My email
stevejobs807@gmail.com was last accessed from 62.113.219.5 on July 13. The password has not been changed by the hacker (but I have changed just now).
There was an auto-forwarding to
ryan@xwaylab.com (which is another email address of mine). However it has been changed to
bitcoinicasucks@hotmail.com (which is the email that was used to send the "Bitcoinica is done" email to
verify@bitcoinica.com). Of course I couldn't be notified about any email since the change.
The email account had a heavily-reused password (for the sites that I don't intend to share any private data), *at least* it was used on LinkedIn and many other websites.
I have several email communications between stevejobs807@gmail and other email accounts controlled by me, including a testing ticket for Bitcoinica's ZenDesk trial. The email address has never been publicised.
Important discovery in recent emails (all times are in UTC+8):
The hacker registered a Liberty Reserve account U9236056 at Jul 12, 2012 9:42 PM.
There was several emails from Liberty Reserve mentioning "Verification PIN". It can be seen that the liberty reserve account was accessed by at least: 78.108.63.44, 212.84.206.250 and 31.172.30.1.
There were many transactions done at F1ex.com, possibly used to launder Bitcoin. (I checked just now, F1ex.com provides anonymous fixed-rate BTC exchange service.)
The hacker signed up for OKPAY, with IP 31.172.30.1.
The hacker requested a sell-order on AurumXchange, totalling $5000, using the suspicious Liberty Reserve account mentioned by OP. A Chinese bank account was used (Account name: LIU HAIPENG, Account number: 6222020903006086032, Bank: INDUSTRIAL AND COMMERCIAL BANK OF CHINA).
Order link:
https://www.aurumxchange.com/order/view/34011/e5b466248e041ebdf2ae793181a840dcThe hacker has also opened a ticket under his own name:
https://www.aurumxchange.com/help/ticket.php?track=NLY-9AG-E468&Refresh=24195He mentioned that I sold him the Mt. Gox codes at half price, which is absolutely not true. It seems that the hacker was trying to relate this event to me as an individual, and this possibly explains the reason that he wanted to "hijack" the email account. All my other email accounts did not have any suspicious access records and their passwords are all secure and different.
This is my *own* genuine transaction at AurumXchange:
https://www.aurumxchange.com/order/view/33100/3c05a9a572379bf91620302cc9dd7d22And my ticket to question the funds:
https://www.aurumxchange.com/help/ticket.php?track=J6W-EY3-ZY2U&Refresh=47091It's important to note that the first time I gained any knowledge about the email being misused is through this thread. Neither AurumXchange nor Mt. Gox has provided me any specific information about the suspicion. Otherwise I could have checked that email account earlier.
I'm willing to co-operate with any ongoing investigation and obviously I'm not trying to run away from this. I have already provided Mt. Gox with my certified copy of passport in an attempt to unlock my account with some Bitcoin balance.
I have located a suspect, his name is 陈建海(Chen Jianhai). He's NOT my friend and we have never met in person. He was one of my previous business associates because he's very familiar with credit card fraud and he advised me a lot (in terms of fraud prevention, of course) when I built my virtual goods payment processor in late 2010.
He has knowledge of my secret gmail address and I have once re-used the password in his web shop
His English is not very proficient and I'm sure that he's not reading this forum at the moment. I'm giving him a call now to persuade him to admit his wrong-doing and return the funds.
I'll post another thread soon.
The important truthsTruth 1: My $40K LR transaction is legitimate at AurumXchange, associated with a friend in Singapore.
Truth 2: All my assets at Mt. Gox, my wallet balances, my recent Bitcoin transactions and the 5,000 BTC compensation are from legitimate sources.
Truth 3: I had no knowledge of myself being suspicious until the public statement was posted by AurumXchange. There's no possible way of me being involved in the investigation earlier.
Truth 4: Even though there's evidence showing that I'm linked to this hack, I have absolutely no relationship with all previous hacks.
Truth 5: If either AurumXchange or Mt. Gox had communicated their investigation with me earlier, there wouldn't be so many wrong interpretations and assumptions and this thread could have come out much earlier.
Truth 6: I didn't steal the money.Who is Chen Jianhai?Chen Jianhai is my previous business associate. He was very familiar with credit card fraud and by my observations he's quite active in financial black markets. He didn't know much technical stuff personally but he has many technical people working with him everyday. He heard about Bitcoin from me last year from a random chat, and I have not communicated with him this year.
Did he admit the wrong-doing?Surprisingly, yes. He strongly denied at first, but he changed his attitude entirely when I mention that this matter is an international-scale crime, and intelligent netizens from all over the world are actively investigating this matter. And I also told him that the accidentally exposed a bank account number. (He claimed that it was a debit card purchased from black market.)
He used my secret identity because he felt that "
it would be impossible to discover the hacker" and "
it would be much easier to deny if the suspect account is an insider because you (Zhou Tong) can always distract people from investigating". I have repeatedly said that I have zero tolerance in this matter and I will report all his information, including his real bank account number and address to the police once the official investigation has started.
How did he do it?He said one of his co-workers was quite active in Chinese Bitcoin community and he had noticed the source code of Bitcoinica being leaked. The reason that he (the technical guy) knew the correlation between the Mt. Gox API key and the LastPass master password remains unknown. I have only communicated this password in-person with Tihan in Chimelong Hotel (Guangzhou) lobby once in February this year and I'm quite sure that no one else has paid any attention to our conversation.
He was unwilling to share more information about the specifics of the hack, but he remembered that he only thought of using my secret identity *after* he was able to withdraw money from Mt. Gox. It was possible that he only withdrew the Bitcoins first, and then a few moments later, the USD.
Also he revealed an important piece of information not mentioned in the public statements: He used the Mt. Gox account of Chris Heaslip, which is a verified account, to deposit some Mt. Gox code and buy Bitcoins with the money, and withdrew all of them. This account's credentials were also in the LastPass account.
In the entire process, he used My Wallet (Blockchain.info) with Tor to access the Bitcoins, and he transferred some Bitcoins to his servers in United States as well. The IP 184.22.31.180 (which was used to access Mt. Gox accounts) is actually zeraba.ddns.info. This is actually a public SSH proxy server for some Chinese users to bypass the national firewall with randomly rotating passwords. He had attempted to access the Mt. Gox accounts with Tor and he failed (note: Mt. Gox bans all Tor exit nodes).
How about the money?He's a multi-millionaire in China living with a family. I'm not sure how much of his money comes from illegal sources but he has a genuine interest in relic collections and he has made a lot of money from speculating precious collections.
After my warning, he seemed unwilling to return the funds. However, I have threatened him with reporting his information to the police. He later more or less agreed to return the funds to Bitcoinica users, under the condition that Bitcoinica will no longer pursue the case (and Bitcoinica isn't pursuing at the moment) and I keep his other personal information secret.
I'm currently in a moral dilemma because even though I don't have definitive proof that Chen Jianhai is indeed a long-time criminal with an active presence in stolen credit cards and possibly other hacks, it might be worthwhile to pursue with police investigation so that justice can be served. However doing that will significantly delay the claiming process of Bitcoinica and the Chinese police may not be willing or capable to effectively investigate or co-operate in this matter. Otherwise I can always get all the stolen funds from him first. The only evidence in my email account was a credit card fraud case of only a few hundred dollars, which isn't very significant compared to the Bitcoinica hack.
Currently I'm very willing to co-operate with any investigation because this is the only way I can completely prove my innocence. However the non-reponse from Bitcoinica side is indeed worrying. I have gathered some data to estimate the amount that can be recovered from Chen Jianhai:
USD: about $140,000 + $5000 frozen at AurumXchange (under SJ account)
BTC: about 20,000 BTC
There's an unknown amount of funds left in Chris Heaslip's account and I have no way of knowing the exact balance.
It's important to note that the pending $40,000 transaction at AurumXchange is my genuine transaction, so it can be used to offset the USD payment. And also all Bitcoin balances in my Mt. Gox account are mine, and it shouldn't be used to further compensate Bitcoinica customers as well.
However, my previous donation of 5,000 BTC and community donation of 101 BTC were entirely separate from this matter and the claimants can rightfully hold on to the full amount. These funds come from my profits of previous sale at Bitcoinica, and I genuinely feel that Bitcoinica users deserve the early compensation due to them being affected by the inefficiencies of Bitcoinica's operations.
Chen Jianhai was only able to offer the above-mentioned amount due to the cost of his laundering activities and also the significantly lower Bitcoin price when he cashed out. If Bitcoinica or the community wants him to cover the full amount at today's prices, I'm willing to co-operate with any police investigation. But either case, my previous donation should have pretty much covered the difference.
It's up to Bitcoinica to appoint a bank account and also a Bitcoin address so that Chen Jianhai (or possibly I) can return the funds. AurumXchange can either return the $40,000 to me, or send the funds to Bitcoinica's nominated account (in which case another $100,000 will be sent to Bitcoinica from Chen Jianhai or me).
About my situationI'm not asking him to transfer to me or to anyone else the amount today because it can be illegal to possess such funds until Bitcoinica has provided any written form of authorisation and/or agreement (so that I won't be wronged again because of arranging the return of the stolen funds).
It's important to note that I have been, I am and I will always be standing on the side of Bitcoinica customers, regardless of my position and situation at Bitcoinica. I have absolutely no tolerance of illegal activity of any kind, especially those damaging my personal reputation.
I promise that I have honestly reported the amounts and 100% of those recovered from Chen Jianhai will be returned to Bitcoinica's customers. At the same time, I have to emphasise that
Bitcoinica should return the amounts to customers as quickly as possible, so that the company and related people will not get into serious legal troubles. It's my best interest to make Bitcoinica's customers happy so that this issue will not have further impact on my future careers.
I have no problem of either formal police investigation, or returning the funds without police investigation. I would prefer the former so that my name can be cleared, but I guess that some Bitcoinica customers may choose the latter.
Sitenote: I have released an improved design of NameTerrific (
https://www.nameterrific.com/), which I finished during my lunch break, until AurumXchange's statement was posted.
