could be compromized as well, for all we know, his computer(s) may be backdoored.

Googling ~phantomci@c-67-188-9-35.hsd1.ca.comcast.net gives some results, but I'm not going to do anymore research, if anyone feels up to it, go ahead.

I don't know Zou Thong, but personally I would've never have sold my operations to any 'security expert' that's previously been inolved in cracking said operations and boasting on it in a public forum...

http://bitcoinstats.com/irc/bitcoin-dev/logs/2011/09/12/4
http://bitcoinstats.com/irc/bitcoin-dev/logs/2011/09/12/5

Did some research anyway:
41 days ago, the same identity was used by a user called phantomcircuit:
http://pastie.org/4096261

Aparently he's discussing the pay back process rather grumpily on that occasion.

However, "phantomcircuit is now known as steve_bobs" yielded no hits while searching on google, so perhaps it's just trolling ?

On one side I agree that the bitcoin companies breached their privacy statements, however, I for one, thought the information was interesting to get, however it also means that anyone in a similar position in the future can not trust that their account will not be frozen for similar reasons and their information being put public.

But it's funny that, now suddenly Zou Thong was able to find a 'suspect', actually a 'friend' of him to boot. I find it hard that he was not able to think of this earlier.


I see a lot of people are calling for police investigation in these matters. In the end, Bitcoinica customers are interested in clawing back their money, so what would be better than appointing reputable members of the forum, that would have access to a certain amount of the total funds each, and then have BC  hand over all the funds and then the claims process could continue ?

There are probably numerous criminal acts that's been comitted throughout this debacle, and the involved actors know this. Therefore they do not go to the police. Also, an investigation would probably take a lot of time, and it's questionable if it would lead to anything at all, but those who'd be richer by such a process would be the lawyers.

If Zou Thong is guilty, it would be better to step up, admit to it, and try to rectify the situation. If he's not guilty he sure as hell have made a lot of bad calls and have involved himself with 'criminal friends'.

(Somebody with a lot of time on their hands should create a site wiki-style and gather all the evidence with citations!)

The saga is not over yet. Look forward to the movie!

[guruvan]

I'm gonna take a break from Bitcoin for a while.

What does this mean for Bitcoin Magazine/Ellet/UndisclosedSecretBitcoinProjectNumber12?

In the meantime you should have noticed that Matthews rarely keeps promises exactly as stated.

And it is very interesting that one of the most vocal public disclosure persons wants to suppress an investigation in this case.
He also tries to steer the discussion away from the actual theft case to something else.
We should start asking what Matthew has to loose in this case.

That is a serious question I've had in this case. I was highly suspect of PM I received from him some time ago.

[Raoul Duke]

I don't know Zou Thong, but personally I would've never have sold my operations to any 'security expert' that's previously been inolved in cracking said operations and boasting on it in a public forum...

http://bitcoinstats.com/irc/bitcoin-dev/logs/2011/09/12/4
http://bitcoinstats.com/irc/bitcoin-dev/logs/2011/09/12/5

Every crime has a motive. And what you have there was most likely the motive for what happened after Bitcoin Consultancy took over Bitcoinica

[Herodes]

We should start asking what Matthew has to loose in this case.

http://en.wikipedia.org/wiki/Anal_retentiveness

The term anal-retentive (also anally retentive), commonly abbreviated to anal,[1] is used conversationally to describe a person who pays such attention to detail that the obsession becomes an annoyance to others, potentially to the detriment of the anal-retentive person. The term derives from Freudian psychoanalysis.

[Blazr]

Relevant?

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #intersango
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinconsultancy
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinica
[01:01] * phantomcircuit is now known as steve_bobs

I call fake on that chat-log. I can't find any evidence of that anywhere.

[cryptoanarchist]

Relevant?

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #intersango
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinconsultancy
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinica
[01:01] * phantomcircuit is now known as steve_bobs

I call fake on that chat-log. I can't find any evidence of that anywhere.

<sarcasm>
You mean btcx isn't a reputable source?!?
</sarcasm>

[guruvan]

Relevant?

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #intersango
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinconsultancy
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinica
[01:01] * phantomcircuit is now known as steve_bobs

? Wtf ? 
If this log is real, this guy's got some explaining to do

I just read through all of this and missed if there was a follow-up to this post?

The IP in question is an american one, which doesn't necessarily mean anything. But it seems from that log (if legit), that phantomcircuit is given op privilegies, which means he should be identified with NickServ? AFAIK, you can authenticate from any ip, so if phantomcircuit's e-mail was compromized earlier on (as was stated on this forum), then his IRC personality could be compromized as well, for all we know, his computer(s) may be backdoored.

Googling ~phantomci@c-67-188-9-35.hsd1.ca.comcast.net gives some results, but I'm not going to do anymore research, if anyone feels up to it, go ahead.

I don't know Zou Thong, but personally I would've never have sold my operations to any 'security expert' that's previously been inolved in cracking said operations and boasting on it in a public forum...

http://bitcoinstats.com/irc/bitcoin-dev/logs/2011/09/12/4
http://bitcoinstats.com/irc/bitcoin-dev/logs/2011/09/12/5

Did some research anyway:
41 days ago, the same identity was used by a user called phantomcircuit:
http://pastie.org/4096261

Aparently he's discussing the pay back process rather grumpily on that occasion.

Yes. He was quite pissed off at me in particular. I raised questions very early on after signing into this forum the first time - why the fuck do people trust this guy who has been known to hack competitors' sites?

phantomcircuit is one of the least trustworthy people I know in bitcoin. He is a calculating, deceitful, and dishonest person. Getting him to tell the truth is nearly impossible. I find it highly suspect that he left after the last hack. I found it highly suspect that the first hack happened not long after he had access to bitcoinica.

But, now ZT's bullshit story of the "friend" calls that motive into question. I have to wonder if there aren't MULTIPLE parties looting bitcoinica.

It has been my opinion since the hack, that the hack that closed bitcoinica was premeditated and intended to cover up the significant losses of customer funds due to "bad hedges" (or, more likely, looting already in progress)

What I am pretty damn sure of at this point: I have lost my $500 and position to an inside job.

[cheat_2_win]

Would have been nice to keep me in the loop at that point, then.

Zhou's explanation sounds convincing, but as previously said it is not up to us to judge, and legal action is most likely unavoidable at this point.


Either way, I believe many here would appreciate to know who they can turn themselves to to get things moving forward.

If you go to a judge after publicly humiliating Zhou Tong, I am pretty sure the judge will throw the case out. If you had wanted to go to law enforcement in the first place, you should have done that prior to posting any public statement in the first place.

[Vod]

If you go to a judge after publicly humiliating Zhou Tong, I am pretty sure the judge will throw the case out. If you had wanted to go to law enforcement in the first place, you should have done that prior to posting any public statement in the first place.

I doubt it.  Making a public statement about him (even a humiliating one) doesn't make Zhou Tong less guilty of theft, so he would still be punished.

[racerguy]

I'm not sure about Zhou being the hacker.  Anyone remember one of the earlier hacks when the hacker was in irc giving away free coins from the heist?  That particular hacker seemed to not really be in it for financial gain and more in it because he was some hardcore anarchist that had been upset by something bitcoinica or bitcoin consultancy had done that pissed him off, that being the case I wouldn't put it past that particular hacker to try and setup Zhou or someone else involved to make it look bad for them.  

Also Zhou's behavior kinda strikes me as an innocent man being setup, but none of us here know for sure so the lynch mob thing needs to calm down a bit.

[Coinoisseur]

They stated an email linked to him was connected to suspicious transactions, Zhou Tong himself acknowledges this. IMO, Zhou Tong has to be more worried that he publicly acknowledged previous association with a black market operator and is claiming they have hacked him. On top of that he is acting as an intermediary between this 'alleged' culprit and the affected parties in relaying his offer of a partial payback in exchange for not pursuing criminal investigations.

Would have been nice to keep me in the loop at that point, then.

Zhou's explanation sounds convincing, but as previously said it is not up to us to judge, and legal action is most likely unavoidable at this point.


Either way, I believe many here would appreciate to know who they can turn themselves to to get things moving forward.

If you go to a judge after publicly humiliating Zhou Tong, I am pretty sure the judge will throw the case out. If you had wanted to go to law enforcement in the first place, you should have done that prior to posting any public statement in the first place.

[Vod]

Anyone remember one of the earlier hacks when the hacker was in irc giving away free coins from the heist?  

Anyone remember Zhou giving away 5,000 btc to anyone who asked?  Appears to be his M.O.

Sorry, but the evidence against him is overwhelming.  At this point, he has no choice but to refund 100% of the money he stole, otherwise people are going to be coming to see him.  Hopefully he will learn a life lesson out of this - DON'T STEAL.

[BitBuster]

that being the case I wouldn't put it past that particular hacker to try and setup Zhou or someone else involved to make it look bad for them.

What's more likely? Zhou was the victim of a stupendous setup by a person who we have no to reason or evidence to believe exists, thus absolving Zhou of blame, or that he creating this persona for that purpose? This is the classic behaviour of cheating juveniles.

Also Zhou's behavior kinda strikes me as an innocent man being setup, but none of us here know for sure so the lynch mob thing needs to calm down a bit.

No it doesn't. If you haven't the faculties to realise that you have been shafted, don't deny others their right to retaliate in kind.


BB.

[Vod]

What's more likely? Zhou was the victim of a stupendous setup by a person who we have no reason or evidence to believe exists, thus absolving Zhou of blame, or that he creating this persona for that purpose? This is the classic behavior of cheating juveniles.

Exactly.  "I'm holding it for a friend" is the oldest excuse in the book.

Zhou spent the 69 minutes typing up the long post, and now he is sitting back seeing what suckers believe it.

[repentance]

Would have been nice to keep me in the loop at that point, then.

Zhou's explanation sounds convincing, but as previously said it is not up to us to judge, and legal action is most likely unavoidable at this point.


Either way, I believe many here would appreciate to know who they can turn themselves to to get things moving forward.

If you go to a judge after publicly humiliating Zhou Tong, I am pretty sure the judge will throw the case out. If you had wanted to go to law enforcement in the first place, you should have done that prior to posting any public statement in the first place.

It would be public prosecutors taking the case to court based on the objective evidence gathered by law enforcement.  A judge isn't going to throw out criminal charges because someone said something on the internet.  It's not like anyone here would be likely to be sitting on the jury.

[Phinnaeus Gage]

I hope everyone can comment with more reasoning and less assumptions. I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case. It's possible to discover something at that direction.

I have also listed a few people who know this secret email of mine. And I'm going to question them one by one tonight.

I'm definitely on the side of Bitcoinica customers and I believe that if the real hacker really had ties with me personally like what MagicalTux said, I may be able to recover majority of the amount back if the hacker can be warned. This issue is very serious and if I'm the hacker, I would definitely return the full amount back to reduce the criminal punishment.

The hacker seems to be a Chinese because he used Chinese punctuations in his English messages in the Aurumxchange ticket.

I will provide any information needed to the police once Bitcoinica files a police report.

The hacker has now been warned and has returned all the stolen funds in 5...4...3...

(I have no idea how I got two pages behind in such a short period of time, so if the above has for real happened already, forgive me)

He probably doesn't know that. I have received another email just now and it seems that the hacker isn't aware of this thread at all:

https://www.aurumxchange.com/help/ticket.php?track=Y72-1AN-3Y4H&Refresh=32888

http://www.youtube.com/watch?v=_pFbfXZSseU (following Maged's lead with this video in reply to the above)

Shit! I'm further behind. By the time I get caught up with this thread, Zhou Tong will be telling this to Zhou "Little Tommy" Tong III as a bedtime story.

~Bruno~

[Phinnaeus Gage]

I hope everyone can comment with more reasoning and less assumptions. I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case. It's possible to discover something at that direction.

I have also listed a few people who know this secret email of mine. And I'm going to question them one by one tonight.

I'm definitely on the side of Bitcoinica customers and I believe that if the real hacker really had ties with me personally like what MagicalTux said, I may be able to recover majority of the amount back if the hacker can be warned. This issue is very serious and if I'm the hacker, I would definitely return the full amount back to reduce the criminal punishment.

The hacker seems to be a Chinese because he used Chinese punctuations in his English messages in the Aurumxchange ticket.

I will provide any information needed to the police once Bitcoinica files a police report.

The hacker has now been warned and has returned all the stolen funds in 5...4...3...

(I have no idea how I got two pages behind in such a short period of time, so if the above has for real happened already, forgive me)

He probably doesn't know that. I have received another email just now and it seems that the hacker isn't aware of this thread at all:

https://www.aurumxchange.com/help/ticket.php?track=Y72-1AN-3Y4H&Refresh=32888

just easy simple or the biggest fake ever!!

So this superhacker is able to break into his computer yet he is this dumb now?  the hacker is smart enough to steal all this money but not smart enough to not even bother framing people as it leaves more evidence?  Come on.... or maybe steal a lot of bitcoins and make it seem like you are being framed.  It is like Basic Instinct, write a book of a crime before it occurs then it becomes the person's alibi.

It's an excellent Discipline when pulled off flawlessly.

[racerguy]

I'm not sure about Zhou being the hacker.  Anyone remember one of the earlier hacks when the hacker was in irc giving away free coins from the heist?  That particular hacker seemed to not really be in it for financial gain and more in it because he was some hardcore anarchist that had been upset by something bitcoinica or bitcoin consultancy had done that pissed him off, that being the case I wouldn't put it past that particular hacker to try and setup Zhou or someone else involved to make it look bad for them.  

Also Zhou's behavior kinda strikes me as an innocent man being setup, but none of us here know for sure so the lynch mob thing needs to calm down a bit.

Yeah screw that he probably did it.

[sadpandatech]

I hope everyone can comment with more reasoning and less assumptions. I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case. It's possible to discover something at that direction.

I have also listed a few people who know this secret email of mine. And I'm going to question them one by one tonight.

I'm definitely on the side of Bitcoinica customers and I believe that if the real hacker really had ties with me personally like what MagicalTux said, I may be able to recover majority of the amount back if the hacker can be warned. This issue is very serious and if I'm the hacker, I would definitely return the full amount back to reduce the criminal punishment.

The hacker seems to be a Chinese because he used Chinese punctuations in his English messages in the Aurumxchange ticket.

I will provide any information needed to the police once Bitcoinica files a police report.

The hacker has now been warned and has returned all the stolen funds in 5...4...3...

(I have no idea how I got two pages behind in such a short period of time, so if the above has for real happened already, forgive me)

He probably doesn't know that. I have received another email just now and it seems that the hacker isn't aware of this thread at all:

https://www.aurumxchange.com/help/ticket.php?track=Y72-1AN-3Y4H&Refresh=32888

just easy simple or the biggest fake ever!!

So this superhacker is able to break into his computer yet he is this dumb now?  the hacker is smart enough to steal all this money but not smart enough to not even bother framing people as it leaves more evidence?  Come on.... or maybe steal a lot of bitcoins and make it seem like you are being framed.  It is like Basic Instinct, write a book of a crime before it occurs then it becomes the person's alibi.

It's an excellent [img=http://www.amazon.com/Discipline-Novel-Paco-Ahlgren/dp/0979084202/ref=sr_1_1?s=books&ie=UTF8&qid=1343324282&sr=1-1]http://Discipline[/img] when pulled off flawlessly.

[makomk]

Relevant?

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #intersango
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinconsultancy
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinica
[01:01] * phantomcircuit is now known as steve_bobs

I call fake on that chat-log. I can't find any evidence of that anywhere.

It's not fake. I found essentially the same thing in my chat logs for #bitcoin-dev; sadly the public logs don't seem to contain nickname changes. I'm not sure what it means though...

[dopamine]

Ok can I have my bitcoins now?

[ErebusBat]

It's not fake. I found essentially the same thing in my chat logs for #bitcoin-dev; sadly the public logs don't seem to contain nickname changes. I'm not sure what it means though...

FWIW This is what I found on my own personal logs (which I know to be untampered [unless the hax0r got my machine too])

Code:

$ grep steve_bobs *                                                                                                                
#bitcoin_20120712.log:[23:02:21] *** phantomcircuit is now known as steve_bobs
#bitcoin_20120713.log:[13:23:52] <steve_bobs> still aren't
#bitcoin_20120713.log:[13:24:33] <steve_bobs> they're a bank in europe
#bitcoin_20120713.log:[13:24:42] <steve_bobs> in the us they're a payment processor or something
#bitcoin_20120713.log:[13:25:01] <steve_bobs> iz, you sure that's what actually happened? seemed to have been something different from that
#bitcoin_20120713.log:[13:25:53] <steve_bobs> innocent, dialcoin
#bitcoin_20120713.log:[13:26:12] <steve_bobs> iz, yeah that's not what that says
#bitcoin_20120713.log:[13:26:47] <steve_bobs> pretty sure
#bitcoin_20120713.log:[13:26:50] <steve_bobs> that's an api key
#bitcoin_20120713.log:[13:26:53] <steve_bobs> not a password
#bitcoin_20120713.log:[13:43:48] <steve_bobs> helo, it's actually impossible
#bitcoin_20120713.log:[13:44:19] <steve_bobs> the risk to the insurer would be so high that they would never accept the contract
#bitcoin_20120713.log:[13:44:21] <kiba> steve_bobs: why would it be impossible? you know something that I don't?
#bitcoin_20120713.log:[13:45:11] <steve_bobs> if your premiums would be more than about 5% annually of the maximum liability of the insurance typically they will simply deny your application
#bitcoin_20120713.log:[14:38:21] <steve_bobs> ;;bc,blocks
#bitcoin_20120713.log:[18:39:59] <steve_bobs> HORRAY CHEAP OLIVE OIL
#bitcoin_20120714.log:[14:34:41] *** Quits: steve_bobs (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) (Remote host closed the connection)
#bitcoin-otc_20120712.log:[23:02:21] *** phantomcircuit is now known as steve_bobs
#bitcoin-otc_20120714.log:[14:34:41] *** Quits: steve_bobs (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) (Remote host closed the connection)

So it would appear that not only did *someone* use the ident of phantomci, they did more than just a /nick on it.
I don't log -dev, #bitconica, or #intersango so there absence above means nothing.

EDIT: I have posted the output of $ grep phantomcircuit * | grep -E "(Joins|Quits)" to http://pastebin.com/7BtrXWjv for anyone who is interested.  The above IP (67-188-9-35) does indeed appear there quite a bit.  Seems very unlikely that more than one person closely related would use the same odd handle.

[Phinnaeus Gage]

About him attending college in Australia. Is there any proof of that besides him stating such.

The phone number in the AurumXchange transaction which Zhou says is his is a landline in the state of Victoria.  It would certainly be possible to ring it and find out the relationship of the person answering to Zhou.

This proves very little in these days of VoIP. It's relatively simple to have any phone number ring anywhere on the planet that's got Internet connectivity.

As I said, +61 3 9015 7926 is mine and the number is posted on NameTerrific.

And not only do I want a blowjob, but I want not one, but two fingers stuck up my ass.

Domain name: zhoutong.com

Registrant Contact:
Zhou Tong
Tong Zhou ()

Fax:
PO Box 465
Carlton South, VIC 3053
AU

Administrative Contact:
Zhou Tong
Tong Zhou (domain@zhoutong.com)
+61.390157926
Fax:
PO Box 465
Carlton South, VIC 3053
AU

Technical Contact:
Zhou Tong
Tong Zhou (domain@zhoutong.com)
+61.390157926
Fax:
PO Box 465
Carlton South, VIC 3053
AU

Status: Locked

Name Servers:
node-1.us.terrificdns.com
node-2.us.terrificdns.com
node-3.us.terrificdns.com

Creation date: 16 May 2004 03:26:00
Expiration date: 16 May 2015 03:26:00

Take a careful look at this page: http://web.archive.org/web/20040802063515/http://zhoutong.com/   WoW! oh, WoW!

Somebody tell me why (and/or how) a 9-year-old Asian kid has a domain set up using an Australian address. And please do it quick, for I feel that ZT's answer may be, "I bought that domain a year (or so) ago."

~Bruno~

[dancingnancy]

About him attending college in Australia. Is there any proof of that besides him stating such.

The phone number in the AurumXchange transaction which Zhou says is his is a landline in the state of Victoria.  It would certainly be possible to ring it and find out the relationship of the person answering to Zhou.

This proves very little in these days of VoIP. It's relatively simple to have any phone number ring anywhere on the planet that's got Internet connectivity.

As I said, +61 3 9015 7926 is mine and the number is posted on NameTerrific.

And not only do I want a blowjob, but I want not one, but two fingers stuck up my ass.

Domain name: zhoutong.com

Registrant Contact:
Zhou Tong
Tong Zhou ()

Fax:
PO Box 465
Carlton South, VIC 3053
AU

Administrative Contact:
Zhou Tong
Tong Zhou (domain@zhoutong.com)
+61.390157926
Fax:
PO Box 465
Carlton South, VIC 3053
AU

Technical Contact:
Zhou Tong
Tong Zhou (domain@zhoutong.com)
+61.390157926
Fax:
PO Box 465
Carlton South, VIC 3053
AU

Status: Locked

Name Servers:
node-1.us.terrificdns.com
node-2.us.terrificdns.com
node-3.us.terrificdns.com

Creation date: 16 May 2004 03:26:00
Expiration date: 16 May 2015 03:26:00

Take a careful look at this page: http://web.archive.org/web/20040802063515/http://zhoutong.com/   WoW! oh, WoW!

Somebody tell me why (and/or how) a 9-year-old Asian kid has a domain set up using an Australian address. And please do it quick, for I feel that ZT's answer may be, "I bought that domain a year (or so) ago."

~Bruno~

Yeah, but I also found this too..

http://web.archive.org/web/20110209135438/http://zhoutong.com/

That webpage doesnt seem to me like a "ZT" production.

Could it be there is more than 1 person named Zhou Tong?

[Vod]

http://web.archive.org/web/20020808005400/http://www.china-zhoutong.com/

Zhoutong Machinery.

Is he an adult, instead of a child as he says?
Does he run a machinery business?

Edit:  I think he is shitting his pants right now cause he used 80,000 bitcoins to pay off all his families mortgages, and now he can't get the money back!

[Phinnaeus Gage]

Domain ID:D1520284-ME
Domain Name:LIFEPATH.ME
Domain Create Date:13-Oct-2010 11:46:24 UTC
Domain Last Updated Date:18-Jul-2012 21:00:03 UTC
Domain Expiration Date:13-Oct-2013 11:46:24 UTC
Last Transferred Date:19-May-2012 17:43:57 UTC
Sponsoring Registrar:eNom Inc R32-ME
Created by:GoDaddy.com, LLC R41-ME
Last Updated by Registrar:Afilias R54-ME
Domain Status:CLIENT TRANSFER PROHIBITED
Registrant ID:876c8456f832ebd1
Registrant Name:Tong Zhou
Registrant Organization:Zhou Tong
Registrant Address:PO Box 465
Registrant Address2:
Registrant Address3:
Registrant City:Carlton South
Registrant State/Province:VIC
Registrant Country/Economy:AU
Registrant Postal Code:3053
Registrant Phone:+61.390157926
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant E-mail:domain@zhoutong.com
Admin ID:876c8456f832ebd1
Admin Name:Tong Zhou
Admin Organization:Zhou Tong
Admin Address:PO Box 465
Admin Address2:
Admin Address3:
Admin City:Carlton South
Admin State/Province:VIC
Admin Country/Economy:AU
Admin Postal Code:3053
Admin Phone:+61.390157926
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin E-mail:domain@zhoutong.com
Tech ID:876c8456f832ebd1
Tech Name:Tong Zhou
Tech Organization:Zhou Tong
Tech Address:PO Box 465
Tech Address2:
Tech Address3:
Tech City:Carlton South
Tech State/Province:VIC
Tech Country/Economy:AU
Tech Postal Code:3053
Tech Phone:+61.390157926

[dancingnancy]

http://web.archive.org/web/20020808005400/http://www.china-zhoutong.com/

Zhoutong Machinery.

Is he an adult, instead of a child as he says?
Does he run a machinery business?

Edit:  I think he is shitting his pants right now cause he used 80,000 bitcoins to pay off all his families mortgages, and now he can't get the money back!

Dude, how do you know Zhou Tong over there isn't like Brad Smith here?

[Serge]

plot thickens

only thing i don't get why sell and or ruin business that started to generate supposedly over $40k a month in profits

[Vod]

http://web.archive.org/web/20020808005400/http://www.china-zhoutong.com/

Zhoutong Machinery.

Is he an adult, instead of a child as he says?
Does he run a machinery business?

Edit:  I think he is shitting his pants right now cause he used 80,000 bitcoins to pay off all his families mortgages, and now he can't get the money back!

Dude, how do you know Zhou Tong over there isn't like Brad Smith here?

Because the phone number is the same.

[stochastic]

http://web.archive.org/web/20020808005400/http://www.china-zhoutong.com/

Zhoutong Machinery.

Is he an adult, instead of a child as he says?
Does he run a machinery business?

Edit:  I think he is shitting his pants right now cause he used 80,000 bitcoins to pay off all his families mortgages, and now he can't get the money back!

Dude, how do you know Zhou Tong over there isn't like Brad Smith here?

OMG

Zhou Tong stroking his beard

[defxor]

only thing i don't get why sell and or ruin business that started to generate supposedly over $40k a month in profits

I'm eagerly awaiting Tihan's answer:

In the internal email dump from genjix you are quoted as having written the following:

Speaking of that, Zhou I wanted your thoughts on the financial situation.
As you know, Bitcoinica went from cranking out 6-figure profit one month to
a flatline the next. I covered most of the deficit from the hack on the
assumption Bitcoinica profits would quickly fill in the rest. What's
happened instead is a consistent equity leak that has remained unresolved
for two months. We've gone from being short 40k to now being short 88k.

https://bitcointalk.org/index.php?topic=93109.msg1039996#msg1039996

Has the reason for that been accurately explained? That is, did Bitcoinica ever - provably - profit to the degree that Zhou claimed it did when you bought it?

One interesting line of thought is that the only one who's ever made a profit from operating Bitcoinica is Zhou, and if the service didn't make a profit from trading the only other explanation is that the "profit" came directly out of user deposits. To cover that up regular "hacks" were simply needed.

[dancingnancy]

http://web.archive.org/web/20020808005400/http://www.china-zhoutong.com/

Zhoutong Machinery.

Is he an adult, instead of a child as he says?
Does he run a machinery business?

Edit:  I think he is shitting his pants right now cause he used 80,000 bitcoins to pay off all his families mortgages, and now he can't get the money back!

Dude, how do you know Zhou Tong over there isn't like Brad Smith here?

Because the phone number is the same.

Which phone numbers are the same?  here is what i got off of translation after you click the link to the site you quoted above..


Address: Ruian, Zhejiang Bridge East towel sub mountain road on the 5th (green plant)
Tel :0577 -6,562,153,065,620,658 Fax: 65620658
Mobile: 13506578868 13506561858 Zip: 325200
E-mail: zhoutong@zhoutong.com http://www.zhoutong.com www.china-zhoutong.com


EDIT: I am thoroughly confused.  I am going to just watch from here on out.

[Vod]

Which phone numbers are the same?  here is what i got off of translation after you click the link to the site you quoted above..

One page back.

The phone number listed on nameterrific.com and the number Zhou said was his, is also listed on the whois for the domain.

[dancingnancy]

Which phone numbers are the same?  here is what i got off of translation after you click the link to the site you quoted above..

One page back.

The phone number listed on nameterrific.com and the number Zhou said was his, is also listed on the whois for the domain.

Yeah, I just skimmed back through that... I am not sure what to say at this point

[defxor]

The phone number listed on nameterrific.com and the number Zhou said was his, is also listed on the whois for the domain.

I see nothing unusual about that domain contact info. Someone registered it many years ago, it's been sold and transfered a few times and at the moment "our" Zhou owns it - as shown by the DNS info and phone number which just reflects the current state. Very common for popular domain names (and Zhou Tong is a common name - http://en.wikipedia.org/wiki/Zhou_Tong_(footballer) ).

[Vod]

it's been sold and transfered a few times and at the moment "our" Zhou owns it

Where did you find this information?  Do you have a domaintools membership?
http://www.domaintools.com/research/whois-history/

[defxor]

it's been sold and transfered a few times and at the moment "our" Zhou owns it

Where did you find this information?  Do you have a domaintools membership?
http://www.domaintools.com/research/whois-history/

No, I used archive.org and Occam's razor. If the content differs vastly it's likely due to different owners.

(And the QQ number on the page in 2004 doesn't match "our" Zhou's, the photos don't match etc - http://web.archive.org/web/20050307110628/http://www.zhoutong.com/ )

[davout]

Where did you find this information?  Do you have a domaintools membership?
http://www.domaintools.com/research/whois-history/

Are you a wizard?

[sadpandatech]

The phone number listed on nameterrific.com and the number Zhou said was his, is also listed on the whois for the domain.

I see nothing unusual about that domain contact info. Someone registered it many years ago, it's been sold and transfered a few times and at the moment "our" Zhou owns it - as shown by the DNS info and phone number which just reflects the current state. Very common for popular domain names (and Zhou Tong is a common name - http://en.wikipedia.org/wiki/Zhou_Tong_(footballer) ).

What exactly are they trying to match up that uyou are saynig does not? All the last 10 posts or so with domains and such are all owned or were by OUR ZT..

This is translated form the archive of china-zhoutong.com ;

Ryan Chau systems Machinery Co., Ltd. has a long history of enterprise, specialized in manufacturing all kinds of plastic machinery, plastic composite pipe full set of equipment, the company attaches great importance to product quality and after-sales service, the majority of customers have a good reputation.
    In the production of plastic machinery for many years on the basis of the introduction of international advanced level of production technology of the twenty-first century, the development of the production of aluminum-plastic composite pipe equipment, the device is technologically advanced, low cost, simple operation, easy maintenance, practical and reliable for China's national conditions of aluminum-plastic composite pipe production line equipment.
    Our aim: first-class quality, first-class service, provide users with comprehensive services, is willing to cooperate in good faith and the majority of users!


edit; and the head pic from zhoutong.com showing it as A.K.A. Ryan;

[dancingnancy]

The phone number listed on nameterrific.com and the number Zhou said was his, is also listed on the whois for the domain.

I see nothing unusual about that domain contact info. Someone registered it many years ago, it's been sold and transfered a few times and at the moment "our" Zhou owns it - as shown by the DNS info and phone number which just reflects the current state. Very common for popular domain names (and Zhou Tong is a common name - http://en.wikipedia.org/wiki/Zhou_Tong_(footballer) ).

What exactly are they trying to match up that uyou are saynig does not? All the last 10 posts or so with domains and such are all owned or were by OUR ZT..

This is translated form the archive of china-zhoutong.com ;

Ryan Chau systems Machinery Co., Ltd. has a long history of enterprise, specialized in manufacturing all kinds of plastic machinery, plastic composite pipe full set of equipment, the company attaches great importance to product quality and after-sales service, the majority of customers have a good reputation.
    In the production of plastic machinery for many years on the basis of the introduction of international advanced level of production technology of the twenty-first century, the development of the production of aluminum-plastic composite pipe equipment, the device is technologically advanced, low cost, simple operation, easy maintenance, practical and reliable for China's national conditions of aluminum-plastic composite pipe production line equipment.
    Our aim: first-class quality, first-class service, provide users with comprehensive services, is willing to cooperate in good faith and the majority of users!


edit; and the head pic from zhoutong.com showing it as A.K.A. Ryan;

This is also the contact information listed on the website for the very same exact website that you are quoting from (I have listed this above)

Address: Ruian, Zhejiang Bridge East towel sub mountain road on the 5th (green plant)
Tel :0577 -6,562,153,065,620,658 Fax: 65620658
Mobile: 13506578868 13506561858 Zip: 325200
E-mail: zhoutong@zhoutong.com http://www.zhoutong.com www.china-zhoutong.com


Can you find any connection from this information?

[sadpandatech]

This is also the contact information listed on the website for the very same exact website that you are quoting from (I have listed this above)

Address: Ruian, Zhejiang Bridge East towel sub mountain road on the 5th (green plant)
Tel :0577 -6,562,153,065,620,658 Fax: 65620658
Mobile: 13506578868 13506561858 Zip: 325200
E-mail: zhoutong@zhoutong.com http://www.zhoutong.com www.china-zhoutong.com


Can you find any connection from this information?

connection to what exactly?

I'm fairly confident that a "very young entrepenuer and tech geek living in Melbourne and named Ryan" and our Zhoutong are one in the same. But, so what? What are you guys trying to figure out?

[rjk]

But, so what? What are you guys trying to figure out?

+1

[dancingnancy]

But, so what? What are you guys trying to figure out?

+1

I don't know.  I just want my coins back.  At this point I couldn't care less if it was ZT or Burt Reynolds.  But I would tip my cap to Burt Reynolds.

[Vod]

But, so what? What are you guys trying to figure out?

+1

If he did spend the majority of the stolen coins on personal expenses, like mortgages, knowing who he is and where he lives will be very important.

[ErebusBat]

Where did you find this information?  Do you have a domaintools membership?
http://www.domaintools.com/research/whois-history/

Are you a wizard?

<dumbledore voice>
Harry Potter?
</dumbledore voice>

[defxor]

What exactly are they trying to match up that uyou are saynig does not?

That he's owned that domain since almost 10 years back.

[disclaimer201]

Relevant?

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #intersango
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinconsultancy
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinica
[01:01] * phantomcircuit is now known as steve_bobs

? Wtf ? 
If this log is real, this guy's got some explaining to do

I just read through all of this and missed if there was a follow-up to this post?

The IP in question is an american one, which doesn't necessarily mean anything. But it seems from that log (if legit), that phantomcircuit is given op privilegies, which means he should be identified with NickServ? AFAIK, you can authenticate from any ip, so if phantomcircuit's e-mail was compromized earlier on (as was stated on this forum), then his IRC personality could be compromized as well, for all we know, his computer(s) may be backdoored.

Googling ~phantomci@c-67-188-9-35.hsd1.ca.comcast.net gives some results, but I'm not going to do anymore research, if anyone feels up to it, go ahead.

I don't know Zou Thong, but personally I would've never have sold my operations to any 'security expert' that's previously been inolved in cracking said operations and boasting on it in a public forum...

http://bitcoinstats.com/irc/bitcoin-dev/logs/2011/09/12/4
http://bitcoinstats.com/irc/bitcoin-dev/logs/2011/09/12/5

Did some research anyway:
41 days ago, the same identity was used by a user called phantomcircuit:
http://pastie.org/4096261

Aparently he's discussing the pay back process rather grumpily on that occasion.

Yes. He was quite pissed off at me in particular. I raised questions very early on after signing into this forum the first time - why the fuck do people trust this guy who has been known to hack competitors' sites?

phantomcircuit is one of the least trustworthy people I know in bitcoin. He is a calculating, deceitful, and dishonest person. Getting him to tell the truth is nearly impossible. I find it highly suspect that he left after the last hack. I found it highly suspect that the first hack happened not long after he had access to bitcoinica.

But, now ZT's bullshit story of the "friend" calls that motive into question. I have to wonder if there aren't MULTIPLE parties looting bitcoinica.

It has been my opinion since the hack, that the hack that closed bitcoinica was premeditated and intended to cover up the significant losses of customer funds due to "bad hedges" (or, more likely, looting already in progress)

What I am pretty damn sure of at this point: I have lost my $500 and position to an inside job.

+1 and fully agree

[sadpandatech]

But, so what? What are you guys trying to figure out?

+1

I don't know.  I just want my coins back.  At this point I couldn't care less if it was ZT or Burt Reynolds.  But I would tip my cap to Burt Reynolds.

:/ aye, you and a lot of other people, m8. I'm sorry for anyone in this situation. Especially ZT's hacker buddy if he does not get him to hand over the coins within the next 24 hours. I will personally take action against him and ZT for not following through with what they said last night!!!

I wasn't trying to bust your guys chops. I was just not sure if you were trying to figure out other address for him, or name aliases or what.

[sadpandatech]

What exactly are they trying to match up that uyou are saynig does not?

That he's owned that domain since almost 10 years back.

ahh, missed the age on that web archive;
MAR  AUG DEC 
      8   
    2002

[sadpandatech]

Relevant?

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #intersango
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinconsultancy
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinica
[01:01] * phantomcircuit is now known as steve_bobs

? Wtf ? 
If this log is real, this guy's got some explaining to do

I just read through all of this and missed if there was a follow-up to this post?

The IP in question is an american one, which doesn't necessarily mean anything. But it seems from that log (if legit), that phantomcircuit is given op privilegies, which means he should be identified with NickServ? AFAIK, you can authenticate from any ip, so if phantomcircuit's e-mail was compromized earlier on (as was stated on this forum), then his IRC personality could be compromized as well, for all we know, his computer(s) may be backdoored.

Googling ~phantomci@c-67-188-9-35.hsd1.ca.comcast.net gives some results, but I'm not going to do anymore research, if anyone feels up to it, go ahead.

I don't know Zou Thong, but personally I would've never have sold my operations to any 'security expert' that's previously been inolved in cracking said operations and boasting on it in a public forum...

http://bitcoinstats.com/irc/bitcoin-dev/logs/2011/09/12/4
http://bitcoinstats.com/irc/bitcoin-dev/logs/2011/09/12/5

Did some research anyway:
41 days ago, the same identity was used by a user called phantomcircuit:
http://pastie.org/4096261

Aparently he's discussing the pay back process rather grumpily on that occasion.

Yes. He was quite pissed off at me in particular. I raised questions very early on after signing into this forum the first time - why the fuck do people trust this guy who has been known to hack competitors' sites?

phantomcircuit is one of the least trustworthy people I know in bitcoin. He is a calculating, deceitful, and dishonest person. Getting him to tell the truth is nearly impossible. I find it highly suspect that he left after the last hack. I found it highly suspect that the first hack happened not long after he had access to bitcoinica.

But, now ZT's bullshit story of the "friend" calls that motive into question. I have to wonder if there aren't MULTIPLE parties looting bitcoinica.

It has been my opinion since the hack, that the hack that closed bitcoinica was premeditated and intended to cover up the significant losses of customer funds due to "bad hedges" (or, more likely, looting already in progress)

What I am pretty damn sure of at this point: I have lost my $500 and position to an inside job.

+1 and fully agree

Not been on IRC in years but wouldn't this;
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

indicate that someone logged in with the spoofed ident of phantiom and was de-oped because their mac id did not truely match?  Just seems odd he would de-op himself otherwise..

[MagicalTux]

Not been on IRC in years but wouldn't this;
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

indicate that someone logged in with the spoofed ident of phantiom and was de-oped because their mac id did not truely match?  Just seems odd he would de-op himself otherwise..

Or maybe he was tired of being contacted by dozens of people and decided to go under a different nick temporarily?

[ErebusBat]

Not been on IRC in years but wouldn't this;
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

indicate that someone logged in with the spoofed ident of phantiom and was de-oped because their mac id did not truely match?  Just seems odd he would de-op himself otherwise..

First of all it isn't mac address (i think you meant IP address).
Second FreeNode servers would not all him to be logged in that long without authenticating.
Third he used that IP more than once.  See my previous post: https://bitcointalk.org/index.php?topic=95738.msg1056652#msg1056652 which has a history of this.

[ErebusBat]

Or maybe he was tired of being contacted by dozens of people and decided to go under a different nick temporarily?

Still seems very odd that he would pick the same 'throw away' nick as the 3rd hacker though....

[sadpandatech]

Not been on IRC in years but wouldn't this;
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

indicate that someone logged in with the spoofed ident of phantiom and was de-oped because their mac id did not truely match?  Just seems odd he would de-op himself otherwise..

First of all it isn't mac address (i think you meant IP address).
Second FreeNode servers would not all him to be logged in that long without authenticating.
Third he used that IP more than once.  See my previous post: https://bitcointalk.org/index.php?topic=95738.msg1056652#msg1056652 which has a history of this.

No, I meant what I typed.

so freenode would not allow +op for 12 minutes without being authenticated? aye, i was suggesting phantom was logged in and then someone else may have bumped him off. was just an idea. I do not even know what you are trying to prove or figure out...

I can make it look like I am any fucking IP i want on IRC. I was under the impression they checked your true mac address and not just went by what was shown in the chat.  my finger info would read *Sadpandatech(~Sadpandatech@lickmysack.microsoft.com)

[sadpandatech]

Or maybe he was tired of being contacted by dozens of people and decided to go under a different nick temporarily?

Still seems very odd that he would pick the same 'throw away' nick as the 3rd hacker though....

I thought the hacker was Steve Jobs?  not Steve-bobs??

[dancingnancy]

Or maybe he was tired of being contacted by dozens of people and decided to go under a different nick temporarily?

Still seems very odd that he would pick the same 'throw away' nick as the 3rd hacker though....

I thought the hacker was Steve Jobs?  not Steve-bobs??

Yes, but it is just another "convenient" similarity.

[Serge]

Not been on IRC in years but wouldn't this;
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

indicate that someone logged in with the spoofed ident of phantiom and was de-oped because their mac id did not truely match?  Just seems odd he would de-op himself otherwise..

First of all it isn't mac address (i think you meant IP address).
Second FreeNode servers would not all him to be logged in that long without authenticating.
Third he used that IP more than once.  See my previous post: https://bitcointalk.org/index.php?topic=95738.msg1056652#msg1056652 which has a history of this.

No, I meant what I typed.

so freenode would not allow +op for 12 minutes without being authenticated? aye, i was suggesting phantom was logged in and then someone else may have bumped him off. was just an idea. I do not even know what you are trying to prove or figure out...

I can make it look like I am any fucking IP i want on IRC. I was under the impression they checked your true mac address and not just went by what was shown in the chat.  my finger info would read *Sadpandatech(~Sadpandatech@lickmysack.microsoft.com)

no.  chanserv would not give an op to unidentified with nickserv user. that log shows that it was authorized user using that handle who then  deopped himself (that's what they do on #bitcoin) and then changed his nick.

[almackska]

Zhou, you sent me back 3 BTC back earlier last week with your personal claim service.
Please send me the remainder of 49 BTC to 1F9ywmJTQ283z5qaEr97NcRgPNHZ6GoAiu .
The remainder includes the USD balance converted to BTC using current exchange rate.

[RoloTonyBrownTown]

Is it just me (and I have no interest in debating who's guilty and who isn't particularly), but does this just scream sockpuppet to anyone else?

July 26, 2012, 06:50:18 PM
It's a shame that this lynch mob is forming based on shoddy evidence presented in an internet forum. I guess that is just the way justice works in the modern world, much like the lynch mobs going after George Zimmerman.  Zhou Tong clearly posted that his email account was hacked.  He has been the victims of hackers before and they are obviously trying to escape justice by framing their victim. It's a shame people are willing to become so manipulated instead of trying to continue to seek out the true criminals.  

July 26, 2012, 06:53:50 PM
I hope everyone can comment with more reasoning and less assumptions. I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case. It's possible to discover something at that direction.

I have also listed a few people who know this secret email of mine. And I'm going to question them one by one tonight.

I'm definitely on the side of Bitcoinica customers and I believe that if the real hacker really had ties with me personally like what MagicalTux said, I may be able to recover majority of the amount back if the hacker can be warned. This issue is very serious and if I'm the hacker, I would definitely return the full amount back to reduce the criminal punishment.

The hacker seems to be a Chinese because he used Chinese punctuations in his English messages in the Aurumxchange ticket.

I will provide any information needed to the police once Bitcoinica files a police report.

July 26, 2012, 06:57:24 PM
Thank you for handling this situation so well, you are a true professional and a model for this community.

from https://bitcointalk.org/index.php?topic=95738.100

Especially considering Rarity's unwaveringly positive posts regarding Zhou in this thread so far.  Meh, probably just paranoid

[sadpandatech]

@Rolo  you're not the only one wondering the same thing..

[Rarity]

Oh my, now I'm part of the Zhou conspiracy too!  Back off pitchforkies!



You really think it's plausible I've been posting here since last October just waiting for this moment?  You guys are trying to hang the wrong guy and I'm pointing it out, deal with it.

[davout]

@Rolo  you're not the only one wondering the same thing..

[Coinoisseur]

We have Bitcoin exchanges basically begging for someone anyone with grounds to file a criminal complaint to do so. Because otherwise they are burdened with being responsible, as in keeping safe, the questionable funds.

There was a thread here about lawsuits, has anyone involved with that engaged NZ legal counsel to get the NZ authorities rolling on this? The exchanges are saying no authorities have contacted them claiming to be investigating relating to the Bitcoinica hacks.

[dooglus]

Relevant?

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #intersango
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinconsultancy
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinica
[01:01] * phantomcircuit is now known as steve_bobs

? Wtf ? 
If this log is real, this guy's got some explaining to do

I just read through all of this and missed if there was a follow-up to this post?

Not that I've seen.

I just searched for 'steve_bobs' in my IRC logs, and it came up a few times:

$ zgrep -i steve_bobs *
#bitcoin-2012-07-13.log:07:02 -!- phantomcircuit is now known as steve_bobs
#bitcoin-2012-07-13.log:21:23 < steve_bobs> still aren't
#bitcoin-2012-07-13.log:21:23 < steve_bobs> they're a bank in europe
#bitcoin-2012-07-13.log:21:24 < steve_bobs> in the us they're a payment processor or something
#bitcoin-2012-07-13.log:21:24 < steve_bobs> iz, you sure that's what actually happened? seemed to have been something different from that
#bitcoin-2012-07-13.log:21:25 < steve_bobs> innocent, dialcoin
#bitcoin-2012-07-13.log:21:25 < steve_bobs> iz, yeah that's not what that says
#bitcoin-2012-07-13.log:21:26 < steve_bobs> pretty sure
#bitcoin-2012-07-13.log:21:26 < steve_bobs> that's an api key
#bitcoin-2012-07-13.log:21:26 < steve_bobs> not a password
#bitcoin-2012-07-13.log:21:43 < steve_bobs> helo, it's actually impossible
#bitcoin-2012-07-13.log:21:43 < steve_bobs> the risk to the insurer would be so high that they would never accept the contract
#bitcoin-2012-07-13.log:21:43 < kiba> steve_bobs: why would it be impossible? you know something that I don't?
#bitcoin-2012-07-13.log:21:44 < steve_bobs> if your premiums would be more than about 5% annually of the maximum liability of the insurance typically they will simply deny your application
#bitcoin-2012-07-13.log:22:37 < steve_bobs> ;;bc,blocks
#bitcoin-2012-07-14.log:02:39 < steve_bobs> HORRAY CHEAP OLIVE OIL
#bitcoin-2012-07-14.log:22:34 -!- steve_bobs [~phantomci@c-67-188-9-35.hsd1.ca.comcast.net] has quit [Remote host closed the connection]
#bitcoin-dev-2012-07-13.log:07:02 -!- phantomcircuit is now known as steve_bobs
#bitcoin-dev-2012-07-13.log:17:15 < steve_bobs> gavinandresen, how would that work for an exchange though?
#bitcoin-dev-2012-07-13.log:17:16 < gavinandresen> steve_bobs: I don't think it would work for an exchange, they'll have to be a MSB
#bitcoin-dev-2012-07-14.log:22:34 -!- steve_bobs [~phantomci@c-67-188-9-35.hsd1.ca.comcast.net] has quit [Remote host closed the connection]
#bitcoin-otc-2012-07-13.log:07:02 -!- phantomcircuit is now known as steve_bobs
#bitcoin-otc-2012-07-14.log:22:34 -!- steve_bobs [~phantomci@c-67-188-9-35.hsd1.ca.comcast.net] has quit [Remote host closed the connection]

[ErebusBat]

I just searched for 'steve_bobs' in my IRC logs, and it came up a few times:

Looks like your hits were about the same as mine.

[allten]

What exactly are they trying to match up that uyou are saynig does not?

That he's owned that domain since almost 10 years back.

Can someone confirm this? Is this really true? If the Zhou we are all referencing created this then he was only 7.
Truly a genius! Making websites at such a young age.

[defxor]

What exactly are they trying to match up that uyou are saynig does not?

That he's owned that domain since almost 10 years back.

Can someone confirm this? Is this really true? If the Zhou we are all referencing created this then he was only 7.
Truly a genius! Making websites at such a young age.

You misunderstood. My point was to disprove the suggestion by Phinnaeus that Zhou indeed had that domain back then.

(And since then I've also stumbled upon verification for Zhou's claim that he bought it in March: http://q.3hk.cn/u/zhoutong.html )

[allten]

What exactly are they trying to match up that uyou are saynig does not?

That he's owned that domain since almost 10 years back.

Can someone confirm this? Is this really true? If the Zhou we are all referencing created this then he was only 7.
Truly a genius! Making websites at such a young age.

You misunderstood. My point was to disprove the suggestion by Phinnaeus that Zhou indeed had that domain back then.

(And since then I've also stumbled upon verification for Zhou's claim that he bought it in March: http://q.3hk.cn/u/zhoutong.html )

Got it. Thanks for clarifying.

[Liberty Payout]

I feel as though this is just another leaky faucet. Let's stop mopping up the mess and look to fix the faucet itself first. The issue is the online storage of bitcoin. I don't claim to know a lot about bitcoin but i've been apart of this community for 2 months and have seen my fair share of grandeur hacks. While this thread has been informative, what's done is done. Might I suggest that we as a community start putting our heads together on something more productive such as  how to prevent future attacks of this kind?

[goodlord666]

I feel as though this is just another leaky faucet. Let's stop mopping up the mess and look to fix the faucet itself first. The issue is the online storage of bitcoin. I don't claim to know a lot about bitcoin but i've been apart of this community for 2 months and have seen my fair share of grandeur hacks. While this thread has been informative, what's done is done. Might I suggest that we as a community start putting our heads together on something more productive such as  how to prevent future attacks of this kind?

Do MtGox still store half a million BTC in one single address?

[Liberty Payout]

I feel as though this is just another leaky faucet. Let's stop mopping up the mess and look to fix the faucet itself first. The issue is the online storage of bitcoin. I don't claim to know a lot about bitcoin but i've been apart of this community for 2 months and have seen my fair share of grandeur hacks. While this thread has been informative, what's done is done. Might I suggest that we as a community start putting our heads together on something more productive such as  how to prevent future attacks of this kind?

Do MtGox still store half a million BTC in one single address?

I honestly have no clue. I don't know much about bitcoin but I do know the current arrangements are not profitable. It seems like every other week there is some story about how a database has been hacked into or something of the sort. There should seriously be some alternatives cause let's face it, $200,000 scams are not doing much for the bitcoin image.

[Rarity]

I feel as though this is just another leaky faucet. Let's stop mopping up the mess and look to fix the faucet itself first. The issue is the online storage of bitcoin. I don't claim to know a lot about bitcoin but i've been apart of this community for 2 months and have seen my fair share of grandeur hacks. While this thread has been informative, what's done is done. Might I suggest that we as a community start putting our heads together on something more productive such as  how to prevent future attacks of this kind?

The best solution is tight government and international UN oversight.  Bitcoin is going to be the global currency, so it makes sense to build the necessary legal infrastructure to resolve disputes like this before it gets there.

[LoupGaroux]

Umm, no. That would be just about the most opposite thing imaginable for bitcoin. The UN? Why would anybody suggest that collection of slavers, extortionists and rapists to provide oversight for anything? And what government do you trust to oversee your wealth and means of exchange? They have pretty much enslaved all of us with every single fiat scheme they have every come up with as a means to keep us under the jack-boot of authority, and now you want bitcoin to be the same?

Better to execute the first 25 scammers proven to have stolen from the bitcoin community, pour encourager les autres. That's all the legal infrastructure needed thanks all the same.

[Liberty Payout]

Umm, no. That would be just about the most opposite thing imaginable for bitcoin. The UN? Why would anybody suggest that collection of slavers, extortionists and rapists to provide oversight for anything? And what government do you trust to oversee your wealth and means of exchange? They have pretty much enslaved all of us with every single fiat scheme they have every come up with as a means to keep us under the jack-boot of authority, and now you want bitcoin to be the same?

Better to execute the first 25 scammers proven to have stolen from the bitcoin community, pour encourager les autres. That's all the legal infrastructure needed thanks all the same.

Execute how? No matter what we end up resorting to some sort of government based system to carry out this "justice". We throw around words like  "Lawyer up" "Extradite" but who oversees these things? The government. A currency completely independent of any government is no different from a dystopian society. It seems perfect from the outside but once you get in we have things like this going down and no way to effectively handle them and prevent them. We need a more effective way of handling bitcoin related issues that doesn't include lynch mobbing every member that might be a scammer.

[John (John K.)]

I feel as though this is just another leaky faucet. Let's stop mopping up the mess and look to fix the faucet itself first. The issue is the online storage of bitcoin. I don't claim to know a lot about bitcoin but i've been apart of this community for 2 months and have seen my fair share of grandeur hacks. While this thread has been informative, what's done is done. Might I suggest that we as a community start putting our heads together on something more productive such as  how to prevent future attacks of this kind?

Every hack in this case would be prevented by a simple 2 Factor authentication, be it a yubikey or a Google Authenticator.

[Phinnaeus Gage]

I feel as though this is just another leaky faucet. Let's stop mopping up the mess and look to fix the faucet itself first. The issue is the online storage of bitcoin. I don't claim to know a lot about bitcoin but i've been apart of this community for 2 months and have seen my fair share of grandeur hacks. While this thread has been informative, what's done is done. Might I suggest that we as a community start putting our heads together on something more productive such as  how to prevent future attacks of this kind?

Every hack in this case would be prevented by a simple 2 Factor authentication, be it a yubikey or a Google Authenticator.

I believe that fact was factored in, hence the hacks.

[Rarity]

Umm, no. That would be just about the most opposite thing imaginable for bitcoin. The UN? Why would anybody suggest that collection of slavers, extortionists and rapists to provide oversight for anything? And what government do you trust to oversee your wealth and means of exchange? They have pretty much enslaved all of us with every single fiat scheme they have every come up with as a means to keep us under the jack-boot of authority, and now you want bitcoin to be the same?

Better to execute the first 25 scammers proven to have stolen from the bitcoin community, pour encourager les autres. That's all the legal infrastructure needed thanks all the same.

Don't get me wrong, I'm very in favor of executing people for major economic crimes and redistributing their wealth.  The heads of collapsed/bailed out major banks and insurance companies for example do not deserve to hold on to their wealth and freedom.  However, if we don't give our leaders the oversight and regulation powers they need to prove the criminal nature of these activities they will not know who to execute and how to confiscate their wealth.

[phungus]

#bitcoin-2012-07-14.log:02:39 < steve_bobs> HORRAY CHEAP OLIVE OIL

WHERE IS CHEAP OLIVE OIL?

:-)

[dancingnancy]

I feel as though this is just another leaky faucet. Let's stop mopping up the mess and look to fix the faucet itself first. The issue is the online storage of bitcoin. I don't claim to know a lot about bitcoin but i've been apart of this community for 2 months and have seen my fair share of grandeur hacks. While this thread has been informative, what's done is done. Might I suggest that we as a community start putting our heads together on something more productive such as  how to prevent future attacks of this kind?

Every hack in this case would be prevented by a simple 2 Factor authentication, be it a yubikey or a Google Authenticator.

Derp.  We have a winner.  Unless someone f/Bitcoinica was really the one pulling the strings the whole time.

[zhoutong]

What exactly are they trying to match up that uyou are saynig does not?

That he's owned that domain since almost 10 years back.

Can someone confirm this? Is this really true? If the Zhou we are all referencing created this then he was only 7.
Truly a genius! Making websites at such a young age.

I actually started making websites at 7, exactly. At that time, I used Microsoft Frontpage and Macromedia Dreamweaver.

But no, my parents wouldn't let me buy a domain at that time.

[dooglus]

#bitcoin-2012-07-14.log:02:39 < steve_bobs> HORRAY CHEAP OLIVE OIL

WHERE IS CHEAP OLIVE OIL?

:-)

Here's the context:

02:35 < Karmaon> I am selling 100% tainted coins.
02:35 < phungus> lol
02:35 < phungus> 3 cents on the dollar~
02:35 < Karmaon> Coins are straight from the Bitcoinica incident (the previous hack)
02:36 < phungus> whoa
02:36 < phungus> that is pretty tainted alright
02:36 < Karmaon> Come get yours now! Limited quantities available.
02:36 < phungus> eh
02:36 < phungus> buy stuff on SR
02:36 < phungus> they won't care
02:36 < phungus> lol
02:36 < Karmaon> I only have a few
02:36 < phungus> or sell them there
02:36 < phungus> even better
02:37 < phungus> open up a sellers account with those tainted coins
02:37 < phungus> start a new life
02:37 < RegimeToppler> I think the best way to get a "job" paying with bitcoins is to sell stuff online with them.
02:37 < phungus> turn over a new leaf!
02:37 < ku> wtf
02:37 < phungus> renounce your hackerous ways!
02:37 < ku> 315,000 posts in the Silk Road forums
02:37 < phungus> REPENT SINNER
02:37 < ku> that's only a third of Bitcoin Talk
02:38 < I2PRelay> <zmux> I agree RegimeToppler.
02:38 < RegimeToppler> I bet buying olive oil from troubled European countries and then selling them with USD in the US would be a good idea.
02:38 < I2PRelay> <zmux> Mining just seems like a get rich lazy scheme to me.
02:38 < Karmaon> SELLING EXTRA EXTRA EXTRA VIRGIN OLIVE OIL
02:38 < phungus> Coconut oil went up 30% this year
02:38 < I2PRelay> <zmux> phungus: How do you know, is there a price index for these things?
02:38 < nimdAHK> RegimeToppler: you should make a company out of that arbitrage idea, but never actually do it
02:39 < RegimeToppler> All of the European countries that produce olive oil have collapsing economies right now, and Euros are collapsing too.
02:39 < I2PRelay> <zmux> By the way, testing testing
02:39 < nimdAHK> just pay investors with other investors' money
02:39  * nimdAHK realizes that that's been done before
02:39 < steve_bobs> HORRAY CHEAP OLIVE OIL

[Phinnaeus Gage]

zhoutong.com¹ --> Jiahong Plastic Machinery Co., Ltd. or zhoutongsuji.com  --> same phone numbers

From zhoutong.com¹'s website:

Ryan Chau systems Machinery Co., Ltd. has a long history of enterprise, specialized in manufacturing all kinds of plastic machinery, plastic composite pipe full set of equipment, the company attaches great importance to product quality and after-sales service, the majority of customers have a good reputation.
    In the production of plastic machinery for many years on the basis of the introduction of international advanced level of production technology of the twenty-first century, the development of the production of aluminum-plastic composite pipe equipment, the device is technologically advanced, low cost, simple operation, easy maintenance, practical and reliable for China's national conditions of aluminum-plastic composite pipe production line equipment.
    Our aim: first-class quality, first-class service, provide users with comprehensive services, is willing to cooperate in good faith and the majority of users!

zhoutongsuji.com links to rayp.com

Domain Name:rayp.com
Record last updated at 2012-05-18 08:29:50
Record created on 6/1/2002
Record expired on 06/01/2013

Domain servers in listed order:
ns1.dns-diy.com ns2.dns-diy.com

Administrator:
Name-- Ruian Anyang Ranet Web Design Department
EMail-: (chenlt@rayp.com)
tel --: +86.57765828305
fax: +86.57765828307
org: Ruian Anyang Ranet Web Design Department
Room 401,Unit 3,Yongan Building,Wansong East Road,Ruian
Ruian,Zhejiang,CN 325200

Technical Contactor:
Name-- Ruian Anyang Ranet Web Design Department
EMail-: (chenlt@rayp.com)
tel --: +86.57765828305
fax: +86.57765828307
org: Ruian Anyang Ranet Web Design Department
Room 401,Unit 3,Yongan Building,Wansong East Road,Ruian
Ruian,Zhejiang,CN 325200

The following Whois shows the same Chen, possibly with two different names:

Domain name: ruianbaojie.com

Registrant Contact:
Chen caibin
caibin Chen chenlt@rayp.com
0577-66602789 fax: 0577-66602789
Room 401,Unit 3,Yongan Building,Wansong East Road,Anyang,Ruian,Zhejiang
ruian Zhejiang 325200
cn

Administrative Contact:
liangtan Chen chenlt@rayp.com
0577-65828305 fax: 0577-65828307
Room 401,Unit 3,Yongan Building,Wansong East Road,Anyang,Ruian,Zhejiang
ruian Zhejiang 325200
cn

Technical Contact:
liangtan Chen chenlt@rayp.com
0577-65828305 fax: 0577-65828307
Room 401,Unit 3,Yongan Building,Wansong East Road,Anyang,Ruian,Zhejiang
ruian Zhejiang 325200
cn

Billing Contact:
liangtan Chen chenlt@rayp.com
0577-65828305 fax: 0577-65828307
Room 401,Unit 3,Yongan Building,Wansong East Road,Anyang,Ruian,Zhejiang
ruian Zhejiang 325200
cn

DNS:
ns5.cnmsn.net
ns6.cnmsn.net

Created: 2011-08-10
Expires: 2012-08-10

liangtan Chen  =  Chen liangtan  =  Chen Liang Tan  = chenlt

Since the last domain is about to expire, maybe its owner will consider selling it for a bag of Skittles and a hoodie.

~Bruno~

[BitLucky]

I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case.

How can you perform credit card fraud by stealing someone's email account?? How can you even obtain a credit card if you're < 18??

[Bitcoin Oz]

I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case.

How can you perform credit card fraud by stealing someone's email account?? How can you even obtain a credit card if you're < 18??

You lie.

[malevolent]

How can you even obtain a credit card if you're < 18??

In some countries it is possible, with a guardian's consent of course.

[Clipse]

New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

日期:2012-7-12

Ryan(11853074) 20:03:18
6.2出LR，财付通付款

Ryan(11853074) 20:13:06
要多少有多少

Ryan(11853074) 20:13:12
我帮一个朋友出的

Ryan(11853074) 20:14:06
1万美元之内都没什么问题

Ryan(11853074) 20:17:18

LibertyReserve

And  zhoutong's LR account is :


zhoutong said The hacker registered a Liberty Reserve account U9236056 at Jul 12, 2012 9:42 PM.

So now everyone knows zhoutong is the hacker!!!

I guess we need to requote this over and over since Zhou is ignoring questions regarding this factual evidence, Im guessing he needs more time to make up some bullshit story to cover his ass.

He better start covering it now since there is a good chance someone else would be covering it soon.

[greyhawk]

so, location of his new business is known. why not confronted him directly face2face?

Location: http://goo.gl/maps/TAWM

Office Provider: http://www.thecluster.com.au/

nameterrific.com domain name record

Registrant:
NameTerrific
Tong Zhou
Level 10, 50 Market Street
Melbourne, VIC 3000 AU
+61.390157926

That adress is a mail forwarding and virtual office service.

[Clipse]

New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

日期:2012-7-12

Ryan(11853074) 20:03:18
6.2出LR，财付通付款

Ryan(11853074) 20:13:06
要多少有多少

Ryan(11853074) 20:13:12
我帮一个朋友出的

Ryan(11853074) 20:14:06
1万美元之内都没什么问题

Ryan(11853074) 20:17:18

LibertyReserve

And  zhoutong's LR account is :


zhoutong said The hacker registered a Liberty Reserve account U9236056 at Jul 12, 2012 9:42 PM.

So now everyone knows zhoutong is the hacker!!!

I guess we need to requote this over and over since Zhou is ignoring questions regarding this factual evidence, Im guessing he needs more time to make up some bullshit story to cover his ass.

He better start covering it now since there is a good chance someone else would be covering it soon.

Again, until he answers with some bullshit about more coverups and conspiracies.

[Glasswalker]

I'm just going to drop a quick note on here, that my MTGox account was compromised within a matter of days from this hack happening. And I had over 1,800 BTC stolen from me. It may or may not be related, but the timing is a bit too close to ignore completely.

I wonder if any others were compromised as well?

I've contacted aurumxchange and zhoutong directly to see if they have anything to offer, and if they are willing to cooperate with the already open investigation with law enforcement from my end (I have an open investigation by the Cyber Crime division of my local law enforcement here). Regardless, I will be directing the investigators to this information for any potential correlation.

[BCB]

is anyone committing these all of these threads to pastebin or elsewhere ?  As posts seem to be removed from time to time this will all be relevant when these cases go to court.

[sarpar]

is anyone committing these all of these threads to pastebin or elsewhere ?  As posts seem to be removed from time to time this will all be relevant when these cases go to court.

WHAT IF...


...their bitcointalk.org-account got hacked? 

[sadpandatech]

I'm just going to drop a quick note on here, that my MTGox account was compromised within a matter of days from this hack happening. And I had over 1,800 BTC stolen from me. It may or may not be related, but the timing is a bit too close to ignore completely.

I wonder if any others were compromised as well?

I've contacted aurumxchange and zhoutong directly to see if they have anything to offer, and if they are willing to cooperate with the already open investigation with law enforcement from my end (I have an open investigation by the Cyber Crime division of my local law enforcement here). Regardless, I will be directing the investigators to this information for any potential correlation.

Pointing them here for your investigation is going to do nothing other than fill their leads list with a bunch of FUD.

MTGOX account(s) were not compromised!

Someone had the LOGIN credentials for Bitcoinica's account because their LastPass account that held all their MtGox and other logins was BREACHED (not hacked or compromised either).

[Herodes]

I'm just going to drop a quick note on here, that my MTGox account was compromised within a matter of days from this hack happening. And I had over 1,800 BTC stolen from me. It may or may not be related, but the timing is a bit too close to ignore completely.

I wonder if any others were compromised as well?

I've contacted aurumxchange and zhoutong directly to see if they have anything to offer, and if they are willing to cooperate with the already open investigation with law enforcement from my end (I have an open investigation by the Cyber Crime division of my local law enforcement here). Regardless, I will be directing the investigators to this information for any potential correlation.

1800 BTC ?

No two-factor identification ?

Good luck on the investigation, if you can, please update the community.

Any knowledge about which attack vector was used to get into your account ?

[paulie_w]

i just want to say that it makes me sad to see this thread every time i login here

please don't kill bitcoin with all of this stupidity.

on the one hand, i hope you guys figure it out so there is some notion of accountability within the community.

but on the other hand, i feel like any conclusion is going to be inconclusive, and you're just going to ruin good reputations and good people by wasting all this time on a witch hunt.

next time some great new bitcoin web app develops, i hope you will not all be so quick to deposit your entire cache of 'coin...

[Clipse]

i just want to say that it makes me sad to see this thread every time i login here

please don't kill bitcoin with all of this stupidity.

on the one hand, i hope you guys figure it out so there is some notion of accountability within the community.

but on the other hand, i feel like any conclusion is going to be inconclusive, and you're just going to ruin good reputations and good people by wasting all this time on a witch hunt.

next time some great new bitcoin web app develops, i hope you will not all be so quick to deposit your entire cache of 'coin...

Since you are new I will forgive you for wanting this to get out of the limelight however this needs to stay in the limelight until there is closure.

Closure on this disease is far more likely to save bitcoin than destroy it, we saw heists such as this with the mybitcoin fiasco last year and it lost limelight far too early without anyone held accountable and that needs to change immediately.

[Glasswalker]

Pointing them here for your investigation is going to do nothing other than fill their leads list with a bunch of FUD.

MTGOX account(s) were not compromised!

Someone had the LOGIN credentials for Bitcoinica's account because their LastPass account that held all their MtGox and other logins was BREACHED (not hacked or compromised either).

I never said they were, the same method was used to access my account within a few days of this one. I simply stated the timing is close enough to warrant looking into it. Since in this case they have more evidence than was able to be gathered in my case (for example check some of the IPs logged by these individuals and confirm them against the IPs used in my case, if any coincide, it MAY imply a relationship). I'm not jumping to conclusions, but it is a potential valid lead.

1800 BTC ?

No two-factor identification ?

Good luck on the investigation, if you can, please update the community.

Any knowledge about which attack vector was used to get into your account ?

It could be noted that in this case the individual didn't have 2factor either, in order for someone to be able to up and withdraw their funds using an "aquired" login credential. And they were sitting on MUCH more funds than my 1800.

And yes I hope the investigation turns up something, dealing with law enforcement is a slow process though, so it's slow gaining traction.

I do fully intend to update the community as I get more info.

As for an attack vector, no, I have yet to identify where they got the login credentials.

Thanks!

[paulie_w]

i just want to say that it makes me sad to see this thread every time i login here

please don't kill bitcoin with all of this stupidity.

on the one hand, i hope you guys figure it out so there is some notion of accountability within the community.

but on the other hand, i feel like any conclusion is going to be inconclusive, and you're just going to ruin good reputations and good people by wasting all this time on a witch hunt.

next time some great new bitcoin web app develops, i hope you will not all be so quick to deposit your entire cache of 'coin...

Since you are new I will forgive you for wanting this to get out of the limelight however this needs to stay in the limelight until there is closure.

Closure on this disease is far more likely to save bitcoin than destroy it, we saw heists such as this with the mybitcoin fiasco last year and it lost limelight far too early without anyone held accountable and that needs to change immediately.

you're probably right, and i guess every great project has its growing pains, but it's still awful to watch.

i really love bitcoin and think it can change the world. if it ends up never being able to climb out of obscurity because of stuff like this (read: the bad publicity that it causes), then i think that's a real shame.

[BCB]

This is just like any good train wreck or bad traffic accident.  Everyone is rubbernecking because this is where all the drama is.  However there are a lot of smart and talented people doing incredible and useful and helpful things in the community, fortunately, they don't spend their days reading and analyzable and responding to every post in some of these sections.

But as someone said, this is better then cable television.

[1QaZxSw2]

EDIT: Moved to separate thread here https://bitcointalk.org/index.php?topic=96086.0

If any of us want bitcoin to succeed, we need to achieve the following:

Establish security and auditing standards that bitcoin companies and comply with. This can be publicly posted and edited and companies can post a statement of compliance such as: Complies with bitcoin security standard V2.1

The goal of this is to ensure bitcoin can self-regulate instead of running to the government and begging to be saved from the bad guys. I'm not anti-government regulations per se, but calling in the government to regulate a brand new industry will most certainly stifle innovation.

While there seems to be circumstantial evidence to suggest ZT may have either been a naughty boy or just plain stupid, we need to proceed judiciously. Note that accusations are easy, and tomorrow anyone here with any business could be accused of wrong doing should something go wrong.

We need to put in place transparency and self-regulation so that rampant speculation will have no place.

For example:
V0.1 of Bitcoin Operations & Security Standard (BOSS 0.1)

Users:
1. Every account has 2-factor authentication. [This prevents fraudulent claims of password theft etc]
2. All passwords are salted and hashed. [Mitigates loss due to/claim of lost password db]
3. All users who store more than 1000BTC or $10000 USD need to provide scanned copy of govt id. [Large amounts attract theft. Disclosing your identity may be the only way to protect yourself. Prevents Govt coming after corporations for money laundering.]
4. Maximum daily withdrawals are set based on corporate policy. 1000BTC and $10000 recommended. Larger amounts may be allowed after a phone call and verification. [This prevents large losses in case of password theft]
4.a. Optional: withdrawals should go to the same wallet deposits were made from. Customer can always withdraw full amount to the originating wallet, change the designated outgoing wallet and replace the funds as necessary for financial privacy and security. [For some businesses such as mixing services, this makes no sense]

Companies:
5. All Corporate funds are strictly separated from Customer funds. [This makes embezzlement easy to detect and prevents accidental losses]
6. Most BTC are stored in cold wallets. [Prevents large losses due to root privilege compromise]
7. The cold wallets containing more than 1000BTC keys are split among at least 2 officers of the company, so that no one person can withdraw from a cold wallet. Steps should be taken to ensure that these keys portions are not shared and not lost if one of the officers dies or exits the company.
8. Other cold wallets have a maximum amount of 1000BTC beyond which it should split into two cold wallets. [This puts an upper limit on loss from actions of an unscrupulous officer of a company.]
9. Companies will take user privacy very seriously and will not air issues in a public forum. As appropriate, resolve issues with the customer or contact law enforcement. [This will build confidence in bitcoin businesses and prevent slander/accusations of slander]
10. Where appropriate, companies should insure against losses of user funds from theft, loss of keys, disruption of operations, etc. This does not apply to trading losses caused by user's own actions. [Builds confidence and permits outside entity, i.e. the insurance company to audit security procedures]

[1QaZxSw2]

The goals of BOSS are:


1. Set a standard expectation regarding security and operating procedures.
2. Eliminate, reduce and mitigate losses due to theft or corporate wrongdoing
3. Eliminate, reduce and mitigate losses due to customer action or fraud.
4. Ensure the most up to date security mechanisms are in place.

The fiat financial world is heavily regulated because they had to learn all their lessons the hard way. We don't need to. We should simply apply the lessons here and make BTC a far better product.

[sadpandatech]

Pointing them here for your investigation is going to do nothing other than fill their leads list with a bunch of FUD.

MTGOX account(s) were not compromised!

Someone had the LOGIN credentials for Bitcoinica's account because their LastPass account that held all their MtGox and other logins was BREACHED (not hacked or compromised either).

I never said they were, the same method was used to access my account within a few days of this one. I simply stated the timing is close enough to warrant looking into it. Since in this case they have more evidence than was able to be gathered in my case (for example check some of the IPs logged by these individuals and confirm them against the IPs used in my case, if any coincide, it MAY imply a relationship). I'm not jumping to conclusions, but it is a potential valid lead.

My point was simply that your case and the Bitcoinica case are no more similar than if a car got stolen in Texas and a car got stolen in the UK and both times the thieves had the keys to the cars. Pointing an investigator to one car theft is in no way helpful in solving the other. Nither one would answer the investigator's main questions; "How did the thief gain the keys?", "And where did the thief take the car to?"

[check_status]

The goals of BOSS are:


1. Set a standard expectation regarding security and operating procedures.
2. Eliminate, reduce and mitigate losses due to theft or corporate wrongdoing
3. Eliminate, reduce and mitigate losses due to customer action or fraud.
4. Ensure the most up to date security mechanisms are in place.

The fiat financial world is heavily regulated because they had to learn all their lessons the hard way. We don't need to. We should simply apply the lessons here and make BTC a far better product.

Are you going to set up the agile and scrum?

[1QaZxSw2]

Are you going to set up the agile and scrum?

I was thinking more like a GPL type process. A publicly known standard that can be referred to, complied with and audited against.

[malevolent]

is anyone committing these all of these threads to pastebin or elsewhere ?  As posts seem to be removed from time to time this will all be relevant when these cases go to court.

Maybe the forum administration will be able to find deleted posts if they are not deleted from the database, or if they are, by restoring its backup (I heard the forum's backup is done pretty often).

[Maged]

is anyone committing these all of these threads to pastebin or elsewhere ?  As posts seem to be removed from time to time this will all be relevant when these cases go to court.

Maybe the forum administration will be able to find deleted posts if they are not deleted from the database, or if they are, by restoring its backup (I heard the forum's backup is done pretty often).

Deleted posts are only ever hidden from the public, despite the button being called "delete". They can be unhidden just as easily.

[BCB]

The forum is managed in the US but hosted in Japan.  Wonder what the legality is of complying with Subpoenas. There is probably also a Fed or NSA geek already monitoring  and mirroring this board.

[rjk]

The forum is managed in the US but hosted in Japan.  Wonder what the legality is of complying with Subpoenas. There is probably also a Fed or NSA geek already monitoring  and mirroring this board.

Try again: http://whois.domaintools.com/50.97.137.52
Hosted at Softlayer in Dallas. Whois protected by a canadian company.

[MrTeal]

is anyone committing these all of these threads to pastebin or elsewhere ?  As posts seem to be removed from time to time this will all be relevant when these cases go to court.

Maybe the forum administration will be able to find deleted posts if they are not deleted from the database, or if they are, by restoring its backup (I heard the forum's backup is done pretty often).

Deleted posts are only ever hidden from the public, despite the button being called "delete". They can be unhidden just as easily.

What about edited posts?

[BCB]

The forum is managed in the US but hosted in Japan.  Wonder what the legality is of complying with Subpoenas. There is probably also a Fed or NSA geek already monitoring  and mirroring this board.

Try again: http://whois.domaintools.com/50.97.137.52
Hosted at Softlayer in Dallas. Whois protected by a canadian company.

Interesting.  I thought I saw a whois and/or read discussion that bitcoin.org talk was hosted by Tibanne Co. Ltd??
Has that changed recently?

[BCB]

hmmm....

I don't know if full disclosure is in order but could a mod or admin weight in?

Thanks.

[rjk]

The forum is managed in the US but hosted in Japan.  Wonder what the legality is of complying with Subpoenas. There is probably also a Fed or NSA geek already monitoring  and mirroring this board.

Try again: http://whois.domaintools.com/50.97.137.52
Hosted at Softlayer in Dallas. Whois protected by a canadian company.

Interesting.  I thought I saw a whois and/or read discussion that bitcoin.org talk was hosted by Tibanne Co. Ltd??
Has that changed recently?

MtGox provides hosting, but that doesn't mean that the hosting is in Japan. I think you might find that MtGox is in the same place, but you can't check since the IP is that of the DDoS prevention service (Prolexic).

[check_status]

SoftLayer, a global leader in cloud, dedicated and managed private hosting, runs on Global Crossing infrastructure, a leading global IP solutions provider. Global crossing provides dedicated 10 Gbps Dedicated Internet Access (DIA) ports for SoftLayer.

"Global Crossing provides services to enterprises (including approximately 40 percent of the Fortune 500); government departments and agencies; and 700 carriers, mobile operators and ISPs. It delivers converged IP services to more than 700 cities in more than 70 countries, and has 17 world-class data centers in major business centers around the globe."
http://www.prnewswire.com/news-releases/softlayer-deploys-global-crossing-solution-to-meet-growing-demand-for-virtual-data-center-connectivity-128661883.html

Softlayer may not be the NSA, but Global Crossing might be.

[neofutur]

Relevant?

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #intersango
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinconsultancy
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinica
[01:01] * phantomcircuit is now known as steve_bobs

I call fake on that chat-log. I can't find any evidence of that anywhere.

not fake, I also have those in my logs : 

Code:

/irclogs/freenode $ grep steve_bobs *>../steve_bobs.log

cat ../steve_bobs.log

#bitcoinconsultancy.log:2012-07-13 07:57-!- phantomcircuit is now known as steve_bobs
#bitcoinconsultancy.log:2012-07-14 23:29-!- steve_bobs [~phantomci@c-67-188-9-35.hsd1.ca.comcast.net] has quit [Remote host closed the connection]
#bitcoin-dev.log:2012-07-13 07:57-!- phantomcircuit is now known as steve_bobs
#bitcoin-dev.log:2012-07-13 18:11< gavinandr> steve_bobs: I don't think it would work for an exchange, they'll have to be a MSB
#bitcoin-dev.log:2012-07-14 23:29-!- steve_bobs [~phantomci@c-67-188-9-35.hsd1.ca.comcast.net] has quit [Remote host closed the connection]
#bitcoin-ops.log:2012-07-13 07:57-!- phantomcircuit is now known as steve_bobs
#bitcoin-ops.log:2012-07-14 23:29-!- steve_bobs [~phantomci@c-67-188-9-35.hsd1.ca.comcast.net] has quit [Remote host closed the connection]
#bitcoin-otc.log:2012-07-13 07:57-!- phantomcircuit is now known as steve_bobs
#bitcoin-otc.log:2012-07-14 23:29-!- steve_bobs [~phantomci@c-67-188-9-35.hsd1.ca.comcast.net] has quit [Remote host closed the connection]
#bitvps.log:2012-07-28 22:43<     jaxtr> "steve_bobs"
#mtgox.log:2012-07-13 07:57-!- phantomcircuit is now known as steve_bobs
#mtgox.log:2012-07-14 23:29-!- steve_bobs [~phantomci@c-67-188-9-35.hsd1.ca.comcast.net] has quit [Remote host closed the connection]

but this really means nothing at all imo

[smoothie]

I hope everyone can comment with more reasoning and less assumptions. I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case. It's possible to discover something at that direction.

I have also listed a few people who know this secret email of mine. And I'm going to question them one by one tonight.

I'm definitely on the side of Bitcoinica customers and I believe that if the real hacker really had ties with me personally like what MagicalTux said, I may be able to recover majority of the amount back if the hacker can be warned. This issue is very serious and if I'm the hacker, I would definitely return the full amount back to reduce the criminal punishment.

The hacker seems to be a Chinese because he used Chinese punctuations in his English messages in the Aurumxchange ticket.

I will provide any information needed to the police once Bitcoinica files a police report.

Now that makes no sense.

You steal the funds just to return them to reduce criminal punishment?

LOL

[stochastic]

I hope everyone can comment with more reasoning and less assumptions. I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case. It's possible to discover something at that direction.

I have also listed a few people who know this secret email of mine. And I'm going to question them one by one tonight.

I'm definitely on the side of Bitcoinica customers and I believe that if the real hacker really had ties with me personally like what MagicalTux said, I may be able to recover majority of the amount back if the hacker can be warned. This issue is very serious and if I'm the hacker, I would definitely return the full amount back to reduce the criminal punishment.

The hacker seems to be a Chinese because he used Chinese punctuations in his English messages in the Aurumxchange ticket.

I will provide any information needed to the police once Bitcoinica files a police report.

Now that makes no sense.

You steal the funds just to return them to reduce criminal punishment?

LOL

But if the thief says he is sorry, then it is ok, right?

[Vod]

I hope everyone can comment with more reasoning and less assumptions. I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case. It's possible to discover something at that direction.

I have also listed a few people who know this secret email of mine. And I'm going to question them one by one tonight.

I'm definitely on the side of Bitcoinica customers and I believe that if the real hacker really had ties with me personally like what MagicalTux said, I may be able to recover majority of the amount back if the hacker can be warned. This issue is very serious and if I'm the hacker, I would definitely return the full amount back to reduce the criminal punishment.

The hacker seems to be a Chinese because he used Chinese punctuations in his English messages in the Aurumxchange ticket.

I will provide any information needed to the police once Bitcoinica files a police report.

Now that makes no sense.

You steal the funds just to return them to reduce criminal punishment?

LOL

But if the thief says he is sorry, then it is ok, right?

In this community, apparently so.   

[smoothie]

I hope everyone can comment with more reasoning and less assumptions. I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case. It's possible to discover something at that direction.

I have also listed a few people who know this secret email of mine. And I'm going to question them one by one tonight.

I'm definitely on the side of Bitcoinica customers and I believe that if the real hacker really had ties with me personally like what MagicalTux said, I may be able to recover majority of the amount back if the hacker can be warned. This issue is very serious and if I'm the hacker, I would definitely return the full amount back to reduce the criminal punishment.

The hacker seems to be a Chinese because he used Chinese punctuations in his English messages in the Aurumxchange ticket.

I will provide any information needed to the police once Bitcoinica files a police report.

Now that makes no sense.

You steal the funds just to return them to reduce criminal punishment?

LOL

But if the thief says he is sorry, then it is ok, right?

My whole point was that if ZT were to steal the funds then return it to reduce punishment that would made so much sanese

</sarcasm>

[ninjarobot]

At this time, it appears that there is an overwhelming amount of evidence linking Zhou Tong personally to the Bitcoinica account hack at MtGox. Our legal department has advised us to freeze the funds for the exchange order mentioned above until further investigation by the authorities and/or legal proceedings are concluded.

Please understand that some information will not be released until all legal proceedings have been concluded.

Sorry to dig up an old thread, but was the anti money laundering investigation into the 40000 USD LR transaction by Zhou ever completed?

If so, what was the outcome and where did the funds go?

[MPOE-PR]

Sorry to dig up an old thread, but was the anti money laundering investigation into the 40000 USD LR transaction by Zhou ever completed?

If so, what was the outcome and where did the funds go?

Riiight.

[danieldaniel]

Sorry to dig up an old thread, but was the anti money laundering investigation into the 40000 USD LR transaction by Zhou ever completed?

If so, what was the outcome and where did the funds go?

The funds are safely in Zhou's bank/Bitcoin account/wallet.

[BitBuster]

Apologies for another resurrection, but did ZT get away with it or did "Chen" actually exist?


BB.

[Matthew N. Wright]

Apologies for another resurrection, but did ZT get away with it or did "Chen" actually exist?


BB.

He still maintains that AurumXChange is holding those funds. You can ask them what they did with the money.

[repentance]

Apologies for another resurrection, but did ZT get away with it or did "Chen" actually exist?


BB.

He still claims that AurumXChange is holding his funds. Ask them what they did with the money.

He claimed they were not his funds - that they resulted from a transaction he conducted on behalf of a friend.  Then he strangely told AurumXChange that they could refund those coins to Bitcoinica.  They pretty much can't do anything without being able to determine the true ownership of those funds.  

If Zhou maintains they aren't his, then he can't authorise their release to anyone - including Bitcoinica.  If they are his own legitimate funds, then there's no reason he would authorise their release to anyone else - and he should have no problem proving to AurumXChange that they are his own legitimate funds.

The extent to which Zhou has been protected throughout the whole Bitcoinica debacle is truly sickening.

[Gyrsur]

Domain Name: ZHOUTONG.COM
Registry Domain ID: 120218314_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.enom.com
Registrar URL: www.enom.com
Updated Date: 2014-06-12 06:38:59Z
Creation Date: 2004-05-16 03:26:00Z
Registrar Registration Expiration Date: 2016-05-16 03:26:00Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Registrar Abuse Contact Email: abuse@enom.com
Registrar Abuse Contact Phone: +1.4252982646
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: TONG ZHOU
Registrant Organization: RYAN ZHOU
Registrant Street: PO BOX 465
Registrant City: CARLTON SOUTH
Registrant State/Province: VIC
Registrant Postal Code: 3053
Registrant Country: AU
Registrant Phone: +61.390157926
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: WHOIS@ZHOUTONG.COM
Registry Admin ID:
Admin Name: TONG ZHOU
Admin Organization: RYAN ZHOU
Admin Street: PO BOX 465
Admin City: CARLTON SOUTH
Admin State/Province: VIC
Admin Postal Code: 3053
Admin Country: AU
Admin Phone: +61.390157926
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: WHOIS@ZHOUTONG.COM
Registry Tech ID:
Tech Name: TONG ZHOU
Tech Organization: RYAN ZHOU
Tech Street: PO BOX 465
Tech City: CARLTON SOUTH
Tech State/Province: VIC
Tech Postal Code: 3053
Tech Country: AU
Tech Phone: +61.390157926
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: WHOIS@ZHOUTONG.COM
Name Server: PDNS1.TERRIFICDNS.COM
Name Server: PDNS2.TERRIFICDNS.NET
Name Server: PDNS3.TERRIFICDNS.ORG
Name Server: PDNS4.TERRIFICDNS.INFO
DNSSEC: unSigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
Last update of WHOIS database: 2014-06-12 06:38:59Z