Public STATEMENT Regarding Bitcoinica account hack at MtGox

[repentance]

I do not know the situation on that aspect, as the funds are not held with MtGox (we are merely helping with the investigation and trying to ensure the information flows correctly to the community).

It's been stated elsewhere on the board that MtGox has now frozen the Bitcoinica MtGox account.  Can you confirm whether that's the case (it would be a reasonable action to take, but users generally tend to disbelieve such claims as I'm sure you're aware from having to explain such situations in relation to your own financial institutions)?

[1713554605]

1713554605

[1713554605]

1713554605

[1713554605]

1713554605

[1713554605]

1713554605

[1713554605]

1713554605

[1713554605]

1713554605

[MagicalTux]

It's been stated elsewhere on the board that MtGox has now frozen the Bitcoinica MtGox account.  Can you confirm whether that's the case (it would be a reasonable action to take, but users generally tend to disbelieve such claims as I'm sure you're aware from having to explain such situations in relation to your own financial institutions)?

Yes indeed, as discussed with Bitcoinica, we have blocked Bitcoinica's account to prevent further loss, and pending legal action to determine what should be done with those funds.

[caveden]

Will it help an actual police investigation? Probably the opposite.

It might help. With everything being public, an eventual typical police inactivity would also be public. There's some incentives for them to actually do their job (even because most of the job's done already).
If everything is done entirely in private, the police could just behave as usual (i.e., do nothing useful) and that would be it.

But you do have a point. Perhaps they should have tried to contact Zhou before releasing his private data like this.

This is all quite delicate.

[xDan]

You guys are such a mob. You too, AurumExchange, Mt Gox and co. Posting inconclusive "facts" then vaguely hinting at more unrevealed details are blame spreading, lynch mob feeding tactics worth of a tabloid.

[davout]

I guess you're up for a surprise on this one.

That wouldn't be the first one
But still, that doesn't make much sense to me, from a legal POV to disclose very sensitive information to a public internet forum.

The fact is that at this time no party has contacted us in any way to notify us of any action (we are in contact with all the parties involved in Bitcoinica). In absence of any legal context to relate to, there is only so much we can do.

Absence of proof is not proof of absence, therefore : assumption. Either way my point is that you shouldn't have released anything until contacted by an official law enforcement body. Because doing so would probably qualify as a big fat breach of privacy, decency, and your own very terms.

I do not know the situation on that aspect, as the funds are not held with MtGox (we are merely helping with the investigation and trying to ensure the information flows correctly to the community).

It's not the community's role to investage, nor is it yours. I'm simply arguing that the information flow you're mentioning might not be the most appropriate, it might somehow be in your interest, but I fail to see how it's in the victims best interests.

Yes indeed, as discussed with Bitcoinica, we have blocked Bitcoinica's account to prevent further loss, and pending legal action to determine what should be done with those funds.

That sounds about right, maybe you should have stopped right there.

Let's agree to disagree

[Ente]

Let this be a warning to everyone:

If your account is hacked (email or otherwise), MtGox, AurumXChange and BitInstant might start a thread calling you a thief and a hacker publicly and just leave it up to you to find the thread and figure out a defense instead of discussing the issue with you directly or contacting any authorities.

My resumée from this:
- Bitcoinica was not run professionaly
- the professionality of Bitcoin Consultancy Group / Intersango is at question
- MtGox, AurumXChange, BitInstant are not run professionaly

I guess I better dump the little I have left on MtGox. And print out another paperwallet professionaly. I don't want to afford more than a little playmoney on MtGox by this point now.

Ente

[sturle]

[...] AurumXchange asked us if we knew anything about email address stevejobs807@gmail.com which was used by the hacker according to AurumXchange. We found an account under this email which [...] initial funds are deposited from an account known to belong to Zhou Tong.[/list]

I see three possibilities here:

• Zhou Thong created the second MtGox account himself, and were in breach of MtGox ToS by owning two accounts without prior permission.
• The attacker also had access to Zhou Tong's MtGox account and got the funds from there himself.  Zhou Thong didn't notice.
• The attacker bought a Redeemable code or BTC directly from Zhou Thong, and transferred it directly to this account.

To me the first option is most likely.

From MtGox ToS:

Members may only have one Account at any one time and may not create or use any Account other than their own. For a Member to be exempt from any of these rules, he/she must request express and prior permission from the Platform. The creation or use of Accounts without obtaining such prior express permission from the Platform will lead to the immediate suspension of all said Accounts, as well as all pending purchase/sale offers.

If Zhou Tong indeed did own this account without express permission, MtGox shall have to suspend all Zhou Thong's accounts.  If it wasn't his account, he need to explain how the funds got transferred there from his account.

[repentance]

It's been stated elsewhere on the board that MtGox has now frozen the Bitcoinica MtGox account.  Can you confirm whether that's the case (it would be a reasonable action to take, but users generally tend to disbelieve such claims as I'm sure you're aware from having to explain such situations in relation to your own financial institutions)?

Yes indeed, as discussed with Bitcoinica, we have blocked Bitcoinica's account to prevent further loss, and pending legal action to determine what should be done with those funds.

Thank you Mark.  At least we can put to rest any suggestions that they're bullshitting about that so that they can "run away with the funds".

[MagicalTux]

The fact is that at this time no party has contacted us in any way to notify us of any action (we are in contact with all the parties involved in Bitcoinica). In absence of any legal context to relate to, there is only so much we can do.

Absence of proof is not proof of absence, therefore : assumption. Either way my point is that you shouldn't have released anything until contacted by an official law enforcement body. Because doing so would probably qualify as a big fat breach of privacy, decency, and your own very terms.

None of the parties able to start a legal action on this have done so, or have declined to let us know. Either way that puts us in a delicate situation. It should also be noted that I speak for MtGox, not for AurumXchange.

I do not know the situation on that aspect, as the funds are not held with MtGox (we are merely helping with the investigation and trying to ensure the information flows correctly to the community).

It's not the community's role to investage, nor is it yours. I'm simply arguing that the information flow you're mentioning might not be the most appropriate, it might somehow be in your interest, but I fail to see how it's in the victims best interests.

Actually it is our role to investigate any transaction that comes or goes through our systems. However once the investigation reaches a specific point we need to forward the details to the law enforcement in charge. It was legal advice on AurumXchange's side to publish a subset of the details.

[Justin00]

if the police report hasn't been filed... has any crime been committed ?

How can anyone running a company of sorts not inform the police.. its not like we are talking $10 here.. even if the police cant do anything... how can someone of not told them yet ? That is dodgy as hell.

[Matthew N. Wright]

It was legal advice on AurumXchange's side to publish a subset of the details.

MtGox breaches customer privacy agreement with its customer due to the advice of a competing exchange's attorney?

Are you sure they weren't just trying to ruin your business?

[HorseRider]

I'm going to send the Liu Haipeng's ICBC account mentioned by Zhoutong 0.01 RMB, to identify the province location of the bank account.

Just wait.


---

edit

The bank account was opened in 黑龙江省牡丹江(Mudanjiang, Heilongjiang Province. )
The Chinese name of this bank account is 刘海鹏

hopefully that this will be helpful. However, it can be a bank account bought from the black market.

Another information: this card a debit card, and it is linked to a credit card to pay back the credit card loan automatically.

[MagicalTux]

MtGox breaches customer privacy agreement with its customer due to the advice of a competing exchange's attorney?

Are you sure they weren't just trying to ruin your business?

Actually - it may be difficult to remember as we are already on the 11th page - the announce was made by AurumXchange, not by us.

[aq]

I'm gonna take a break from Bitcoin for a while.

What does this mean for Bitcoin Magazine/Ellet/UndisclosedSecretBitcoinProjectNumber12?

In the meantime you should have noticed that Matthews rarely keeps promises exactly as stated.

And it is very interesting that one of the most vocal public disclosure persons wants to suppress an investigation in this case.
He also tries to steer the discussion away from the actual theft case to something else.
We should start asking what Matthew has to loose in this case.

[davout]

Actually - it may be difficult to remember as we are already on the 11th page - the announce was made by AurumXchange, not by us.

Second post was by you though.

And it is very interesting that one of the most vocal public disclosure persons wants to suppress an investigation in this case.
He also tries to steer the discussion away from the actual theft case to something else.
We should start asking what Matthew has to loose in this case.

7. Question motives. Twist or amplify any fact which could be taken to imply that the opponent operates out of a hidden personal agenda or other bias. This avoids discussing issues and forces the accuser on the defensive.

From : http://cryptome.org/2012/07/gent-forum-spies.htm

[repentance]

if the police report hasn't been filed... has any crime been committed ?

How can anyone running a company of sorts not inform the police.. its not like we are talking $10 here.. even if the police cant do anything... how can someone of not told them yet ? That is dodgy as hell.

I don't think anyone wants to be the one to open that particular can of worms given that there's going to be a sub-set of people using each of these services to commit financial offences.  On the one hand, you'd establish credibility about the incident having occurred.  On the other, there are likely a significant amount of people who would no longer use your service because they'd be worried that investigations might reveal their own offences to authorities.

[Matthew N. Wright]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* On Friday, July 13 I was notified by MtGox that somebody had gain unauthorized access to Bitcoinica's MtGox account. I was also notified that most of the redeemable codes used in the heist were exchanged through AurumXchange on July 12.
* At the time I was on an extended weekend vacation with very limited internet access. I immediately notified Mark Karpeles at MtGox as well as Charlie Shrem at Bitinstant that I would take a closer examination of the situation on Tuesday upon my return.
* Upon closer examination of our database on Tuesday, I discovered that the hacker had indeed exchanged the MtGox coupons to Liberty Reserve through our instant exchange facility. The hacker had also exchanged Liberty Reserve back to MtGox presumably in an effort to conceal and/or "launder" the funds.
* Over all, the hacker exchanged a total of $61,875 USD from MtGox to Liberty Reserve, and a total of $17,500 Liberty Reserve to MtGox, for a grand total of $44,375 MtGox to Liberty Reserve. After our fees, this number amounts to approximately $40,000 USD.
* These orders were placed on our systems between 2012-07-12 11:46:48 and 2012-07-12 19:41:27 UTC.
* The IP addresses used by the hacker belong to TOR exit nodes to my understanding, and are as follows:

31.172.30.1
31.172.30.2
31.172.30.4
77.247.181.165
146.164.91.248
78.108.63.44

* The Liberty Reserve account used by the hacker is U9236056.
* The email address used by the hacker was stevejobs807@gmail.com.
* To my surprise, upon further examination of our order system, I found an order from Zhou Tong to sell Liberty Reserve to us for the amount of USD 40,000, requesting a wire to his bank account in Singapore. The amount for the order closely matches the total USD exchanged through us (after fees) using the MtGox USD codes stolen from the Bitcoinica account.
* This order was placed the next day the hacking attempts occurred. In addition, it should be noted that Zhou Tong has never dealt with us before as an exchange customer.
* This information was immediately sent to our two biggest trusted business partners: MtGox and Bitinstant in an effort to join forces to further investigate this situation.
* Mark Karpeles indicated that there was an account opened at MtGox using the email stevejobs807@gmail.com sometime in 2011.
* Mark replied stating that there was activity on this account, that the account was opened using an IP address belonging to Microsoft Singapore, that Zhou Tong was known to have worked for said company at said location, that the email stevejobs807@gmail.com have been verified, and that ALL activity on this account is linked to the MtGox account belonging to Zhou Tong.
* Mark has also indicated that the very first operation on the MtGox account opened with email stevejobs807@gmail.com was the redeeming of a 10 BTC MtGox code generated from Zhou Tong's account.
* Charlie indicated that Erik Vorhees (a well known member of this community) has emails he exchanged with Zhou using the email address stevejobs807@gmail.com.

At this time, it appears that there is an overwhelming amount of evidence linking Zhou Tong personally to the Bitcoinica account hack at MtGox. Our legal department has advised us to freeze the funds for the exchange order mentioned above until further investigation by the authorities and/or legal proceedings are concluded.

Both Charlie and Mark have informed the current Bitcoinica owners of the situation and advised to start legal proceedings as soon as possible.

Posts corroborating this information from both MtGox and BitInstant will follow. I am technically on vacation until mid august with limited internet access, however, I will attempt to answer any questions the community might have as often as possible. Please understand that some information will not be released until all legal proceedings have been concluded.

Sincerely,

Roberto Gutierrez
General Manager
The AurumXchange Company
https://www.aurumxchange.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG

iQEcBAEBAgAGBQJQEMmpAAoJECR5FGDHgkwDCqMH/Awy/Tjtqw9p/vzVh/ewoYgq
CPCSjWn1OUZGGkCMeA/ZwkPHV8/FgsQqBTfHJKy7OBZPaRyL7KTynFo6/BfUSCiO
tWz4QtRXE8hAV5uJNq6BtUvsSD9LXUFWanSEOZS9mApsmP5jmDc3S7JfBEDHli1w
zE9DXJR5jHQmvloRgafIQNxQq8BK7DKG25LpltXCURpVqWFkmulGsMuCqZ9wV0cb
fP92Hf4U+FnwSiM5TfZDwtOhbub9E6ilzPHBmfOjuneSEN1S49Zq3wl1wv0sHUda
2fJ4jVONpOc6S3pvGN7Jb0pdcUJQtujiOcnc+YbKa1EFBjZYY0WBnJL1EVARy4Q=
=TFJe
-----END PGP SIGNATURE-----

As representative of MtGox, I do confirm the following facts:

• Upon hack of Bitcoinica's account on our platform, a large number of redeemable codes have been issued. Seeing a large volume of codes emitted by Bitcoinica didn't alert us at first as we assumed those were funds returned to Bitcoinica customers, however we were made aware it was not the case upon posting on this forum by Genjix about the account hack. We noticed that most of those codes were sent to AurumXchange.
• Codes were all generated from IP 184.22.31.180 (184-22-31-180.static.hostnoc.net)
  
• During the investigation, AurumXchange asked us if we knew anything about email address stevejobs807@gmail.com which was used by the hacker according to AurumXchange. We found an account under this email which had some activity back in 2011, with access from both an IP at Microsoft Singapore then an IP at Amazon EC2 and which initial funds are deposited from an account known to belong to Zhou Tong.

.
While we have no definitive proof at this time, there is a definitive need for a proper investigation of what happened there. We have got no reply at this time from Bitcoinica LP and its representatives/owners regarding this matter despite many requests.

We would like to make a few points:

• I want to thank Roberto for leading the investigation on this one with Mark and myself. We pooled together our resources to connect the dots and paper trail. This just shows that even competitors can work together for the better of the Bitcoin community.
• I can confirm that both Tihan from Bitcoinica LP and Patrick from Bitcoin Consultancy were both alerted about this investigation personally face-to-face by me. I urged them to seek legal action and request clarification from Zhou. I also requested that they decline him further access to any funds in any of the accounts.
• Both assured me separately that action is being taken on this front and on the claims front. They assured me that the claims process will continue pending legal clarifications.
• As you can imagine, we had to keep this information to ourselves for 10 days or so until we can completely verify all the information we presented here.

As more information comes to light and verified, we will release it to you as soon as possible.

Thanks,

Charlie, Bitinstant.

[Justin00]

the company is over... so why would they care anymore about lost business. except to clear name and find the hacker ?

basically if the owners dont file police report say are saying to everyone who is owed money - 'piss off, we dont care' and stopping any further investigations from happening... which means no $$ for anyone.

if the police report hasn't been filed... has any crime been committed ?

How can anyone running a company of sorts not inform the police.. its not like we are talking $10 here.. even if the police cant do anything... how can someone of not told them yet ? That is dodgy as hell.

I don't think anyone wants to be the one to open that particular can of worms given that there's going to be a sub-set of people using each of these services to commit financial offences.  On the one hand, you'd establish credibility about the incident having occurred.  On the other, there are likely a significant amount of people who would no longer use your service because they'd be worried that investigations might reveal their own offences to authorities.

[MagicalTux]

the company is over... so why would they care anymore about lost business. except to clear name and find the hacker ?

basically if the owners dont file police report say are saying to everyone who is owed money - 'piss off, we dont care' and stopping any further investigations from happening... which means no $$ for anyone.

Actually it could mean that they are legally in fault to any of Bitcoinica's customers, should any of them actually file something too.

[Matthew N. Wright]

the company is over... so why would they care anymore about lost business. except to clear name and find the hacker ?

basically if the owners dont file police report say are saying to everyone who is owed money - 'piss off, we dont care' and stopping any further investigations from happening... which means no $$ for anyone.

Actually it could mean that they are legally in fault to any of Bitcoinica's customers, should any of them actually file something too.

In re-reading Charlie Shrem's post, it seems he did not really release anything important or valuable at all and basically is just posting here for support of your AurumXChange's breach of privacy, which isn't illegal, just shady. For the time being (until Charlie surfaces to explain what exactly he did release to you or AurumXChange), I will assume that the only actual breaches happened between Zhou Tong (the customer) and both AurumXchange and Mtgox.

It's early morning where Zhou is so I don't expect a response here or on Skype, but I'll contact him to see if he plans on participating in a class action law suit. I'm not sure if it would be Tort or Civil Action against AurumXChange and Mtgox, but I'd say that this thread has no logical reason for existing other than to rile on an angry mob to cause harm to one single individual, and it's pretty obvious that they've broken their own privacy agreements. Tasteless and vile.