Pages:
Author

Topic: BIPS Wallet security breach (Read 11504 times)

sr. member
Activity: 400
Merit: 250
December 10, 2014, 01:30:50 PM
Really? It's still attive?
And is working very hard?
 Roll Eyes
Who are you?
legendary
Activity: 1092
Merit: 1000
nahtnam.com
December 18, 2013, 07:32:13 PM
Its obvious that the plan was to be vague as possible... then just slip away hoping everyone just forgot about their coins.  My initial investment was to be used as part of a home down payment.. I won't forget.

I dont think it was an intended scam. Just got a PM from him and apparently they are working very hard.

I think you are right, Kristian is working hard on getting away with this scam.
Interesting how many people has "talked" with him over the phone and got convinst that he is the most honest man in the world.

If he is still active it most likely means that he is trying to make up whats lost.
hero member
Activity: 546
Merit: 510
December 18, 2013, 05:32:55 AM
Its obvious that the plan was to be vague as possible... then just slip away hoping everyone just forgot about their coins.  My initial investment was to be used as part of a home down payment.. I won't forget.

I dont think it was an intended scam. Just got a PM from him and apparently they are working very hard.

I think you are right, Kristian is working hard on getting away with this scam.
Interesting how many people has "talked" with him over the phone and got convinst that he is the most honest man in the world.
legendary
Activity: 1092
Merit: 1000
nahtnam.com
December 17, 2013, 06:39:33 PM
Its obvious that the plan was to be vague as possible... then just slip away hoping everyone just forgot about their coins.  My initial investment was to be used as part of a home down payment.. I won't forget.

I dont think it was an intended scam. Just got a PM from him and apparently they are working very hard.
newbie
Activity: 42
Merit: 0
December 17, 2013, 01:09:29 PM
Its obvious that the plan was to be vague as possible... then just slip away hoping everyone just forgot about their coins.  My initial investment was to be used as part of a home down payment.. I won't forget.
hero member
Activity: 546
Merit: 510
December 17, 2013, 06:32:54 AM
Ask if Denmark has an "Danish National IT Forensic Police Department".

Kristian Henriksen claims that they are handling the case.
I have never heard about any "Danish National IT Forensic Police Department".

I have seen no evidence that there was any kind of attack.
All I have seen is a bitcoin transfer of 1295 BTC, that do not prove anything.
legendary
Activity: 1092
Merit: 1000
nahtnam.com
December 16, 2013, 07:38:14 PM
Company address:

BIPS
- edit - removed address.
Denmark

Registred to Kris Henriksen

I have a friend in Denmark if you need to report something.
hero member
Activity: 546
Merit: 510
December 09, 2013, 08:21:08 AM
No sign of Kristian, no sign of BIPS.
He definitely ran away with all the coins, that crock!
hero member
Activity: 546
Merit: 510
December 06, 2013, 05:28:03 AM
Hi is a crock   Angry

And he bought himself enough time to getaway.
newbie
Activity: 11
Merit: 0
December 06, 2013, 04:56:17 AM
I might join if I knew where to start - that is why I wanted Kris' physical address - so we could serve notice on him... on the face of it it appears that the coins were just outright nicked... I guess he saw the price rise and couldn't resist it

Yes, count me in too. The last days development gives me a gut feeling that Kris has some part in the scam, or is completely incompetent as a CEO. Either way his current operations should be shut down by legal or social means. BIPS lost it's reason to exist in the Bitcoin community by how this mess is handled.

BTW I live and run a brand consultancy firm in southern Sweden (only 10 min from Denmark), so I ofcourse can represent a legal case localy, but more important, I know very well how to kill a brand. Lets just say; storytelling works both ways...
legendary
Activity: 4256
Merit: 8551
'The right to privacy matters'
December 05, 2013, 07:53:35 PM
 Well I was in the newer we saved your coin status and was told   I may see my .39 btc.  Time will tell.


BTW 1200 plus coins were stolen at the 500 usd level so about 600,000 was stolen  it is now more like  1.3 million.
newbie
Activity: 9
Merit: 0
December 04, 2013, 09:17:58 AM
In case you haven't seen it.  It is better than radio silence at least.  Smiley

"Wallet Status Update

We sincerely apologise for the limited information that has been available up to now, but we have not had and are still short of facts to be able to make sufficient thorough official statements.

Most of what was recoverable from our servers and backups has now been restored and we are currently working on retrieving more information to get a better understanding of what exactly happened, and most of all what can be done to track down who did it.

1295 bitcoins in total were sent to an external wallet by the attackers.
https://blockchain.info/address/1LuG91tcSQxKj32BsCoRkX7yQLfj9LtkCs
Those bitcoins are not retrievable unless we can find the perpetrators and somehow make a demand they return the coins.
The Danish National IT Forensic Police department have agreed to assist us examining what data there is.

It appears that in order to file a police report for theft, we may need consent from all affected parties to lodge, as according to the police they can not classify this as a theft due to the current non regulation of bitcoin. We are currently looking in to details surrounding this further, awaiting a response from our lawyers and the police department.

Will there be any reimbursement available?
Please bear in mind that the wallet service was a free service and thus there has been 0 revenue generated from it. Hence BIPS is unable to reimburse bitcoins lost unless the stolen coins are retrieved.
We are discussing the possibility of a compensation plan with our legal advisors, but are unable to comment further on this for now.

Practical information:

There are a few account holders who have a small balance of bitcoins in their wallets after the attack. Some have also had payments sent to their BIPS wallet bitcoin addresses and we recovered these on November 19th sending them to an external wallet for safety reasons. These coins will naturally be available for withdrawal by the respective owners. Any bitcoins sent to old addresses after November 19th will also be available to withdraw by those they belong to.

Some merchants have accumulated sales that have been converted to Fiat over time, but not yet reached their minimum payouts. Their balances will also be available in their chosen currency with an option to have them paid out immediately or paid manually together with their new accumulated balance.

For all of the above instances, we are currently working on setting up a clone containing old wallet info and transactions, please grant us patience ..

Notice:

Our mailing system was wiped out during the attack and is still not restored. That means that if we send out mass emails, a large number of these will never reach their destination or end up in Spam folders (some email providers will even auto delete them).

Please check the news section of our helpdesk for more updates and information regularly in case you are amongst the ones who are not receiving our emails."

I suggested to Kris that we have a Skype conference call with him where we can find out what happened and discuss way forward.  This seems a way forward if BIPS wants to reach an agreed, amicable solution.
member
Activity: 91
Merit: 10
December 03, 2013, 11:32:21 PM
FROM KRIS:

Quote
I do not participate in dialogue on any forums at this time. However, I keep an eye on what people are writing and collecting this data for future review. And from what I can read, you are way over the line with accusations, and I would advise you to stop immediately. Not only are you making it harder for me to attend to the issues at hand, but more so you have engaged in slander, defamation and worse.

We have now closed your account at BIPS as per binding Legal Agreements.

--- Terms of Service
BIPS reserves the right to unilaterally terminate your use of the Service, either temporarily or permanently in the event of : unacceptable user behavior, attempted abuse of others 'accounts, attempts to gain access to others' data or any other reason BIPS deems necessary.
--

-- Privacy Policy
In cases of slander, defamation or fraud, BIPS may at its own discretion disclose general account information to affected parties.
--

Okay Kris, now you have made it hard on yourself. I'm going to go public with all your details, including the scams you are associated with today. This kind of attitude will eventually bring yours and BIPS downfall.

I have asked Kris numerous times to refund my coins without resorting to slander. Not once in his communications did he mention that he won't be refunding or even gave me any hope of a refund. All he did was employ usual tactics of delaying communicating the obvious truth with a hope that with time customers will forget about this theft and move on (like we have done for so many other previous hacks).

I'll also disclose all private messages, mails that we sent to each other back and forth and also anything that I find suspicious about your dealings with BIPS and its users publicly.

I'm already in touch with my lawyer (like I said in my previous posts) and be rest assured that I'll be dragging your ass to court. You have been given too much time by all the customers with absolutely zero information on your end about the hack (absolutely zero transparency). I don't give a damn about you closing my account as I'm not going to gun for those 3.3BTC anymore (the time for refunding has expired long ago). And whats the use of a account where I can neither deposit nor withdraw BTC? You closing my account is a joke and a futile attempt at replying to my accusations.

I'll make sure you land behind bars for betraying the trust your customers hold in you. And now that you have said publicly that you won't be refunding your customers (from your Press Release and Version2 interview) I appeal to all the BIPS customers to send me a PM with your BIPS username and the BTC amount you had stored with them. I'm going to make a list of all the people who have been scammed by BIPS and will be forwarding it to my lawyer. If you guys want to help me in fighting the case I would appreciate it if you can give me any details you can (including PM's between you and Kris, any emails exchanged etc or even getting information from concerned authorities in Denmark). I don't want help in any other way (including donations) as I'll fight this case with the money out of my own pocket. I hate it when people betray my trust and take me for granted.

Also this piece of information from BIPS press release is really interesting:

Quote
Please bear in mind that the wallet service was a free service and thus there has been 0 revenue generated from it. Hence BIPS is unable to reimburse bitcoins lost unless the stolen coins are retrieved.

ROFL! So that means anyone operating a free service with 0 revenue generated from it are not liable to loss/theft of customer data (in this case bitcoins). This is a new legal definition coined by BIPS. Similar to Trendon Shavers claiming "Bitcoin isn't real money"... for which SEC showed him the middle finger. I can't wait for Denmark courts to do the same to Kris Henriksen.
member
Activity: 91
Merit: 10
December 03, 2013, 09:57:19 PM
http://www.version2.dk/artikel/ny-forklaring-om-det-store-danske-bitcoin-roeveri-ddos-angreb-var-kun-et-roegsloer-55179

"It was wrong announced. After the first DDoS attacks were hackers inside and found a hole and then deleted the total and masked what they had done afterwards with the large DDoS attacks which struck the connection to the SAN and got the servers to crash , "says Kris Henriksen to Version2.

"The service was divided into 'cold wallet' where customers Bitcoins was locked down, and a 'hot wallet' where they were offloaded when there had to be moved around on them. But because of an error in the algorithm, the entire portfolio of Bitcoins ended up standing in 'hot wallet' department."


"With the success we've had with all the people have bought and sold, the algorithm moved it all over in hot wallet. It took hackers saw a hole that they could exploit, "said Kris Henriksen.

This version of the story was told only to Version2 and no press release that said that the previous press release by BIPS was the incorrect version.

Now BIPS has released a press release today: https://bips.me/press which still does not contain the version told to Version2.

Be careful when you get a mail or anything asking you to give consent by BIPS. According to my lawyer it might be a sly attempt at getting consent to "yes the coins have not been stolen by BIPS". Does anyone (from Denmark) have any contacts at Danish National IT Forensic Police department? Can someone check if a case is registered with them and whether they really are assisting BIPS?

EDIT: What kind of shitty code had Kris written that moved all coins from 'cold wallet' to the hot wallet? So that means people who paid for the cold storage were being fleeced extra bitcoins for something that wasn't even secure. Great!

member
Activity: 91
Merit: 10
December 03, 2013, 09:40:41 PM
Just an alert. Kris Henriksen's account (https://bitcointalksearch.org/user/kris-11921) has not been active since December 1st 2013. So has he finally decided to run now that some of us are pursuing legal remedies? Anyone communicated with him last can share their details here if they wish. Many are contacting me with his personal details (including account numbers, addresses etc). So Kris if you are reading this through your shill accounts know that you can run but cannot hide.
member
Activity: 91
Merit: 10
December 03, 2013, 09:26:02 PM
Quote
do you have personal vendetta with Kris or what?
If you were that close with Kris that you knew so much of Bips operational,
and you knew there was weakness with Bips security config as you mentioned,
why didn't you do something before?
or you could have place your btc somewhere else instead of keeping it there??

stop embarrassing yourself mate

This person must be either Kris or someone related to him. Awfully suspicious when there's new accounts exclusively defending BIPS in this thread.

When you build a business around keeping money safe, there's no room for error. The absolute worst way you could ever screw over your users is by compromising their wallets.

If you manage the lose a million dollars of someone else's money, you can't expect there would be no consequences. Of course people are going to be extremely upset.

It's becoming pretty obvious all the money is gone and BIPS is an absolutely awful company nobody should ever trust, but the only way Kris could safe his face is to step forward and address the situation.

If he decides to remain silent and act like nothing happened, people are going to make it personal. There's no way around it.


me = kris?
nope

related to him?
well i knew him for a while, chat many times with him but those never last over 2 minutes (strictly business talk)

and you saying my posts here looks like "exclusively defending Bips"?
oh man, if i really intend to do so - none of you would stand a chance... please trust me on this Smiley

upset/ extremely upset/ mad - do whatever you feels right to do mate...
you have all the rights to express anything you like about Bips just as much as i do to express mine Wink

Ok Kris thanks for the lecture.

EDIT: Read between the lines.

legendary
Activity: 1092
Merit: 1000
nahtnam.com
December 03, 2013, 07:10:13 PM
Whats the difference between bips and coinbase?

Coinbase is not only an online wallet. You can link your bank account with them and buy and sell bitcoins also.
Although when the price is on an uptrend you may experience some surprises when trying to buy coins  Tongue Tongue



So why choose bips over coinbase? Coinbase even has insurance so "hacked" accounts will get all the btc their lost btc back.
newbie
Activity: 7
Merit: 0
December 03, 2013, 03:40:42 PM
Quote
do you have personal vendetta with Kris or what?
If you were that close with Kris that you knew so much of Bips operational,
and you knew there was weakness with Bips security config as you mentioned,
why didn't you do something before?
or you could have place your btc somewhere else instead of keeping it there??

stop embarrassing yourself mate

This person must be either Kris or someone related to him. Awfully suspicious when there's new accounts exclusively defending BIPS in this thread.

When you build a business around keeping money safe, there's no room for error. The absolute worst way you could ever screw over your users is by compromising their wallets.

If you manage the lose a million dollars of someone else's money, you can't expect there would be no consequences. Of course people are going to be extremely upset.

It's becoming pretty obvious all the money is gone and BIPS is an absolutely awful company nobody should ever trust, but the only way Kris could safe his face is to step forward and address the situation.

If he decides to remain silent and act like nothing happened, people are going to make it personal. There's no way around it.


me = kris?
nope

related to him?
well i knew him for a while, chat many times with him but those never last over 2 minutes (strictly business talk)

and you saying my posts here looks like "exclusively defending Bips"?
oh man, if i really intend to do so - none of you would stand a chance... please trust me on this Smiley

upset/ extremely upset/ mad - do whatever you feels right to do mate...
you have all the rights to express anything you like about Bips just as much as i do to express mine Wink
newbie
Activity: 9
Merit: 0
December 03, 2013, 01:38:50 PM
The whole thing is too suspicious, too suspicious.
Kris has spend his time running around and tolled the media that its is not his fault and the wallets security is the users responsibility.

The worse thing is that he is getting away this scam.
No action has been taking since 22 Nov.
We are talking about 1295 BTC!!!
Why is there no details published of any kind?

I say he is a liar and a crock!


No he isn't getting away. I'm already in touch with my lawyer. I'm going to drag this fool to the court. We are mapping out a plan to tackle this as its outside of my country. Anyone else planning to sue him?



I might join if I knew where to start - that is why I wanted Kris' physical address - so we could serve notice on him... on the face of it it appears that the coins were just outright nicked... I guess he saw the price rise and couldn't resist it
sr. member
Activity: 252
Merit: 250
December 03, 2013, 08:42:22 AM
Whats the difference between bips and coinbase?

Coinbase is not only an online wallet. You can link your bank account with them and buy and sell bitcoins also.
Although when the price is on an uptrend you may experience some surprises when trying to buy coins  Tongue Tongue

Pages:
Jump to: