Pages:
Author

Topic: Alitin Mint Coin Breach (Read 6087 times)

legendary
Activity: 3206
Merit: 3596
May 04, 2017, 10:12:43 AM
Just noticed about the breach today, 2 BTC inside seems gone.

https://blockchain.info/address/1Mh1Vvr5BtwA1s3GH3Dr7bfbao6sZdCmRJ

As i can see refund date already expired. What happens to victim that didnt aware about the breach?


Maybe give them a call.....

legendary
Activity: 3206
Merit: 3596
April 05, 2017, 09:03:45 AM
AlitinMint said:
Quote
"we will offer this refund until April 5, 2017.  After this date, and due to the price volatility of Bitcoin, we simply cannot be sure we will have the funds necessary to refund stolen BTC. "
Really?  You're at fault and you set a very short window to claim.  There are probably only 4-5 people who have claimed at this point.  That's ridiculous!

Have you notified ALL of the owners?  How many have you contacted???  Are you ever going to release a number of coins affected???

Cut-off day for refunds.. lolz
Funny how this "quote" has been deleted from the original posts from Alitin Huh
Hope everyone got refunded..... 

Look, here's Richard now......

legendary
Activity: 3752
Merit: 1415
May 04, 2017, 08:07:21 PM
Just noticed about the breach today, 2 BTC inside seems gone.

https://blockchain.info/address/1Mh1Vvr5BtwA1s3GH3Dr7bfbao6sZdCmRJ

As i can see refund date already expired. What happens to victim that didnt aware about the breach?


You are most likely the reason why these guys scammed their own coins. They figured that dozens of people wouldn't check in time.

Ding ding ding
hero member
Activity: 715
Merit: 500
May 04, 2017, 09:55:04 AM
Just noticed about the breach today, 2 BTC inside seems gone.

https://blockchain.info/address/1Mh1Vvr5BtwA1s3GH3Dr7bfbao6sZdCmRJ

As i can see refund date already expired. What happens to victim that didnt aware about the breach?


You are most likely the reason why these guys scammed their own coins. They figured that dozens of people wouldn't check in time.
hero member
Activity: 1036
Merit: 501
May 04, 2017, 05:55:02 AM
Just noticed about the breach today, 2 BTC inside seems gone.

https://blockchain.info/address/1Mh1Vvr5BtwA1s3GH3Dr7bfbao6sZdCmRJ

As i can see refund date already expired. What happens to victim that didnt aware about the breach?

I'd recommend contacting them.
They might not refund the whole 2 BTC due to increase in price of BTC, but they might return some of it.
legendary
Activity: 3038
Merit: 6194
Meh.
May 04, 2017, 05:54:37 AM
I wonder how the FBI investigation is going.

LOL, was just thinking the same.
legendary
Activity: 2198
Merit: 1989
฿uy ฿itcoin
May 04, 2017, 05:51:05 AM
I wonder how the FBI investigation is going.
legendary
Activity: 2352
Merit: 1268
In Memory of Zepher
May 04, 2017, 05:29:42 AM
What happens to victim that didnt aware about the breach?
There is nothing you can do. Sorry.
full member
Activity: 173
Merit: 100
btcmy.net
May 04, 2017, 05:26:02 AM
Just noticed about the breach today, 2 BTC inside seems gone.

https://blockchain.info/address/1Mh1Vvr5BtwA1s3GH3Dr7bfbao6sZdCmRJ

As i can see refund date already expired. What happens to victim that didnt aware about the breach?



hero member
Activity: 715
Merit: 500
April 05, 2017, 09:23:07 AM
AlitinMint said:
Quote
"we will offer this refund until April 5, 2017.  After this date, and due to the price volatility of Bitcoin, we simply cannot be sure we will have the funds necessary to refund stolen BTC. "
Really?  You're at fault and you set a very short window to claim.  There are probably only 4-5 people who have claimed at this point.  That's ridiculous!

Have you notified ALL of the owners?  How many have you contacted???  Are you ever going to release a number of coins affected???

Cut-off day for refunds.. lolz
Funny how this "quote" has been deleted from the original posts from Alitin Huh
Hope everyone got refunded..... 

Look, here's Richard now......

Yeah, wonder how much BTC they pocketed. Maybe they can get a job with Finex.  Roll Eyes
hero member
Activity: 715
Merit: 500
March 23, 2017, 10:43:03 AM
Never trust a private key that has been engraved.

As opposed to what, printed and placed under a hologram?

- Engravers need to be programmed and you need to trust that programming is wiped.  If you hire someone to do it because good engraving equipment is expensive then you have to trust their setup and that they did not save the programming intentionally or unintentionally.  Only real way is to use an air-gaped system and properly wipe it after. 

- any imperfections on a metal surface can be seen using imaging equipment hologram or no hologram.
 
As opposed to an affordable printer that can be destroyed when done or one that doesn't save jobs to memory.

lol, okay captain hindsight. Wait until people start peeling Casascius coins and paper is illegible.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
March 23, 2017, 09:28:25 AM
Never trust a private key that has been engraved.

As opposed to what, printed and placed under a hologram?

- Engravers need to be programmed and you need to trust that programming is wiped.  If you hire someone to do it because good engraving equipment is expensive then you have to trust their setup and that they did not save the programming intentionally or unintentionally.  Only real way is to use an air-gaped system and properly wipe it after. 

- any imperfections on a metal surface can be seen using imaging equipment hologram or no hologram.
 
As opposed to an affordable printer that can be destroyed when done or one that doesn't save jobs to memory.
Good point.  I wonder if the private keys were programmed into the engraving machine and if so was that the point of failure.  Interesting idea.
hero member
Activity: 679
Merit: 526
March 22, 2017, 07:06:07 PM
Never trust a private key that has been engraved.

As opposed to what, printed and placed under a hologram?

- Engravers need to be programmed and you need to trust that programming is wiped.  If you hire someone to do it because good engraving equipment is expensive then you have to trust their setup and that they did not save the programming intentionally or unintentionally.  Only real way is to use an air-gaped system and properly wipe it after. 

- any imperfections on a metal surface can be seen using imaging equipment hologram or no hologram.
 
As opposed to an affordable printer that can be destroyed when done or one that doesn't save jobs to memory.
legendary
Activity: 1470
Merit: 1004
March 22, 2017, 02:29:14 PM
Never trust a private key that has been engraved.

As opposed to what, printed and placed under a hologram?
donator
Activity: 4760
Merit: 4323
Leading Crypto Sports Betting & Casino Platform
March 22, 2017, 02:20:27 PM
Never trust a private key that has been engraved.

OK, I'll bite.  Why?
hero member
Activity: 679
Merit: 526
March 22, 2017, 01:22:30 PM
Never trust a private key that has been engraved.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
March 22, 2017, 12:22:40 PM
I asked him about the mint and the engraving, here is what he said:

Northwest Territory Mint had nothing to do with the engraving of codes to the coins.  We told everyone we met at every bitcoin conference we attended as an exhibitor that Northwest did our coin minting.  The process of engraving codes and casing the coins was done after they were received by us.  They played no part in our security process whatsoever.  

So, the mint is not one of the suspects.
legendary
Activity: 1400
Merit: 1143
The Cryptonumist
March 22, 2017, 09:58:45 AM
All I can say is that when my encyclopedia gets a new version, this chapter will be an interesting one  Shocked
To be clear, I'm not vouching for Mr. Forsyth, simply withholding judgment in hopes that he does everybody right.
hero member
Activity: 715
Merit: 500
March 22, 2017, 09:52:53 AM
I tought OP said he engraved the keys himself.

if they just sent this to engraving by a company, it's was a "not smart" choice.

and we have to know it. because the untouched coins are @ huge risks if it's the case.

if we can have an answer from OP regarding how they engraved the keys and who, we need it.

Yes, Richard said he engraved the private keys himself prior to slabbing. That's why I'm suspicious, they know the vulnerability of having private keys visible to multiple parties. I hate to think they did it, but usually the most obvious scenario turns out to be true. They are also confident that the Joanne coins were not affected from day one, so that also makes me suspicious.
copper member
Activity: 686
Merit: 603
Electricity is really just organized lightning
March 21, 2017, 07:08:35 PM
I'm not yet certain it was the founders, though I agree there is something suspicious going on.

I must imagine that insuring this kind of business would be prohibitively expensive if even possible (I truly do not know). So that makes Alitin's options: 1. Disappear 2. Repay immediately 3. Hope the perps are found and funds retrieved.  1. destroys their professional reputations in the cryptosphere and beyond.  2. If BTC price continues to rise, this is the smartest, cheapest option.  3. Funds retrieved is just so very highly unlikely and may leave them personally on the hook for the sum anyways.  They may be scamming us all or they may be taking the best option they have at the moment, though some more transparency would certainly help.

I'm still fairly certain that BTCINVESTOR is involved in all this somehow if not a Forsyth himself. His account post history, and statements made are eerily similar to private comms I've had with people at Alitin.  

At the very least, Alitin did not do their due diligence in having coins produced.  On the edge of a coin you can read "2013 Medallic Art Company".  This company was purchased years earlier by Northwest Territorial Mint. By the time Alitin had made the request to have these coins pressed there was already a slew of fraud and felony allegations and later convictions against Northwest Territorial Mint, some of which involved security issues.  For a physical BTC that was to be "the new standard" wouldn't you at least vet the process/company used to mint your coins? This took all of 5 minutes and some googling.   I'm not certain it was a Forsyth directly, but they have certainly directly profited from this whole thing. Fairly disgusting.

I have managed to get hold of 2 pictures of a coin that a friend owned. Thanks to hybridsole for these pics, they were taken by him. This coin was redeemed by him after the news broke, he was urged to just break the slab and get the 2 BTC. Its a chunk of money, and worth saving - though it does appear now that just one batch was targeted.

Look carefully and you will see that the engraving for the private key, and for the "2013 NWTM .999 SILVER" are in a completely different style, and therefore a different engraving machine was used for each - the key, and the NWTM Mint Mark.



Don't know how much extra helps this gives people, but every bit of extra info does I guess.

My opinion: NWTM didn't engrave these private keys. Just their NWTM Mint Stamp along with the 0.999 SILVER.
Pages:
Jump to: