Topic: Bitcoinica MtGox account compromised - page 3. (Read 155955 times)

No. Thankfully the concept of nonces and hashes solved that problem decades ago.

(Yes, I'm a LastPass user)


I keep my Bitcoin wallet password in LastPass, and I backup my wallet with Wuala. Thanks to client side encryption, that's just as secure - or more - than any known alternatives.

Disclaimer: I would of course prefer it if I could authorize signed snippets of JavaScript when using LastPass, and it'd be excellent if Wuala went open source. I do however trust those two companies more than I trust any Bitcoin or Bitcoin service developer. If there's a leak, it's likely not from the services that would have a lot to lose.

I think that lastpass is a very excellent system and it is capable of greatly improving information security of a typical company that is using it instead of almost any one other typical method in common use for such purposes. However, last pass must be used correctly.

This means:
1. Using second factor auth for lastpass (except maybe when the team using it is very small and has no really valuable assets at risk, or during transitional period)
2. Not using lastpass for the most valuable passwords such as those which give assess to bank accounts, money, bitcoin wallets, and most of all "other people money".

For 2. probably using keepass with second factor key is a good idea.

That's actually a feature, not a bug. Don't trust the bank, keep your money with you

Bitcoin is pretty-much the only type of money you can stuff in your mattress, without its value being eroded due to inflation.

It all started with the hack way back in May 2012.

Have either of you used LastPass? Its possible to login to your account via the website without downloading/installing anything. Therefore the password does get sent to their servers. Not that any of this is entirely relevant to the situation...



I understand what you are getting at and in the technical sense only I agree. But having access to each system component distributed between different username and password combinations, even if they tend to follow a scheme or formula, still requires more effort to break into each one than to compromise one account that gives access (information) for all of the components. An attack on that one account may for now be technically unfeasible, but combined with a leak and/or stupidity as in this case, the results were far more catastrophic than they might have been had passwords not been centrally stored.

I feel that this whole episode would benefit from a means of questioning the Intersango Trio, Mt Gox and others involved without the mudslinging and angry rants that account for 80% of this thread. We need a clear and detailed chronology of events (which can then be further interrogated) so that everyone is on the same page about what did/not happen. Clear information about the existence of any investigations or legal action would also be helpful in working out solutions to all of the issues described.


BB.

I agree with this.  Plus Bitcoinica+SR is a one,two punch for any serious detractor (law makers).

It just sucks that the Bitcoin world is so screwed up you basically have to stuff your money in your mattress. This is one of the major obstacles to adoption.

wow, this whole fiasco is so amazingly fail it's surreal.

There's no good reason to keep a high % of your BTC in exchanges anyway. I used to have some BTC in exchanges to make payments directly in a convenient manner, but currently I have 0 BTC and 0 FIAT in exchanges. I strongly recommend this approach to everybody, it saved my backside from Bitcoinica's fiasco and from the potential bankruptcy of a certain exchange.

This is a large part of why, despite my general bearishness, I've moved everything off the exchanges as bitcoins in offline wallets.  If MtGox, or any other exchange, is disrupted, at the very least I can get something OTC for the bitcoins or I can keep the value stored as bitcoins and use purchasing power that way.

Sort of.  When the DoJ went after the online gambling providers, they went after the payment processors.  People's money was tied up for ages because the gambling providers didn't have enough reserves on hand to directly pay out people's balances (at least one of them had been co-mingling funds, but that's another story) - the money was in the bank accounts of the payment processors and those were frozen.  While many users did receive their deposits back, it demonstrated the extent to which payment processors are a weak link in the chain.

While it's possible that a regulator might choose to go after one particular exchange, it's just as likely that they'd do what they did with the online gambling drama and go after everyone at once.  There's no question that a sub-set of customers on every exchange are going to be using the exchange to launder money, evade taxes or commit other financial offences.  The offshore poker providers weren't actually breaking any laws in the jurisdictions in which they were licensed.  It pretty much came down to the DoJ having the power to disrupt their business indefinitely if they didn't play ball.  The Bitcoin exchanges are tiny compared to the online poker providers and its unlikely they'd win in a showdown with the US DoJ.

Loup is right that there are a number of US agencies which could really fuck up an exchange's shit pretty much regardless of where that exchange is located.  I just believe that once that particular can of worms is opened they are more likely to go after everyone than after just one exchange.

I'm not sure what the fines are for failure to comply with AML/KYC requirements in the US.  Here in Australia, the fine for either not reporting a transaction as required or reporting it late is up to $1.1 million for an individual and up to $22 million for a company.  A single transaction could have multiple reporting requirements attached to it, so you can get hit with more than one fine for a single transaction.  Big banks might be able to absorb those kinds of fines, but I doubt there's a Bitcoin exchange on the planet which can afford them at this time.

WOW! Simply, wow! It looks to me that if some regulatory body choose to do so, they can walk into any banking institute and demand to see the records of (I will use this example) Intersango. They can simply claim that a certain client of theirs with such-and-such Bitcoin address conducted some illegal transaction and that an investigation is warranted. This account is now closed until we finish our investigation. This could take a week. After a week goes by, they return with another concern of another address and the whole process starts anew, thus freezing the account indefinitely. Furthermore, during the interim, Intersango will not be allowed to open up another bank account in that country, and if incorporated there and choosing to open a bank account in some other country, their incorporation privileges will be revoked. I sure the hell would hate to be such a company in their shoes if such an event did occur.

~Bruno~

More likely someone contacted the bank and told them that people were using it to launder funds, which immediately obligates the bank to investigate activity on the account. 

There's no "massive world-wide investigation" going on.  While it's possible that various international agencies will investigate some of the issues related to the Bitcoinica clusterfuck, it still won't be a "massive" investigation.  As businesses go, Bitcoinica is a piddly little one and it's total debts appear to be just over USD 1 million.  They may well end up being the first Bitcoin related business investigated for financial offences such as facilitating money laundering, facilitating tax evasion, etc but I can't think of any exchange which isn't at risk for that - let's face it, the Bitcoins which pass through Silk Road are being cashed out somewhere.  In fact, if the authorities choose to go down that route, they may do exactly what they did in regard to online gambling and hit everyone at once, shutting down the flow of funds.

One can only speculate that one of the victims of their gross negligence (at the very least) might have threatened Metro Bank with action and forced them to hold funds until an investigation is undertaken. Certainly I would take that action, backed up with a proper legal notice that the funds they are holding in trust are being held criminally, and are currently the subject of a massive world-wide investigation of their enormous breach of their fiduciary responsibility to those they are holding the funds in trust for.

We seem to forget that these are not Bitcoinica's funds, or Intersango's funds, or Zhou's funds, or Tihan's funds. These were amounts, especially the US dollar deposits, that were being held in trust for the performance of certain promised exchange and transactional services. Violating that trust will pierce any veil of business obscurity, and if the company law of New Zealand is anything like the corporate laws in Nevada (the most pierce-proof jurisdiction on the planet) then there is no protection in place for these incompetents, and they will be found personally liable. Especially if someone undertakes to bring charges that can be investigated under US Law, which would include attempted criminal diversion, securities fraud, RICO, illegal operation of a gambling system online, tax evasion, confidence scheming, well the list gets ever longer.

And you can bet your last Satoshi that a bank would want to freeze assets involved in those kinds of charges. Hell, US banks held deposits belonging to the former Shah of Iran for 23 years on a simple memorandum sent to them by the State Department. Imagine how quick and high they will jump when presented with a subpoena?

Probably time to think about being the first kid on your block to file against these gangsters, and stop thinking about how you are going to double down and get rich when they just get past this one new speed bump. They are, quite simply, criminals by any definition of the word, and this will not end up happily for them, or their targeted victims.

There's not a legitimate bank on the planet which would confirm to outsiders that they're investigating activity on one of their customer's accounts.  Depending on the reason for the investigation, it could be seriously illegal to reveal that even to the customer concerned.

Intersango had previously posted that certain forms of withdrawal would be unavailable between 26 and 30 July.

It's not really clear whether their Metro bank account is now in a state of total limbo until the investigation into their account activity is completed.


Or someone who's really pissed off over the Bitcoinica clusterfuck has decided to cause them as much grief as possible.

Does anybody here work closely with a bona fide banking representative that can call Metro Bank and directly inquire, semi-privately, the validity of the above?

Seems to me somebody is planning a vanishing act.

~Bruno~

They're currently having trouble with their bank account, leading to delayed deposits:

several of us have pointed out how minsguided it is to use any common indentifier as a password. I also find it hard to believe their big time fiancer Tihan, would not reconize it as being the API for their GOX acct. Them not changing it is no different thatn if the password had been one of their birthdays and not chaning it.

Once again, no update on Bitcoinica's website, the above being the latest. Are you telling me that everybody who was a client of Bitcoinica visits this forum to get the latest? That every single client of their's knows of the latest hack and that they are now looking at only a 66% refund or, worse, done?

Also, can somebody tell me why Intersango is a wise choice to store/invest hard-earned bitcoins. And before you go there, I feel that Intersango and Bitcoinica are not mutually exclusive.

~Bruno~