Pages:
Author

Topic: Alitin Mint Coin Breach - page 5. (Read 6109 times)

legendary
Activity: 2198
Merit: 1989
฿uy ฿itcoin
March 07, 2017, 02:46:57 PM
#54
What I don't get is that you go from this:

And only one person ever sees the private keys before they are destroyed from our records--and that person is me.  I am the CEO and I engrave the coins myself.  I also do the ciphers and much of the packaging.  Tamper proofing cases like this is a challenge.  It's slow and tedious work.  But thorough.  We built in 6-8 weeks just in case we got big orders.  We would rather our customers be pleasantly surprised than disappointed.  


To this:

We (My brother and I) are the only ones who had authorized access. There were very few people who had access to our facilities, but we had robust security measures.  The theft is breathtaking to us because we still can't figure out how they did it under our noses and left no trace (until the theft).  

My current theory was that it was a theft while we were in the milling process of producing the actual coins themselves.  If it was not an insider who did this (and thus a close friend or relative), then it was someone who knew an insider and got the information from them.  We can't truly be sure who spoke of what and to whom within the very limited circle of insiders, and what those secondary individuals might have told others.

You claimed that you were the only person who had access to the private keys to saying that several people could've had access to them, and even possibly shared them with secondary individuals......
legendary
Activity: 1120
Merit: 1002
March 07, 2017, 02:36:03 PM
#53
yeah .... too much dollars BTCitcoin involved in this story, unfortunately....  just my two satoshis..

legendary
Activity: 1470
Merit: 1004
March 07, 2017, 02:09:25 PM
#52
My current theory was that it was a theft while we were in the milling process of producing the actual coins themselves.  If it was not an insider who did this (and thus a close friend or relative), then it was someone who knew an insider and got the information from them.  We can't truly be sure who spoke of what and to whom within the very limited circle of insiders, and what those secondary individuals might have told others.

I thought you engraved the private key on the coins yourself, or was the private key milled on the coins during production? How did you generate your private keys?
newbie
Activity: 15
Merit: 0
March 07, 2017, 02:01:20 PM
#51
Who all had access and/or exposure to the private keys?

You, your brother, and who else?

We (My brother and I) are the only ones who had authorized access. There were very few people who had access to our facilities, but we had robust security measures.  The theft is breathtaking to us because we still can't figure out how they did it under our noses and left no trace (until the theft).  

My current theory was that it was a theft while we were in the milling process of producing the actual coins themselves.  If it was not an insider who did this (and thus a close friend or relative), then it was someone who knew an insider and got the information from them.  We can't truly be sure who spoke of what and to whom within the very limited circle of insiders, and what those secondary individuals might have told others.

I will be turning over the names and contact info of all individuals I know who had any access to the premises at any time  during our milling process to the FBI, or any other investigative authority that is appropriate.  Placing their names and contact info online for public consumption is another matter.  I am very concerned about innocent people being threatened, and some people are angry enough that I am worried innocent people will get personal threats and harassment they don't deserve. I'm also concerned about adding a libel or breach of privacy suit to the great list of challenges we are facing right now.  That could certainly slow down our efforts to get refunds back to aggrieved parties as soon as possible. We have no wish to be obtuse about anything. And our hesitancy to provide information in some cases is only out of a sense of caution for unintended consequences, and not to avoid or be obtuse to anyone.   We will turn over all names: family, friends, associates, ancillary contacts, and all identifying information to the authorities and we will let them to do their work in a confidential manner.  

Again, the FBI has been informed by me personally, and I am working with them to discover what happened and bring justice to all of our friends and family who have been victimized.   We will do everything we can do bring the perpetrators to justice and to restore our customers to a state as close to whole as possible.  
legendary
Activity: 2198
Merit: 1989
฿uy ฿itcoin
March 07, 2017, 01:48:12 PM
#50
Glad to see that you are refunding customers, Richard. Still waiting to get access to my coin to take actual photos of it still fully sealed, but it was also raided in the same batch on the 26/02. I will be back in email contact shortly.

Good to see you are resolving this though. I thought those funds were gone forever.

Any clue as to the point of failure?

I've yet to see anything regarding this.

Viz

This please. Also, a full list of all 600 addresses would be great, so we can see just how bad the damage actually is....

I agree. We can help check all the addresses. Saves Alitin a lot of time.
copper member
Activity: 686
Merit: 603
Electricity is really just organized lightning
March 07, 2017, 01:46:18 PM
#49
Glad to see that you are refunding customers, Richard. Still waiting to get access to my coin to take actual photos of it still fully sealed, but it was also raided in the same batch on the 26/02. I will be back in email contact shortly.

Good to see you are resolving this though. I thought those funds were gone forever.

Any clue as to the point of failure?

I've yet to see anything regarding this.

Viz

This please. Also, a full list of all 600 addresses would be great, so we can see just how bad the damage actually is....
member
Activity: 78
Merit: 12
March 07, 2017, 01:44:38 PM
#48

How did you get 17 unfunded coins, did you just buy stock from Alitin?

That's correct, we bought 20 * unfunded Adam Smiths in bulk back in 2014, with the intent to resell and fund on delivery.
legendary
Activity: 2434
Merit: 1642
March 07, 2017, 01:44:20 PM
#47
Any clue as to the point of failure?

I've yet to see anything regarding this.

Viz
newbie
Activity: 15
Merit: 0
March 07, 2017, 01:41:34 PM
#46
Thank you for attempting to quickly get in front of this issue.  Please keep us updated as you find out more information. 

Thank you sir.  I take this all so personally and I am totally on the side of anyone who is angry about this.  I would be too.  But any kindness at this point means so much to me.  I will never forget it.  Please know I mean it when I say I will do whatever is in my power to fix this.  My honor, my reputation, and my friends, my family and dependents mean more to me than my life a thousand times over.  I've met many of you personally and I have been so proud and touched by how kind everyone has been to me in the past. 

All anger is FULLY justified, and any kindness is like the love of God and a lifeline to me at this point.  But I realize I could never ask for or deserve your anyone's kindness who has been wronged.  I can't change what has been done. But I can do my best to fix as much as I can, whatever it takes.  I'm struggling to keep my focus through the lack of sleep and food, through the extreme anxiety, and the increasing mental fogginess.  I apologize if at any time I make mistakes, get confused, mix up any information, or seem to just be generally "out of it."  I am not going anywhere and I will do anything to fix this and take care of all of you and my dependents, even if it leads to my personal ruin. 
legendary
Activity: 1120
Merit: 1002
March 07, 2017, 01:16:06 PM
#45
Richard,

Thank you for the update.  For everyone who has contacted them regarding their coins, I am confident you will get your refund.  I just received my refund of the stolen 2BTC from JR.  I know this doesn't answer who stole the coin funds, but I believe it wasn't JR or Richard.  And, I do believe the thief will be caught.



hooo ..  !  i see .. : you got a refund ( your refund ) so , you're in "trust"  ?  and then you can "vouch for" ? ...  OK ..  Cool

"let"s refund 2 bitcoin to the guy who yell much around ..  "  ...    how much Bitcoin in total was "stolen" ?  just to remind me ..
sr. member
Activity: 296
Merit: 250
March 07, 2017, 01:12:25 PM
#44
Richard,

Thank you for the update.  For everyone who has contacted them regarding their coins, I am confident you will get your refund.  I just received my refund of the stolen 2BTC from JR.  I know this doesn't answer who stole the coin funds, but I believe it wasn't JR or Richard.  And, I do believe the thief will be caught.
legendary
Activity: 1120
Merit: 1002
March 07, 2017, 01:07:48 PM
#43
man ... seriously:  you have really kept private keys of your customers instead of properly destroyed them ??   cause if the answer is YES : sorry, but you're ENTIRELY responsible.  that's the basics ..   ( what's the goal to hold them as they are supposed to be destroyed after their secured generation .. ? )
IE: ask today to Ognasty or to Smoothie , Casascius, Gravitate  if they had keeped a private key of their funded coins ....  just to see : answer will be NO.
legendary
Activity: 1470
Merit: 1004
March 07, 2017, 12:59:05 PM
#42
I still have 17 Adam Smith coins listed for sale that were never funded, I consider all of these keys compromised.

- 1 key was swept on the 26th like most
- 1 was redeemed a few days ago which I presume was overlooked and fortunate for the owner
- 1 was in transit whilst this was announced, which was great timing

Unsure why one was not swept like the others. There was probably a range of presumed funded coins; I remember either hand picking/letting the customer choose the coin #, so there was probably a gap with non-funded coins that they overlooked when using their bot/software to redeem the keys in a singular instance, probably with no intention to try again (unless they realised a key(s) were missed)

How did you get 17 unfunded coins, did you just buy stock from Alitin?
legendary
Activity: 2254
Merit: 1140
March 07, 2017, 12:55:30 PM
#41
Thank you for attempting to quickly get in front of this issue.  Please keep us updated as you find out more information. 
newbie
Activity: 15
Merit: 0
March 07, 2017, 12:36:19 PM
#40
Richard Forsyth here.

I am sorry for not posting as often as I should.  I keep having issues logging in.  I want to keep up with everyone, and I want you to know we are doing our best to fix everything.  

Yes, we WILL restore stolen Bitcoins.

At this point, we're going to have to borrow the money, but we're working as fast as we can.  Our goal is to do it as fast as possible.  We need anyone who has been robbed to contact us and provide us a picture of their unbroken coin casing, if they haven't already. Thank you to those who have done this promptly.  This will be very helpful.  Our process will be to verify that there are no public address duplicates with applicants for refund, and to match up the public address with our sales records.  If you did not acquire your coin from us directly, please let us know from whom you bought it, if you can recall.  

As far as revealing technical details of the theft: we're still trying to figure out how it might have happened.  We can't release individual names for privacy reasons, and also because the FBI has been contacted and saying too much at this point might frustrate an official investigation.  We have not verified how many coins are stolen at this point.  This will take some time.  But as thefts are verified, we will be providing refunds as fast as we can.  

More about the authorities: I personally went to the FBI on Monday morning--the morning after I found out that some thefts occurred.  I have given them as much information as I could--what I knew at the time, along with what little I suspected--along with my contact information; and I am at their beck-and-call in this process.  Meanwhile, I am answering emails as best I can while trying to coordinate the refund effort.

We have also re-launched our site at AlitinMint.com.  

My contact info is there, and I URGE ANYONE who thinks they've been the victim of a theft to contact my email at [email protected] and I will try to coordinate your refund as fast as I can. I will also do my best to answer your questions and ... provide a punching bag if it will help in any way.

If you have any concerns about my personal complicity, I also urge you to email me and stay in contact with me. I'm not going anywhere until this is fixed.  Unless of course I am sent to jail for a theft that I did not commit.  That would only frustrate my efforts to undo as much damage as I can, and it would leave the real thief at large.  

For those who are still considering contacting "authorities": Please feel free to do so.  It's really not a bad idea, and it might even help.  If you do contact authorities, be sure to mention that I have been to the FBI and the process is already started.  I can assure you that I have more than enough motivation at this point to make everything right. Give them my name, my email, and I will talk to them and work with them.

I am personally very hurt over so many family and friends being robbed. I'm angry that anyone has been robbed who was under my protection. I don't expect any personal sympathy, and I reiterate that your anger is entirely justified.  

Contact me at [email protected] if you have not already, if you think you are the victim of a theft having to do with Alitin Mint, or to just get a feel for me to increase your confidence that I am telling the truth and doing my best.  Right now I am fielding dozens of emails and calls per hour, and I may at times be on the phone or at the offices of the FBI answering questions or assisting with investigative efforts; and If contact increases quite a bit, I might be hard-pressed to respond quickly at certain times.  But these days, I'm sacrificing sleep so I I will put as much time in to it as I am physically able.  I'm barely eating, and honestly I am shaking constantly because of how hurt and angry I am that we were all robbed.  My short-term and some mid-term memory are a little groggy at times too.  I guess stress can do that.   So if you communicate with me and I seem a little "out of it," that's why.  


member
Activity: 78
Merit: 12
March 07, 2017, 11:49:58 AM
#39
I still have 17 Adam Smith coins listed for sale that were never funded, I consider all of these keys compromised.

- 1 key was swept on the 26th like most
- 1 was redeemed a few days ago which I presume was overlooked and fortunate for the owner
- 1 was in transit whilst this was announced, which was great timing

Unsure why one was not swept like the others. There was probably a range of presumed funded coins; I remember either hand picking/letting the customer choose the coin #, so there was probably a gap with non-funded coins that they overlooked when using their bot/software to redeem the keys in a singular instance, probably with no intention to try again (unless they realised a key(s) were missed)
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
March 07, 2017, 11:43:45 AM
#38
Following mine:

https://blockchain.info/address/1QLQDk2KotPqqBjQQK9atEqmmmjBZySPwc

to here:

https://blockchain.info/address/1L9TVzK8CDMsfKW9LRpkVZcTisPX272eFK

You can easily see that my 2 BTC from my coin were combined with the theft of 34 more BTC from 17 other coins and in this one sweep the thief got 36 BTC.

These 36 BTC were then sent to a mixer to be washed.

It looks like my coins ended up here:

https://blockchain.info/address/1AHZ4H8YgM1hMYHYGHaN89QKgf1YvnTuBD

Before being sent back out into the world. So that is the end of the trail on the block chain.

So, there is no doubt that it was theft.

Post script:

The person that now owns this block of 256 coins from the mixer has coins from the theft, but the way mixers work the current owner of these coins is most definitely not the thief.  The thief got other coins out of the mixer.

https://blockchain.info/address/1tUcP5FxpPTJhkS3bEpKXj1qbCgUK913U

Post post script:

The owner of the tainted coins (again this is NOT the thief) has used a few and the remaining coins are now here:

https://blockchain.info/address/14RXq8sYdHnxtVocnYnvJphZCmyF7EjJjC
legendary
Activity: 3206
Merit: 3596
March 07, 2017, 10:00:25 AM
#37
And only one person ever sees the private keys before they are destroyed from our records--and that person is me.  I am the CEO and I engrave the coins myself.  I also do the ciphers and much of the packaging.  Tamper proofing cases like this is a challenge.  It's slow and tedious work.  But thorough.  We built in 6-8 weeks just in case we got big orders.  We would rather our customers be pleasantly surprised than disappointed. 


I see a lot of posts regarding who had access to the coins before they were slabbed, but we've already had a statement regarding this from Alitin.

So then if this statement is true, he would have been the one to steal the BTC, as he was the only one with access to keys.....
OR
He is lying, other people had access to the keys and he is trying to cover this up.....

Either way, the trust has been breached...   

Funny how it took a week for anyone to notice this....  That's a lot of time in the crypto-world.

I too, would have contacted my lawyer within that week.....  coincidence??
legendary
Activity: 1470
Merit: 1004
March 07, 2017, 11:15:32 AM
#37
Oh boy... this is very odd. Alitin are very nice looking coins.

Very sad to hear another Physical BTC manufacturer having this sort of issue.  Huh

We should see how this unfolds, glad I don't have any Alitin coins, been tempted to get a few in the past but never did.

Sucks very much.

However how do we know for sure 50/60 coins were actually emptied by a thief rather than people just emptying themselves because of BTC price hike or to protect themselves from theft


Also, all of the coins considered "swept" were done so on the specific date, 2/26. So you wouldn't have had any individuals cracking their own coins on that exact date, unless it was pure coincidence, which isn't likely.
hero member
Activity: 1036
Merit: 501
March 07, 2017, 10:50:45 AM
#36
However how do we know for sure 50/60 coins were actually emptied by a thief rather than people just emptying themselves because of BTC price hike or to protect themselves from theft?

Their tamper-evident cases are still intact.
So, it's more likely that someone swept the keys, rather than multiple people trying to "scam" Altin Mint.
Pages:
Jump to: