Pages:
Author

Topic: bitfloor needs your help! - page 28. (Read 177467 times)

sr. member
Activity: 490
Merit: 251
September 05, 2012, 03:33:07 AM
Here's a chance for someone to buy part or all of BitFloor. Potential investors include other BTC exchanges, large mining pools, holders of large quantities of BTC and developers of bitcoin and bitcoin related products and services or an angel investor. BitFloor did have a lot of positive characteristics prior to this hack.
legendary
Activity: 2506
Merit: 1010
September 05, 2012, 03:10:48 AM
Well sadly Stephen was misinformed and likely turned a bad situation into a worse one.  His talk of injunctions and criminal activity were simply false.  I am just not certain if it was coming from a place of intentional malfeasance or simple ignorance.

Here:

Quote
But once a corporation reaches insolvency, the fiduciary duties that once flowed to equity-holders divert instead to creditors. Again quoting the Delaware Supreme Court, "the corporation's insolvency makes the creditors the principal constituency injured by any fiduciary breaches that diminish the firm's value.

Quote
But once the moment of insolvency arrives, as the Delaware Court of Chancery has explained, "the creditors become the enforcement agents of fiduciary duties because the corporation's wallet cannot handle the legal obligations owed." The court continued: "Because, by contract, the creditors have the right to benefit from the firm's operations until they are fully repaid, it is they who have an interest in ensuring that the directors comply with their traditional fiduciary duties of loyalty and care."

 - http://www.faegrebd.com/8365

tl;dr: Things change when your organization becomes insolvent.

I am not a lawyer, but I'm aware that in the U.S., bad things can happen to you as an officer or director if you then take action after establishing insolvency that ends up further harming your creditors -- especially actions which might favor one creditor over another.  Now customer funds are even more sacrosanct.  My argument was that legal counsel should be obtained BEFORE paying out one single dime.

Roman had reopened the site to allow ACH withdrawals so I was making the argument that the only way to stop it was to get an injunction filed.

Personally, I don't have that many BTC involved and have already mentally booked mine as a total write off.  I could see though how Roman might be persuaded because releasing USDs to depositors would mean some people (those with USD balances) would be less pissed off -- though others (those with BTC balances), would be more pissed off.  But an insolvent organization no longer does what is best for the company or for its shareholders and instead is in dire need of legal advice before taking further action.

It looks like that might be what then happened.
legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
September 05, 2012, 02:51:18 AM
If a bankruptcy is filed and you had $ or BTC at bitfloor, you should be included on the list of creditors, and you'll get periodic mailings about the progress of the matter.
Now we are getting to the really interesting stuff.  If BitFloor does not have any information on how to contact you, how will you get periodic mailings?

If some other legal action is filed, there's a pretty good chance you'll be included as a party, which would mean you'll get copies of filings,
See my question above.


BitFloor has no ID requirement for BTC withdrawals.

I'd just like to point out the importance of Bitfloor consulting an insolvency specialist and not a general lawyer.  You need someone who'll advise you on all of the legal options available and their pros and cons.

Enter Patrick Murck.
sr. member
Activity: 434
Merit: 250
September 05, 2012, 02:31:27 AM
This is so exasperating. It's no wonder Bitcoin is becoming a laughing stock. It's simply not enough to claim the blockchain is safe when every service that people use ends up getting hacked and large sums being lost.

I guess it's sort of like the Pirate fiasco, people turned a blind eye to due diligence.

Make sure the bank has a vault before you deposit money in it. If they have nothing to show, your mattress may be a better storage medium.

Someone brought up a great point the other day: since lots of people here never really *earned* the money that their BTC is now worth, they tend to be very careless with where they put them.
legendary
Activity: 1428
Merit: 1000
September 05, 2012, 01:59:59 AM
shtylman, where physically are you for service of process?
https://bitfloor.com/about

Quote
Mailing Address
Bitfloor Inc.
27-29 W 60th St. #21053
New York, NY 10023

Roman recently had traveled or moved possibly out of the country (London ?). 

The address is USPS PO Box. Roman went for the conference to london?

Pardon me for adding this, but why is it that the last three major hacks involve the words genjix and conference? Just an observation that may, or may not, have relevance.

~Bruno~


please use phantomcircuit for your accusations: much more fun and he deserved it
legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
September 05, 2012, 01:57:42 AM
shtylman, where physically are you for service of process?
https://bitfloor.com/about

Quote
Mailing Address
Bitfloor Inc.
27-29 W 60th St. #21053
New York, NY 10023

Roman recently had traveled or moved possibly out of the country (London ?). 

The address is USPS PO Box. Roman went for the conference to london?

Pardon me for adding this, but why is it that the last three major hacks involve the words genjix and conference? Just an observation that may, or may not, have relevance.

~Bruno~
full member
Activity: 120
Merit: 144
September 05, 2012, 01:07:23 AM
I've already stopped putting any funds in any Bitcoin service. It's obvious few of them have a clue how to secure their sites and there is no way to know who does and who doesn't.
Wrong. There is a way to know. But it requires the code for the entire system, from front end to back end, to be published for public scrutiny. And not just the program code, but the server configs and software versions and everything. In fact, it should be possible for the entire file system of every server to be available via public, read-only, anonymous FTP — minus the one directory containing the private keys and the one directory that holds the database table containing the users' personal information, if such a table exists. There is no reason that the remainder of the systems' contents shouldn't be held out for the light of day to wash over them. Security through obscurity is no security at all. Cryptographic algorithms are secure despite their method of operation being public knowledge. The same should be true of web sites.
hero member
Activity: 784
Merit: 1009
firstbits:1MinerQ
September 05, 2012, 12:50:48 AM
This is so exasperating. It's no wonder Bitcoin is becoming a laughing stock. It's simply not enough to claim the blockchain is safe when every service that people use ends up getting hacked and large sums being lost.

Frankly, if an unencrypted backup of keys was left on the server then the current operators are not worthy of continuing to run the exchange and anyone who places their trust in righting the ship and sailing onwards as if all is ok, is a fool. Is this going to be a payback-over-a-year ordeal or yet another "oops, we were hacked!" type scam. Exactly what is the OP trying to figure out?

I've already stopped putting any funds in any Bitcoin service. It's obvious few of them have a clue how to secure their sites and there is no way to know who does and who doesn't.

sr. member
Activity: 272
Merit: 250
Cryptopreneur
September 04, 2012, 11:49:59 PM
I don't understand why no one was emailed. For a situation this serious the forum isn't gonna cut it.
member
Activity: 148
Merit: 10
September 04, 2012, 11:49:40 PM
it seems likely that BTC sent in AFTER the hack announcement may be set aside in an eventual settlement

What about the people who don't go here. Shouldn't the site have a warning or an e-mail blast? This is kinda like lets post on bitcointalk and hope everyone knows to go read there before sending or god forbid an automated system since they advertized having api for that very reason.

You are 100% correct, there is still nothing on the website to indicate that it is down for anything other than some trivial maintenance. Relying on your customers to read this thread is insane.
Would have saved me 20 bucks. This morning around 3am it was down and then it was running around 5 am so Ithought it was maintence. I made a deposit request at 5 am. Woke up around 4:30 pm and went to chase and made the deposit. I then checked the site and it was down again with no explanation. I emailed support with no response. Why wouldn't he send an email the minute he learned or thought something was wrong to not deposit money if you haven't done it yet.
hero member
Activity: 868
Merit: 1002
September 04, 2012, 11:48:56 PM
I had 4,231 BTC in Bitfloor. I want my money NOW!


Just kidding, lol! Thank God a few months ago I was going to make a HUGE deposit to bitfloor but a very Wise Man told me.."Stay away from that dude, hes a fucking idiot, he uses his personal bank account for deposits and withdrawals.."

I Thank You Sir You Know Who You Are!!

MultiCoin Maria.

Dont hate
Oh look, the forex scammer! And another lie. How predictable.
Glad to see that so many people have you on ignore, Leo.
sr. member
Activity: 832
Merit: 250
September 04, 2012, 11:44:16 PM
I had 4,231 BTC in Bitfloor. I want my money NOW!


Just kidding, lol! Thank God a few months ago I was going to make a HUGE deposit to bitfloor but a very Wise Man told me.."Stay away from that dude, hes a fucking idiot, he uses his personal bank account for deposits and withdrawals.."

I Thank You Sir You Know Who You Are!!

MultiCoin Maria.

Dont hate
member
Activity: 75
Merit: 10
September 04, 2012, 11:33:01 PM
it seems likely that BTC sent in AFTER the hack announcement may be set aside in an eventual settlement

What about the people who don't go here. Shouldn't the site have a warning or an e-mail blast? This is kinda like lets post on bitcointalk and hope everyone knows to go read there before sending or god forbid an automated system since they advertized having api for that very reason.

You are 100% correct, there is still nothing on the website to indicate that it is down for anything other than some trivial maintenance. Relying on your customers to read this thread is insane.
sr. member
Activity: 254
Merit: 250
September 04, 2012, 10:45:27 PM
Roman:

If you decide to raise money from investors, please send me a pm.
sr. member
Activity: 336
Merit: 250
September 04, 2012, 10:42:42 PM
I'm not sure why anyone would use Linode for anything bitcoin related after multiple simultaneous hackings of bitcoin services through the internal customer service panel resulted in barely any response or details from Linode admins.

It is cheap, advertised, and maybe OP did not read the threads about it.

I am going to guess mysql inject, found a crypt pass or plain text pass of OP, then logged in via ssh or web which had no acls.
I'm going to guess someone at linode has a car that seems very expensive for their salary.
legendary
Activity: 2072
Merit: 1001
September 04, 2012, 10:30:05 PM
I'm not sure why anyone would use Linode for anything bitcoin related after multiple simultaneous hackings of bitcoin services through the internal customer service panel resulted in barely any response or details from Linode admins.

It is cheap, advertised, and maybe OP did not read the threads about it.

I am going to guess mysql inject, found a crypt pass or plain text pass of OP, then logged in via ssh or web which had no acls.
hero member
Activity: 840
Merit: 1000
September 04, 2012, 10:27:21 PM
I'm not sure why anyone would use Linode for anything bitcoin related after multiple simultaneous hackings of bitcoin services through the internal customer service panel resulted in barely any response or details from Linode admins.
legendary
Activity: 2072
Merit: 1001
September 04, 2012, 10:23:16 PM
Wow, somebody at Linode really is making a fortune from Bitcoin  Roll Eyes
Linode's stolen what? 80K BTC? About $800k?
Not bad.

i am of the opinion the owner of bitfloor has very little idea what happened.

put it this way.. he put the site back online. does that sound like someone who knows security?

at the very least you nuke the install from orbit, reinstall a clean patched os, recover from backups,

AND fix the darn hole.

I do not think that happened. I would like to know how they got in.

Especially on a supposed semi-airgapped machine.  My theory:  roman allowed access from his machine for connivence and they compromised THAT which allowed them to pivot into the cold storage server.

Also as to the backun on an unencrypted portion of the disk:  this would make no difference if they were logged into the running server, unless the encrypted volume was usually unmounted (which does not sound like it was).  It sounds like the machine used encryption, but that only really defeats cold attacks on the disk.

I dunno. He used linode and i would guess to save money it was vps. Not a few dedicated machines.
sr. member
Activity: 434
Merit: 250
September 04, 2012, 10:16:49 PM
In b4 pirateat40 ran bitfloor.
sr. member
Activity: 449
Merit: 250
September 04, 2012, 10:10:47 PM
Speaking of Junior League: looking through Google's cache of bitfloor, and maybe I'm just missing something obvious here, but I don't see TOS at all. Did bitfloor users agree to a specific TOS via email, or some form of messaging, or… what?

I actually don't remember seeing one, either, and at one point, I DID go looking for one to clarify one of their policies, but wound up just emailing support instead.
Pages:
Jump to: