Bitcoin Forum
December 08, 2016, 02:27:02 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 ... 56 »
  Print  
Author Topic: Statement about the suspect of recent Bitcoinica hack  (Read 124556 times)
Yankee (BitInstant)
Legendary
*
Offline Offline

Activity: 1078


Charlie 'Van Bitcoin' Shrem


View Profile WWW
July 26, 2012, 02:13:10 PM
 #41

Months of mudslinging and you manage to solve the riddle within just a few short hours and you never thought of confronting this mystery millionaire previous business partner before all this came to light ?

Tickle me suprised, VERY SURPRISED.

I was just thinking that.

All evidence aside, isn't it kind of convenient that within 6 hours of accusation all of a sudden surfaces a 'multi million dollar Chinese hacker friend who stole Zhou's identity'

Where was this hacker all along? Why did it come to light in the middle of the night ?

Bitcoin pioneer. An apostle of Satoshi Nakamoto. A crusader for a new, better, tech-driven society. A dreamer.

More about me: http://CharlieShrem.com
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
sadpandatech
Hero Member
*****
Offline Offline

Activity: 504



View Profile
July 26, 2012, 02:18:37 PM
 #42

OP: BULLSHIT!

If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system. - GA
It is being worked on by smart people. -DamienBlack
Mistafreeze
Sr. Member
****
Offline Offline

Activity: 291


View Profile
July 26, 2012, 02:21:10 PM
 #43

I think I would've waited a few days or so before posting this. Too convenient.

Beerfund NXT-L4WV-ZF8P-8X54-D6XML
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
July 26, 2012, 02:23:06 PM
 #44

Months of mudslinging and you manage to solve the riddle within just a few short hours and you never thought of confronting this mystery millionaire previous business partner before all this came to light ?

Tickle me suprised, VERY SURPRISED.

I was just thinking that.

All evidence aside, isn't it kind of convenient that within 6 hours of accusation all of a sudden surfaces a 'multi million dollar Chinese hacker friend who stole Zhou's identity'

Where was this hacker all along? Why did it come to light in the middle of the night ?


My email stevejobs807@gmail.com was last accessed from 62.113.219.5 on July 13. The password has not been changed by the hacker (but I have changed just now).

There was an auto-forwarding to ryan@xwaylab.com (which is another email address of mine). However it has been changed to bitcoinicasucks@hotmail.com (which is the email that was used to send the "Bitcoinica is done" email to verify@bitcoinica.com). Of course I couldn't be notified about any email since the change.

The email account had a heavily-reused password (for the sites that I don't intend to share any private data), *at least* it was used on LinkedIn and many other websites.

I have several email communications between stevejobs807@gmail and other email accounts controlled by me, including a testing ticket for Bitcoinica's ZenDesk trial. The email address has never been publicised.

Important discovery in recent emails (all times are in UTC+8):

The hacker registered a Liberty Reserve account U9236056 at Jul 12, 2012 9:42 PM.

There was several emails from Liberty Reserve mentioning "Verification PIN". It can be seen that the liberty reserve account was accessed by at least: 78.108.63.44, 212.84.206.250 and 31.172.30.1.

There were many transactions done at F1ex.com, possibly used to launder Bitcoin. (I checked just now, F1ex.com provides anonymous fixed-rate BTC exchange service.)

The hacker signed up for OKPAY, with IP 31.172.30.1.

The hacker requested a sell-order on AurumXchange, totalling $5000, using the suspicious Liberty Reserve account mentioned by OP. A Chinese bank account was used (Account name: LIU HAIPENG, Account number: 6222020903006086032, Bank: INDUSTRIAL AND COMMERCIAL BANK OF CHINA).

Order link: https://www.aurumxchange.com/order/view/34011/e5b466248e041ebdf2ae793181a840dc

The hacker has also opened a ticket under his own name: https://www.aurumxchange.com/help/ticket.php?track=NLY-9AG-E468&Refresh=24195

He mentioned that I sold him the Mt. Gox codes at half price, which is absolutely not true. It seems that the hacker was trying to relate this event to me as an individual, and this possibly explains the reason that he wanted to "hijack" the email account. All my other email accounts did not have any suspicious access records and their passwords are all secure and different.

This is my *own* genuine transaction at AurumXchange: https://www.aurumxchange.com/order/view/33100/3c05a9a572379bf91620302cc9dd7d22

And my ticket to question the funds: https://www.aurumxchange.com/help/ticket.php?track=J6W-EY3-ZY2U&Refresh=47091

It's important to note that the first time I gained any knowledge about the email being misused is through this thread. Neither AurumXchange nor Mt. Gox has provided me any specific information about the suspicion. Otherwise I could have checked that email account earlier.

I'm willing to co-operate with any ongoing investigation and obviously I'm not trying to run away from this. I have already provided Mt. Gox with my certified copy of passport in an attempt to unlock my account with some Bitcoin balance.


I have located a suspect, his name is 陈建海(Chen Jianhai). He's NOT my friend and we have never met in person. He was one of my previous business associates because he's very familiar with credit card fraud and he advised me a lot (in terms of fraud prevention, of course) when I built my virtual goods payment processor in late 2010.

He has knowledge of my secret gmail address and I have once re-used the password in his web shop

His English is not very proficient and I'm sure that he's not reading this forum at the moment. I'm giving him a call now to persuade him to admit his wrong-doing and return the funds.

I'll post another thread soon.

The important truths

Truth 1: My $40K LR transaction is legitimate at AurumXchange, associated with a friend in Singapore.
Truth 2: All my assets at Mt. Gox, my wallet balances, my recent Bitcoin transactions and the 5,000 BTC compensation are from legitimate sources.
Truth 3: I had no knowledge of myself being suspicious until the public statement was posted by AurumXchange. There's no possible way of me being involved in the investigation earlier.
Truth 4: Even though there's evidence showing that I'm linked to this hack, I have absolutely no relationship with all previous hacks.
Truth 5: If either AurumXchange or Mt. Gox had communicated their investigation with me earlier, there wouldn't be so many wrong interpretations and assumptions and this thread could have come out much earlier.
Truth 6: I didn't steal the money.

Who is Chen Jianhai?

Chen Jianhai is my previous business associate. He was very familiar with credit card fraud and by my observations he's quite active in financial black markets. He didn't know much technical stuff personally but he has many technical people working with him everyday. He heard about Bitcoin from me last year from a random chat, and I have not communicated with him this year.

Did he admit the wrong-doing?

Surprisingly, yes. He strongly denied at first, but he changed his attitude entirely when I mention that this matter is an international-scale crime, and intelligent netizens from all over the world are actively investigating this matter. And I also told him that the accidentally exposed a bank account number. (He claimed that it was a debit card purchased from black market.)

He used my secret identity because he felt that "it would be impossible to discover the hacker" and "it would be much easier to deny if the suspect account is an insider because you (Zhou Tong) can always distract people from investigating". I have repeatedly said that I have zero tolerance in this matter and I will report all his information, including his real bank account number and address to the police once the official investigation has started.

How did he do it?

He said one of his co-workers was quite active in Chinese Bitcoin community and he had noticed the source code of Bitcoinica being leaked. The reason that he (the technical guy) knew the correlation between the Mt. Gox API key and the LastPass master password remains unknown. I have only communicated this password in-person with Tihan in Chimelong Hotel (Guangzhou) lobby once in February this year and I'm quite sure that no one else has paid any attention to our conversation.

He was unwilling to share more information about the specifics of the hack, but he remembered that he only thought of using my secret identity *after* he was able to withdraw money from Mt. Gox. It was possible that he only withdrew the Bitcoins first, and then a few moments later, the USD.

Also he revealed an important piece of information not mentioned in the public statements: He used the Mt. Gox account of Chris Heaslip, which is a verified account, to deposit some Mt. Gox code and buy Bitcoins with the money, and withdrew all of them. This account's credentials were also in the LastPass account.

In the entire process, he used My Wallet (Blockchain.info) with Tor to access the Bitcoins, and he transferred some Bitcoins to his servers in United States as well. The IP 184.22.31.180 (which was used to access Mt. Gox accounts) is actually zeraba.ddns.info. This is actually a public SSH proxy server for some Chinese users to bypass the national firewall with randomly rotating passwords. He had attempted to access the Mt. Gox accounts with Tor and he failed (note: Mt. Gox bans all Tor exit nodes).

How about the money?

He's a multi-millionaire in China living with a family. I'm not sure how much of his money comes from illegal sources but he has a genuine interest in relic collections and he has made a lot of money from speculating precious collections.

After my warning, he seemed unwilling to return the funds. However, I have threatened him with reporting his information to the police. He later more or less agreed to return the funds to Bitcoinica users, under the condition that Bitcoinica will no longer pursue the case (and Bitcoinica isn't pursuing at the moment) and I keep his other personal information secret.

I'm currently in a moral dilemma because even though I don't have definitive proof that Chen Jianhai is indeed a long-time criminal with an active presence in stolen credit cards and possibly other hacks, it might be worthwhile to pursue with police investigation so that justice can be served. However doing that will significantly delay the claiming process of Bitcoinica and the Chinese police may not be willing or capable to effectively investigate or co-operate in this matter. Otherwise I can always get all the stolen funds from him first. The only evidence in my email account was a credit card fraud case of only a few hundred dollars, which isn't very significant compared to the Bitcoinica hack.

Currently I'm very willing to co-operate with any investigation because this is the only way I can completely prove my innocence. However the non-reponse from Bitcoinica side is indeed worrying. I have gathered some data to estimate the amount that can be recovered from Chen Jianhai:

USD: about $140,000 + $5000 frozen at AurumXchange (under SJ account)
BTC: about 20,000 BTC

There's an unknown amount of funds left in Chris Heaslip's account and I have no way of knowing the exact balance.

It's important to note that the pending $40,000 transaction at AurumXchange is my genuine transaction, so it can be used to offset the USD payment. And also all Bitcoin balances in my Mt. Gox account are mine, and it shouldn't be used to further compensate Bitcoinica customers as well.

However, my previous donation of 5,000 BTC and community donation of 101 BTC were entirely separate from this matter and the claimants can rightfully hold on to the full amount. These funds come from my profits of previous sale at Bitcoinica, and I genuinely feel that Bitcoinica users deserve the early compensation due to them being affected by the inefficiencies of Bitcoinica's operations.

Chen Jianhai was only able to offer the above-mentioned amount due to the cost of his laundering activities and also the significantly lower Bitcoin price when he cashed out. If Bitcoinica or the community wants him to cover the full amount at today's prices, I'm willing to co-operate with any police investigation. But either case, my previous donation should have pretty much covered the difference.

It's up to Bitcoinica to appoint a bank account and also a Bitcoin address so that Chen Jianhai (or possibly I) can return the funds. AurumXchange can either return the $40,000 to me, or send the funds to Bitcoinica's nominated account (in which case another $100,000 will be sent to Bitcoinica from Chen Jianhai or me).

About my situation

I'm not asking him to transfer to me or to anyone else the amount today because it can be illegal to possess such funds until Bitcoinica has provided any written form of authorisation and/or agreement (so that I won't be wronged again because of arranging the return of the stolen funds).

It's important to note that I have been, I am and I will always be standing on the side of Bitcoinica customers, regardless of my position and situation at Bitcoinica. I have absolutely no tolerance of illegal activity of any kind, especially those damaging my personal reputation.

I promise that I have honestly reported the amounts and 100% of those recovered from Chen Jianhai will be returned to Bitcoinica's customers. At the same time, I have to emphasise that Bitcoinica should return the amounts to customers as quickly as possible, so that the company and related people will not get into serious legal troubles. It's my best interest to make Bitcoinica's customers happy so that this issue will not have further impact on my future careers.

I have no problem of either formal police investigation, or returning the funds without police investigation. I would prefer the former so that my name can be cleared, but I guess that some Bitcoinica customers may choose the latter.

Sitenote: I have released an improved design of NameTerrific (https://www.nameterrific.com/), which I finished during my lunch break, until AurumXchange's statement was posted.

hatshepsut
Member
**
Offline Offline

Activity: 64



View Profile
July 26, 2012, 02:24:49 PM
 #45

Truth 1: I want my claim filled 100%.
finway
Hero Member
*****
Offline Offline

Activity: 714


View Profile
July 26, 2012, 02:36:26 PM
 #46

New evidence shows that zhoutong is the hacker.

After Bitcoinica MtGox account compromised ,zhoutong sell LR in China.

日期:2012-7-12

Ryan(11853074) 20:03:18
6.2出LR,财付通付款

Ryan(11853074) 20:13:06
要多少有多少

Ryan(11853074) 20:13:12
我帮一个朋友出的

Ryan(11853074) 20:14:06
1万美元之内都没什么问题

Ryan(11853074) 20:17:18

LibertyReserve

And  zhoutong's LR account is :


zhoutong said The hacker registered a Liberty Reserve account U9236056 at Jul 12, 2012 9:42 PM.

So now everyone knows zhoutong is the hacker!!!

Wow, Zhoutong, how will you respond to this ?   Shocked Shocked Shocked

MrTeal
Legendary
*
Offline Offline

Activity: 1246


View Profile
July 26, 2012, 02:43:53 PM
 #47

Oh come on.

Zhou gets caught with his hands in the cookie jar, and when presented with relatively strong evidence he proceeds in a half a day to
1) Defend himself.
2) Identify the real hacker
3) Convince the real hacker to return he money, provided the whole thing just goes away and everyone forgets it.

There's not enough cinnamon and brown sugar in the world to cover up this stinking bowl of shitflakes.
Coinoisseur
Sr. Member
****
Offline Offline

Activity: 252


View Profile
July 26, 2012, 02:52:41 PM
 #48

Re-used a password to an email account he attached to MTGox on the web shop of a person he had reason to believe engaged in questionable activities which might include financial crimes. Within hours of personally investigating his own email account, gets this person to agree to give back what remains of the funds stolen if this is all kept on the down low from LEOs. Hmmmmm.

I have located a suspect, his name is 陈建海(Chen Jianhai). He's NOT my friend and we have never met in person. He was one of my previous business associates because he's very familiar with credit card fraud and he advised me a lot (in terms of fraud prevention, of course) when I built my virtual goods payment processor in late 2010.

He has knowledge of my secret gmail address and I have once re-used the password in his web shop

His English is not very proficient and I'm sure that he's not reading this forum at the moment. I'm giving him a call now to persuade him to admit his wrong-doing and return the funds.

I'll post another thread soon.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1442



View Profile
July 26, 2012, 02:55:43 PM
 #49

Re-used a password to an email account I attached to MTGox on the web shop of a person he had reason to believe engaged in questionable activities which might include financial crimes. Within hours of personally investigating his own email account, gets this person to agree to give back what remains of the funds stolen if this is all kept on the down low from LEOs. Hmmmmm.

You forgot the part that the money he can't recover is about the same amount as the one that was used to pay laundering fees + 5000 BTC he gave back on that other thread Wink

MrTeal
Legendary
*
Offline Offline

Activity: 1246


View Profile
July 26, 2012, 02:58:40 PM
 #50

Re-used a password to an email account he attached to MTGox on the web shop of a person he had reason to believe engaged in questionable activities which might include financial crimes. Within hours of personally investigating his own email account, gets this person to agree to give back what remains of the funds stolen if this is all kept on the down low from LEOs. Hmmmmm.

You mean that when you sign up at websites of questionable legality you don't use your email for the username and your email's PW as the site password?
hatshepsut
Member
**
Offline Offline

Activity: 64



View Profile
July 26, 2012, 03:00:26 PM
 #51

Re-used a password to an email account I attached to MTGox on the web shop of a person he had reason to believe engaged in questionable activities which might include financial crimes. Within hours of personally investigating his own email account, gets this person to agree to give back what remains of the funds stolen if this is all kept on the down low from LEOs. Hmmmmm.

You forgot the part that the money he can't recover is about the same amount as the one that was used to pay laundering fees + 5000 BTC he gave back on that other thread Wink

I just want my claim filled.
markm
Legendary
*
Offline Offline

Activity: 1792



View Profile WWW
July 26, 2012, 03:06:39 PM
 #52

You mean that when you sign up at websites of questionable legality you don't use your email for the username and your email's PW as the site password?

Actually that is exactly what I did for years with a whole bunch of dubious "affiliate programs" I fully expected to rip each other off thereby. Blew my mind that in all those years none of them ever did. Were they just too dense? Or just raking in so much money (it was the heyday of the "its raining hits money is free just put up a site" era) that not one of their employees bothered? Hmmm.

Just seemed easier way to test them than to give each a different password that would prevent them being able to show their true colours.

Of course any of them that actually earned me real money I changed that password and email pretty quick. Oh and I used a different email alias per each one of them of course too to know which one had given the address to spammers or used it to spam.

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
guruvan
Hero Member
*****
Offline Offline

Activity: 518

ShastaFarEye Prospectors mazaclub & mazacha.in


View Profile WWW
July 26, 2012, 03:06:48 PM
 #53

Oh come on.

Zhou gets caught with his hands in the cookie jar, and when presented with relatively strong evidence he proceeds in a half a day to
1) Defend himself.
2) Identify the real hacker
3) Convince the real hacker to return he money, provided the whole thing just goes away and everyone forgets it.

There's not enough cinnamon and brown sugar in the world to cover up this stinking bowl of shitflakes.

This.

This is just so fucking implausible. Yes, ZT, you should be losing sleep over possible criminal charges. Your story is not believable any more. You don't just solve crimes like that when you're almost caught.  

If you're innocent, you'd best STFU, and get a lawyer. If you're not, you should probably go into hiding. At this point, I fail to see how returning the money will appease some people. We've already lost half the value of any USD that's been stolen.

BTW, by "stolen" I mean the funds that bitcoinica stole from customers not funds stolen from bitcoinica by some made-up "hacker"

At least we have a good reason no one filed a police report.

Mine at the Maza Club! with ShastaFarEye Prospectors! Mazacoin PPS & P2pool mining, and more services coming soon!
Maza Means Money! Check yours at the mazacha.in!

Please contact me  on my  OTC registered GPG (A54E87F2) Key's email address or guruvan@shastafareye.net  and encrypt all correspondence.
Sant001
Full Member
***
Offline Offline

Activity: 182


View Profile
July 26, 2012, 03:08:08 PM
 #54

Re-used a password to an email account I attached to MTGox on the web shop of a person he had reason to believe engaged in questionable activities which might include financial crimes. Within hours of personally investigating his own email account, gets this person to agree to give back what remains of the funds stolen if this is all kept on the down low from LEOs. Hmmmmm.

You forgot the part that the money he can't recover is about the same amount as the one that was used to pay laundering fees + 5000 BTC he gave back on that other thread Wink

It's so pathetic that I can only laugh. For such a smart kid, he's an idiot.

I just want my claim filled. Zhou. make up whatever story you need to, write the code to a claims page, and give us our money back. In full.

I just think that the effort necessary to create another e-mail and conceal his IP would have been MUCH less than the efforts to create such a story to cover it up afterwards. Besides, any story if it's made up will have holes so people would still find out in the end who the hacker was.
lonelyminer (Peter Šurda)
Donator
Hero Member
*
Offline Offline

Activity: 544


View Profile
July 26, 2012, 03:08:58 PM
 #55

I just want my claim filled. Zhou. make up whatever story you need to, write the code to a claims page, and give us our money back. In full.
You neglect that the majority of the funds weren't stolen and Zhou has no access to them anyway. This is solely the responsibility of Bitcoinica Consultancy Ltd, who's neither communicating nor refunding. The Gox hack only happened 2 weeks ago, whereas the refunds have been owed for over 10 weeks. Dealing with the Gox hack is also the responsibility of Bitcoinica Consultancy Ltd, not Zhou.
hatshepsut
Member
**
Offline Offline

Activity: 64



View Profile
July 26, 2012, 03:12:26 PM
 #56

I just want my claim filled. Zhou. make up whatever story you need to, write the code to a claims page, and give us our money back. In full.
You neglect that the majority of the funds weren't stolen and Zhou has no access to them anyway. This is solely the responsibility of Bitcoinica Consultancy Ltd, who's neither communicating nor refunding. The Gox hack only happened 2 weeks ago, whereas the refunds have been owed for over 10 weeks. Dealing with the Gox hack is also the responsibility of Bitcoinica Consultancy Ltd, not Zhou.

Fill my claim.
lonelyminer (Peter Šurda)
Donator
Hero Member
*
Offline Offline

Activity: 544


View Profile
July 26, 2012, 03:19:54 PM
 #57

I'm not neglecting anything. I could give a flying fuck how it happens, I just stated I want my claim filled. Who's responsibility, I could give a fuck. Fill my claim.  Grin
My point is that your claim is misdirected. Even if Zhou was responsible for the Gox hack, only Bitcoinica Consultancy Ltd can help you with your claim, irrespective of whether Zhou cooperates or not.
hatshepsut
Member
**
Offline Offline

Activity: 64



View Profile
July 26, 2012, 03:26:54 PM
 #58

I'm not neglecting anything. I could give a flying fuck how it happens, I just stated I want my claim filled. Who's responsibility, I could give a fuck. Fill my claim.  Grin
My point is that your claim is misdirected. Even if Zhou was responsible for the Gox hack, only Bitcoinica Consultancy Ltd can help you with your claim, irrespective of whether Zhou cooperates or not.

ENOUGH DRAMA, KIDS.
BitBuster
Member
**
Offline Offline

Activity: 101


View Profile
July 26, 2012, 03:28:31 PM
 #59

Zhou gets caught with his hands in the cookie jar, and when presented with relatively strong evidence he proceeds in a half a day to
1) Defend himself.
2) Identify the real hacker
3) Convince the real hacker to return he money, provided the whole thing just goes away and everyone forgets it.

There's not enough cinnamon and brown sugar in the world to cover up this stinking bowl of shitflakes.
Now that Zhou has told us this convenient story, whether true or not (of course we strongly believe the latter), he is now heavily incriminated and should be a target for any (legal, clandestine or vigilante) investigations and actions.

One would expect the INTERSANGO ("Bitcoinica Consultancy") trio to be all over this and jump on the bandwagon, attempting to pin their own burden of responsibility on Zhou. However, their responsibility and what many believe to be complicity and guilt in these thefts must not be overlooked or forgotten. They must be hunted down and made to break in the same way Zhou will be.

Bitcoin has and always will be a target for such despicable crime. The community must vigorously and quickly persue its criminals to the nth degree, otherwise its reputation as a fertile ground for theft will only grow.

Do not let the bastards get away with this, or their number will multiply.


BB.
Vladimir
Hero Member
*****
Offline Offline

Activity: 812


-


View Profile
July 26, 2012, 03:36:45 PM
 #60

EVERY VICTIM OF BITCOINICA HEIST/FRAUD/NEGLIGENCE/WHATEVER,

I have a suggestion for you. Pick up a phone (101 in UK), go to local police station, whatever the procedure is in your locality and file a crime report, press charges, provide police with as many details as possible such as company names, and addresses, names and addresses of people involved into these companies, bank account numbers, BTC addresses, amounts of fiat and bitcoins that you and reportedly others have lost, timeline of events as known to you.

And let the chips fall where they will.


-
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 ... 56 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!