Pages:
Author

Topic: Best practices for Bitcointalk escrow providers - page 2. (Read 585 times)

legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
Well it is the escrow's job to ensure the trade goes smoothly, and if it doesn't to see that the scammer does not end up with the money. That is what they are getting paid to do. If the escrow is not willing to do basic due diligence before releasing the money, I don't see the point of using them.

The amount in question in this case is $50k. I don't think it is unreasonable to use a little bit of care when dealing with that much of other people's money.
How would you care more when the same person (here same account) is telling you to make a change in the deal? If there was no hack involved we would not see the scam. The situation was real tricky and anyone would have been victim of it. MJ did not keep the money after all.
copper member
Activity: 2996
Merit: 2374
Minerjones has a history of playing fast and lose with what he is willing to do for his own (potential) profit. He is willing to auction off items on behalf of third parties without being in possession of said items, and does not take responsibility when he cannot deliver the items (no disclaimer is made that he is not the seller, that the auction is subject to any additional terms, or that he is not the one actually shipping the items).
Strange. Why are you bringing all this BS now? The scammer was always a few steps ahead in this particular case. MJ did what he does.

I am not protecting anyone, but I am also not comfortable to blame a party for a scam where someone took control of the contact person.

What probability we have for this kind of situation?
You decide to make a trade
You send coin to escrow
Your account get hacked
Someone else takes control of your account
Trade goes wrong
You get back your account
Blame goes to escrow.
Cluster F**K
Well it is the escrow's job to ensure the trade goes smoothly, and if it doesn't to see that the scammer does not end up with the money. That is what they are getting paid to do. If the escrow is not willing to do basic due diligence before releasing the money, I don't see the point of using them.

The amount in question in this case is $50k. I don't think it is unreasonable to use a little bit of care when dealing with that much of other people's money.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
I think that escrow should always check BPIP website for possible changes in accounts like password resets, and cancel/pause any trade if they notice anything suspicious.
It's not the first time accounts have been hacked in bitcointalk forum and using different account for deals like in this case is definitely something suspicious and worth checking out by escrow.
Unless you experience something wired like this happened, you have no idea that there was a way. I am sure MJ would check with possible everything if he had slight confusion that things could go fish. There was a term change which was meeting in person and that information came from the same account. So in a regular practice it was nothing to get alarmed. I do not think MJ has anything to do here. He has done his job.

Minerjones has a history of playing fast and lose with what he is willing to do for his own (potential) profit. He is willing to auction off items on behalf of third parties without being in possession of said items, and does not take responsibility when he cannot deliver the items (no disclaimer is made that he is not the seller, that the auction is subject to any additional terms, or that he is not the one actually shipping the items).
Strange. Why are you bringing all this BS now? The scammer was always a few steps ahead in this particular case. MJ did what he does.

I am not protecting anyone, but I am also not comfortable to blame a party for a scam where someone took control of the contact person.

What probability we have for this kind of situation?
You decide to make a trade
You send coin to escrow
Your account get hacked
Someone else takes control of your account
Trade goes wrong
You get back your account
Blame goes to escrow.
Cluster F**K
copper member
Activity: 2996
Merit: 2374
Minerjones has a history of playing fast and lose with what he is willing to do for his own (potential) profit. He is willing to auction off items on behalf of third parties without being in possession of said items, and does not take responsibility when he cannot deliver the items (no disclaimer is made that he is not the seller, that the auction is subject to any additional terms, or that he is not the one actually shipping the items).

It is not unusual for an escrow provider to have the seller ship directly to the seller -- as an escrow provider, I engaged in this practice, and would give terms to this effect, I would say that in the event of a dispute the respective parties would need to provide evidence to support if they lived up to the terms of the agreement.

It is best to confirm all the terms of the trade before a funding address is provided, and that does not appear to have occurred in this case. MJ said it is safe to "ship" the physical coin once the escrow address is funded, but MJ later posted that he was told via PM that delivery would be done in person. IMO this should have set off red flags, and he should have either asked for additional verification from the buyer to confirm he is speaking to the correct person, or delayed releasing the funds to see if someone shows up claiming to be the buyer whose account was hacked.
legendary
Activity: 2212
Merit: 7064
Shouldn't it be the escrow's responsibility to make absolutely sure the trade can't go wrong in any possible way?
I would say yes, and what is even more surprising is the fact that escrow had very chill attitude about all situation, he pretty much ignored his client, replied to him only once, and it took long time for him to post that timeline from his PMs.
Even if mistake was made by eseayan for using same password on multiple websites, it doesn't mean that escrow has no responsibility in this case.

I think that escrow should always check BPIP website for possible changes in accounts like password resets, and cancel/pause any trade if they notice anything suspicious.
It's not the first time accounts have been hacked in bitcointalk forum and using different account for deals like in this case is definitely something suspicious and worth checking out by escrow.

Exactly. What's the point of using an escrow with those terms?
No point, except to give you some false sense of security.


https://bpip.org/Profile?id=2874918
legendary
Activity: 3654
Merit: 8909
https://bpip.org
Exactly. What's the point of using an escrow with those terms?
No real use to be honest if someone really has intention to scam others. I always wondered about the way ebay deals. Someone can use the same idea and can fool ebay resolution. But I don't think there are many people who have intention to scam others. There are one or two in a million and they give the bad name.

On eBay sellers are typically taking the bigger risk - the buyer can make false claims about the delivery or the item's condition, and most of the time eBay would side side with buyers, plus there are PayPal/CC disputes. However this risk exists everywhere in online sales and the sellers are basically expected to eat the loss as the cost of doing business. (edit: I did not plagiarize LoyceV, I promise LOL)

However most eBay items are nowhere near $50k. IMO items of such value should be reshipped by the escrow. On less valuable items that make no sense to be reshipped the escrow should make it very clear how they will adjudicate disputes, e.g. is tracking sufficient to prove delivery, etc. There is no way to eliminate the risk completely but all sides should have the correct expectations at the start of the deal.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Exactly. What's the point of using an escrow with those terms?
No real use to be honest if someone really has intention to scam others.
This is what I would have expected:
  • Buyer and seller provide payment and shipping details to escrow.
  • If all agree on all terms, buyer pays escrow and seller sends product to escrow.
  • Escrow verifies product.
  • Escrow releases product and payment only if everything is okay.

Quote
I always wondered about the way ebay deals. Someone can use the same idea and can fool ebay resolution.
On eBay it's usually the seller who loses. If it's a small percentage, it's just the cost of doing business. I wouldn't dare sell (or buy) expensive items on eBay.

Quote
On the other hand imagine everyone is sending an item to ebay warehouse and ebay has manpower to manually check all shipments. This will be a total mess. Obviously the senders are trusting ebay's logistics of course.
For cheap items I get it, but we're talking about $50k here with $500 for the escrow.

Quote
Bitcoin signed message is way too easier. I don't think majority here even have a PGP key and they know how to use it.
I tried, and even though it worked, it didn't make me feel I truely understood what I was doing. Bitcoin signed messages are much easier.
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
Exactly. What's the point of using an escrow with those terms?
No real use to be honest if someone really has intention to scam others. I always wondered about the way ebay deals. Someone can use the same idea and can fool ebay resolution. But I don't think there are many people who have intention to scam others. There are one or two in a million and they give the bad name.

On the other hand imagine everyone is sending an item to ebay warehouse and ebay has manpower to manually check all shipments. This will be a total mess. Obviously the senders are trusting ebay's logistics of course.

Quote
I find a Bitcoin signature much easier to verify than a PGP signature. In this case the victim didn't verify MJ's signature (even though it verified, so that wasn't the problem). But if the victim would have used signed messages too, hacking his account would no longer have been enough.
Bitcoin signed message is way too easier. I don't think majority here even have a PGP key and they know how to use it.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
It was well organized and planned at least that's how it looked to me.
Agreed, someone saw an opportunity and took it with great skill.

Quote
If you send me a message and then another message from your account then another message from the same account I will obviously think it's you.
But if I say something completely different it doesn't hurt to be extra careful. That's what I meant with "the deal should not be changed anymore".

Quote
I would not have any idea that your account got hacked and someone else will send messages from your account.
Agreed again. That's what makes this scam so tricky, and I hope the community can learn from this and maybe prevent it in the future.

Quote
May be we can always add a signed message using either PGP or known bitcoin address. This way you have one more option to verify a message even if this come from an expected source. Like in MJ's case if there was a signed message using bitcoin address for every PM the sent to each others then verification could be stronger.
I find a Bitcoin signature much easier to verify than a PGP signature. In this case the victim didn't verify MJ's signature (even though it verified, so that wasn't the problem). But if the victim would have used signed messages too, hacking his account would no longer have been enough.

Quote
The sender can give a fake tracking ID or used tracking ID and the escrow would think it's real. Or even worse, the sender can send something else, may be a piece of brick and get a tracking ID for it. Send the tracking ID to the escrow and escrow will think the item was delivered LOL
Exactly. What's the point of using an escrow with those terms?
legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
This resulted in a $50,000 scam.
Totally fucked situation. I was reading the other thread. It was well organized and planned at least that's how it looked to me. The escrow did not have anything to do here. If you send me a message and then another message from your account then another message from the same account I will obviously think it's you. I would not have any idea that your account got hacked and someone else will send messages from your account.

May be we can always add a signed message using either PGP or known bitcoin address. This way you have one more option to verify a message even if this come from an expected source. Like in MJ's case if there was a signed message using bitcoin address for every PM the sent to each others then verification could be stronger.

Quote
I was surprised to see an established escrow provider say to ship items directly to the buyer after payment
The sender can give a fake tracking ID or used tracking ID and the escrow would think it's real. Or even worse, the sender can send something else, may be a piece of brick and get a tracking ID for it. Send the tracking ID to the escrow and escrow will think the item was delivered LOL
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I was surprised to see an established escrow provider say to ship items directly to the buyer after payment:
The escrow address is from the massage that escrow-man sent to me on August 28. Here is the massage:
Quote
Once funds have been sent and confirmed, please use "reply to all" to let us know the txid of the payment.
After this, items can be shipped to the buyer.
When buyer receives items in good standing and reports back, I can release funds to the seller.
Is this "normal" when escrowing Collectibles? I would expect the escrow to receive and verify the goods personally before reshipping it to the buyer. Now the escrow can't possibly verify it if the buyer says he received something else, and the seller still has no evidence. What's the point in paying someone $500 to escrow only the payment but not the goods?

The follow-up was even worse. The buyer's account got hacked, and the hacker changed the deal after the buyer paid:
Aug 28 2021 045333PM: eseayan paid escrow

Aug 28 2021 082807PM: eseayan confirm that coins will be delivered in person

Aug 29 2021 113837AM: minerjones confirms payment

Aug 29 2021 120243PM: eseayan send PM saying the coins were received

Aug 29 2021 012253PM: Rajubhusal confirms, saying to release to given address previously (see above)
This resulted in a $50,000 scam.

Shouldn't it be the escrow's responsibility to make absolutely sure the trade can't go wrong in any possible way? The escrow provider is the experienced trader, who should assume one of the other parties could be a total n00b and the other one an experienced scammer.

I'd also say the deal should be completely clear before any payment is made, and once payment addresses have been exchanged, the deal should not be changed anymore. I think this scam could have been prevented by stricter escrow rules.

I'd like to see other escrow providers chip in on how they would handle this.
Pages:
Jump to: