Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation - page 44. (Read 224562 times)
May 14, 2012, 04:55:42 PM
Damn it ! I almost got an epileptic seizure from that rjk.
Not trolling. I suffer from that and almost got shocked.
Please put a warning up for people like me affected.
May 14, 2012, 04:51:28 PM
Bitcoinica is making news already https://bitcointalksearch.org/topic/2012-05-14-nakedsecuritysophoscom-bitcoin-exchange-gets-attacked-and-loses-81784
May 14, 2012, 04:32:26 PM
They dont even have enough respect for their customers to make a static page to make people aware of the situation..
The page alone would calm a lot of nerves..
The page alone would calm a lot of nerves..
bigassmessage.com/02c95
May 14, 2012, 04:31:12 PM
I don't want to sound like I'm overly defending anyone here, because I'm merely trying to calm the tension here...
It seems the websites (Bitcoinica, the blog, BitcoinConsultancy) are down because they were all hosted with RackSpace (?) and as Zhou said in the OP, they had the servers shut down.
It's part of the process. The MtGox hack, Tradehill Closing, and now this, are all giant clusterfuck situations, but they get dealt with in time. I know it's not an assurance, and no warm-fuzzy feelings are being generated by this, but it's only been a matter of days and I'm sure everyone involved is still trying to get a grip on exactly what may have been compromised, especially with the ominous threat of a "mass leak" overhead, and presumably, far more USD at risk than the BTC that was stolen (Admittedly, my own assumption.) Look at the bright side though, they have stated they are working on methods to reimburse their customers... this is leagues better than something like the MyBitcoin fiasco.
Personally, I still have accounts at Gox that were never recovered.
I still have an open balance at TH that was never recovered.
I probably wont get my Bitcoinica balance back...
...but the reality of the situation is, you can't blame the chieftain of the village you live in if raiders loot and pillage everything in the middle of the night. You can, however, realize that you made the conscious choice to have your BTC/USD held with a 3rd-party, and be cooperative, understanding and patient when it comes to getting it back.
Honestly, I hope everyone gets their money back, myself included, but pitchforks and torches don't help.
My condolences go out to Zhou his team.
Alright... commence with the "OMGWTFBBQ?!?!?"
THERE'D BETTER BE BISON BURGERS... BLALLALSHDLFHALDHFOISDHFOSH!!!!!!!!!!!!!!!!!!!!!!!!!!1111111111111
btw... when is the cole slaw coming in the mail???
May 14, 2012, 04:23:01 PM
We are building an account claim page. You can submit your account information, financial information (balances) and trading information to verify your identity. We will then match with the records we have. If they have matched, we will send Bitcoin balance to your nominated Bitcoin address within 24 hours and USD balance with unrealized P/L to your email as a Mt. Gox code. If you sent the funds to us via Wire (i.e. you don't use Mt. Gox at all), we will try our best to fulfill wire transfer requests.
Current positions will all be liquidated at a settlement price. We haven't decided the price yet, but my personal estimate is 4.98 / 4.94. (All long positions can liquidate at 4.98 and all short positions can liquidate at 4.94, we pay the spread for you.) All unrealized P/L will be settled in USD. If you don't have sufficient USD balance, we will use your BTC to settle, with the mid-point exchange rate (again, we pay the spread).
The page will be up in a few days but I don't have accurate information on this. Patrick is working on the page now. Thanks for your understanding and patience.
Current positions will all be liquidated at a settlement price. We haven't decided the price yet, but my personal estimate is 4.98 / 4.94. (All long positions can liquidate at 4.98 and all short positions can liquidate at 4.94, we pay the spread for you.) All unrealized P/L will be settled in USD. If you don't have sufficient USD balance, we will use your BTC to settle, with the mid-point exchange rate (again, we pay the spread).
The page will be up in a few days but I don't have accurate information on this. Patrick is working on the page now. Thanks for your understanding and patience.
This is just plain wrong. I have had mid- and long-term positions there. Some were in the green, but some were in the red. I didn't have any intention to touch them now, let alone liquidate them fully! Forcing me to do that is nothing more than taking forcefully my money with you. I really hope you reconsider this.
Yup. I'm still reading through all this but I just wanted to interject here and let everyone know -- I'm kinda really pissed off.
May 14, 2012, 04:22:44 PM
You all were scammed..
Zhou is washing his hands of it.. Coincidence he's leaving bitcoin ? lmao
Hello!!!, wake up...
They dont even have enough respect for their customers to make a static page to make people aware of the situation..
The page alone would calm a lot of nerves..
Zhou is washing his hands of it.. Coincidence he's leaving bitcoin ? lmao
Hello!!!, wake up...
They dont even have enough respect for their customers to make a static page to make people aware of the situation..
The page alone would calm a lot of nerves..
May 14, 2012, 04:15:51 PM
I won't be using Intersango's exchange until they post a reply in here. Even then, it isn't likely that I will resume using their exchange. You'll note that on their website they have:
"Intersango offers a secure and reliable way to buy and sell bitcoins. It is developed and run by Bitcoin Consultancy, who have been featured in the news by BBC, CNBC, Wall Street Journal (SmartMoney), Reuters and others. Intersango allows users peace of mind to be confident in our service and their transactions. Our support team is available by email at [email protected] to quickly answer any questions you may have. Please feel free to contact us. We are happy to help."
Perhaps emails to their support email would initiate a response? Assuming, of course, it hasn't been compromised.
"Intersango offers a secure and reliable way to buy and sell bitcoins. It is developed and run by Bitcoin Consultancy, who have been featured in the news by BBC, CNBC, Wall Street Journal (SmartMoney), Reuters and others. Intersango allows users peace of mind to be confident in our service and their transactions. Our support team is available by email at [email protected] to quickly answer any questions you may have. Please feel free to contact us. We are happy to help."
Perhaps emails to their support email would initiate a response? Assuming, of course, it hasn't been compromised.
May 14, 2012, 03:31:22 PM
I think you are reading too much into it. I a guessing AN email account was compromised that allowed for reset password into the server with the wallet.
A simple page really should have been put up for now on bitcoincia.com There are so many easy ways of doing it, even if it just said, were were hacked, we will respond next week. Leaving nothing on that page for this long is not fair to the users.
A simple page really should have been put up for now on bitcoincia.com There are so many easy ways of doing it, even if it just said, were were hacked, we will respond next week. Leaving nothing on that page for this long is not fair to the users.
- Later we found out that Patrick's email server was compromised, and since he is in our mailing list, all emails sent to [email protected] were delivered to his compromised email account.
Read Zhoutong's last posts for the info. 
May 14, 2012, 03:15:57 PM
It looks more and more like a criminal act the long and longer we wait for ANY real action from bitcoinica.
If zhoutong is not the owner, or a decision maker in that company, I don't CARE what he says. I only care what the OWNERS say.
But, wait. The ownership of bitcoinica is a secret? That suggests impropriety in the first place.
Owners and technical managers are silent? That suggests something is seriously wrong.
Yes, we're justified in making any kind of assumptions when the company in question still holds funds in the the form of what is now either a theft, or a "forced loan"
How many trades are taking place with our money right now while bitcoinica shores up it's personal losses to make good on everyone account balance?
Seriously, this smacks of some of the recent wall street type debacles. Trading with customer funds was one of my biggest concerns with bitcoinica. The longer they take with making good on the account balances, the more I suspect that this (criminal act) has taken place.
If zhoutong is not the owner, or a decision maker in that company, I don't CARE what he says. I only care what the OWNERS say.
But, wait. The ownership of bitcoinica is a secret? That suggests impropriety in the first place.
Owners and technical managers are silent? That suggests something is seriously wrong.
Yes, we're justified in making any kind of assumptions when the company in question still holds funds in the the form of what is now either a theft, or a "forced loan"
How many trades are taking place with our money right now while bitcoinica shores up it's personal losses to make good on everyone account balance?
Seriously, this smacks of some of the recent wall street type debacles. Trading with customer funds was one of my biggest concerns with bitcoinica. The longer they take with making good on the account balances, the more I suspect that this (criminal act) has taken place.
Considering that the attack came through an 'email server', I would assume the attacker(s) have the emails. So all the behind the scene information will be coming to light. (i.e. Expect Mass Leaks Soon) Unless, the 'owners' pay off the attacker(s) to not release said information.
One wonders if they encrypted their emails between principle parties?
I think you are reading too much into it. I a guessing AN email account was compromised that allowed for reset password into the server with the wallet.
A simple page really should have been put up for now on bitcoincia.com There are so many easy ways of doing it, even if it just said, were were hacked, we will respond next week. Leaving nothing on that page for this long is not fair to the users.
May 14, 2012, 02:55:10 PM
Loads of speculation, it's late Monday UK time and still no definite news. No reimbursements AFAIK, no claim page, no deadlines.
May 14, 2012, 02:48:33 PM
It looks more and more like a criminal act the long and longer we wait for ANY real action from bitcoinica.
If zhoutong is not the owner, or a decision maker in that company, I don't CARE what he says. I only care what the OWNERS say.
But, wait. The ownership of bitcoinica is a secret? That suggests impropriety in the first place.
Owners and technical managers are silent? That suggests something is seriously wrong.
Yes, we're justified in making any kind of assumptions when the company in question still holds funds in the the form of what is now either a theft, or a "forced loan"
How many trades are taking place with our money right now while bitcoinica shores up it's personal losses to make good on everyone account balance?
Seriously, this smacks of some of the recent wall street type debacles. Trading with customer funds was one of my biggest concerns with bitcoinica. The longer they take with making good on the account balances, the more I suspect that this (criminal act) has taken place.
If zhoutong is not the owner, or a decision maker in that company, I don't CARE what he says. I only care what the OWNERS say.
But, wait. The ownership of bitcoinica is a secret? That suggests impropriety in the first place.
Owners and technical managers are silent? That suggests something is seriously wrong.
Yes, we're justified in making any kind of assumptions when the company in question still holds funds in the the form of what is now either a theft, or a "forced loan"
How many trades are taking place with our money right now while bitcoinica shores up it's personal losses to make good on everyone account balance?
Seriously, this smacks of some of the recent wall street type debacles. Trading with customer funds was one of my biggest concerns with bitcoinica. The longer they take with making good on the account balances, the more I suspect that this (criminal act) has taken place.
Considering that the attack came through an 'email server', I would assume the attacker(s) have the emails. So all the behind the scene information will be coming to light. (i.e. Expect Mass Leaks Soon) Unless, the 'owners' pay off the attacker(s) to not release said information.
One wonders if they encrypted their emails between principle parties?
May 14, 2012, 02:43:25 PM
It looks more and more like a criminal act the long and longer we wait for ANY real action from bitcoinica.
If zhoutong is not the owner, or a decision maker in that company, I don't CARE what he says. I only care what the OWNERS say.
But, wait. The ownership of bitcoinica is a secret? That suggests impropriety in the first place.
Owners and technical managers are silent? That suggests something is seriously wrong.
Yes, we're justified in making any kind of assumptions when the company in question still holds funds in the the form of what is now either a theft, or a "forced loan"
How many trades are taking place with our money right now while bitcoinica shores up it's personal losses to make good on everyone account balance?
Seriously, this smacks of some of the recent wall street type debacles. Trading with customer funds was one of my biggest concerns with bitcoinica. The longer they take with making good on the account balances, the more I suspect that this (criminal act) has taken place.
If zhoutong is not the owner, or a decision maker in that company, I don't CARE what he says. I only care what the OWNERS say.
But, wait. The ownership of bitcoinica is a secret? That suggests impropriety in the first place.
Owners and technical managers are silent? That suggests something is seriously wrong.
Yes, we're justified in making any kind of assumptions when the company in question still holds funds in the the form of what is now either a theft, or a "forced loan"
How many trades are taking place with our money right now while bitcoinica shores up it's personal losses to make good on everyone account balance?
Seriously, this smacks of some of the recent wall street type debacles. Trading with customer funds was one of my biggest concerns with bitcoinica. The longer they take with making good on the account balances, the more I suspect that this (criminal act) has taken place.
You can suspect anything but can you prove it ?
Most likely no. And even if you could prove it, I bet nobody would do anything. The FSP means absolutely nothing in the context of BTC ( only USD funds matter ).
The fact the owners are not stepping up, zhoutong is doing the PR ( and his goodbye bitcoin post ), nobody knows what really happened in terms of the compromise is very disturbing indeed.
Patrick was the guy that made a coding error and sent 512 BTC by mistake to a guy on here. I would be very worried indeed because it seems his email server got compromised.
Add to that the recent "scam" reports about intersango and his deals with mementoVPS that had loads of problems. I am not confident they will set up.
Anything zhoutong is saying about balances is moot since he owns nothing about bitcoinica and only a simple employee AFAIK.
May 14, 2012, 02:38:49 PM
It looks more and more like a criminal act the long and longer we wait for ANY real action from bitcoinica.
If zhoutong is not the owner, or a decision maker in that company, I don't CARE what he says. I only care what the OWNERS say.
But, wait. The ownership of bitcoinica is a secret? That suggests impropriety in the first place.
Owners and technical managers are silent? That suggests something is seriously wrong.
Yes, we're justified in making any kind of assumptions when the company in question still holds funds in the the form of what is now either a theft, or a "forced loan"
How many trades are taking place with our money right now while bitcoinica shores up it's personal losses to make good on everyone account balance?
Seriously, this smacks of some of the recent wall street type debacles. Trading with customer funds was one of my biggest concerns with bitcoinica. The longer they take with making good on the account balances, the more I suspect that this (criminal act) has taken place.
If zhoutong is not the owner, or a decision maker in that company, I don't CARE what he says. I only care what the OWNERS say.
But, wait. The ownership of bitcoinica is a secret? That suggests impropriety in the first place.
Owners and technical managers are silent? That suggests something is seriously wrong.
Yes, we're justified in making any kind of assumptions when the company in question still holds funds in the the form of what is now either a theft, or a "forced loan"
How many trades are taking place with our money right now while bitcoinica shores up it's personal losses to make good on everyone account balance?
Seriously, this smacks of some of the recent wall street type debacles. Trading with customer funds was one of my biggest concerns with bitcoinica. The longer they take with making good on the account balances, the more I suspect that this (criminal act) has taken place.
May 14, 2012, 02:20:06 PM
Quote
I agree. I have been in this forum since September 2010 regularly, and this is the worst handling of an issue. Even more worrying is that amir taaki who I respect and who is with intersango is quiet like a mouse.
This is not a sign of "customer is king attitude" I would have expected[/color]
This is not a sign of "customer is king attitude" I would have expected[/color]
The last thing he said about this matter on this thread that I find interesting is this ...
"I am angry that our name is being dragged through the mud for something we had no part in."
Isn't this his company? LOL
Well, it seems, the initial line was that Intersango just have taken over Bitcoinica management two weeks before the hack and they implied that it is not their fault and therefore it is unfair that their name "is being dragged through the mud".
However, various later reports suggest that this episode is indeed a direct result of Intersango's mismanagement.
This is issue is clear as mud. Intersango or "Bitcoinica LP" should really start talking, silence is deafening. Zhou's statements are not enough until it is acknowledged that he is an official company spokesman.
For all we know Zhou Tong is a FORMER developer and owner and employee of Bitcoinica. Hence we have to assume that whatever he said publicly about this incident is unofficial and no official statement by Bitcoinica LP (NZ) owner and operator of Bitcoinica.com has been issued yet.
Sort of agree. However, he is an acting 'agent' of the company. So what he says does hold weight. e.g. If Prudential's Insurance Agent says: "This policy is going to pay for Meteor strikes." Prudential is obligated to honor any reasonable expectations of that policy as presented even though they didn't actually cover said meteors.
He is an employee, err was.
Curiously, after transfer of knowledge, did he continue to have access to the system? If so, that would be a bad procedure.
May 14, 2012, 02:05:22 PM
Quote
I agree. I have been in this forum since September 2010 regularly, and this is the worst handling of an issue. Even more worrying is that amir taaki who I respect and who is with intersango is quiet like a mouse.
This is not a sign of "customer is king attitude" I would have expected[/color]
This is not a sign of "customer is king attitude" I would have expected[/color]
The last thing he said about this matter on this thread that I find interesting is this ...
"I am angry that our name is being dragged through the mud for something we had no part in."
Isn't this his company? LOL
Well, it seems, the initial line was that Intersango just have taken over Bitcoinica management two weeks before the hack and they implied that it is not their fault and therefore it is unfair that their name "is being dragged through the mud".
However, various later reports suggest that this episode is indeed a direct result of Intersango's mismanagement.
This issue is clear as mud. Intersango or "Bitcoinica LP" should really start talking, silence is deafening. Zhou's statements are not enough until it is acknowledged that he is an official company spokesman.
For all we know Zhou Tong is a FORMER developer and owner and employee of Bitcoinica. Hence we have to assume that whatever he said publicly about this incident is unofficial and no official statement by Bitcoinica LP (NZ) owner and operator of Bitcoinica.com has been issued yet.
Dear Bitcoinica LP, while you are silent the public is quite justified in making the worst possible assumptions and drugging you through the mud.
May 14, 2012, 01:59:38 PM
If ANY Bicoin related service has a problem with maintaining an announcement page on their website (say, because it is hacked). The owner of the service can always contact me, give me HTML or text of announcement for status page. I will quickly set up a static web server listening on a dedicated IP address, and all they would need to do is to point their DNS to a given IP address temporarily. The result will be static status page on their website. Once ready to resume the service, the DNS can be changed back at any time.
Or did you guys lost control of DNS as well?
Or one can use a service like "google sites" for this.
There is no excuse for not communicating with users via the website (domain name) whether it is hacked or not.
The only explanation of lack of communication is that they do not want to tell users anything just yet.
Also if the SSL cert was not encrypted, perhaps it makes sense to revoke it and get a new one. Most CA's will do it for you for free.
Or did you guys lost control of DNS as well?
Or one can use a service like "google sites" for this.
There is no excuse for not communicating with users via the website (domain name) whether it is hacked or not.
The only explanation of lack of communication is that they do not want to tell users anything just yet.
Also if the SSL cert was not encrypted, perhaps it makes sense to revoke it and get a new one. Most CA's will do it for you for free.
May 14, 2012, 01:52:18 PM
Quote
I agree. I have been in this forum since September 2010 regularly, and this is the worst handling of an issue. Even more worrying is that amir taaki who I respect and who is with intersango is quiet like a mouse.
This is not a sign of "customer is king attitude" I would have expected[/color]
This is not a sign of "customer is king attitude" I would have expected[/color]
The last thing he said about this matter on this thread that I find interesting is this ...
"I am angry that our name is being dragged through the mud for something we had no part in."
Isn't this his company? LOL
May 14, 2012, 01:50:45 PM
Is this true? Is their blog, assumingly hosted elsewhere, offline? This would make no sense to me if true. A/the blog, in conjunction with this forum, would/should be the main source of communication to their users for them.
The blog was put up and taken down the same day. 
May 14, 2012, 01:47:56 PM
What is preventing them from putting the site up? If they worry about the attacker logging into customer accounts (which, because they claim the passwords are salted & hashed with bcrypt seems not probable) they could just reset all users' passwords and let them log in using activation code. People that have 2nd auth via Google Authenticator will be even more secure this way*. Doing it like this would enable users to decide for themselves if they want to shut down their positions or not. Doing it on behalf of users against their will is just wrong to me.
*there's always a possibility that the attacker tampered with the database. But it's nearly impossible to tell which data was tampered and which wasn't, so either way they're in pretty hot water.
*there's always a possibility that the attacker tampered with the database. But it's nearly impossible to tell which data was tampered and which wasn't, so either way they're in pretty hot water.
They don't want to risk it.
They don't want to take even further damage on an insecure system, by the looks of it.
I'm pretty sure they would put it back online right now if they could, their time offline is costly for them. They lose prospective users and credibility by the minute. So I guess they just cannot trust the system to put it online even for a minute.
Anyway you do well in voicing your suggestions. Maybe they can actually afford to give it a try, we'll see tomorrow I guess.
It's a bit confusing that they decided to take their blog offline as well. I wonder what are they up to right now. They could do a bit better in the communication front.
Is this true? Is their blog, assumingly hosted elsewhere, offline? This would make no sense to me if true. A/the blog, in conjunction with this forum, would/should be the main source of communication to their users for them.
Please correct me if I'm mistaken.
~Bruno~
Jump to: