Topic: Best practices for Bitcointalk escrow providers (Read 580 times)

How would you care more when the same person (here same account) is telling you to make a change in the deal? If there was no hack involved we would not see the scam. The situation was real tricky and anyone would have been victim of it. MJ did not keep the money after all.

Well it is the escrow's job to ensure the trade goes smoothly, and if it doesn't to see that the scammer does not end up with the money. That is what they are getting paid to do. If the escrow is not willing to do basic due diligence before releasing the money, I don't see the point of using them.

The amount in question in this case is $50k. I don't think it is unreasonable to use a little bit of care when dealing with that much of other people's money.

Unless you experience something wired like this happened, you have no idea that there was a way. I am sure MJ would check with possible everything if he had slight confusion that things could go fish. There was a term change which was meeting in person and that information came from the same account. So in a regular practice it was nothing to get alarmed. I do not think MJ has anything to do here. He has done his job.

Strange. Why are you bringing all this BS now? The scammer was always a few steps ahead in this particular case. MJ did what he does.

I am not protecting anyone, but I am also not comfortable to blame a party for a scam where someone took control of the contact person.

What probability we have for this kind of situation?
You decide to make a trade
You send coin to escrow
Your account get hacked
Someone else takes control of your account
Trade goes wrong
You get back your account
Blame goes to escrow.
Cluster F**K

Minerjones has a history of playing fast and lose with what he is willing to do for his own (potential) profit. He is willing to auction off items on behalf of third parties without being in possession of said items, and does not take responsibility when he cannot deliver the items (no disclaimer is made that he is not the seller, that the auction is subject to any additional terms, or that he is not the one actually shipping the items).

It is not unusual for an escrow provider to have the seller ship directly to the seller -- as an escrow provider, I engaged in this practice, and would give terms to this effect, I would say that in the event of a dispute the respective parties would need to provide evidence to support if they lived up to the terms of the agreement.

It is best to confirm all the terms of the trade before a funding address is provided, and that does not appear to have occurred in this case. MJ said it is safe to "ship" the physical coin once the escrow address is funded, but MJ later posted that he was told via PM that delivery would be done in person. IMO this should have set off red flags, and he should have either asked for additional verification from the buyer to confirm he is speaking to the correct person, or delayed releasing the funds to see if someone shows up claiming to be the buyer whose account was hacked.

I would say yes, and what is even more surprising is the fact that escrow had very chill attitude about all situation, he pretty much ignored his client, replied to him only once, and it took long time for him to post that timeline from his PMs.
Even if mistake was made by eseayan for using same password on multiple websites, it doesn't mean that escrow has no responsibility in this case.

I think that escrow should always check BPIP website for possible changes in accounts like password resets, and cancel/pause any trade if they notice anything suspicious.
It's not the first time accounts have been hacked in bitcointalk forum and using different account for deals like in this case is definitely something suspicious and worth checking out by escrow.

No point, except to give you some false sense of security.


https://bpip.org/Profile?id=2874918

On eBay sellers are typically taking the bigger risk - the buyer can make false claims about the delivery or the item's condition, and most of the time eBay would side side with buyers, plus there are PayPal/CC disputes. However this risk exists everywhere in online sales and the sellers are basically expected to eat the loss as the cost of doing business. (edit: I did not plagiarize LoyceV, I promise LOL)

However most eBay items are nowhere near $50k. IMO items of such value should be reshipped by the escrow. On less valuable items that make no sense to be reshipped the escrow should make it very clear how they will adjudicate disputes, e.g. is tracking sufficient to prove delivery, etc. There is no way to eliminate the risk completely but all sides should have the correct expectations at the start of the deal.

This is what I would have expected:

• Buyer and seller provide payment and shipping details to escrow.
• If all agree on all terms, buyer pays escrow and seller sends product to escrow.
• Escrow verifies product.
• Escrow releases product and payment only if everything is okay.

On eBay it's usually the seller who loses. If it's a small percentage, it's just the cost of doing business. I wouldn't dare sell (or buy) expensive items on eBay.

For cheap items I get it, but we're talking about $50k here with $500 for the escrow.

I tried, and even though it worked, it didn't make me feel I truely understood what I was doing. Bitcoin signed messages are much easier.

No real use to be honest if someone really has intention to scam others. I always wondered about the way ebay deals. Someone can use the same idea and can fool ebay resolution. But I don't think there are many people who have intention to scam others. There are one or two in a million and they give the bad name.

On the other hand imagine everyone is sending an item to ebay warehouse and ebay has manpower to manually check all shipments. This will be a total mess. Obviously the senders are trusting ebay's logistics of course.

Bitcoin signed message is way too easier. I don't think majority here even have a PGP key and they know how to use it.

Agreed, someone saw an opportunity and took it with great skill.

But if I say something completely different it doesn't hurt to be extra careful. That's what I meant with "the deal should not be changed anymore".

Agreed again. That's what makes this scam so tricky, and I hope the community can learn from this and maybe prevent it in the future.

I find a Bitcoin signature much easier to verify than a PGP signature. In this case the victim didn't verify MJ's signature (even though it verified, so that wasn't the problem). But if the victim would have used signed messages too, hacking his account would no longer have been enough.

Exactly. What's the point of using an escrow with those terms?

Totally fucked situation. I was reading the other thread. It was well organized and planned at least that's how it looked to me. The escrow did not have anything to do here. If you send me a message and then another message from your account then another message from the same account I will obviously think it's you. I would not have any idea that your account got hacked and someone else will send messages from your account.

May be we can always add a signed message using either PGP or known bitcoin address. This way you have one more option to verify a message even if this come from an expected source. Like in MJ's case if there was a signed message using bitcoin address for every PM the sent to each others then verification could be stronger.

The sender can give a fake tracking ID or used tracking ID and the escrow would think it's real. Or even worse, the sender can send something else, may be a piece of brick and get a tracking ID for it. Send the tracking ID to the escrow and escrow will think the item was delivered LOL

I was surprised to see an established escrow provider say to ship items directly to the buyer after payment:

The follow-up was even worse. The buyer's account got hacked, and the hacker changed the deal after the buyer paid:
This resulted in a $50,000 scam.

Shouldn't it be the escrow's responsibility to make absolutely sure the trade can't go wrong in any possible way? The escrow provider is the experienced trader, who should assume one of the other parties could be a total n00b and the other one an experienced scammer.

I'd also say the deal should be completely clear before any payment is made, and once payment addresses have been exchanged, the deal should not be changed anymore. I think this scam could have been prevented by stricter escrow rules.

I'd like to see other escrow providers chip in on how they would handle this.