[Emergency ANN] Bitcoinica site is taken offline for security investigation - page 46.

guruvan

hero member

Activity: 532

Merit: 500

Quote from: zhoutong on May 14, 2012, 08:54:50 AM

We are returning all balances AND your unrealized P/L. And we are glad to settle at a negative-spread price, i.e. if you have a profitable position, your get even more; if you have a losing position, you lose less.

I have emphasized this more than once. If you are too impatient to read the posts carefully please don't be so angry.

I''ve read it. You guys declaring prices that you're force liquidating customers is bullshit. You just close up shop, scrape the profits up, and "leave bitcoin" wow.

I think what you're doing is probably resulting in bitcoinica earning a considerable sum, at the expense of the customer.

Settling losing positions at what ever the hell price you declare is bullshit. That's outright theft IMO. But, of course, those perpetrating a theft rarely will regard it as one, will they?

Also, leaving your customers to dig through a fucking forum thread to find out where their money is, and what the company is doing to return the money is also bullshit. - But we've spoken about your utter lack of concern for customer service in the past.

How come there's NOTHING on the bitcoinica.com page STILL?!! There's, of course, not even one single excuse for that. Not one.

My anger will subside when bitcoinica decides it will not steal from it's customer base. As of right now, I stand on my opinion that you retaining the unrealized losses is theft.

jjiimm_64

legendary

Activity: 1876

Merit: 1000

Quote from: hatshepsut on May 14, 2012, 11:00:11 AM

Quote

We are returning all balances AND your unrealized P/L. And we are glad to settle at a negative-spread price, i.e. if you have a profitable position, your get even more; if you have a losing position, you lose less.

So what happens when we spike up?

like right now?

Are you returning all balances AND our unrealized P/L as if we never had a position to begin with?

4.998 4.99854 is a spike up ??

and here I got all excited when I read your 'spike up post' just to find out the market moved like 1% from last night!

hatshepsut

member

Activity: 63

Merit: 10

Quote

We are returning all balances AND your unrealized P/L. And we are glad to settle at a negative-spread price, i.e. if you have a profitable position, your get even more; if you have a losing position, you lose less.

So what happens when we spike up?

like right now?

Are you returning all balances AND our unrealized P/L as if we never had a position to begin with?

jixapori

newbie

Activity: 46

Merit: 0

Quote

We are returning all balances AND your unrealized P/L. And we are glad to settle at a negative-spread price, i.e. if you have a profitable position, your get even more; if you have a losing position, you lose less.

well if your db itself was hacked then it was probably altered... dont forget to filter out all the fake accounts/positions before paying people back

thezerg

legendary

Activity: 1246

Merit: 1010

Nice to see that the BTC price has barely twitched. But has it been too stable over the past few months? Does it signify some large investor with an open buy order at 5 USD?

rjk

sr. member

Activity: 448

Merit: 250

1ngldh

Quote from: zhoutong on May 14, 2012, 08:54:50 AM

We are returning all balances AND your unrealized P/L. And we are glad to settle at a negative-spread price, i.e. if you have a profitable position, your get even more; if you have a losing position, you lose less.

I have emphasized this more than once. If you are too impatient to read the posts carefully please don't be so angry.

People around here are a bit impatient lol.

zhoutong

vip

Activity: 490

Merit: 502

Quote from: guruvan on May 14, 2012, 08:12:06 AM

Quote from: MemoryDealers on May 13, 2012, 09:05:50 PM

I think everyone should keep in mind that the real person/group to be angry with is the hackers, not Bitcoinica.
Anyone who is smart enough to figure out how to steal 18K BTC from Bitcoinica is more than smart enough to do honest work. I hope Zhou goes on to have a long successful career while the hackers and other thieves burn in hell.

Direct your anger towards the hackers!

My anger is directed at the incompetent staff of Bitcoinica, ESPECIALLY their new hires/owners (or w/e the fuck is going on!)

My anger is directed at those, who through their incompetence, will make me lose money on my position

You thieves should be returning everyone's money AT THEIR BASE PRICE and eatin shit yourselves, Bitcoinica. You're making your customers eat shit for your negligence and incompetence.

Can you say "criminal"

or are we too busy congratulating the bitcoinica team members on such a job well done

Sorry, ZT, I don't wish you well until you PAY BACK ALL THE FUCKING MONEY YOU'RE STEALING.

Returning my current account balance is BULLSHIT since you're keeping the unrealized P/L. That's actually criminal in most jurisdictions, and I will be pursuing it in mine since bitcoinica has served Americans.

We are returning all balances AND your unrealized P/L. And we are glad to settle at a negative-spread price, i.e. if you have a profitable position, your get even more; if you have a losing position, you lose less.

I have emphasized this more than once. If you are too impatient to read the posts carefully please don't be so angry.

guruvan

hero member

Activity: 532

Merit: 500

Quote from: muyuu on May 14, 2012, 08:23:29 AM

Quote from: guruvan on May 14, 2012, 08:12:06 AM

Returning my current account balance is BULLSHIT since you're keeping the unrealized P/L. That's actually criminal in most jurisdictions, and I will be pursuing it in mine since bitcoinica has served Americans.

Well... this is what I was talking about before. If they don't hurry up and the valuation of BTC swings substantially, they can be looking at a massive amount of damages to pay.

Look: those who're losing money on their position will want their loss forfeited since they're forced to close it prematurely. Those who're winning, they'll want the profit.
There is no way they can pay that and it will be worse every bit the valuation moves.

We are going to need to be reasonable here. At the end of the day it's going to be very hard for you to get anything at all if they call it quits.

If?

Sue? Hell no, why waste my time. The amount of money I will lose is not significant enough to do that.

However, since they're keeping money, I do think it's time that the regulatory agencies that they're subject to become informed of this potentially criminal action.

TBH, the whole thing looks staged to me. I'm really not buying the story much. I think that this should be investigated by the "proper authorities"

Nyaaan

full member

Activity: 140

Merit: 100

-18547.66867623?
Shouldn't it be just 18547.66867623 (positive coins)?
Correct me if I'm wrong or just ignorant.

muyuu

donator

Activity: 980

Merit: 1000

Quote from: guruvan on May 14, 2012, 08:12:06 AM

Returning my current account balance is BULLSHIT since you're keeping the unrealized P/L. That's actually criminal in most jurisdictions, and I will be pursuing it in mine since bitcoinica has served Americans.

Well... this is what I was talking about before. If they don't hurry up and the valuation of BTC swings substantially, they can be looking at a massive amount of damages to pay.

Look: those who're losing money on their position will want their loss forfeited since they're forced to close it prematurely. Those who're winning, they'll want the profit.
There is no way they can pay that and it will be worse every bit the valuation moves.

We are going to need to be reasonable here. At the end of the day it's going to be very hard for you to get anything at all if they call it quits.

bulanula

hero member

Activity: 518

Merit: 500

Quote from: guruvan on May 14, 2012, 08:12:06 AM

Quote from: MemoryDealers on May 13, 2012, 09:05:50 PM

I think everyone should keep in mind that the real person/group to be angry with is the hackers, not Bitcoinica.
Anyone who is smart enough to figure out how to steal 18K BTC from Bitcoinica is more than smart enough to do honest work. I hope Zhou goes on to have a long successful career while the hackers and other thieves burn in hell.

Direct your anger towards the hackers!

My anger is directed at the incompetent staff of Bitcoinica, ESPECIALLY their new hires/owners (or w/e the fuck is going on!)

My anger is directed at those, who through their incompetence, will make me lose money on my position

You thieves should be returning everyone's money AT THEIR BASE PRICE and eatin shit yourselves, Bitcoinica. You're making your customers eat shit for your negligence and incompetence.

Can you say "criminal"

or are we too busy congratulating the bitcoinica team members on such a job well done

Sorry, ZT, I don't wish you well until you PAY BACK ALL THE FUCKING MONEY YOU'RE STEALING.

Returning my current account balance is BULLSHIT since you're keeping the unrealized P/L. That's actually criminal in most jurisdictions, and I will be pursuing it in mine since bitcoinica has served Americans.

Look at the guy on here called "meelba". He never got anywhere trying to sue Bitcoinica ...

Good luck though !

guruvan

hero member

Activity: 532

Merit: 500

Quote from: MemoryDealers on May 13, 2012, 09:05:50 PM

I think everyone should keep in mind that the real person/group to be angry with is the hackers, not Bitcoinica.
Anyone who is smart enough to figure out how to steal 18K BTC from Bitcoinica is more than smart enough to do honest work. I hope Zhou goes on to have a long successful career while the hackers and other thieves burn in hell.

Direct your anger towards the hackers!

My anger is directed at the incompetent staff of Bitcoinica, ESPECIALLY their new hires/owners (or w/e the fuck is going on!)

My anger is directed at those, who through their incompetence, will make me lose money on my position

You thieves should be returning everyone's money AT THEIR BASE PRICE and eatin shit yourselves, Bitcoinica. You're making your customers eat shit for your negligence and incompetence.

Can you say "criminal"

or are we too busy congratulating the bitcoinica team members on such a job well done

Sorry, ZT, I don't wish you well until you PAY BACK ALL THE FUCKING MONEY YOU'RE STEALING.

Returning my current account balance is BULLSHIT since you're keeping the unrealized P/L. That's actually criminal in most jurisdictions, and I will be pursuing it in mine since bitcoinica has served Americans.

blablahblah

hero member

Activity: 775

Merit: 1000

Quote from: marcus_of_augustus on May 14, 2012, 07:28:02 AM

Good to see the pretenders and lightweights are getting weeded out as need be. Better to go through these kind of stresses, shall we call it 'testing', while the experiment is still beta.

Now anyone who has received 'dirty' coins and wants to give those 'tainted' coins back, if they feel it is the right thing to do, can send them to zhou or who? That weak fungibility is almost worth a bug report or do we need to see it happen a few more times?

Wasn't 'tainting' a MtGox speciality because of supposed regulatory pressure? I think their own security breach must've left a few scars. Perhaps there's a niche for some kind of decentralised/P2P exchange that the banking cronies can't bully?

caston

hero member

Activity: 756

Merit: 500

I think I can see some bitconica spin off filling the void. Hey even vircurex has a open API... why not make an alt-coinica?

marcus_of_augustus

legendary

Activity: 3920

Merit: 2349

Eadem mutata resurgo

Good to see the pretenders and lightweights are getting weeded out as need be. Better to go through these kind of stresses, shall we call it 'testing', while the experiment is still beta.

Now anyone who has received 'dirty' coins and wants to give those 'tainted' coins back, if they feel it is the right thing to do, can send them to zhou or who? That weak fungibility is almost worth a bug report or do we need to see it happen a few more times?

jixapori

newbie

Activity: 46

Merit: 0

without getting into details, obviously these types of compromises can be nipped in the bud in a properly setup system... too late now...

in any case if people are reimbursed then they have nothing to complain about, if they wont be then i assume they are simply out of luck (unless their funds were somehow insured), there is always risk in finance, nothing special about bitcoins in that regard

BTW just in case someone suddenly gets the urge to open their own bank or something, even just an email system requires multiple dedicated machines and i mean more than one or two or three. you can just forget about gmail, vps providers, etc.

realnowhereman

hero member

Activity: 504

Merit: 502

Quote from: zhoutong on May 14, 2012, 04:35:04 AM

We don't have control over the password reset emails. They are sent by Rackspace. Basically, if you have access to one's email, you have access to all his Rackspace servers and Cloud Files.

Well that's okay then -- it's all rackspace's fault?

Ask yourself -- do you think complete access to HSBC's financial computing system can be obtained if you can see one email (bear in mind that a compromised email server is not required to read other people's emails, they travel in plain text through multiple systems)? Would you guess that a virus on the CEO of CitiBank's home laptop would let you transfer all the customer's cash to a Nigerian "prince"?

Anyway; it's easy to be wise after the event. I'm more concerned at the ease of attack of the massive financial institutions of Bitcoin; and the apparent non-recognition of a single point of weakness. More importantly though: an inability to learn from the past. How was the Linode theft achieved -- oh yes, by busting into the VPS management account. How was this theft achieved -- busting into the VPS management account. Did anyone there or at Bitcoin Consultancy not think "changing VPS provider doesn't alter the attack vector, we are as vulnerable as we were"?

(You had multiple people with the root password -- at the very least you could have demanded that rackspace disable the password reset feature for your account.)

muyuu

donator

Activity: 980

Merit: 1000

Quote from: Raoul Duke on May 14, 2012, 04:37:51 AM

http://bgp.he.net/dns/intersango.com#_whois
http://bgp.he.net/dns/intersango.com#_ipinfo
http://bgp.he.net/dns/intersango.com#_dns

At least you can find who they use for hosting, administrative contact and from where they send their emails...
As for the wallet, only they can answer

That doesn't mean much. Rackspace also offers local unmanaged and colo servers in the UK.

Raoul Duke

legendary

Activity: 1358

Merit: 1002

Quote from: realnowhereman on May 14, 2012, 04:27:02 AM

Thanks for the update.

Quote from: zhoutong on May 14, 2012, 04:16:05 AM

- Later we found out that Patrick's email server was compromised, and since he is in our mailing list, all emails sent to [email protected] were delivered to his compromised email account.

I normally don't go in for mud slinging, but Patrick has history. This is "Patrick the self-proclaimed security expert"? This is "Patrick who released all the emails of Intersango's customer base"?

How hard is it to secure an email server? Jeez, the days of ten sendmail hacks a month are long behind us.
Again: emails are postcards; can all you supposed security experts stop treating them as if they are secure point-to-point communications? Why wasn't gpg used for these reset emails?
What raving lunatic has a password reset system going to a mailing list?
A "security expert" with a compromised email server doesn't sound good to me. In all the time he was penetration testing all the other exchanges, he couldn't have done a bit to secure his own servers?
How long has this server been compromised? Is it the Intersango email server? Have all Intersango communications been compromised too?
Is this more than just an email server? What other services were running on this compromised machine?

Quote from: zhoutong on May 14, 2012, 04:16:05 AM

- We are now working on a settlement plan. Patrick is in charge of the claim page.

You'll forgive me if, given the current situation, that that doesn't inspire me with confidence.

So much so, that I think we should all start asking for considerably more detail about how Intersango is organised internally? How much is in the hot wallet there? How is that hot wallet secured? Is Intersango VPS hosted as well? Is it Rackspace too?

http://bgp.he.net/dns/intersango.com#_whois
http://bgp.he.net/dns/intersango.com#_ipinfo
http://bgp.he.net/dns/intersango.com#_dns

At least you can find who they use for hosting, administrative contact and from where they send their emails...
As for the wallet, only they can answer

zhoutong

vip

Activity: 490

Merit: 502

Quote from: realnowhereman on May 14, 2012, 04:27:02 AM

Thanks for the update.

Quote from: zhoutong on May 14, 2012, 04:16:05 AM

- Later we found out that Patrick's email server was compromised, and since he is in our mailing list, all emails sent to [email protected] were delivered to his compromised email account.

I normally don't go in for mud slinging, but Patrick has history. This is "Patrick the self-proclaimed security expert"? This is "Patrick who released all the emails of Intersango's customer base"?

How hard is it to secure an email server? Jeez, the days of ten sendmail hacks a month are long behind us.
Again: emails are postcards; can all you supposed security experts stop treating them as if they are secure point-to-point communications? Why wasn't gpg used for these reset emails?
What raving lunatic has a password reset system going to a mailing list?
A "security expert" with a compromised email server doesn't sound good to me. In all the time he was penetration testing all the other exchanges, he couldn't have done a bit to secure his own servers?
How long has this server been compromised? Is it the Intersango email server? Have all Intersango communications been compromised too?
Is this more than just an email server? What other services were running on this compromised machine?

Quote from: zhoutong on May 14, 2012, 04:16:05 AM

- We are now working on a settlement plan. Patrick is in charge of the claim page.

You'll forgive me if, given the current situation, that that doesn't inspire me with confidence.

So much so, that I think we should all start asking for considerably more detail about how Intersango is organised internally? How much is in the hot wallet there? How is that hot wallet secured? Is Intersango VPS hosted as well? Is it Rackspace too?

We don't have control over the password reset emails. They are sent by Rackspace. Basically, if you have access to one's email, you have access to all his Rackspace servers and Cloud Files.

We use a mailing list for [email protected] for an obvious reason, everyone of us wants to know any email sent to this address. We are registering every single web service with this email address. It's like an automatic mail forwarder that forwards to multiple recipients. It's hosted by Google Apps for Business and Patrick is the only external recipient.

Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation - page 46. (Read 224562 times)