Pages:
Author

Topic: bitfloor needs your help! - page 22. (Read 177467 times)

hero member
Activity: 868
Merit: 1002
September 06, 2012, 11:15:38 AM
+1 to jwzguy.

Utterly bizarre people from the same neighborhood might use the same Post Office.



And use the same small telcomm company.  And set up their telcomm plans around the same time.  And pulled a big ol' scam.  Nope, nothing to see here.  Bitfloor definitely just got hacked; no need to believe that a bitcoin operator worked with the "Most famous man (and pedo) in bitcoin" to run off with $200k.  
And both ate food. And breathed air. And wore pants. Any other nonsensical bullshit you want to throw out there?
hero member
Activity: 868
Merit: 1002
September 06, 2012, 11:12:49 AM
anyone notice the title of the thread? I don't see many responses to the plea for help...That said, just because we want Bitcoin to be decentralized and all that jazz, it doesn't mean we shouldn't get law enforcement involved when thefts occur.  It's computer hacking or fraud at the very least.

Excellent point. Bitfloor  has been very good to it's customers. Lowest fees, very easy to use, excellent (and personalized) customer service. No shady "account locking." No information extortion.

How can we help?
1) If you have funds there, be patient. We gave gox forever and a day, and they were making WAY more than Bitfloor. (quadruple the fees on a 10x-100x the volume)
2) Offer to invest in Bitfloor.

Roman, if you're reading this: This thread is clearly not the place to discuss it, but if you're willing to accept investment, that seems like the best way your user base can help you recover ASAP.

I'm not a big enough player to make much of a dent, but I would be willing to invest. It seems like you should start some kind of discussion on going forward with this, if you're considering it.

I also think you should let your accountholders with USD withdraw immediately before any other steps are taken.

Best wishes.
legendary
Activity: 2940
Merit: 1090
September 06, 2012, 11:04:25 AM
I've been watching the #opentransactions channel and it looks like FT & co. are still working out the bugs. Are you sure it's stable enough to "widely deploy"?

All balances have been kept perfectly. I don't think I've actually seen that before, its amazing to me with all we've been through. Seems to me over the decades I got used to financial software always screwing up balances here and there so correcting entries of some sort always ended up being needed. So to me it is amazingly robust. Forcing every change of any balance to have to be signed off on seems to be a very good system.

That said, I want first off lots and lots of test clients deployed so more and more people can test it... The recent bugs have been to do with scaling up; I have been doing load testing, in effect, running lots of scripts automatically placing lots of offers in the markets and, it turned out, mostly without downloading the outcomes thus letting people's account-inboxes grow huge, running into limits of string buffers. So basically, testing to destruction, driving the thing to its limits, yet still all balances remain correct.

-MarkM-
sr. member
Activity: 275
Merit: 250
September 06, 2012, 10:20:49 AM
+1 to jwzguy.

Utterly bizarre people from the same neighborhood might use the same Post Office.



And use the same small telcomm company.  And set up their telcomm plans around the same time.  And pulled a big ol' scam.  Nope, nothing to see here.  Bitfloor definitely just got hacked; no need to believe that a bitcoin operator worked with the "Most famous man (and pedo) in bitcoin" to run off with $200k.  
legendary
Activity: 1400
Merit: 1005
September 06, 2012, 10:18:40 AM
it doesn't mean we shouldn't get law enforcement involved when thefts occur.  It's computer hacking or fraud at the very least.
It doesn't mean he shouldn't get law enforcement involved.

It does seem to fall within one or another of the USA 'computer abuse' laws.

However, if all the existing USD in accounts as of time of hack are honored, I don't see it as a fiscal / monetary issue.

At this point, bitcoins are not "money".
But they are something of value, which means those who held a Bitcoin balance at the exchange have a valid claim to the remaining assets of the company in the event in a liquidation.
sr. member
Activity: 476
Merit: 250
September 06, 2012, 10:01:41 AM
it doesn't mean we shouldn't get law enforcement involved when thefts occur.  It's computer hacking or fraud at the very least.
It doesn't mean he shouldn't get law enforcement involved.

It does seem to fall within one or another of the USA 'computer abuse' laws.

However, if all the existing USD in accounts as of time of hack are honored, I don't see it as a fiscal / monetary issue.

At this point, bitcoins are not "money".
donator
Activity: 1466
Merit: 1048
I outlived my lifetime membership:)
September 06, 2012, 09:55:21 AM
anyone notice the title of the thread? I don't see many responses to the plea for help...That said, just because we want Bitcoin to be decentralized and all that jazz, it doesn't mean we shouldn't get law enforcement involved when thefts occur.  It's computer hacking or fraud at the very least.
donator
Activity: 1218
Merit: 1079
Gerald Davis
September 06, 2012, 09:51:12 AM
+1 to jwzguy.

IIRC Roman even posted a while back that he went on the show because Bruce lived in the same neighborhood.  Utterly bizarre people from the same neighborhood might use the same Post Office.

DUN DUN DUUUUNNNNN
hero member
Activity: 868
Merit: 1002
September 06, 2012, 09:15:50 AM

Nah! Two different box numbers at the same address by two Bitcoiners of which one interviewed the other one on a show that was sponsored by another Bitcoiner. Nothing further to see here.

~Bruno~

Charlie's also been on the show. He is also located close to Bruce. Are you going to say BitInstant also deserves to share whatever shady reputation Bruce has?
Give me a fucking break. They're in NYC and they're involved in Bitcoin. The fact that they're in the same area of a densely populated city doesn't equate to conspiracy.
legendary
Activity: 1680
Merit: 1035
September 06, 2012, 09:13:16 AM


I think a more accurate picture would be the same diagram, but with text reading People who know math, People who know currency, and People who know investing, and with a third of a Bitcoin at the very far tip of each circle, as far away from the center as possible (so, 3 separate pieces of a Bitcoin), and the middle section should just have text saying "NOBODY, Except maybe Satoshi"
legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
September 06, 2012, 09:01:10 AM

Nah! Two different box numbers at the same address by two Bitcoiners of which one interviewed the other one on a show that was sponsored by another Bitcoiner. Nothing further to see here.

~Bruno~
sr. member
Activity: 254
Merit: 250
September 06, 2012, 07:17:41 AM
I've been thinking about a similar method as part of the code for an exchange I'm working on, and it's almost correct other than if somebody has access to your database and knows your rules, they can insert or alter records in the database table that controls your payment processing service.  The solution here would be to have the requests (database records) be nonced & signed.  Preferably with both a server/application private key and a per-user private key derived from the users password.

Please look at Open Transactions system and maybe come help us get it widely deployed...

-MarkM-


I've been watching the #opentransactions channel and it looks like FT & co. are still working out the bugs. Are you sure it's stable enough to "widely deploy"?
legendary
Activity: 2506
Merit: 1010
September 06, 2012, 05:09:10 AM
Why can't someone invent a machine that can be switched on or off to connect to the internet and it's only purpose is to be a bitcoin wallet. It can have a little screen that says how many BTC you have. Just connect and it updates and disconnect. And the main thing would be if you needed to send BTC, it would require you to insert some type of key or swipe a card or something.

That (offline wallet) is one of the requests on the Raspberry Pi thread:

 - https://bitcointalksearch.org/topic/m.1155722
member
Activity: 113
Merit: 10
¿Sabe lo que quiero decir?
September 06, 2012, 05:00:49 AM

I haven't read much of this thread -- do people think this Bitfloor guy didn't just rip them off?  It's just all the more funny if he's in cahoots with Bruce Pedo Wagner. 

Edit:  But yes, only the same P.O. Box Office.  Coincidence?  Eh...

Also, it's probably completely random, and it's nothing that I know about anyways, but both Bitfloor and Bruce Wagner's multiple phone numbers are in the same prefix (646-580-XXXX), which is run by a small company, BandWidth.com.  There are hundreds of prefixes for the 646 area code, and Bandwidth owns 17 . . . kinda coincidental that Bruce and Bitfloor not only use the same post office for their P.O. box, but also use the same telcomm and apparently set up their plans around the same time (assuming that's why the company gave them numbers within the same prefix).  It's like they're in cahoots or something.  
It could be a "virtual office".
member
Activity: 148
Merit: 10
September 06, 2012, 03:04:27 AM
Why can't someone invent a machine that can be switched on or off to connect to the internet and it's only purpose is to be a bitcoin wallet. It can have a little screen that says how many BTC you have. Just connect and it updates and disconnect. And the main thing would be if you needed to send BTC, it would require you to insert some type of key or swipe a card or something.
legendary
Activity: 2940
Merit: 1090
September 06, 2012, 02:14:19 AM
I've been thinking about a similar method as part of the code for an exchange I'm working on, and it's almost correct other than if somebody has access to your database and knows your rules, they can insert or alter records in the database table that controls your payment processing service.  The solution here would be to have the requests (database records) be nonced & signed.  Preferably with both a server/application private key and a per-user private key derived from the users password.

Please look at Open Transactions system and maybe come help us get it widely deployed...

-MarkM-
legendary
Activity: 2940
Merit: 1090
September 06, 2012, 02:12:29 AM
If we can't trust the website giving commands into the hot wallet, [edited:]how can we trust that same website to collect and offer the hot wallet valid and intended commands to pull?
You never fully can trust it, but you can make it more difficult for an attacker by having the hot wallet independently check the incoming commands for deviations from normal patterns which could indicate the website has been compromised.

At the cost of requiring more manual human action you can add more safeguards, like requiring customers to pre-register their withdrawal addresses and transferring a list of valid addresses via sneakernet to the hot wallet every 8 hours. Now an attacker can't break into the website and send the hot wallet a command to withdraw all the bitcoins to some arbitrary address because that address won't be on the authorized list.

I am not really convinced that you cannot set up the system to be trustable.

For example if I base sending out of bitcoins on my having received bitcoin-tokens in a certain account, then it looks to me as if the only way I can get those tokens arriving in my account (and thus triggering a send-out-coins request) is if the hacker has the private keys of a user who has bitcoin-tokens. Those tokens in turn could only have arrived there through a properly signed transaction, and the signatures go all the way back to the account that actually issues the tokens. The whole point of all this signing is so the server does not actually have to be trusted...

-MarkM-
legendary
Activity: 2940
Merit: 1090
September 06, 2012, 02:05:51 AM
It's more the hot wallet I'm trying to understand. It is needed for the exchange to instantly process transactions directed by customers. So there'll always be a kind of command path going from website to wallet, no matter how far away you hide the hot wallet, and we'll have to trust that path we setup ourselves. A good hacker will find that path and command the bitcoind. So there's actually no need to trust our path if we can't trust our website.

Now, of course you can have the hot wallet pull for commands and transactions, but then.. how do you trust the content of those commands and transactions? Because, basically, that is that same public website with input from customers.

If we can't trust the website giving commands into the hot wallet, [edited:]how can we trust that same website to collect and offer the hot wallet valid and intended commands to pull?

The route I am going is to have the customers sign everything using their own private keys.

If a hacker uses their private keys unauthorised that will be totally outside my control and I will have no way even to distinguish between a hacker and the actual customer, since to me the private key is the customer.

This seems nice and safe from my end as service, but admittedly is not going to be very nice for people who let hackers get hold of their private keys.

-MarkM-
sr. member
Activity: 275
Merit: 250
September 06, 2012, 02:02:48 AM
Quote
Roman was on Bruce's show.

It's kinda clever to advertise and talk up the business before cashing it out.  With his cut, maybe Bruce can finally send the poor guy his $951 in BTC from that other thread now. 
sr. member
Activity: 275
Merit: 250
September 06, 2012, 01:59:08 AM

I haven't read much of this thread -- do people think this Bitfloor guy didn't just rip them off?  It's just all the more funny if he's in cahoots with Bruce Pedo Wagner. 

Edit:  But yes, only the same P.O. Box Office.  Coincidence?  Eh...

Also, it's probably completely random, and it's nothing that I know about anyways, but both Bitfloor and Bruce Wagner's multiple phone numbers are in the same prefix (646-580-XXXX), which is run by a small company, BandWidth.com.  There are hundreds of prefixes for the 646 area code, and Bandwidth owns 17 . . . kinda coincidental that Bruce and Bitfloor not only use the same post office for their P.O. box, but also use the same telcomm and apparently set up their plans around the same time (assuming that's why the company gave them numbers within the same prefix).  It's like they're in cahoots or something.  
Pages:
Jump to: