Topic: Bitcoinica MtGox account compromised - page 5. (Read 155955 times)

Tihan and Zhou knew that the LastPass password was the MtGox API key. genjix' claim that no one else did is somewhat strange, it requires three persons where at least one of them claim to be a security expert not to recognize a clearly non-random string for what it is.


LastPass does not contain your passwords. It contains an encrypted version of your passwords - and only you have the encryption key. Storing passwords in LastPass does not make them any more insecure than any other form of password storage you can use - while allowing you to use purely random and very long passwords, no duplicates, for all your other services.

Of course, it requires you to have a good master password (and/or use two factor authentication). LastPass go out of their way in making sure you understand the importance of that, and as I've already written before in a reply to Tihan, you have to be either completely unaware of any security practices or willfully ignorant to select something like an API key (a "known string") as password.

By "willfully ignorant" in this case I do mean that doing so creates a possibility where you can exploit that knowledge to claim a hack where no hack took place, later.

I'm still interested in why, and how, the source code got leaked. That provided the excuse needed for an inside job.


Since you've referenced that email before. Zhou, what's the X-Originating-IP header in the email you got from the claimed hacker that referenced your LastPass account password? Does it match any IP listed in the LastPass log?

(I assume it will turn out to be a anon VPN or TOR exit node)

I believe the "LastPass" hack to be an inside job, from someone being fed up with having to deal with the Bitcoinica mess. I'm less sure the other hacks where.

Sure, but my point was that Intersango can't actually keep the money for the time being. So it's more like "F*** you, we're not giving you your money back, but we're also not benefiting from it in any way whatsoever". It's like the ludicrous speed in Spaceballs.

Yes, you can also email our initiative to [email protected] (which is for the time being also handled by me). Please do not provide any claim IDs, just a forum alias, full name, claimed amounts in BTC/USD.

I bet desire to pay depositors some money would be exactly the development mtgox considers as significant.


"Big creditors", contact lonelyminer.

Vladimir,

It's actually more complicated than that. It appears that a significant proportion of Bitcoinica's deposits are on Mt. Gox, and Mt. Gox froze the account (and are unlikely to unfreeze it until there is significant development).

And that's what we're trying to do in the Bitcoinica Fund Recovery Initiative, unfortunately as you know it's not easy. I'm not a legal specialist, I just try to get as many of the big creditors on board as possible.

That's only worthwhile if you suspect that they have personal assets which could be used to pay creditors.  A liquidator would examine whether the directors of the GP have any personal liability anyway.

I really hope the Bitcoin conference fails miserably this year. The majority of people who were asked for the location didn't even want it to be in London to begin with, but that was just done away with. What's the point of having a BTC conference in the UK, a well known police-state? To be close to and hook up with banksters? This really was the main argument, you will need big 'traditional' finance to support BTC. I believe Bitcoin needs exactly the opposite. Are we sleeping with the enemy now? Who is running this BTC shit anyways? Just some thoughts here on my side. Meanwhile, genjix is doing the conference schedule.  Really?

To the best of my understanding the position of "Intersango trio" now is:

"FUCK YOU ALL! WE WILL KEEP THE MONEY! SUE US! (but our other businesses such as intersango and bitcoin conference in London are safe and you should use/attend it)"

And I would think the victims here are all the depositors, Tihan/Wendon and Zhou. I think that we all need to get together and bring legal action against Bitcoinica GP, and the "Intersango trio" with intent to breach the veil of limited liability based on their alleged gross negligence.

@Bitcoinbulls : I deposited bitcoins, I expect to be paid in bitcoins.

Be payed in USD would be ok ONLY if would have been done in a short time manner. Else, why not in whathever currency is at its lowest right now.

Zhou, I can relate to your unhappiness. Except mine is for financial reasons. Hopefully everything will end well at some point...

And ofc there is no communication and NO updates wathsoever from the intersango guys.
How can 2 of them leave in such horrible circonstances is fucked up. And how can they not communicate is beyond me. They have depressed people here and tehre and they just leave. Come on.

@Bitcoinbulls sorry I probably read you in the wrong way. Yes at this point getting back 70% of the btc would be much better than the current mess. It doesnt mean that all is settled afterwards but everyone would be then much more relaxted and calm.

I would not tell you what some menbers of my familly suggested, they have a rather more "old school" way of handling debtors. Guys from intersango should be pretty happy that all the guys that deposited bitcoin are more civilised than that.

There'll be no more refunds now I'm afraid. They don't even care anymore. And Zhou will get in legal trouble. And that's the way it should be.

Contact Tihan or Wendon (or whoever) and find out how they plan to move forward.

At this point, if they can return just 70% of the BTC, that would IMO be reasonable given the recent price increase. Arguably, its roughly comparable to closing all positions and returning people's funds in USD (BTC valued at $5).

Whatever the final arrangement, the best thing to do now is for the owners to first and foremost announce what their plans are. Hopefully that is return at least the 70% or whatever they have ASAP.

Its going on two weeks now and there has been no word from Tihan other than that "the fund" will pursue legal action against "bitcoinica consultancy". Whatever legal action the fund takes is only indirectly related to depositors' claims, and I personally don't care. I want to know how and when the owners will process claims.

It's legal for me to start a Bitcoinica clone today. I'm quite sure about that. The non-competitive clause was a gentleman agreement and it's not enforceable.

But I'm not in need of money. I still have my Bitcoin and AUD savings and I'm still doing business. I'm just no happy.

I don't really care about my reputation now even. If I start a bank or investment firm in my 30s, I think not many people will still mind putting their money on my hand. And I'm not going to build anything Bitcoin-related in the foreseeable future. I'll simply go back to my SaaS business.

The big problem is the criminal charge. Bitcoin is a big unknown in the legal world and anything can happen if the police touches this case (unlicensed market operation? terrorism? money laundering?). It makes possible things like migration in the future way harder than they should be.

I doubt there's any entity remaining with the ability or will to enforce that restriction. Since they're not doing business, what would their damages be?

I personally trust the buyer and I would bear every responsibility if there were any problems. If Tihan didn't pay for the Linode hack, I would, because it would be my fault to push the responsibility to an unannounced acquirer.

However, I don't trust Patrick, Amir or Donald and I immediately announced it when the change of ownership happens. It's not my decision to contract them either. There is no secret at all in the last change of ownership.

Well whatever it was that was sold.  I remember sometime in Nov or Dec a post by zhoutong stating that he was not interested in partnering or selling the site, yet in the resignation letter the sale already had or was happening.

Zhou did not sell the Delaware entity (xWaylab Inc).


Wouldn't mind betting that there was a covenant in restraint of trade in the sale contract which restrains Zhou from establishing a similar business for a specified period (he sold the IP, so he can't just use that without permission).

And yeah, if you look at the early business histories of some well known entrepreneurs, you'll find some shocking failures among them as well as downright illegal activity.  Nobody even remembers them now - in the wake of subsequent success, they've become campfire stories to be chuckled over.

I am not sure of the majority consensus, but I believe ZT.  If you ever find yourself needing money, if I were you, and I am def. not, would just make a new bitcoinica with your new knowledge of past mistakes.  Let's just say you are the scammer/hacker.  If your next exchange got taken like this again and additionally no one gets paid back, well you can believe people will come for you that time.

I would most likely sign up today if I knew you put enough work into making it better than before security wise.

Well if that lawsuit comes up then it will probably become public anyway.  You should probably get an attorney if yo have not already, and the attorney will tell you to stop talking on this forum and making public statements.  I know you want to protect your reputation but forget about that.

You should really talk to an attorney that knows a thing about business organization laws.  If you made any mistake during the initial creation of bitcoinica in Delaware and how it was sold then you may still be liable even if you had no access to the financials.

Can you confirm that Wendon owns the Bitcoinica domain and IP (you said a while ago that those were what you sold and Patrick's IRC comments which were quoted here strongly suggest that Wendon was the buyer)?

i feel you deserve every bitcent/usd of it.
thank you again for your 5k btc.

i dont believe you are the hacker. but as soon as police is involved i am pretty sure they'll have questions for you.

i wish you all the best.