To speak up here and to bring a bit more info into this thread:
- While I know re-using passwords and not using 2 factor is not best-practice. It's hardly industry standard behavior. I've worked in computer security for 15 years, and many seasoned professionals do take the route of "good enough" for a balance of convenience. I've now learned from that mistake and all accounts that support it are 2 factor and randomly generated extremely strong (32char+ random upper/lower/numeric/special) passwords, with zero repeats. While many might like to claim this was shocking and horrible, keep in mind that account is usually used to shift money through quickly, and it was a strong password, only re-used at a few other high security large banks (fiat banks). Also 2 factor is far from standard, I've answered that comment in our own forums. I'm not disputing those things would have (likely) helped in this case, but I'm saying they were a very far cry from being grossly negligent.
- I've already got a formal case opened with local police. Which filing a false police report is a crime here. So if I had done it myself do you think I would have initiated a full investigation into the incident which could result in finding me responsible, and not only result in fraud charges, but charges for false police report? (extending the likely jail time I would serve). No... I'm doing my best to resolve this.
- I've also reported it to mtgox, and glbse right away, I've had MagicalTux and Nefario involved from early on, and I have both of their support in continuing the investigation (and they will be cooperating fully with law enforcement).
- I have documentation of everything that can be documented at this point.
- I'm doing everything I can to work through this. If there is anything else I can do to prove to anyone that I am not the criminal here, Let me know what it is, but unfortunately due to the nature of bitcoin, it's going to be difficult.
Why is it this community automatically assumes that if someone was robbed, they did it to themselves as a scam? I've got a lot of time, energy and my own money involved in trying to make the syndicate a success, and this is hitting me as hard as everyone else for that reason alone. Add to the fact that I'm the one who has to deal with it, investigate, document, and work with police. I'm also the one who has to come up with a plan of action to resolve it, and then add to that everyone else slinging accusations at me. If you think you're pissed about the circumstances, how do you think I feel?
Anyway, I'm going to refrain from getting further involved in this thread, I'm glad someone made a seperate announcement to bring attention to it, but it's quickly devolving into a lynch mob, so I won't be back... I'll try my best to answer questions in the main forum thread at btcsyn, and on the main thread for btcsyn here.
Thanks.
Few points:
I don't work in the security field, but most of these so called security experts are morons. And you are right - they are lazy, if it isn't inconvenient for them they wouldn't do a thing. My fiat bank has two factor authentication for the last 8 years.
Stealing money is a crime too, filing the report doesn't clear you of anything - specifically negligence.