Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation - page 11. (Read 224563 times)

Nah, don't apologize. These three desperados didn't do much other than some brilliant marketing on themselves. Oh, and lie about them being general partners of Bitcoinica. Oh and also take down their shitty "Bitcoin Consultancy" website to cover their asses.

They are the three stooges of the Bitcoin world as they clearly demonstrated by their inefficacy and the multiple retarded posts on this thread.

Nothing. I didn't mean to belittle all that you've done and accomplished, so sorry if it comes across that way.

My only quibble is that seems overstated and exaggerated at times. Your claim to have written a second implementation of the bitcoin protocol "from scratch" is arguable (I highly doubt that you wrote libbitcoin without referencing anything but Satoshi's whitepaper, but I don't care enough to perform code analysis/comparison with the satoshi client under gavin's management). And to nitpick even further, a couple lines of bash script included in the bitcoin core project doesn't quite qualify one as a core bitcoin developer, strictly speaking, to my mind. That is all.



Thank you genjix. This honesty and forwardness is what inspires confidence.


Now, how about the bitcoinica user database? Are there any copies?


EDIT: one additional note just because, with this new disclosure, I do agree with genjix's original post that Zhou was dragging their name through the mud. Everyone remember zhou's original excuse for losing the 40k BTC in the Linode compromise? It was because "the ruby gem didn't support wallet encryption". Zhou has a lot more to learn to than he likes to admit.

To the person above, here's what happened:
- Bitcoinica has an internet mailing list called [email protected]
- It was the email for the website and all sensitive accounts.
- You could request a password for that email. In a production system, that should never be possible.
- Several people had access to this mailing list (non-admins and business people included).
- Patrick got added.
- His personal email was compromised. Normally this shouldn't be a big deal; I use my personal email at internet cafes and public computers.
- Attacker was able to request a new password and login to rackspace.

The assumption here was that [email protected] did not have access to critical infrastructure.

Lastly, it was my fault Patrick's email server got compromised. I had a VPS for programming and development which many people had access to - randoms from #c++ IRC, people from this forum, beginners I was teaching .etc It's a public VPS for development. The SSH key on there was added to Patrick's server because we were developing the bitcoinconsultancy.com website on there (that's why it's now down). My SSH key was stolen and he ssh'ed into the box. Then had access to his emails.

This is so stupid and retarded.

There are 2 full implementations of the Bitcoin protocol, and I wrote one from scratch in C++: https://gitorious.org/libbitcoin

bitcoin-js is unmaintained, and BitCoinJava is a lightclient. I also wrote the first alternative frontend GUI: https://gitorious.org/freecoin and worked with jaromil on many freecoin improvements. I wrote most of the Wiki pages like the Getting started and PHP developer intro: https://en.bitcoin.it/wiki/Main_Page as well as largely writing the original Bitcoin Wikipedia page. That's before I started libbitcoin as a way for developers to easily make alternative Bitcoin clients. I'm also a contributor to Electrum: https://gitorious.org/electrum/server and was one of the people (along with slush and ThomasV) to define the Stratum spec used in it. I am also responsible for the BIP (Bitcoin Improvement Proposal) process: https://en.bitcoin.it/wiki/Bitcoin_Improvement_Proposals (see the title), and have authored 4 BIPs.

What have you done?

I organised the conference, and have written a plethora of articles and tutorials for the community on Bitcoin Media like this. I also helped write the initial stock exchange client for GLBSE and started many other Bitcoin projects that are defunct now but all released as OpenSource including the early version of Intersango - Britcoin. Ironically releasing the source for Britcoin hurt us as people assumed we were connected to third parties that used our software like WBX. We also hired and paid people from the community, and put our own money into growing Bitcoin (and still are). For instance, the conference lost us money and other Bitcoin projects or people we paid went nowhere.

There's other weird stuff going on which may or may not involve Bitcoin Consultancy.  The WBX website has been revised and references to the founder and external parties other than Intersango and Bitcoin Consultancy have been removed.  The founder is now claiming that


There is no mention of how the database came to be erased or who was in control of it when it was erased.  Andre admits to having no control over the exchange site any more but he offers no information about who does have that control or when he relinquished it.  If Bitcoin Consultancy is not actively involved with WBX, it would be in their best interests to publicly say so at this point.

This is the key question. The following is pure speculation.

I'm speculating that there were and are no offsite backups of the database. This would make the claim process nearly impossible (or maybe there is one but it is old, and the older it is the more difficult the claims process). (the hacker is probably submitting claims for each account from various IP addresses, just for lulz). If there were a backup of the database, users could claim their funds simply and quickly using their passwords, which were securely encrypted in the database. (there is of course the possibility of complications making this more difficult, eg if the hacker captured some passwords in plaintext before deleting the database).

If there is no recent offsite database backup is zhou's fault and he knows it, but he is doing damnedest to throw mud at Bitcoin Consultancy and save his ego. If he made no offsite backup could be blamed on his plain-as-day arrogance (why boast that he made the site in four days?) combined with lack of experience (after all, the Linode theft wasn't his fault but at the same could have been prevented had he done sufficient contingency planning).

Of course, Bitcoin Consultancy shares equal blame and the mud sticks. I've had my doubts about them ever since I first heard them claiming to be "core bitcoin developers" (I found precisely one commit by genjix to the satoshi client code, and it was a bash script). Refactoring the satoshi client into libbitcoin wouldn't exactly be easy, but a more productive (and difficult) project would've been bitcoinjs. Patrick may be able to find some vulnerabilities, but he didn't secure his own mail server. Also funky that he would offer a bounty to fix a bug in 80 lines of javascript because he is "not interested in chasing bugs in something I'm not familiar with". Aside from creating and operating Intersango (which by itself is commendable, obviously), they haven't done much to inspire confidence that they can handle running bitcoinica (quite the opposite recently).

One optimistic possibility is that Zhou did make an offsite backup, but he is not sharing it with Bitcoin Consultancy out of pure anger and spite at their fuck-up (Patrick not securing his own e-mail). If he has one, that would make it easy to for him to process claims (they probably do have plenty of coin in cold storage).

If he already shared it with Bitcoin Consultancy, god knows why they are dragging their feet in such an incredibly lame way instead of just processing the claims. (maybe they thought they could buy time so they can re-launch the site before users withdraw their claims and deposit them with competitors supposedly launching soon).

Actually Bruno might be onto something. It kinda seems your English got a million times better overnight, and I am talking about sentence construction and structure, not just grammar.

Can anybody involved setup a communication thread where we can have some information without so much noise?

After I moved to Australia, I changed the computer language to Australian English and my Mac autocorrected everything for me. It's handy when I need to write essays and business documents.

I always use American spelling online, but I didn't bother to change the settings or manually correct the spelling.

So I hope this explains something.

you have missed that he is also a sole shareholder

It still looks like Core Credit is a shelf company, though - there've been no constitution documents lodged.  While it's not uncommon for accountants to set up enterprises in the way you've described, ownership is often transferred down the track because for as long as the accountant or lawyer remains an office-bearer in the company they still have legal liability for its actions (and risk professional sanctions if they don't exercise appropriate oversight).  Heaslip's speciality is taxation, and Bitcoin related businesses certainly have plenty of reasons to structure their enterprises in a manner which minimises any tax burden.  Bitcoin is also fraught with fraud, AML and CTF risks and it would be risky for any accountant to put themselves in a position of liability for such risks if they didn't intend to play any role in ensuring compliance in those areas.  Being a nominal director doesn't exempt you from legal liability.

You can create a bond on GLBSE with a face value of 700 BTC. You will pay the nominal amount if and when Bitcoinica release your funds. You can auction the bond so that you will get whatever the market thinks the debt is worth.

This would be very interesting, since the price of the bond should approximate whatever the market thinks is the probability of Bitcoinica refunding their customers. Prediction market on GLBSE!

repentance, Mr Heaslip is most likely simply a nomini shareholder and director. This means that Bitcoinica LP general partner decided to pay extra 1000-2000 a year to obfuscate who is indeed General Partner of Bitcoinica LP.

This also means that we do not know exactly who is General Partner is and when it changes. It could be any kind of a chain of offshore trusts and companies for all we know.

So was Core Credit essentially a shelf company which no longer had any involvement with Bitcoinica when the hack happened?  This seems unlikely given that Core Credit's bank account was being used for wire transfers on 5 May.  Has another party/entity assumed Mr Heaslip's stake in Core Credit/Bitcoinica?

I ain't backing up shit palooka. Believe what you will, just as people in this thread believed (or not) when I said that Bitcoin Consultancy OWNED Bitcoinica. I personally don't give two shits if BTC-e becomes the #1 bitcoin exchanger.

I know who "Alexi" is. So those half the people involved at ShadowCrew back in the day. Carders have good memory .

Making some serious acusations there mate.

Care to back them up ?

Anybody received a claim yet and got his $$$ back or BTC back ?

Why is BTC-E a scam / cheat

LOL People still fucking hate MtGox, and they are loosing volume by the day to other exchangers (btc-e notably, run by a russian scammer/carder).

Mark though, should be noted, is an honest person (although highly inept), unlike the liars and manipulators at InterSCAMgo.

I hope after the transvestite of a show Bitcoin Consultancy put out on this forum, and after their lies, you would seriously reconsider this. Roger Ver (your partner if I am not mistaken?) is already taking distance from these fools and suggesting that Zhou manage the claim process.

By the way, on a previous post you claimed you knew the true owners of Bitcoinica. Then you claimed also you had 20K stuck with them. What's up with that? Aparently, and according to the capitalist that arranged the investment, Bitcoin consultancy owns and operates Bitcoinica since April 24th.

I respect you and Bitinstant, so I think it would be awesome if you could give an honest reply to this whole mess.

SO AS I SAID EVEN BEFORE THIS WAR GOT STARTED: BITCOIN CONSULTANCY OWNS AND OPERATES BITCOINICA!

And like I said before, take your funds out of INTERSANGO NOW!!

There is no NDA THEY NEED TO RESPECT because they are the GENERAL PARTNERS.

They are just stalling and buying time for their ATTORNEYS to help them run with YOUR MONEY.

Amir, Donald, Patrick: YOU are a bunch of LIARS, and you have been OUTED.

You shoud check the form fields for errors. I read in this thread that when that happens it's some error you have in there and you aren't seeing it because it's not in red. lol