Public STATEMENT Regarding Bitcoinica account hack at MtGox

[Vod]

But, so what? What are you guys trying to figure out?

+1

If he did spend the majority of the stolen coins on personal expenses, like mortgages, knowing who he is and where he lives will be very important.

[1713979313]

1713979313

[1713979313]

1713979313

[1713979313]

1713979313

[ErebusBat]

Where did you find this information?  Do you have a domaintools membership?
http://www.domaintools.com/research/whois-history/

Are you a wizard?

<dumbledore voice>
Harry Potter?
</dumbledore voice>

[defxor]

What exactly are they trying to match up that uyou are saynig does not?

That he's owned that domain since almost 10 years back.

[disclaimer201]

Relevant?

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #intersango
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinconsultancy
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinica
[01:01] * phantomcircuit is now known as steve_bobs

? Wtf ? 
If this log is real, this guy's got some explaining to do

I just read through all of this and missed if there was a follow-up to this post?

The IP in question is an american one, which doesn't necessarily mean anything. But it seems from that log (if legit), that phantomcircuit is given op privilegies, which means he should be identified with NickServ? AFAIK, you can authenticate from any ip, so if phantomcircuit's e-mail was compromized earlier on (as was stated on this forum), then his IRC personality could be compromized as well, for all we know, his computer(s) may be backdoored.

Googling ~phantomci@c-67-188-9-35.hsd1.ca.comcast.net gives some results, but I'm not going to do anymore research, if anyone feels up to it, go ahead.

I don't know Zou Thong, but personally I would've never have sold my operations to any 'security expert' that's previously been inolved in cracking said operations and boasting on it in a public forum...

http://bitcoinstats.com/irc/bitcoin-dev/logs/2011/09/12/4
http://bitcoinstats.com/irc/bitcoin-dev/logs/2011/09/12/5

Did some research anyway:
41 days ago, the same identity was used by a user called phantomcircuit:
http://pastie.org/4096261

Aparently he's discussing the pay back process rather grumpily on that occasion.

Yes. He was quite pissed off at me in particular. I raised questions very early on after signing into this forum the first time - why the fuck do people trust this guy who has been known to hack competitors' sites?

phantomcircuit is one of the least trustworthy people I know in bitcoin. He is a calculating, deceitful, and dishonest person. Getting him to tell the truth is nearly impossible. I find it highly suspect that he left after the last hack. I found it highly suspect that the first hack happened not long after he had access to bitcoinica.

But, now ZT's bullshit story of the "friend" calls that motive into question. I have to wonder if there aren't MULTIPLE parties looting bitcoinica.

It has been my opinion since the hack, that the hack that closed bitcoinica was premeditated and intended to cover up the significant losses of customer funds due to "bad hedges" (or, more likely, looting already in progress)

What I am pretty damn sure of at this point: I have lost my $500 and position to an inside job.

+1 and fully agree

[sadpandatech]

But, so what? What are you guys trying to figure out?

+1

I don't know.  I just want my coins back.  At this point I couldn't care less if it was ZT or Burt Reynolds.  But I would tip my cap to Burt Reynolds.

:/ aye, you and a lot of other people, m8. I'm sorry for anyone in this situation. Especially ZT's hacker buddy if he does not get him to hand over the coins within the next 24 hours. I will personally take action against him and ZT for not following through with what they said last night!!!

I wasn't trying to bust your guys chops. I was just not sure if you were trying to figure out other address for him, or name aliases or what.

[sadpandatech]

What exactly are they trying to match up that uyou are saynig does not?

That he's owned that domain since almost 10 years back.

ahh, missed the age on that web archive;
MAR  AUG DEC 
      8   
    2002

[sadpandatech]

Relevant?

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #intersango
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinconsultancy
[01:01] * phantomcircuit is now known as steve_bobs

Session Time: Fri Jul 13 00:00:00 2012
[00:49] * phantomcircuit (~phantomci@c-67-188-9-35.hsd1.ca.comcast.net) has joined #bitcoinica
[01:01] * phantomcircuit is now known as steve_bobs

? Wtf ? 
If this log is real, this guy's got some explaining to do

I just read through all of this and missed if there was a follow-up to this post?

The IP in question is an american one, which doesn't necessarily mean anything. But it seems from that log (if legit), that phantomcircuit is given op privilegies, which means he should be identified with NickServ? AFAIK, you can authenticate from any ip, so if phantomcircuit's e-mail was compromized earlier on (as was stated on this forum), then his IRC personality could be compromized as well, for all we know, his computer(s) may be backdoored.

Googling ~phantomci@c-67-188-9-35.hsd1.ca.comcast.net gives some results, but I'm not going to do anymore research, if anyone feels up to it, go ahead.

I don't know Zou Thong, but personally I would've never have sold my operations to any 'security expert' that's previously been inolved in cracking said operations and boasting on it in a public forum...

http://bitcoinstats.com/irc/bitcoin-dev/logs/2011/09/12/4
http://bitcoinstats.com/irc/bitcoin-dev/logs/2011/09/12/5

Did some research anyway:
41 days ago, the same identity was used by a user called phantomcircuit:
http://pastie.org/4096261

Aparently he's discussing the pay back process rather grumpily on that occasion.

Yes. He was quite pissed off at me in particular. I raised questions very early on after signing into this forum the first time - why the fuck do people trust this guy who has been known to hack competitors' sites?

phantomcircuit is one of the least trustworthy people I know in bitcoin. He is a calculating, deceitful, and dishonest person. Getting him to tell the truth is nearly impossible. I find it highly suspect that he left after the last hack. I found it highly suspect that the first hack happened not long after he had access to bitcoinica.

But, now ZT's bullshit story of the "friend" calls that motive into question. I have to wonder if there aren't MULTIPLE parties looting bitcoinica.

It has been my opinion since the hack, that the hack that closed bitcoinica was premeditated and intended to cover up the significant losses of customer funds due to "bad hedges" (or, more likely, looting already in progress)

What I am pretty damn sure of at this point: I have lost my $500 and position to an inside job.

+1 and fully agree

Not been on IRC in years but wouldn't this;
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

indicate that someone logged in with the spoofed ident of phantiom and was de-oped because their mac id did not truely match?  Just seems odd he would de-op himself otherwise..

[MagicalTux]

Not been on IRC in years but wouldn't this;
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

indicate that someone logged in with the spoofed ident of phantiom and was de-oped because their mac id did not truely match?  Just seems odd he would de-op himself otherwise..

Or maybe he was tired of being contacted by dozens of people and decided to go under a different nick temporarily?

[ErebusBat]

Not been on IRC in years but wouldn't this;
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

indicate that someone logged in with the spoofed ident of phantiom and was de-oped because their mac id did not truely match?  Just seems odd he would de-op himself otherwise..

First of all it isn't mac address (i think you meant IP address).
Second FreeNode servers would not all him to be logged in that long without authenticating.
Third he used that IP more than once.  See my previous post: https://bitcointalk.org/index.php?topic=95738.msg1056652#msg1056652 which has a history of this.

[ErebusBat]

Or maybe he was tired of being contacted by dozens of people and decided to go under a different nick temporarily?

Still seems very odd that he would pick the same 'throw away' nick as the 3rd hacker though....

[sadpandatech]

Not been on IRC in years but wouldn't this;
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

indicate that someone logged in with the spoofed ident of phantiom and was de-oped because their mac id did not truely match?  Just seems odd he would de-op himself otherwise..

First of all it isn't mac address (i think you meant IP address).
Second FreeNode servers would not all him to be logged in that long without authenticating.
Third he used that IP more than once.  See my previous post: https://bitcointalk.org/index.php?topic=95738.msg1056652#msg1056652 which has a history of this.

No, I meant what I typed.

so freenode would not allow +op for 12 minutes without being authenticated? aye, i was suggesting phantom was logged in and then someone else may have bumped him off. was just an idea. I do not even know what you are trying to prove or figure out...

I can make it look like I am any fucking IP i want on IRC. I was under the impression they checked your true mac address and not just went by what was shown in the chat.  my finger info would read *Sadpandatech(~Sadpandatech@lickmysack.microsoft.com)

[sadpandatech]

Or maybe he was tired of being contacted by dozens of people and decided to go under a different nick temporarily?

Still seems very odd that he would pick the same 'throw away' nick as the 3rd hacker though....

I thought the hacker was Steve Jobs?  not Steve-bobs??

[dancingnancy]

Or maybe he was tired of being contacted by dozens of people and decided to go under a different nick temporarily?

Still seems very odd that he would pick the same 'throw away' nick as the 3rd hacker though....

I thought the hacker was Steve Jobs?  not Steve-bobs??

Yes, but it is just another "convenient" similarity.

[Serge]

Not been on IRC in years but wouldn't this;
[00:49] * ChanServ sets mode: +o phantomcircuit
[01:01] * phantomcircuit sets mode: -o phantomcircuit
[01:01] * phantomcircuit is now known as steve_bobs

indicate that someone logged in with the spoofed ident of phantiom and was de-oped because their mac id did not truely match?  Just seems odd he would de-op himself otherwise..

First of all it isn't mac address (i think you meant IP address).
Second FreeNode servers would not all him to be logged in that long without authenticating.
Third he used that IP more than once.  See my previous post: https://bitcointalk.org/index.php?topic=95738.msg1056652#msg1056652 which has a history of this.

No, I meant what I typed.

so freenode would not allow +op for 12 minutes without being authenticated? aye, i was suggesting phantom was logged in and then someone else may have bumped him off. was just an idea. I do not even know what you are trying to prove or figure out...

I can make it look like I am any fucking IP i want on IRC. I was under the impression they checked your true mac address and not just went by what was shown in the chat.  my finger info would read *Sadpandatech(~Sadpandatech@lickmysack.microsoft.com)

no.  chanserv would not give an op to unidentified with nickserv user. that log shows that it was authorized user using that handle who then  deopped himself (that's what they do on #bitcoin) and then changed his nick.

[almackska]

Zhou, you sent me back 3 BTC back earlier last week with your personal claim service.
Please send me the remainder of 49 BTC to 1F9ywmJTQ283z5qaEr97NcRgPNHZ6GoAiu .
The remainder includes the USD balance converted to BTC using current exchange rate.

[RoloTonyBrownTown]

Is it just me (and I have no interest in debating who's guilty and who isn't particularly), but does this just scream sockpuppet to anyone else?

July 26, 2012, 06:50:18 PM
It's a shame that this lynch mob is forming based on shoddy evidence presented in an internet forum. I guess that is just the way justice works in the modern world, much like the lynch mobs going after George Zimmerman.  Zhou Tong clearly posted that his email account was hacked.  He has been the victims of hackers before and they are obviously trying to escape justice by framing their victim. It's a shame people are willing to become so manipulated instead of trying to continue to seek out the true criminals.  

July 26, 2012, 06:53:50 PM
I hope everyone can comment with more reasoning and less assumptions. I'm trying my best to calm down and attempt to get more information about the hacker, because he also used my email for a credit card fraud case. It's possible to discover something at that direction.

I have also listed a few people who know this secret email of mine. And I'm going to question them one by one tonight.

I'm definitely on the side of Bitcoinica customers and I believe that if the real hacker really had ties with me personally like what MagicalTux said, I may be able to recover majority of the amount back if the hacker can be warned. This issue is very serious and if I'm the hacker, I would definitely return the full amount back to reduce the criminal punishment.

The hacker seems to be a Chinese because he used Chinese punctuations in his English messages in the Aurumxchange ticket.

I will provide any information needed to the police once Bitcoinica files a police report.

July 26, 2012, 06:57:24 PM
Thank you for handling this situation so well, you are a true professional and a model for this community.

from https://bitcointalk.org/index.php?topic=95738.100

Especially considering Rarity's unwaveringly positive posts regarding Zhou in this thread so far.  Meh, probably just paranoid

[sadpandatech]

@Rolo  you're not the only one wondering the same thing..

[Rarity]

Oh my, now I'm part of the Zhou conspiracy too!  Back off pitchforkies!



You really think it's plausible I've been posting here since last October just waiting for this moment?  You guys are trying to hang the wrong guy and I'm pointing it out, deal with it.

[davout]

@Rolo  you're not the only one wondering the same thing..

[Coinoisseur]

We have Bitcoin exchanges basically begging for someone anyone with grounds to file a criminal complaint to do so. Because otherwise they are burdened with being responsible, as in keeping safe, the questionable funds.

There was a thread here about lawsuits, has anyone involved with that engaged NZ legal counsel to get the NZ authorities rolling on this? The exchanges are saying no authorities have contacted them claiming to be investigating relating to the Bitcoinica hacks.