Statement about the suspect of recent Bitcoinica hack

[dree12]

This is why I don't believe Zhou.

Zhou claimed:

That his business associate stole his password when he signed up on a website.
That his business associate had access to the source code prior to anyone else.
That his business associate knew who was Chris Heaslip!
That his business associate quickly decides to return funds when confronted!

Now replace the business associate with Zhou.. And it makes a lot of sense.

He had access to the email, which he havent used in a while.
Knew the password for lastpass and the source code.
Knew all the people in bitcoinica.
And of course had access to the stolen funds.


This is the evidence just from Zhou, not aurumxchange.

It would also make a lot of sense if you replace aurumxchange with Zhou.

Bitcoinica was a mass-marketing ploy. They are the same identity: notice how Bitcoinica offered aurumxchange as a service. Zhou/aurumxchange decided to initiate a mass-marketing campaign, and started Bitcoinica. After bootstrapping on Intersango's fame, aurumxchange became increasingly frustrated at the Consultancy's control, preferring to further advance aurumxchange's recognition. The Rackspace "hack" was initiated to regain control over Bitcoinica, and to create commotion. After the Consultancy refused to relinquish control, Bitcoinica was written off. Aurumxchange began contemplating the best time to begin mass-marketing with the remnants of it. Zhou/aurumxchange then decided to transfer a large amount of claimed funds, claiming theft. As Zhou's identity was written off along with Bitcoinica, aurumxchange continued arguing to gain exposure.

[1714804750]

1714804750

[1714804750]

1714804750

[vampire]

That email was protected with my weakest password that I reused everywhere and even shared with some other people. I didn't have to protect that email at all because it's meant to be semi-sockpuppet anyway.

He had access to source code after genjix released it.

Chris Heaslip's Mt. Gox account was stored alongside Wendon's in the LastPass. Obviously he didn't know which one had more money so he logged in to both.

I know a lot of his personal information (especially his and his wife's bank accounts and address), and I threatened to report to police if he didn't agree to refund.

I don't know where you got all the misleading information from.

What you mean misleading, it's from YOUR post here! Mine interpretation, but the facts are yours.



The source code was leaked after the hack as far we know. No one in this forum knew about the source code prior to genjix posting it and then deleting it.
Now this hacker dude gets off easily because he sends money back? Why don't you file a police report now?

[vampire]

It would also make a lot of sense if you replace aurumxchange with Zhou.

Bitcoinica was a mass-marketing ploy. They are the same identity: notice how Bitcoinica offered aurumxchange as a service. Zhou/aurumxchange decided to initiate a mass-marketing campaign, and started Bitcoinica. After bootstrapping on Intersango's fame, aurumxchange became increasingly frustrated at the Consultancy's control, preferring to further advance aurumxchange's recognition. The Rackspace "hack" was initiated to regain control over Bitcoinica, and to create commotion. After the Consultancy refused to relinquish control, Bitcoinica was written off. Aurumxchange began contemplating the best time to begin mass-marketing with the remnants of it. Zhou/aurumxchange then decided to transfer a large amount of claimed funds, claiming theft. As Zhou's identity was written off along with Bitcoinica, aurumxchange continued arguing to gain exposure.

I don't know what you've just said. I am operating on facts.


The fact is: I have no idea what aurumxchange does. Never visited the site. So far they've failed to market whatever products they want sell to me. I assume they do some kind of exchange...

[zhoutong]

That email was protected with my weakest password that I reused everywhere and even shared with some other people. I didn't have to protect that email at all because it's meant to be semi-sockpuppet anyway.

He had access to source code after genjix released it.

Chris Heaslip's Mt. Gox account was stored alongside Wendon's in the LastPass. Obviously he didn't know which one had more money so he logged in to both.

I know a lot of his personal information (especially his and his wife's bank accounts and address), and I threatened to report to police if he didn't agree to refund.

I don't know where you got all the misleading information from.

What you mean misleading, it's from YOUR post here! Mine interpretation, but the facts are yours.



The source code was leaked after the hack as far we know. No one in this forum knew about the source code prior to genjix posting it and then deleting it.
Now this hacker dude gets off easily because he sends money back? Why don't you file a police report now?

The hacker didn't steal from me. Why should I file a police report?

I'm obviously more pissed off because of AurumXchange, and people like you, rather than the hacker or Bitcoinica.

The source code is the direct cause for the hack, because the LastPass master password was not redacted.

The hack happened on July 12, and the source code was released a few days before that.

[zhoutong]

Another disclosure:

I detected two vulnerabilities in ExchB (hope you guys still remember this exchange) last year and I returned the money I "stole" from them actively after the hack.

I also wanted to test whether Mt. Gox had the same problem, so I created the account using my stevejobs email. I didn't want to use my own account for this testing. And Mt. Gox was secure enough that I failed to exploit.

[Coinoisseur]

Because they involved your account in the crime and also, according to you (Zhou Tong) used it for credit card fraud. People file police reports for much, much smaller thefts. Insurance companies have people file reports as a sign of honesty. Lots of reasons to file a report.

The hacker didn't steal from me. Why should I file a police report?

[vampire]

]

The hacker didn't steal from me. Why should I file a police report?

I'm obviously more pissed off because of AurumXchange, and people like you, rather than the hacker or Bitcoinica.

The source code is the direct cause for the hack, because the LastPass master password was not redacted.

The hack happened on July 12, and the source code was released a few days before that.

Like me stating facts? Whoops, like a fact:

That the hacker stole your identity and used it to steal funds from your (ex-) company? That's a crime.


As I said in this forum, we had no idea about the source code leak. Where is your prove that the source code was leaked to the Chinese bitcoin community, and then that some co-worker of the hacker told him so?

[Rarity]

It would also make a lot of sense if you replace aurumxchange with Zhou.

Bitcoinica was a mass-marketing ploy. They are the same identity: notice how Bitcoinica offered aurumxchange as a service. Zhou/aurumxchange decided to initiate a mass-marketing campaign, and started Bitcoinica. After bootstrapping on Intersango's fame, aurumxchange became increasingly frustrated at the Consultancy's control, preferring to further advance aurumxchange's recognition. The Rackspace "hack" was initiated to regain control over Bitcoinica, and to create commotion. After the Consultancy refused to relinquish control, Bitcoinica was written off. Aurumxchange began contemplating the best time to begin mass-marketing with the remnants of it. Zhou/aurumxchange then decided to transfer a large amount of claimed funds, claiming theft. As Zhou's identity was written off along with Bitcoinica, aurumxchange continued arguing to gain exposure.

I don't know what you've just said. I am operating on facts.


The fact is: I have no idea what aurumxchange does. Never visited the site. So far they've failed to market whatever products they want sell to me. I assume they do some kind of exchange...

If you are operating on "facts" maybe you should learn enough about this situation to know who the major players in it are before you accuse people of being thieves.

[vampire]

Another disclosure:

I detected two vulnerabilities in ExchB (hope you guys still remember this exchange) last year and I returned the money I "stole" from them actively after the hack.

I also wanted to test whether Mt. Gox had the same problem, so I created the account using my stevejobs email. I didn't want to use my own account for this testing. And Mt. Gox was secure enough that I failed to exploit.

So the fact is that you were actively exploiting exchanges for bugs. While of course forgetting to secure your own.

Keep adding evidence against yourself.

[repentance]

Many people have voiced the suspicion that the Rackspace intrusion was an inside job from the moment it was announced.  Even if people accept at face value the extraordinary claims regarding the MtGox breach, it's not going to extinguish suspicion about the Rackspace compromise.

At this point in time, the only way that those involved with Bitcoinica are going to be freed from suspicion of having been involved in the Rackspace intrusion and/or MtGox compromise is if somebody else is identified as being responsible for those events by an independent investigation.  Attributing the crimes to a third party who can't be held accountable means fuck all in the absence of actual evidence of their involvement.

The source code is the direct cause for the hack, because the LastPass master password was not redacted.

The hack happened on July 12, and the source code was released a few days before that.

You said yourself that the Rackspace intruder got all the information necessary to breach the MtGox account.  The source code leak is not the only possible explanation for how it was compromised.  There is no verifiable evidence of who hacked the MtGox account, only of where the funds from the intrusion were sent.

I agree with Matthew that the information which AurumXchange gathered should not have been made public.

[shockD]

haha!!! Goddamn, Zhou, you really really should heed the advice of people telling you to zip your fucking trap and be quiet. You aren't helping yourself remotely.

[Yankee (BitInstant)]

Hmm. BitInstant (whom Roger Ver is part owner of), MtGox and AurumXchange start a thread about how Zhou Tong is a hacker and a thief (advised by their attorney) which breaks all of their privacy agreements of their own companies and is basically libel.

MtGox listens to the advice of BitInstant's attorney, someone who doesn't even work for them.

They the whole boys club suddenly decides that Roger Ver, Charlie Shrem and company's attorney should be the one holding ALL customer funds for Bitcoinica with a vague condition of "until things get worked out" or something to that degree (which could be that Patrick Murck independently decides that Roger Ver should get paid out first, 100%, everyone else paid later for all we know).

It's obvious that Bitcoinica's lack of accountability and management of this issue is appalling, but come on guys-- you don't think there is any problem with this picture?

Excuse me. Please consult with me first before throwing stupid rumors across the forums.

BitInstant is not holding the funds nor has any part of this. I was consulted after it was done.

As far as I understand, the funds are being held in some kind of trust account.

Your free to speak to Patrick Murck about it yourself.

-Charlie

[stochastic]

I know a lot of his personal information (especially his and his wife's bank accounts and address), and I threatened to report to police if he didn't agree to refund.

Actually, you have to release the information to the authorities or you are an accomplice.  These were not your funds he stole.

[dancingnancy]

This is why I don't believe Zhou.

Zhou claimed:

That his business associate stole his password when he signed up on a website.
That his business associate had access to the source code prior to anyone else.
That his business associate knew who was Chris Heaslip!
That his business associate quickly decides to return funds when confronted!

Now replace the business associate with Zhou.. And it makes a lot of sense.

He had access to the email, which he havent used in a while.
Knew the password for lastpass and the source code.
Knew all the people in bitcoinica.
And of course had access to the stolen funds.


This is the evidence just from Zhou, not aurumxchange.

That email was protected with my weakest password that I reused everywhere and even shared with some other people. I didn't have to protect that email at all because it's meant to be semi-sockpuppet anyway.

He had access to source code after genjix released it.

Chris Heaslip's Mt. Gox account was stored alongside Wendon's in the LastPass. Obviously he didn't know which one had more money so he logged in to both.

I know a lot of his personal information (especially his and his wife's bank accounts and address), and I threatened to report to police if he didn't agree to refund.

I don't know where you got all the misleading information from.

It isn't that I do not believe you ZT, but these are bold claims.  I hope you will be able to back all of this up if you have to.  I trust that you wouldn't state this about having her information if you really didn't.  In my mind there is still a small possibility you are involved, of course no one here as a regular member has all the information, but I suggest if you are telling stories to talk to your parents about what you have done.  They may be held responsible somehow if you are a minor - not really sure how all that works.  Regardless, you will bring them trouble.  No reason to shame your family over this.  It will be very newsworthy I would imagine.

[stochastic]

This is why I don't believe Zhou.

Zhou claimed:

That his business associate stole his password when he signed up on a website.
That his business associate had access to the source code prior to anyone else.
That his business associate knew who was Chris Heaslip!
That his business associate quickly decides to return funds when confronted!

Now replace the business associate with Zhou.. And it makes a lot of sense.

He had access to the email, which he havent used in a while.
Knew the password for lastpass and the source code.
Knew all the people in bitcoinica.
And of course had access to the stolen funds.


This is the evidence just from Zhou, not aurumxchange.

That email was protected with my weakest password that I reused everywhere and even shared with some other people. I didn't have to protect that email at all because it's meant to be semi-sockpuppet anyway.

He had access to source code after genjix released it.

Chris Heaslip's Mt. Gox account was stored alongside Wendon's in the LastPass. Obviously he didn't know which one had more money so he logged in to both.

I know a lot of his personal information (especially his and his wife's bank accounts and address), and I threatened to report to police if he didn't agree to refund.

I don't know where you got all the misleading information from.

It isn't that I do not believe you ZT, but these are bold claims.  I hope you will be able to back all of this up if you have to.  I trust that you wouldn't state this about having her information if you really didn't.  In my mind there is still a small possibility you are involved, of course no one here as a regular member has all the information, but I suggest if you are telling stories to talk to your parents about what you have done.  They may be held responsible somehow if you are a minor - not really sure how all that works.  Regardless, you will bring them trouble.  No reason to shame your family over this.  It will be very newsworthy I would imagine.

Maybe we should contact ZT's parents.  Do they live in Guangzhou?

[MrTeal]

That email was protected with my weakest password that I reused everywhere and even shared with some other people. I didn't have to protect that email at all because it's meant to be semi-sockpuppet anyway.

Ahem...

* Mark Karpeles indicated that there was an account opened at MtGox using the email stevejobs807@gmail.com sometime in 2011.
* Mark replied stating that there was activity on this account, that the account was opened using an IP address belonging to Microsoft Singapore, that Zhou Tong was known to have worked for said company at said location, that the email stevejobs807@gmail.com have been verified, and that ALL activity on this account is linked to the MtGox account belonging to Zhou Tong.
* Mark has also indicated that the very first operation on the MtGox account opened with email stevejobs807@gmail.com was the redeeming of a 10 BTC MtGox code generated from Zhou Tong's account.
* Charlie indicated that Erik Vorhees (a well known member of this community) has emails he exchanged with Zhou using the email address stevejobs807@gmail.com.

Might want to look into protecting the accounts you use at financial exchanges in the future.

[repentance]

Maybe we should contact ZT's parents.  Do they live in Guangzhou?

I think that's a terrible idea.  If further investigation by competent authorities implicates Zhou then his parents will find out soon enough.  Harassing his parents is way out of line and should be rejected as an option if only because Maria made similar threats and nobody should see stooping to her level as acceptable.

[stochastic]

Maybe we should contact ZT's parents.  Do they live in Guangzhou?

I think that's a terrible idea.  If further investigation by competent authorities implicates Zhou then his parents will find out soon enough.  Harassing his parents is way out of line and should be rejected as an option if only because Maria made similar threats and nobody should see stooping to her level as acceptable.

When a 17 year old kid knocks a baseball through my window and tries to blame someone else I would go talk to the 17-year kid's parents.  I don't see why they would not be contacted for this.

[Bigpiggy01]

Maybe we should contact ZT's parents.  Do they live in Guangzhou?

I think that's a terrible idea.  If further investigation by competent authorities implicates Zhou then his parents will find out soon enough.  Harassing his parents is way out of line and should be rejected as an option if only because Maria made similar threats and nobody should see stooping to her level as acceptable.

When a 17 year old kid knocks a baseball through my window and tries to blame someone else I would go talk to the 17-year kid's parents.  I don't see why they would not be contacted for this.

+1

[repentance]

When a 17 year old kid knocks a baseball through my window and tries to blame someone else I would go talk to the 17-year kid's parents.  I don't see why they would not be contacted for this.

So what are you going to say?  We think your son is responsible for a major crime and we want you to do something about it?  A crime which hasn't even been reported to the authorities?  What ability do they have to determine whether or not Zhou is responsible?

This isn't being proposed as a "your kid's got himself into a tight spot and he could use your help" kind of thing.  What additional benefit is there to involving Zhou's parents?

Don't get me wrong, I think the way this is being handled is sketchy as hell but I don't see how involving Zhou's parents is going to make it any less sketchy.