Topic: bitcoin7.com 'hacked'. Database and wallets 'stolen' - page 2. (Read 22855 times)

Just by the way, to whoever runs that site:

The emails shouldn't just be put in plain text out there, too easy for spambots to get them.
Perhaps some scrambling or javascript should be used to hide the adresses.

I am pretty sure you just plagiarized chapters 8-11 of my autobiography, "Bitcoin; how I rode the backs of poor nerds into space". It's coming out mid-november, just in time for the Christmas season...buy one for the wifey and four for the kids in case they wreck one or two. Prepay with btc only. 8-12 weeks for delivery.

People should just learn that (as applicable to Information Security):

Risk = Threat * Vulnerability * Asset

Everyone is powerful.  Vote with your bitcoins.

There shall be better organization of information as to which bitcoin exchanges are reputable, reliable, trustworthy.

According to the information available at http://bitcoinmarkets.com/exchanges.php

The following exchanges are possibilities for similar scam/fraudulent opportunities and should be used with caution (or not at all):

aqoin
Bitchange
BTC-E
BTCex
Bitcoin2Cash
Bitcoin Central
BitMarket
BitStamp
Bitcoiny
Brasil Bitcoin Market
Global Bitcoin Exchange
IMCEX
Mercado Bitcoin
OtcExchange
OzBitcoin
Ruxum
The Rock Trading Company
Tradehill

Actually, it may be useful to establish a kind of standardization to better evaluate and rate which exchanges are reliable/reputable.  Those listed above have little to no contact information that is reliable or reputable enough.

This stinks to high hell of a scam. They want me to upload a picture of my passport? HELL NO.

Not sure I even had any bitcoins there, but I can't see my balance... so who knows.

I would use "stolen" with quotation marks. Anyone who has lost coins with this shambles of a company should cut their losses, and certainly shouldn't send those criminals photo identification. Unless you want it to get "stolen" also.

Drop in Bitcoin price today directly linked with the sale of stolen coins from the Bitcoin7 exchange.

Or maybe people should just learn how to smell a scam, and stay well away. Due to the nature of the system, I think any organizations set up to protect "bitcoin user's rights" would be just as powerless as the rest of us to settle issues like this.

What shocks me isn't the number of scams (scams are ubiquitous, and not isolated to bitcoin) but rather, the total lack of due diligence being done on these businesses or individuals before sending them money! People seem so bloody eager to give bitcoin, hand over fist, to complete idiots! And I, to my shame, am guilty of this myself.

I am shocked by the number of scams, by the lack of professionalism, and by the general bad vibe associated to Bitcoin.

The worse part is that everyone seems to be powerless, unable to deal with fraud on an international scale. Maybe victims should create a non profit-making organization defending bitcoin users' rights, or something like that.

The most vital step in the plan!

I posted about some trouble I had with bitcoin7 a few weeks ago in this thread: https://bitcointalksearch.org/topic/bitcoin7-not-answering-emails-44390. After that sham of a transaction I experienced with them, I wasn't surprised to learn about this today.

They said that they had some bank trouble, and could not locate my funds. A while after, the transaction I sent was returned to my bank account. I suspect their european bank account may have been frozen, and the payment bounced back.

MyMtcoinicasangotradebitcardshop.com https://bitcointalksearch.org/topic/im-starting-a-new-exchange-47098

How to get rich off of Bitcoin in 4 easy steps:

1. Set up an exchange with timing that coincides with a large amount of distrust in your competition and desperation for alternatives. Name it something reminiscent of the hit 1970's British sci-fi show, Blake's 7 and the 1960 film, The Magnificent Seven.

2. Convince people of your legitimacy by pointing to other businesses you might run and/or by soliciting endorsements.

3. Set up a pyramid referral scheme and have people spam their referral codes all over.

4. "Apologize" for the referral spam and do some half-assed rectification, but only after this advertising for your exchange has thoroughly saturated the market.

5. Wait until your exchange wallets seem to have reached their maximum and then plateaued.

6. Have someone you know "hack" the website and steal the money. Politely sidestep the huge security issue of having all the money in wallets that are internet-accessible (Any exchange should only need like 10% of funds in a readily-available wallet).

7. Say, "Oh no we've been hacked. Welp, we're going out of business. We'll give you whatever money we have left, if we feel like it or are legally forced too somehow. Good luck with recovering your funds legally, suckers, as we're in Slovakia or some shit."

8. Move around the "stolen" BTC a bunch of times, then sell it on another exchange. Wait a minute, actually do that a few steps back, so you can exchange the BTC before your announcement lowers the exchange rate or other exchanges catch on and start looking for suspicious exchanges.

9. High fives all around. Hooker and blow. Pancakes and whipped cream. Ice cream fights. Getting serviced so often by high-price prostitutes that you actually say, for the first time in your life, the uncanny phrase, "Man, I'm really getting tired of all these blowjobs."

10. Buy a zeppelin, a top hat, a gold cane, a pocket watch, a monocle, and a rare, purebred yappy dog named "Captain Flufflebunny III". Travel the world. Use the words "orient," "dark continent," "savages," and "colonies" when speaking of your travels.

11. Moon base.

I lied about how many steps this would take. Lying is very advantageous in getting rich off of this scheme.

Also on the one hand:  Our security was so piss poor that we go hacked and lost a bunch of your money - sorry guys.  We do not have the resources to fix the holes in our security so we are leaving town.

On the other hand:  Give us a bunch of personal information - we promise that even though we admit we have done nothing to fix the holes in our security your information is safe with us, no, really, we are serious.

One reason I can think of off hand would be so that you can get your money.  Although I am not a lawyer, it would surprise me very much if someone could legally avoid 'complying with regulations' by going out of business.  Even in Bulgaria.

So, B7 has figured out a way to get, in addition to the BTC, either the money which was in the B7 accounts or even better, information of probably even more value.  And probably both for anyone dumb enough not to write this one off to...er...'bad luck' to be diplomatic in my terminology.

The reason we need to give this kind of information (passport, license, utility bills, etc.) to Mt. Gox is that they need it to comply with regulations so they can continue our accounts and continue their business.

But, we have already been told by Bitcoin7 that they are discontinuing business!  They do not need all this personal identification information for that.  Remember that Bitcoin7 was originally a verbatim rip off of other exchanges.  This looks like a verbatim rip off of the Mt. Gox account validation procedure.

All they need is a simple way for people to reclaim their accounts so they can give them back whatever money and BTC are left in the “hacked” accounts before they close up shop.

There is absolutely no reason for anyone to send this kind of information to an exchange that is going out of business.

I received this e-mail:
From: [email protected]
Date: Fri, October 7, 2011 10:48 am
Subject: Bitcoin7 Account Access Retrieval
The e-mail was marked as "SPOOFED"; probably by my e-mail provider. According to the e-mail header, it was generated by some PHP script on what seems to be the root account on bitcoin7.com.

By following the link and then logging in with my b7 password, I entered the page that looks just like the screen shot in the post of mizerydearia.

In my case, it said I could only withdraw 0.00 EUR or 0.00 USD, so I didn't even bother submitting any of the requested information.

Considering the type of information they want to have, this really looks like an attempt to identity theft! DON'T FILL IN ANYTHING THAT YOU THINK ISN'T STRICTLY NECESSARY FOR THE WITHDRAWAL TRANSACTION!

For me, the amount of stolen money is about a single day of salary, so I will only spend a limited amount of (otherwise quality-)time in retrieving the money. Are there people who want to cooperate? What kind of action would be appropriate? Personally, I oppose any criminal counter-measures. Does anyone know what we can expect of the Bulgarian legal system?

That is why you should only do business (serious business anyway) with companies where you KNOW who the person behind it is, that is his/her full name, e-mail, phone and physical address is known.

Also, the company must be registered in a decent country, and preferably have insurance if it deals in finance and trade.

I have to agree with this. If I were a criminal, I would have wished that I had thought of this first! Combine the loss of Bitcoins from MyBitcoin, along with the database leak of MtGox, and you end up with a bunch of money AND enough information from your users to perform identity theft! It's brilliant, really.

Under NO circumstance should you provide them with information that they didn't already have. It won't help in verification even IF they are sincere. MtGox didn't even ASK for some of the stuff Bitcoin7 is asking for, and unlike Bitcoin7, MtGox's database was publicly leaked! In fact, I'm surprised that Bitcoin7 didn't just "leak" it themselves to appear more legitimate.

You can achieve practically the same using multi-round, multi-algorithm, multiple salts hashing. Makes the hashed password databases useless as long as people are using long (> passwords.

This is why we use OpenID. Even if someone manages to steal our database, it's worthless to them. There are no passwords in it. We also support two-factor authentication.