bitfloor needs your help! - page 29.

ErebusBat

hero member

Activity: 560

Merit: 500

I am the one who knocks

Quote from: fcmatt on September 04, 2012, 09:04:42 PM

Quote from: Shadow383 on September 04, 2012, 08:53:11 PM

Wow, somebody at Linode really is making a fortune from Bitcoin Roll Eyes

Linode's stolen what? 80K BTC? About $800k?
Not bad.

i am of the opinion the owner of bitfloor has very little idea what happened.

put it this way.. he put the site back online. does that sound like someone who knows security?

at the very least you nuke the install from orbit, reinstall a clean patched os, recover from backups,

AND fix the darn hole.

I do not think that happened. I would like to know how they got in.

Especially on a supposed semi-airgapped machine. My theory: roman allowed access from his machine for connivence and they compromised THAT which allowed them to pivot into the cold storage server.

Also as to the backun on an unencrypted portion of the disk: this would make no difference if they were logged into the running server, unless the encrypted volume was usually unmounted (which does not sound like it was). It sounds like the machine used encryption, but that only really defeats cold attacks on the disk.

bitcorn

newbie

Activity: 19

Merit: 0

Quote from: unclemantis on September 04, 2012, 07:55:11 PM

Quote from: joesdc on September 04, 2012, 07:52:46 PM

I go to the site and it reads this (which it still reads)

Bitfloor Website
Is currently offline.
It will be back shortly.
I check back later and its up. So I sent 136 coin to my deposit address.
Anyone else think the message on the site should read
DO NOT SEND ANY COIN TO US WE HAVE BEEN HACKED!!!!!
or something of that nature. I only keep my money in coin for less than 24 hours before converting it and got screwed. Guess I stop taking bitcoin cause its too risky.

Speaking like a true Junior.

Imagine how Bitfloor feels right now.

Speaking of Junior League: looking through Google's cache of bitfloor, and maybe I'm just missing something obvious here, but I don't see TOS at all. Did bitfloor users agree to a specific TOS via email, or some form of messaging, or… what?

stoppots

sr. member

Activity: 271

Merit: 250

Sounds like the cold storage was deposited with pirate.

whitslack

full member

Activity: 120

Merit: 144

Quote from: blakdawg on September 04, 2012, 09:19:06 PM

It would be a lot easier if the hackers would accept USD, then we wouldn't have to go to the trouble of converting to BTC so it can be stolen.

LoL! They do. Those hackers are known as "banksters."

blakdawg

member

Activity: 113

Merit: 10

Quote from: giszmo on September 04, 2012, 09:15:14 PM

Maybe we should go for fractional reserve for security. Exchanges don't have to hold any bitcoins and instead of charging addresses, they show withdrawal addresses that were earlier posted to them by people wanting to withdraw. This would only imply a slight delay here and there but provide much more security.

It would be a lot easier if the hackers would accept USD, then we wouldn't have to go to the trouble of converting to BTC so it can be stolen.

Or we could just put the account records on a wiki, and we can just update the wiki when we make deposits and withdrawls. Then the exchange operators wouldn't even need to log in to their own site.

giszmo

legendary

Activity: 1862

Merit: 1114

WalletScrutiny.com

Maybe we should go for fractional reserve for security. Exchanges don't have to hold any bitcoins and instead of charging addresses, they show withdrawal addresses that were earlier posted to them by people wanting to withdraw. This would only imply a slight delay here and there but provide much more security.

fcmatt

legendary

Activity: 2072

Merit: 1001

Quote from: Shadow383 on September 04, 2012, 08:53:11 PM

Wow, somebody at Linode really is making a fortune from Bitcoin Roll Eyes

Linode's stolen what? 80K BTC? About $800k?
Not bad.

i am of the opinion the owner of bitfloor has very little idea what happened.

put it this way.. he put the site back online. does that sound like someone who knows security?

at the very least you nuke the install from orbit, reinstall a clean patched os, recover from backups,

AND fix the darn hole.

I do not think that happened. I would like to know how they got in.

Shadow383

sr. member

Activity: 336

Merit: 250

Wow, somebody at Linode really is making a fortune from Bitcoin Roll Eyes

Linode's stolen what? 80K BTC? About $800k?
Not bad.

jwzguy

hero member

Activity: 868

Merit: 1002

Quote from: DeathAndTaxes on September 04, 2012, 08:37:02 PM

Quote

Roman is trying to do the right thing, with all the information he has available. You guys with USD on the site, please be patient. You can see he tried to let you withdraw, but probably thought it better to make sure he wasn't doing anything illegal as Stephen kept reiterating. There's nothing shady about that. Hopefully he will continue with that soon.

Well sadly Stephen was misinformed and likely turned a bad situation into a worse one. His talk of injunctions and criminal activity were simply false. I am just not certain if it was coming from a place of intentional malfeasance or simple ignorance.

I do agree with you jwzguy, that bitfloor has a lot going for it and the situation isn't intractable.

I completely agree, and I think you're correct. Of course I'm not a lawyer, and not responsible for all that money...I certainly don't blame him for wanting to check. I can only imagine the stress he's going through right now.

Icebreaker - please don't jump to conclusions just because someone here is being very opinionated. From his behavior, I think Roman must agree with you.

repentance

hero member

Activity: 868

Merit: 1000

Quote from: exdirrk on September 04, 2012, 08:22:57 PM

Quote from: Bitcoin Oz on September 04, 2012, 08:12:44 PM

The only people profiting from bitcoin are hackers. Fuck this shit.

I haven't lost anything yet from bitcoin but it does seem like hackers are just having a field day with it. As much as everyone hates Mt.Gox because of the cost to put money on there and the loss of anonymity, it seems like they have the best methods on there. I feel like bit floor should have known better than to have all of their coins in a hot wallet after btc-e and other hacks.

Exchanges are damned if they do and damned if they don't. People want the convenience of being able to do instant withdrawals and transfers without any of the risk.

Small Bitcoin services which hold large amounts of other people's BTC are hacker magnets and intruders know that such services are often one or two man operations without capital reserves to invest in infrastructure. They're soft targets. Security needs to be baked in from the day a service is created but many Bitcoin services are more concerned about rushing to market than they are about security (they probably tell themselves they'll invest in "proper" security once the profits are rolling in, not realising that a rapidly expanding business often makes little or no profit).

Until Bitcoin service providers lift their game security-wise, people should severely limit the amount of BTC they store on such services. Bitcoins stored on a service are always at risk. You accept the risk of them being lost or stolen by leaving them on deposit with a service.

whitslack

full member

Activity: 120

Merit: 144

Quote from: blakdawg on September 04, 2012, 08:32:59 PM

It's also perfectly possible that other exchanges are being hacked in "lifestyle change" amounts but they continue to operate in a combination Ponzi/Flying Dutchman mode, accepting deposits and cheerfully reporting "balances" that are pure fiction, hoping that someday they'll make enough "profit" to earn their way back to solvency, or just because they can't bring themselves to admit that things are broken. The deeper the lies go, the harder it is to come clean.

If an exchange was doing that, some people would probably hold them up as a shining example of a well-run exchange that was impervious to hacks.

I'll point out that Mt.Gox is a Japanese company. The culture over there is even less inclined to admit fiduciary mistakes than it is in the Western world. Look at TEPCO for a prime example. If the underbelly of Mt.Gox were being eroded away by security breaches, they might not say a word.

Bitcoin Oz

hero member

Activity: 686

Merit: 500

Wat

Quote from: exdirrk on September 04, 2012, 08:22:57 PM

Quote from: Bitcoin Oz on September 04, 2012, 08:12:44 PM

The only people profiting from bitcoin are hackers. Fuck this shit.

I haven't lost anything yet from bitcoin but it does seem like hackers are just having a field day with it. As much as everyone hates Mt.Gox because of the cost to put money on there and the loss of anonymity, it seems like they have the best methods on there. I feel like bit floor should have known better than to have all of their coins in a hot wallet after btc-e and other hacks.

Any business researching bitcoin and thinking of accepting them will probably also say "fuck this shit" and avoid it altogether. Especially if their legal department has anything to say about it.

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

Quote

Roman is trying to do the right thing, with all the information he has available. You guys with USD on the site, please be patient. You can see he tried to let you withdraw, but probably thought it better to make sure he wasn't doing anything illegal as Stephen kept reiterating. There's nothing shady about that. Hopefully he will continue with that soon.

Well sadly Stephen was misinformed and likely turned a bad situation into a worse one. His talk of injunctions and criminal activity were simply false. I am just not certain if it was coming from a place of intentional malfeasance or simple ignorance.

I do agree with you jwzguy, that bitfloor has a lot going for it and the situation isn't intractable.

iCEBREAKER

legendary

Activity: 2156

Merit: 1072

Crypto is the separation of Power and State.

Quote from: jwzguy on September 04, 2012, 08:25:25 PM

Roman is trying to do the right thing, with all the information he has available. You guys with USD on the site, please be patient. You can see he tried to let you withdraw, but probably thought it better to make sure he wasn't doing anything illegal as Stephen kept reiterating. There's nothing shady about that. Hopefully he will continue with that soon.

Every dealing I've had with Roman has been both pleasant and very professional. His exchange was by far the best Bitcoin exchange we currently have available to us. I never left holdings there, I just bought and withdrew, so I don't have an immediate financial stake in what happens next. But I implore those of you that are owed USD and BTC to give him chance to settle things in such a way that won't destroy his exchange. Selling securities is one option that could solve this. 24k BTC is a lot but it's not an unrecoverable amount.

How poorly things go from here on out will depend on more than just Roman. Please consider your demands and actions carefully.

I am very willing to wait to withdraw my USD until BitFloor.com has been audited and secured. That is a perfectly reasonable and desirable course of action.

I am not willing to wait to withdraw my USD while overpaid Marxist lawyers debate whether my property is, in fact, actually mine or simply a means to a communal end.

Common sense, common law, and common decency say that the presumption of ownership remains with the original USD depositors.

That is why I have no patience with anyone willing to entertain/support the amoral, collectivist Marxist lawyer POV of negotiable property rights.

blakdawg

member

Activity: 113

Merit: 10

Quote from: Ilikeham on September 04, 2012, 08:23:31 PM

Seems to me these places get hacked at a magic number that fits with a lifestyle change.

Quote from: exdirrk on September 04, 2012, 08:22:57 PM

As much as everyone hates Mt.Gox because of the cost to put money on there and the loss of anonymity, it seems like they have the best methods on there.

Don't forget that we don't know everything. It's perfectly possible that other exchanges are being hacked (broadly speaking) for less than "lifestyle change" amounts, but the operators choose to eat the losses themselves and keep operating (cf. BTC-E a few weeks ago).

It's also perfectly possible that other exchanges are being hacked in "lifestyle change" amounts but they continue to operate in a combination Ponzi/Flying Dutchman mode, accepting deposits and cheerfully reporting "balances" that are pure fiction, hoping that someday they'll make enough "profit" to earn their way back to solvency, or just because they can't bring themselves to admit that things are broken. The deeper the lies go, the harder it is to come clean.

If an exchange was doing that, some people would probably hold them up as a shining example of a well-run exchange that was impervious to hacks.

whitslack

full member

Activity: 120

Merit: 144

Quote from: jwzguy on September 04, 2012, 08:25:25 PM

Every dealing I've had with Roman has been both pleasant and very professional. His exchange was by far the best Bitcoin exchange we currently have available to us.

Likewise. A real class act. In retrospect, he is apparently not a security genius, but that doesn't make him evil or even shady. Once the legal system gets involved, everything slows down to a rate even slower than the Post Office. It's unbearable for those of us accustomed to the lightning-paced world of Bitcoin and the Internet in general, but the legal system is just ploddingly slow, and we'll have to accept that. Roman may not be responding to us right now, but that is because his hands are tied at present by the legal system. He's waiting for it to catch up just as much as we are.

jwzguy

hero member

Activity: 868

Merit: 1002

Roman is trying to do the right thing, with all the information he has available. You guys with USD on the site, please be patient. You can see he tried to let you withdraw, but probably thought it better to make sure he wasn't doing anything illegal as Stephen kept reiterating. There's nothing shady about that. Hopefully he will continue with that soon.

Every dealing I've had with Roman has been both pleasant and very professional. His exchange was by far the best Bitcoin exchange we currently have available to us. I never left holdings there, I just bought and withdrew, so I don't have an immediate financial stake in what happens next. But I implore those of you that are owed USD and BTC to give him chance to settle things in such a way that won't destroy his exchange. Selling securities is one option that could solve this. 24k BTC is a lot but it's not an unrecoverable amount.

How poorly things go from here on out will depend on more than just Roman. Please consider your demands and actions carefully.

Ilikeham

full member

Activity: 238

Merit: 100

Seems to me these places get hacked at a magic number that fits with a lifestyle change.

exdirrk

newbie

Activity: 26

Merit: 0

Quote from: Bitcoin Oz on September 04, 2012, 08:12:44 PM

The only people profiting from bitcoin are hackers. Fuck this shit.

I haven't lost anything yet from bitcoin but it does seem like hackers are just having a field day with it. As much as everyone hates Mt.Gox because of the cost to put money on there and the loss of anonymity, it seems like they have the best methods on there. I feel like bit floor should have known better than to have all of their coins in a hot wallet after btc-e and other hacks.

iCEBREAKER

legendary

Activity: 2156

Merit: 1072

Crypto is the separation of Power and State.

Quote from: unclemantis on September 04, 2012, 07:57:17 PM

Quote from: DannyHamilton on September 04, 2012, 07:54:39 PM

Quote from: unclemantis on September 04, 2012, 07:52:31 PM

Quote from: DannyHamilton on September 04, 2012, 07:46:28 PM

Quote from: unclemantis on September 04, 2012, 07:43:58 PM

I am pretty sure my order did not go through. Just ACH me the amount that I deposited the other day.

Thank you.

Unlikely to occur unless/until BitFloor's legal counsel advises them to proceed. There is a possibility that this will go to courts to determine what BitFloor's liabilities are and how much (if anything) you will get.

If my order never went through then the money is still 100 percent mine.

You can hope so, but until the Terms Of Service are reviewed and all legal options are considered BitFloor isn't likely to agree with you.

That is bullshit. I have a lot of money held up in this MISTAKE. I am trying really hard not to be one of the bad buys but it is a lot of money Sad

In my eyes that is.

Also I TRUST BITCOIN. Just the coin.

Don't worry unclemantis, we USD owners are not the bad guys. The Marxist lawyers infesting our legal system, and their enabling apologists here, are the bad guys.

Are we going to let them tell us we have no property rights, "because bitcoin" or "because MFGlobal?" I say Hell No!

If BitFloor (Roman) doesn't stop listening to them and keeps our USD without our consent, he becomes a bad guy as well. Undecided

Let's hope he decides to respect common law, common sense, and common decency by returning all USD to the rightful owners ASAP.

No court is going to grant bitcoins equal status to USD. Bitcoins are ephemeral virtual tokens produced in an experiment which requires willful, voluntary participation (and thus assumption of associated risks/outcomes).

OTOH, USD are the legal tender of the US. It is beyond ridiculous for BitFloor to steal our USD because of unrelated, unfortunate events pertaining to bitcoins.

Everyone owed USD by BitFloor should let them know we aren't playing, by sending him a Letter of Demand. You don't have to have/be a lawyer to write/send one.

Until there is an official bankruptcy filing, no legal shield exists (besides TOS?) to insulate BitFloor from our lawful demands.

Topic: bitfloor needs your help! - page 29. (Read 177459 times)