Topic: bitfloor needs your help! - page 28. (Read 177459 times)
Here's a chance for someone to buy part or all of BitFloor. Potential investors include other BTC exchanges, large mining pools, holders of large quantities of BTC and developers of bitcoin and bitcoin related products and services or an angel investor. BitFloor did have a lot of positive characteristics prior to this hack.
Well sadly Stephen was misinformed and likely turned a bad situation into a worse one. His talk of injunctions and criminal activity were simply false. I am just not certain if it was coming from a place of intentional malfeasance or simple ignorance.
Here:
Quote
But once a corporation reaches insolvency, the fiduciary duties that once flowed to equity-holders divert instead to creditors. Again quoting the Delaware Supreme Court, "the corporation's insolvency makes the creditors the principal constituency injured by any fiduciary breaches that diminish the firm's value.
Quote
But once the moment of insolvency arrives, as the Delaware Court of Chancery has explained, "the creditors become the enforcement agents of fiduciary duties because the corporation's wallet cannot handle the legal obligations owed." The court continued: "Because, by contract, the creditors have the right to benefit from the firm's operations until they are fully repaid, it is they who have an interest in ensuring that the directors comply with their traditional fiduciary duties of loyalty and care."
- http://www.faegrebd.com/8365
tl;dr: Things change when your organization becomes insolvent.
I am not a lawyer, but I'm aware that in the U.S., bad things can happen to you as an officer or director if you then take action after establishing insolvency that ends up further harming your creditors -- especially actions which might favor one creditor over another. Now customer funds are even more sacrosanct. My argument was that legal counsel should be obtained BEFORE paying out one single dime.
Roman had reopened the site to allow ACH withdrawals so I was making the argument that the only way to stop it was to get an injunction filed.
Personally, I don't have that many BTC involved and have already mentally booked mine as a total write off. I could see though how Roman might be persuaded because releasing USDs to depositors would mean some people (those with USD balances) would be less pissed off -- though others (those with BTC balances), would be more pissed off. But an insolvent organization no longer does what is best for the company or for its shareholders and instead is in dire need of legal advice before taking further action.
It looks like that might be what then happened.
If a bankruptcy is filed and you had $ or BTC at bitfloor, you should be included on the list of creditors, and you'll get periodic mailings about the progress of the matter.
Now we are getting to the really interesting stuff. If BitFloor does not have any information on how to contact you, how will you get periodic mailings?If some other legal action is filed, there's a pretty good chance you'll be included as a party, which would mean you'll get copies of filings,
See my question above.BitFloor has no ID requirement for BTC withdrawals.
I'd just like to point out the importance of Bitfloor consulting an insolvency specialist and not a general lawyer. You need someone who'll advise you on all of the legal options available and their pros and cons.
Enter Patrick Murck.
This is so exasperating. It's no wonder Bitcoin is becoming a laughing stock. It's simply not enough to claim the blockchain is safe when every service that people use ends up getting hacked and large sums being lost.
I guess it's sort of like the Pirate fiasco, people turned a blind eye to due diligence.
Make sure the bank has a vault before you deposit money in it. If they have nothing to show, your mattress may be a better storage medium.
Someone brought up a great point the other day: since lots of people here never really *earned* the money that their BTC is now worth, they tend to be very careless with where they put them.
shtylman, where physically are you for service of process?
https://bitfloor.com/aboutQuote
Mailing Address
Bitfloor Inc.
27-29 W 60th St. #21053
New York, NY 10023
Bitfloor Inc.
27-29 W 60th St. #21053
New York, NY 10023
Roman recently had traveled or moved possibly out of the country (London ?).
The address is USPS PO Box. Roman went for the conference to london?
Pardon me for adding this, but why is it that the last three major hacks involve the words genjix and conference? Just an observation that may, or may not, have relevance.
~Bruno~
please use phantomcircuit for your accusations: much more fun and he deserved it
shtylman, where physically are you for service of process?
https://bitfloor.com/aboutQuote
Mailing Address
Bitfloor Inc.
27-29 W 60th St. #21053
New York, NY 10023
Bitfloor Inc.
27-29 W 60th St. #21053
New York, NY 10023
Roman recently had traveled or moved possibly out of the country (London ?).
The address is USPS PO Box. Roman went for the conference to london?
Pardon me for adding this, but why is it that the last three major hacks involve the words genjix and conference? Just an observation that may, or may not, have relevance.
~Bruno~
I've already stopped putting any funds in any Bitcoin service. It's obvious few of them have a clue how to secure their sites and there is no way to know who does and who doesn't.
Wrong. There is a way to know. But it requires the code for the entire system, from front end to back end, to be published for public scrutiny. And not just the program code, but the server configs and software versions and everything. In fact, it should be possible for the entire file system of every server to be available via public, read-only, anonymous FTP — minus the one directory containing the private keys and the one directory that holds the database table containing the users' personal information, if such a table exists. There is no reason that the remainder of the systems' contents shouldn't be held out for the light of day to wash over them. Security through obscurity is no security at all. Cryptographic algorithms are secure despite their method of operation being public knowledge. The same should be true of web sites. 
This is so exasperating. It's no wonder Bitcoin is becoming a laughing stock. It's simply not enough to claim the blockchain is safe when every service that people use ends up getting hacked and large sums being lost.
Frankly, if an unencrypted backup of keys was left on the server then the current operators are not worthy of continuing to run the exchange and anyone who places their trust in righting the ship and sailing onwards as if all is ok, is a fool. Is this going to be a payback-over-a-year ordeal or yet another "oops, we were hacked!" type scam. Exactly what is the OP trying to figure out?
I've already stopped putting any funds in any Bitcoin service. It's obvious few of them have a clue how to secure their sites and there is no way to know who does and who doesn't.
Frankly, if an unencrypted backup of keys was left on the server then the current operators are not worthy of continuing to run the exchange and anyone who places their trust in righting the ship and sailing onwards as if all is ok, is a fool. Is this going to be a payback-over-a-year ordeal or yet another "oops, we were hacked!" type scam. Exactly what is the OP trying to figure out?
I've already stopped putting any funds in any Bitcoin service. It's obvious few of them have a clue how to secure their sites and there is no way to know who does and who doesn't.
I don't understand why no one was emailed. For a situation this serious the forum isn't gonna cut it.
it seems likely that BTC sent in AFTER the hack announcement may be set aside in an eventual settlement
What about the people who don't go here. Shouldn't the site have a warning or an e-mail blast? This is kinda like lets post on bitcointalk and hope everyone knows to go read there before sending or god forbid an automated system since they advertized having api for that very reason.
You are 100% correct, there is still nothing on the website to indicate that it is down for anything other than some trivial maintenance. Relying on your customers to read this thread is insane.
I had 4,231 BTC in Bitfloor. I want my money NOW!
Just kidding, lol! Thank God a few months ago I was going to make a HUGE deposit to bitfloor but a very Wise Man told me.."Stay away from that dude, hes a fucking idiot, he uses his personal bank account for deposits and withdrawals.."
I Thank You Sir You Know Who You Are!!
MultiCoin Maria.
Dont hate
Oh look, the forex scammer! And another lie. How predictable.Just kidding, lol! Thank God a few months ago I was going to make a HUGE deposit to bitfloor but a very Wise Man told me.."Stay away from that dude, hes a fucking idiot, he uses his personal bank account for deposits and withdrawals.."
I Thank You Sir You Know Who You Are!!
MultiCoin Maria.
Dont hate
Glad to see that so many people have you on ignore, Leo.
I had 4,231 BTC in Bitfloor. I want my money NOW!
Just kidding, lol! Thank God a few months ago I was going to make a HUGE deposit to bitfloor but a very Wise Man told me.."Stay away from that dude, hes a fucking idiot, he uses his personal bank account for deposits and withdrawals.."
I Thank You Sir You Know Who You Are!!
MultiCoin Maria.
Dont hate
Just kidding, lol! Thank God a few months ago I was going to make a HUGE deposit to bitfloor but a very Wise Man told me.."Stay away from that dude, hes a fucking idiot, he uses his personal bank account for deposits and withdrawals.."
I Thank You Sir You Know Who You Are!!
MultiCoin Maria.
Dont hate
it seems likely that BTC sent in AFTER the hack announcement may be set aside in an eventual settlement
What about the people who don't go here. Shouldn't the site have a warning or an e-mail blast? This is kinda like lets post on bitcointalk and hope everyone knows to go read there before sending or god forbid an automated system since they advertized having api for that very reason.
You are 100% correct, there is still nothing on the website to indicate that it is down for anything other than some trivial maintenance. Relying on your customers to read this thread is insane.
Roman:
If you decide to raise money from investors, please send me a pm.
If you decide to raise money from investors, please send me a pm.
I'm not sure why anyone would use Linode for anything bitcoin related after multiple simultaneous hackings of bitcoin services through the internal customer service panel resulted in barely any response or details from Linode admins.
It is cheap, advertised, and maybe OP did not read the threads about it.
I am going to guess mysql inject, found a crypt pass or plain text pass of OP, then logged in via ssh or web which had no acls.
I'm not sure why anyone would use Linode for anything bitcoin related after multiple simultaneous hackings of bitcoin services through the internal customer service panel resulted in barely any response or details from Linode admins.
It is cheap, advertised, and maybe OP did not read the threads about it.
I am going to guess mysql inject, found a crypt pass or plain text pass of OP, then logged in via ssh or web which had no acls.
I'm not sure why anyone would use Linode for anything bitcoin related after multiple simultaneous hackings of bitcoin services through the internal customer service panel resulted in barely any response or details from Linode admins.
Wow, somebody at Linode really is making a fortune from Bitcoin 
Linode's stolen what? 80K BTC? About $800k?
Not bad.
Linode's stolen what? 80K BTC? About $800k?
Not bad.
i am of the opinion the owner of bitfloor has very little idea what happened.
put it this way.. he put the site back online. does that sound like someone who knows security?
at the very least you nuke the install from orbit, reinstall a clean patched os, recover from backups,
AND fix the darn hole.
I do not think that happened. I would like to know how they got in.
Especially on a supposed semi-airgapped machine. My theory: roman allowed access from his machine for connivence and they compromised THAT which allowed them to pivot into the cold storage server.
Also as to the backun on an unencrypted portion of the disk: this would make no difference if they were logged into the running server, unless the encrypted volume was usually unmounted (which does not sound like it was). It sounds like the machine used encryption, but that only really defeats cold attacks on the disk.
I dunno. He used linode and i would guess to save money it was vps. Not a few dedicated machines.
In b4 pirateat40 ran bitfloor.
Speaking of Junior League: looking through Google's cache of bitfloor, and maybe I'm just missing something obvious here, but I don't see TOS at all. Did bitfloor users agree to a specific TOS via email, or some form of messaging, or… what?
I actually don't remember seeing one, either, and at one point, I DID go looking for one to clarify one of their policies, but wound up just emailing support instead.
Jump to: