Pages:
Author

Topic: Bitcoinica MtGox account compromised - page 18. (Read 156012 times)

hero member
Activity: 560
Merit: 500
I am the one who knocks
July 14, 2012, 09:31:34 AM
(Jan tries to dodge the flames thrown by eWallet developers)

...flames...
Actually wouldn't MyWallet qualify?  Except maybe the user decided when to upgrade?
hero member
Activity: 910
Merit: 1005
July 14, 2012, 09:26:23 AM
(Jan tries to dodge the flames thrown by eWallet developers)

Jan
legendary
Activity: 1043
Merit: 1002
July 14, 2012, 09:20:33 AM
...
What we really need is independent auditing of exchanges, ewallets, and similar services. We need independent third parties who can affirm, on a regular basis, that these businesses have assets that exceed their obligations.

Joel, you are absolutely correct.
The hacks we have had over the last year make it vey plain that many Bitcoin users do not understand the security risks associated with trusting their funds with a third party.
I would like to see a list of Bitcoin services/software that meets some community defined minimum requirements. When someone asks "Is this service X safe to use?" the answer should be "If X is not on the list, then don't use it"

Services/software should be divided into categories such as exchanges/wallets/merchants etc, each with its own set of auditing rules.
Being a Bitcoin wallet developer myself I would be happy to have my code reviewed by a third party, and help set the minimum requirements for trusted Bitcoin wallets.

For Bitcoin wallets the list could look something like this:
  • Code that manages private keys must be open source
  • The source code must be peer reviewed by 2 developers from competing wallets
  • Private keys must only be used by software running on hardware controlled by the user
  • The user must be able to export private keys off a wallet at any time
  • The wallet software must have a well defined release procedure
  • The end user must be in control of when to upgrade
  • The people behind the wallet should be publicly known persons, so you can go kick their ass
  • ...
I know that this list will disqualify a bunch of eWallets (read wallets where you send your BTC to a private key that not controlled by you), but to be honest, I don't think that any Bitcoin company is mature enough to manage large amounts of other people's money.
(Jan tries to dodge the flames thrown by eWallet developers)
member
Activity: 96
Merit: 10
July 14, 2012, 09:16:13 AM
I had wiped my mouth quite a while ago after receiving more useless emails from BC. They clearly had not read mine. (Submitted another claim to Zou, out of pure whynotness)

Can someone clarify what sort of people they had refunded in full? So far I know only a few who received half of their recently deposited coins, and it is all just change. They keep ‘allocating’ funds for one or two serious pay outs, but I’m yet to hear any of those are actually being refunded. There was enough money on the books to warrant serious investment via Tihan, plus what you read on the forums, all in all, more than enough to ‘move to Berlin’ and ‘leave’ BC. I have only a couple of p in Intersango, but by association/recommendation had to warn people to get their money off it ASAP. (Looking at their order book, most are left anyway.)

Zou is definitely worried, Tihan, perhaps, had not dealt with ‘uncertain’ funds before. Do we know of any 10k+ refunds so far? Compensation/interest? Just want a clear picture what sort of frisky folk is left with the bag and why they all are so awfully quiet. I mean, one can bend somewhat/thing/one and forget about £1k of ‘play’ money. But it is highly unlikely that 99% of Bitcoinica depositors can.
hero member
Activity: 560
Merit: 500
I am the one who knocks
July 14, 2012, 09:15:26 AM
I also find it likley that bit floor would have flagged it as well.

Also to the hacker: if you want to taint me feel free.
donator
Activity: 3108
Merit: 1166
July 14, 2012, 09:14:37 AM
Beyond unbelievable! You just couldn't make this shit up (unless you actually did, did you?) - at least I couldn't anyway Shocked
hero member
Activity: 1138
Merit: 523
July 14, 2012, 09:02:49 AM
(like how they could transfer 40K$ so easily)..
 hmmm.

Bitinstant and Aurumnexchange other stuff would have raised flags.
member
Activity: 111
Merit: 10
July 14, 2012, 08:19:26 AM
wow, no more news from bitcoinica, no police report, gox don't give many answers(like how they could transfer 40K$ so easily)..
 hmmm.
legendary
Activity: 1372
Merit: 1008
1davout
July 14, 2012, 08:11:38 AM
If gox goes down you can always use intersango...
haha oh god, no
legendary
Activity: 1204
Merit: 1015
July 14, 2012, 08:09:46 AM
I only have one question for Consultancy: "How do you know the hacker got the MtGox password from LastPass and what its master passsword was?"
As always, Zhou is the only one who actually has answers:
I received this email. I was still in the [email protected] mailing list.

I believe that the theft happened much earlier and no one discovered. No one cared about this spammy-look email either (or they don't check their mailbox).


Quote
From: Bitcoinica Sucks <[email protected]>
To: [email protected]
Date: Friday, 13 July 2012 3:39:55 AM
Subject: Bitcoinica is done

THANK YOU FOR YOU SOURCE CODE.

BITCONICA IS NOW OFFICALY DONE!

LASTPAS PASWORD: c02e1a27-5524-449f-ba65-aff9581ddedc

hero member
Activity: 686
Merit: 500
Wat
July 14, 2012, 08:05:06 AM
If gox goes down you can always use intersango...
full member
Activity: 196
Merit: 100
July 14, 2012, 08:00:33 AM
My first post here. I agree that this looks like inside job at worst or incredible negligence (for security counscious group) at best. I hope this all will be handled without too much collateral damage to bitcoin community, specially Roger Ver.

I only have one question for Consultancy: "How do you know the hacker got the MtGox password from LastPass and what its master passsword was?"

As for the lawsuit... I don't think there will be a massive lawsuit, as some believe, if at all. We'll see.

P.S.: When Bitcoinica registered, things looked really well from the outside. I was seriously thinking about depositing some EUR there. I'm glad I didn't.
aq
full member
Activity: 238
Merit: 100
July 14, 2012, 07:59:19 AM
I feel really sad for the people involved, on both sides. Most likely both Bitcoinica and Bitcoin Consultancy will end up being sued big time and I actually support that. What happened was criminal negligence. There is a possibility of an inside job as well and Tihan should be the one to be investigated but so should the Intersango boys. It's an excuse at this point to say that "we didn't know". That counts for little, I hope.

We'll see what happens, I do think that this will become the first major legal case related to Bitcoin, especially now that USD was also stolen. It's going to be interesting. I support the victims (the depositors) and I hope that both Tihan (mostly him) and Bitcoin Consultancy (they are responsible as well at this point) get what they deserve.

As a final note I'll say that I didn't have a single BTC or USD at Bitcoinica. If I had, it would've been small amounts. The depositors need to blame themselves as well for trusting large amounts to a potential bucket shop but the level of absurdness with these "hacks" (a better word is criminal negligence or an inside job) is such that I'm actually supporting the victims now. Bitcoinica and everyone related to it need to be sued in every relevant jurisdiction.

Yeah, I can confirm that there will be a lawsuit and the targets will not be limited to tihan and intersango. it seems they are going to try to lock down gox as well. i dont think they will get that lucky but it seems the net being cast out is massive...
So maybe you succeed in harming/destroying 2/3 of the Bitcoin secondary infrastructure and then we will have these $2 a Bitcoin rate again.
Only question remaining is where can we short it?
full member
Activity: 134
Merit: 100
July 14, 2012, 07:49:43 AM
The question remains why there hasnt been a police report initiated by the owners of bitcoinica. Shouldnt it be them and not yourself that initiates such a thing ? When else do you arbitrarily "inform the police " without the actual people involved doing it ?

We are still discussing this with our legal counsel actually, however filing the theft details pre-emptively from our side may make things easier and faster, and may protect us and our other customers too.

Japan local time when post was:

7:45 AM
Saturday, July 21, 2012
( observing Standard Time )


(Sorry for the 12pt font size)

~Bruno~


Last time I checked, Japan is not a week in the future.
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
July 14, 2012, 07:45:42 AM
Bitcoinica and everyone related to it need to be sued in every relevant jurisdiction.
Unfortunately, I reluctantly find that I have to agree. Anyone considering building a similar service needs to understand that they need to make securing deposits a top priority. It can't be a "we'll get around to it when we get a chance" kind of thing. It costs money to do this right, and the people who do it right will lose business to the people who do it wrong unless there are penalties for doing it wrong.

What we really need is independent auditing of exchanges, ewallets, and similar services. We need independent third parties who can affirm, on a regular basis, that these businesses have assets that exceed their obligations.
legendary
Activity: 2184
Merit: 1056
Affordable Physical Bitcoins - Denarium.com
July 14, 2012, 07:36:01 AM
I feel really sad for the people involved, on both sides. Most likely both Bitcoinica and Bitcoin Consultancy will end up being sued big time and I actually support that. What happened was criminal negligence. There is a possibility of an inside job as well and Tihan should be the one to be investigated but so should the Intersango boys. It's an excuse at this point to say that "we didn't know". That counts for little, I hope.

We'll see what happens, I do think that this will become the first major legal case related to Bitcoin, especially now that USD was also stolen. It's going to be interesting. I support the victims (the depositors) and I hope that both Tihan (mostly him) and Bitcoin Consultancy (they are responsible as well at this point) get what they deserve.

As a final note I'll say that I didn't have a single BTC or USD at Bitcoinica. If I had, it would've been small amounts. The depositors need to blame themselves as well for trusting large amounts to a potential bucket shop but the level of absurdness with these "hacks" (a better word is criminal negligence or an inside job) is such that I'm actually supporting the victims now. Bitcoinica and everyone related to it need to be sued in every relevant jurisdiction.
donator
Activity: 980
Merit: 1000
July 14, 2012, 07:14:14 AM
Reviewing the dendrogram of the theft(https://blockchain.info/tree/11978606), these hackers seem more careless, If I'm right they move bitcoins between addresses that have been used, with multiple transactions that reveal more addresses of the same wallet, addresses that receive payments from pools etc ...

Given that more than an planned attack was opportunism in the wake of the publication of source code, it may have been precipitated.


If someone bothers to report them may even catch.

It looks to me like they are tainting random innocent people.

It remains to be seen if they have done things "properly" or not.
jcp
newbie
Activity: 14
Merit: 0
July 14, 2012, 06:05:42 AM
This is possible. Even if Zhoutong received a fair price, he could still theoretically be held liable for negligently transferring control over the assets of his depositors.

From the facts known to me, this seems like an extremely unlikely way for events to turn. It seems, at least to me, that Zhoutong negotiated in good faith, believed the people he were dealing with were more competent than him to run the business, and had no reason to suspect any of the future problems. I don't know whether his compensation was fair or not, but I understand he was motivated to sell, so it's unlikely he was paid more than the business was worth.


It doesn't matter. I'm not talking about theoreticals, the facts you and I know regarding the ownership transfer is slim-to-none and that's one of the fundamental problems. To postulate that he was not paid more than what the company was worth is indicative of illusory self-confidence in knowledge, unless you are privy to non-public facts that have not been disclosed here (if so, I'm sure people that have lost money would love to know).

If I did not make it clear enough, the lack of public knowledge of ownership transfer creates serious potential for negligence claims against Zhoutong (as he has a fiduciary duty to deposit holders). Transfer of a money service to another entity which has different credit risk/security expertise without disclosure, then having the new entity defaulting on debts is an open and shut case of proximate cause, I disagree with the opinion that it's an unlikely avenue of pursuit in the event of actual default.

To reiterate, assuming that Zhoutong has zero involvement with the theft/loss-of-funds, it is in his personal best interests to ensure/advocate that everyone gets paid back in full.
sr. member
Activity: 252
Merit: 250
July 14, 2012, 05:55:12 AM
PS: Please forgive for posting so often in this thread with what looks like on the surface to be nonsense but, because of the nature of this beast, it's warranted.

It's really not, though. It's like your life revolves around finding some drama in the bitcoin community. Give it a rest go outside and play some golf or whatever old people do these days. Spare us your verbal diarrhea. Your conspiracies and "gotcha" posts are uninformed and universally wrong. I'll leave you with two of my favorite quotes.

"A wise man speaks because he has something to say; a fool because he has to say something."

&

"Conspiracy is easier to understand than complexity"
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
July 14, 2012, 05:18:03 AM
Further, as you implied, if the seller received compensation significantly higher than the true NPV/MTM of the equity, the difference may likely be subject to legal claims even if Zhoutong acted in good faith if the current owners convinced Zhoutong to sell his company so the current owners can strip/steal all the deposits (as the non-disclosure of the ownership transfer was proximate cause for the loss).
This is possible. Even if Zhoutong received a fair price, he could still theoretically be held liable for negligently transferring control over the assets of his depositors.

From the facts known to me, this seems like an extremely unlikely way for events to turn. It seems, at least to me, that Zhoutong negotiated in good faith, believed the people he were dealing with were more competent than him to run the business, and had no reason to suspect any of the future problems. I don't know whether his compensation was fair or not, but I understand he was motivated to sell, so it's unlikely he was paid more than the business was worth.
Pages:
Jump to: