Pages:
Author

Topic: BitMarket.Eu has closed down - page 23. (Read 204282 times)

hero member
Activity: 607
Merit: 500
February 16, 2013, 10:53:32 AM
I've closed down the site earlier and basically I'm all day in front of computer right now trying to figure how the hell this happened. I didn't want to share any information until I know exactly what was the cause of this hack. What I do now is that the server was compromised in a way that let attacker know how to access the MySQL database remotely. No hole in scripts were used from what I can tell right now. I don't have any other information to share, though. I hoped to post here some relevant information after I know something, but if that's the case...

I don't know what to say now, really. I really, really wanted this to work. The questionaire ended yesterday and the results were really promising. And now this hack.

The site is not insecure by itself, at least that's the conclusion after my analysis from today. It's true that it was probably me screwed up by leaving a security hole somewhere in the server setup. Maybe it was in PHP, maybe in Apache, or maybe someone sniffed my password to SFTP. That's what I'm trying to solve now. I also wanted to cover this from my own assets gradually, do a security audit on the site, and then go on with the restoration plan. I really hope that, despite this is another sad event for Bitmarket, some people will agree with me on this, that it's better to move on with it than just give up.

Edit: This is the address the Bitcoin were withdrawn to:

http://blockchain.info/pl/address/1Lbcfpaw3uHs3iarBqZ12FYeD5vFwNvY49

Edit 2: The hacker didn't withdraw all that was there, there was ~120 BTC left. I don't know why he withdrawed precisely 620.00 BTC.

The current balance on the site is 54 BTC, and user account balances is exactly 659.13716811 BTC. So there's about 600 BTC missing...
legendary
Activity: 966
Merit: 1001
Energy is Wealth
February 16, 2013, 10:45:30 AM
was about to post draft solution to get everyone 100% of the on hold bitcoins back.
well "mralbi" last post but a hold to that idea. thanks for the info.
sr. member
Activity: 271
Merit: 250
February 16, 2013, 10:16:58 AM
Dear all,
this bullshitting around and lack of intransparency is inacceptable for me! Earlier today I received the following email from the admin which i decided to share here now, since the admin ignored my ultimatum to inform everybody on this on his own initiative:

"Hello,

I wanted  to share a very bad news with you. Yesterday, in the middle of the night, someone hacked in to Bitmarket database and managed to modify his account. Then, he withdrew ~610 BTC from the site. He left about 100 BTC in the wallets.

Right now I'm investigating what happened. It seems that he managed to somehow find my administration console for the database, which wasn't under any gueassable name. This console was password protected (a very long, random password) but he still managed to overcome this somehow. I'm still investigating how this could happen. Right now I've removed this console entirely to prevent any further damage, but I'm devastated Sad. I wrote a message to the email he registered with ([email protected]) literally begging him to return the stolen BTC. If he has any conscience, maybe he'll give it back. But at the moment we are 600 BTC short, and if this sees the light of day (ie. people want to withdraw more than 92 BTC that's currently in the wallets), we're totally screwed.

I know it's much to ask, but do you have any Bitcoins available right now to fill this gap temporarily? There is a small chance that the thief will give this back, but until then… I really don't know what to do now. I didn't have the luxury to screw up again, and when things started to go on the right track, this happens. All this makes me wanting to kill myself. My hands are shaking right now. I won't do this, because I have people to repay. I hope this turns out good… Sorry, I don't have any other idea right now, I just wanted to be 100% honest with you and inform you on this as soon as I saw what happened.
"

I requested from him to close down the site immediately and inform everybody, but he refused to do so and also ignored my ultimatum for this. Now the site is at least closed so no one can make pay-ins anymore, but without any information, which is still inacceptable.

I dont even want to know what is behind this story, but fact is: the site is obviously insecure and everyone should be informed about incidents like this immediately! I am totally upset that i was asked for basically my whole planned investment capital to help out to "hide" the further loss of bitcoins! The idea that I would fill in "gaps" temporarily is just ridiculous.

If it is true that further coins were lost the site should close down immediately and even when i did not like the idea of liquidation earlier i do not see any other way out anymore.

Lets see if we would now get an "official" update on the situation!



hero member
Activity: 607
Merit: 500
February 16, 2013, 02:10:51 AM
I'm sorry about that, I wasn't available at the moment and the bitcoind daemon crashed.
I've restarted it and the site should be up again in a minute.

Also, over the weekend we'll prepare an update about the situation.

Edit: Still "loading wallet...". The wallet.dat is already over 200 MB, so it's very time consuming for bitcoind to start up.

Edit 2: It's up!

[Added at 14:33 CET]
There is another problem with the site which I'm now investigating, that's because it was put up temporarily closed. Please stay tuned for more information.
newbie
Activity: 47
Merit: 0
February 15, 2013, 05:15:01 PM
And he's not been posting here for some time... worrying.

Yup I had 57 coins on sale as well :p
newbie
Activity: 8
Merit: 0
February 15, 2013, 04:48:16 PM
And he's not been posting here for some time... worrying.
newbie
Activity: 47
Merit: 0
February 15, 2013, 02:59:28 PM
Site seems to be down at the moment - if anyone can get hold of the admin it would be appreciated as I was going to start using the site again  Smiley
hero member
Activity: 530
Merit: 500
February 15, 2013, 08:20:51 AM
If you got a legal route.

1. you would have to convince a govent that your bitconz had real world value.
2. Get a civil court to file a judgement against him to recover the loss from future earnings.  (again that could take years.)

This is most likely not an issue at all. Within the EU you can assume it's criminal case and the courts will convict. Please read the following:

http://www.virtualpolicy.net/runescape-theft-dutch-supreme-court-decision.html

There is no plausible "investment" scenario that will ever pay anyone back their bitcoins. The only way to make sure scammers stop scamming is to start convicting some - and this is probably the best case to start with of all available.

BCB
vip
Activity: 1078
Merit: 1002
BCJ
February 14, 2013, 04:35:12 PM
This would probably be a civil matter not a criminal matter so no one will be going to jail.
legendary
Activity: 966
Merit: 1001
Energy is Wealth
February 14, 2013, 01:21:09 PM
Oh what a mess.
Jail is a loss loss situation. If we “win” he (or both) get(s) locked up for what ever long and there (his) life is ruined.  If one of us lives in the same country (may understanding Maciej Trębacz the programmer alias “m4v3r” lives in Poland and Mahkul the boss in Ireland) we go to work, pay tax, so we can feed him and lose the coins as well.

Bitcoin itself is rock solid, but as we all can see there are still weak spots which is a treat to the coin itself. Who is not to say that another exchange shuts up shop tomorrow and the owner(s), say lives in Barbados. Thats why as a community if there is any way forward with this large existing user base its an opportunity which should be used and build upon if in any way possible.
The unique difference to any other new or existing exchange is its large respectable new owners base contrary to some shady characters in a garage who close down at any given day. The current trouble should give the user the confidence that that wont happen ever again.  The volume and number of trades, in say two years time should be many times more than it has been last year on the side simply because many people promoting it in there respected region either verbally, with web-links or on forums......

How about current owner(s) pay 50% immediately taking out a bank loan (far better than have a criminal conviction and jail time) and the other half we find a business plan depending on the outcome of the questionnaire. 4-5 years is a reasonable time-frame for the business.

The donate option in the questionnaire is obvious mend for someone with a very small amount or a fraction of a coin.

Class action law suit yes, he (them) would pay for the rest of his (there) life.

The worst part is the silence of the two.
BCB
vip
Activity: 1078
Merit: 1002
BCJ
February 14, 2013, 11:56:07 AM
sounds like this maver was a talented programmer but not a very smart businessman.

Judging from his photo he seems VERY young so he is probably shitting in his pants right now.



Many of your comments suggest that this was a good and valuable exchange.

Maybe a responsible party or party or parties should step up to take financial responsibility for the site and keep m4v3r on as an UNPAID sys admin to pay off some of his debit.

I have no idea how you could recover the lost sole with exchange fees.

If you got a legal route.

1. you would have to convince a govent that your bitconz had real world value.
2. Get a civil court to file a judgement against him to recover the loss from future earnings.  (again that could take years.)
GsR
newbie
Activity: 34
Merit: 0
February 14, 2013, 11:02:34 AM
newbie
Activity: 8
Merit: 0
February 14, 2013, 09:55:26 AM
I also like to see this restart of bitmarket.eu as a chance to a) win the community back and b) get the users money back step by step, but of course as fast as possible. What I actually don't want, even if it might have sounded from my post before, is someone going to jail. Maver is surely a clever man and did a lot of programming / server maintainence and implementing new features demanded by us, so he on this side doesn't deserve the "scammer" tag. On the other side he did take monetary values which he didn't own and which were trusted to him. What is even with one blind eye, criminal. So now he's still a normal man with (hopefully) no entries in his certificate of conduct at the police, but as soon someone gets the lawyers moving he surely will be judged. The entry will be in his papers for lifetime, so he is marked as a bad guy for his whole life. No one can really be interested in making another persons life hell or play god in this matter. As I stated I don't know him, so I also don't know if he has a family, kids whatever. Any judicial meddling would have a heavy impact on himself and the people around him.

I don't know if many users comming back to bitmarket after the events happening, also no one can say how long the site will work out for everyone. Mr Albi, if you're sure about your work - go on please. The site was very usefull to a lot of people and will be more usefull still with more features. But the users need a sign that they've not lost everything. A debt to a bank of 200.000 or 300.000 Euro is insane to repay, it happens that someone's children are called to duty for their parents debts. But say 1/3 of all the needed money should come from Maver, some money from the investors if they wish and in the end all users will be repaid with say 40%/50% in the first month and the remains step by step. This is a much better deal for everyone than now 10% and 90% lost. So the users see they're not forgotten and there IS a businesplan to resolve over one or two years. And Maver sees he's also not forgotten and can receive help when he shows some risky initiative.
sr. member
Activity: 271
Merit: 250
February 14, 2013, 08:47:36 AM
Thanks BrainGame, very good post i can support basically all you said.

The Coins are gone no matter which option someone choses, thats for sure. Also the "newly" invested money would by far not be enough to make any significant payouts.

But anyway, when we have a chance to implement a bigger peer2peer market also for other products than bitcoins that has already a quite big user basis and everything is separated from the old ownership so we can win the trust back, it might be possible to pay back funds in a slightly faster rate than 100.000 years, lets say 100 years...
newbie
Activity: 8
Merit: 0
February 14, 2013, 08:22:01 AM
First I want to state clearly that this post is not meant for flaming but should give some more considerations about what's happening to bitmarket.eu. The deadline for the survey is comming close and I have to say: there's no real option to choose from.

What happened to me:
In early November 2012 someone bought my last bitcoins I had sold on bitmarket.eu. All seemed ok until the buyer didn't send money. Also to mails came no reaction and I thought of the buyer beeing a scammer. Finally one month after this the "deal" was cancelled on my behalf.

In December popped up a wonderful message from the owner of the website, stating something like "Dear users of bitmarket.eu, by chance I took all your bitcoins you trusted in my guidance, gambled a little bit with them and lost all. But don't worry, I'm still a very honest man and have a pure heart. Btw all the bitcoins are lost. I'm so sorry about your loss, but that's the way it is."

After reading this news a thought appeared in my mind. What if my buyer knew already, that he would not be able to transfer bitcoins out from his account and decided instead to not send money? So he saved money and I'm the one losing bitcoins. Actually this is only a guess, but rumors might have been around earlier and he might have had a glimpse on them. So his decission was wise and I claimed him a scammer undeserved.

So, what can I say to the "restoration plan"? Someone did his maths and posted the results here. With 0.4% fee and a turn-over of bitcoins like bitmarket.eu had last year it would take some hundreds or thousand years to regain that much bitcoins which were lost. So at best every user would wait some years to get full repayment, at worst the bitcoins have gone byebye forever. One or two investors offered help which is from my side very appreciated. But on second thought the investors spend their money on "a dead horse" so to speak, because if you take a look at the "bitcoins currently for sale"-chart you'll easily see that the amount of bitcoins sold dropped extremly compared to last year's sales. As I can 100% understand - noone trusts this website and it's owner anymore.

The options one by one
>I am willing to accept the current restoration plan<
The investors money will be evenly distributed amongst the users and every month will be some more payout IF there are any profits from the revived website. The money of the investors is to this day far less than would be needed to reimburse all users in a sufficient way. I guess the money would only cover 10% at best. The other 90% will come like 0,01% every year, so we're ready in 9000 years. I don't have that much time and I'm not willing to get back only 10% at all.

>I don't want to cooperate<
Liquidation plan blabla, 6% restored, rest lost forever. When I'm not willing to get only 10% back, I'm surely not willing to get even less than this.

>I want to join BitMarket.eu investors<
Sounds nice, invest some money to be part of bitmarket.eu. But wait! What's this? My money was stolen already, so how can I just say "ok, keep it and do as nothing had happened"? Even if there's written lifetime participation I'm not really impressed. There's no guarantee that this lifetime participation will endure more than some years and in the end when there's still no profit all my stolen bitcoins AND my invested money is lost. I don't want to constrain someone to not invest money as everybody can do with his money whatever he likes to. But I would advice at least a second thought, better a third one also if you're willing to invest money in someones busines who scammed you earlier. And if you really think about it, you need a death-proof businesplan how to invest, how much time you need and how much work you have to put in this project. If you don't have a businesplan like I outlined very roughly you can't be a serious businesman.

>I understand the plan but need Bitcoins quickly<
30% repaid at once, but the remaining 70% will be never paid back and cannot be demanded. This is not an option, because if I sign here I never have any claims under public law anymore. I forfeit all my bitcoins for the lousy payout of 30%.

>I want to donate my on hold balance to BitMarket.eu<
Nice, my money was taken away and I can confirm this here. Keep it, doesn't matter, all ok. The best option I've ever read.

>I will decide later/ I have another idea<
Decide later will not bring us users to a suitable end and so I think I have another option which wasn't discussed earlier. The owner of the website, namely Maver, who also took the bitcoins from the users for his own purpose (imagine he had earned let's say one million dollars with OUR bitcoins, ask youself just one question: would he have paid out the users with his profit or would he just have kept all for himself? I think not that anyone of us had ever seen a share of his earnings to be honest) can go to a bank in his country and apply for a loan. Any bank will gladly and with pleasure give money to someone and charge a standard interest rate in return. The loan he can use for paying his debts to all bitmarket users at once. Ok, maybe this sounds like I'm an inhuman monster or an asshole or something else, but I'm only thinking what would be best for all the users. What is better? 2000 people getting scammed and waiting for their bitcoins/money forever? Or one guy who already gambled other peoples money has to pay back a loan to a bank? He might pay ten years or twenty, but actually I don't care. We don't know each other in person, but did take my money. So why should I care what happens to him afterwards? Hardly spoken! If you take something from someone, it's called stealing where I come from. If you steal a lot from many different people it's either called politics or large-scale fraud. Maver can be lucky to "only" repay a debt to a bank in this solution. The other option would be jail. Fraud in this area (~150.000 Euro and more) will be punished with at least one year, but normally more, up to five years. To be sure what I'm writing here in this forum I already contacted my lawyer on this issue. My lawyer also gave me the advice to NOT invest any money to help bitmarket.eu, because IF I would invest money, I would be a part of the company by law. This means in short - if someone goes the long way over lawyers and judges I would be liable for payment of the debts. Easy wordings: Someone wins the process agains bitmarket.eu and Maver and all his investors will have to pay money in equal shares to the guy who won the process. And Maver and the investors would have to pay all fees, salaries and formalities. Investing means entering the boat. After investment you're sitting in the same boat and everybody inherits the open debts. It could be that someone invested out of an unfinished thought and suddenly stands against a bill of let's say 30.000 Euros or more. I don't want honest people to be mixed up with gangsters, so please think about what I said when you start investing in bitmarket.eu.

Finally I just want to state one more thing: The bitcoins have gone, so the owner of the site has to repay the bitcoins' worth with a fixed rate. He will not come from this situation without harm. When he decides to go the way to his bank and repay all users at once, then and only then he can start gaining reputation and honor again. If he's really trustworthy after repaying all users on his own cost people will show appreciation and help him out of the mess, me included. Respect will come slowly and it might be that he will have a hard debt to pay back his bank, but he surely will not be alone then. I don't see a point in giving him bitcoins and/or money beforehand though.

As I said I was talking to a lawyer already and if other people would be interested I'm willing to go the judicial way with them (class-action lawsuit). But hopefully this will not happen and another way without lawyers and judges will be found.   


   
GsR
newbie
Activity: 34
Merit: 0
February 14, 2013, 05:11:58 AM
ultimately, what would be the best option, to get back, the largest number of BTC ?

I think that in this situation the best option is to invest in the site and take the ownership in order to improve it.
The more we are the easier it will be.
I've 101,975 frozen bitcoins and I've choseen this option

I'm also interested in the opinion of the forum on how to try to improve the site and make it profitable quickly.
Any idea ?


Dude.. do you mean you have 101,975 bitcoins, as being over a hundred thousand, AUD2.6m?? Or 101.975 as one hundred coins.. I sort of lost my breath a little there..

@manfred: very good post.. can't wait to hear the answer to that..

In other news.. have any of you noticed that M4v3R has been quite absent this past few days.. there were a lot of questions/accusations/requests/ideas this past few days, and he hasn't comment on any of it..
I'm losing "only" one hundred coins ... as in Europe we mainly use  comma as a decimal separator ....
 Grin OPS NO as I said I'm starting to invest one hundred bitcoins ... (I'm traying to be positive in this situation) and maybe I can add some other fresh money depending on the result of the questionnaire
sr. member
Activity: 271
Merit: 250
February 14, 2013, 04:32:36 AM
i just got a reply with the updated questionnaire figures. I think makhul is the one who lost the most coins
legendary
Activity: 966
Merit: 1001
Energy is Wealth
February 14, 2013, 04:08:32 AM
Here is "m4v3r" twiter acount
https://twitter.com/m4v3r
legendary
Activity: 966
Merit: 1001
Energy is Wealth
February 14, 2013, 04:04:25 AM
If “M4v3R” is not forthcoming, responding to the posts we will have to start standing on “Mahkuls” fingers. He may has become a victim himself, or he sold his coins before the side closed down, who knows.
Still like to see the legal handover info. If his 'friend’ indeed lost him thousands of coins i say he cant be to happy about it and provide some inside info. He will have to do so one way or another.
Here is his active ebay account. http://myworld.ebay.co.uk/mahkul
sr. member
Activity: 271
Merit: 250
February 14, 2013, 02:34:21 AM
indeed absence is not a good sign, the questionnaire expires tomorrow and i also want to see the results asap to be able to discuss the next steps and start the work like convincing "unsure" persons with a good plan, we dont have any time to lose
Pages:
Jump to: