[Emergency ANN] Bitcoinica site is taken offline for security investigation - page 62.

N12

donator

Activity: 1610

Merit: 1010

Quote from: ?? on ??

Quote from: N12 on May 12, 2012, 06:06:56 AM

Quote from: zhoutong on May 12, 2012, 05:30:07 AM

But simply, I gave up my sole ownership a long time ago, even before the Linode hack.

You want to tell us Bitcoinica is one of the most legit Bitcoin businesses while you leave its ownership in the shadows for a "long time" (months?!) and deceive us all? I always thought you were the sole owner, and I thought Intersango only very recently took over.

This was public knowledge a long, long time ago.

Surprised to hear this, where was a statement on this made by zhoutong/Bitcoinica?

N12

donator

Activity: 1610

Merit: 1010

Quote from: zhoutong on May 12, 2012, 05:30:07 AM

But simply, I gave up my sole ownership a long time ago, even before the Linode hack.

You want to tell us Bitcoinica is one of the most legit Bitcoin businesses while you leave its ownership in the shadows for a "long time" (months?!) and deceive us all? I always thought you were the sole owner, and I thought Intersango only very recently took over.

WhatsHappening

newbie

Activity: 23

Merit: 0

zhou: How long do we have to wait for our money (BTC or USD) ? Is there any schedule for that ?

dizzy1

full member

Activity: 134

Merit: 100

Why after the linode hack do you still let people reset the root password?

zhoutong

vip

Activity: 490

Merit: 502

Quote from: N12 on May 12, 2012, 05:33:55 AM

You forgot to answer one question.

Quote from: N12 on May 12, 2012, 05:14:33 AM

Quote from: zhoutong on May 12, 2012, 05:03:41 AM

- It's more serious than we thought. We need some additional time to come up with a

Important Disclaimer: I'm not a partner of Bitcoinica LP after the corporate reorganisation. Therefore, I have no financial obligation in this matter as I'm only an employee of Bitcoinica LP responsible for daily operations (no shares, no voting). However, I'll do my best with the team to resolve this problem as quickly as possible and minimize the impact for the community. I appreciate your patience and understanding.

What exactly is more serious? Details?

The more serious thing is that we may need additional time to provide the details. We are working with Rackspace to know more about this issue.

EDIT: There's no additional financial loss. We have revoked the withdrawal API key.

zhoutong

vip

Activity: 490

Merit: 502

Quote from: davout on May 12, 2012, 05:18:29 AM

Quote from: zhoutong on May 12, 2012, 05:03:41 AM

Important Disclaimer: I'm not a partner of Bitcoinica LP after the corporate reorganisation. Therefore, I have no financial obligation in this matter as I'm only an employee of Bitcoinica LP responsible for daily operations (no shares, no voting).

If you're not in charge, maybe the person who actually is should communicate.

I'm representing the company at the moment. I decided to stand out to post this thread because:

- I'm the first one to acknowledge this issue (as the other guys were asleep).
- I'm the usual person communicating about Bitcoinica on this forum.
- Most people assumed that zhoutong = Bitcoinica.

I'm in close communication with Intersango guys so you can voice out whatever you want.

N12

donator

Activity: 1610

Merit: 1010

You forgot to answer one question.

Quote from: N12 on May 12, 2012, 05:14:33 AM

Quote from: zhoutong on May 12, 2012, 05:03:41 AM

- It's more serious than we thought. We need some additional time to come up with a

Important Disclaimer: I'm not a partner of Bitcoinica LP after the corporate reorganisation. Therefore, I have no financial obligation in this matter as I'm only an employee of Bitcoinica LP responsible for daily operations (no shares, no voting). However, I'll do my best with the team to resolve this problem as quickly as possible and minimize the impact for the community. I appreciate your patience and understanding.

What exactly is more serious? Details?

zhoutong

vip

Activity: 490

Merit: 502

Quote from: N12 on May 12, 2012, 05:14:33 AM

Wow, so the Intersango guys are left holding the bag for your incompetence? That was a clever move.

Not sure how they got suckered into this deal before they took over everything.

There's no such thing as "incompetence" in a team. If you have to trace to the root cause, the compromised email server isn't mine, or has anything to do with my development work. Does that mean some people are more competent than the other? Obviously not. We are on the same boat.

There're a lot of details that I'm not supposed to disclose at this moment. But simply, I gave up my sole ownership a long time ago, even before the Linode hack. The Intersango guys are fully aware of everything and they have inspected the code and server configurations for weeks before signing their agreement. They fixed some non-trivial security issues in the past few weeks as well.

rapeghost

sr. member

Activity: 419

Merit: 250

How to ruin a business in 12 months: The Zhoutong Method.

davout

legendary

Activity: 1372

Merit: 1008

1davout

Quote from: freewil on May 12, 2012, 05:16:28 AM

Quote from: zhoutong on May 12, 2012, 05:03:41 AM

- Likely we will either shut down the platform or re-develop entirely (which will take months instead of days).

Why would you need to re-develop for a compromised email server?

This

davout

legendary

Activity: 1372

Merit: 1008

1davout

Quote from: zhoutong on May 12, 2012, 05:03:41 AM

Important Disclaimer: I'm not a partner of Bitcoinica LP after the corporate reorganisation. Therefore, I have no financial obligation in this matter as I'm only an employee of Bitcoinica LP responsible for daily operations (no shares, no voting).

If you're not in charge, maybe the person who actually is should communicate.

freewil

member

Activity: 92

Merit: 10

Quote from: zhoutong on May 12, 2012, 05:03:41 AM

- Likely we will either shut down the platform or re-develop entirely (which will take months instead of days).

Why would you need to re-develop for a compromised email server?

N12

donator

Activity: 1610

Merit: 1010

Quote from: zhoutong on May 12, 2012, 05:03:41 AM

- It's more serious than we thought. We need some additional time to come up with a

Important Disclaimer: I'm not a partner of Bitcoinica LP after the corporate reorganisation. Therefore, I have no financial obligation in this matter as I'm only an employee of Bitcoinica LP responsible for daily operations (no shares, no voting). However, I'll do my best with the team to resolve this problem as quickly as possible and minimize the impact for the community. I appreciate your patience and understanding.

What exactly is more serious? Details?

Quote from: zhoutong on May 12, 2012, 05:03:41 AM

Important Disclaimer: I'm not a partner of Bitcoinica LP after the corporate reorganisation. Therefore, I have no financial obligation in this matter as I'm only an employee of Bitcoinica LP responsible for daily operations (no shares, no voting). However, I'll do my best with the team to resolve this problem as quickly as possible and minimize the impact for the community. I appreciate your patience and understanding.

Wow, so the Intersango guys are left holding the bag for your incompetence? That was a clever move.

Not sure how they got suckered into this deal before they took over everything.

kokjo

legendary

Activity: 1050

Merit: 1000

You are WRONG!

Quote from: zhoutong on May 12, 2012, 05:03:41 AM

Quick Update

- It's more serious than we thought. We need some additional time to come up with a compensation proposal.
- Likely we will either shut down the platform or re-develop entirely (which will take months instead of days).
- The preliminary decision: reimburse for the full amount, including margin balances and position P/L.
- The root cause of this problem is an email server compromise. The email server belongs to one of our team members.
- Reminder again: Please do not reuse your Bitcoinica passwords as the database server was compromised. Do not click any links in the email. All Bitcoinica announcements will be updated on Bitcoinica website when available.

Important Disclaimer: I'm not a partner of Bitcoinica LP after the corporate reorganisation. Therefore, I have no financial obligation in this matter as I'm only an employee of Bitcoinica LP responsible for daily operations (no shares, no voting). However, I'll do my best with the team to resolve this problem as quickly as possible and minimize the impact for the community. I appreciate your patience and understanding.

how do i get my money out?

SomeoneWeird

hero member

Activity: 700

Merit: 500

Quote from: zhoutong on May 12, 2012, 05:03:41 AM

Quick Update

- It's more serious than we thought. We need some additional time to come up with a compensation proposal.
- Likely we will either shut down the platform or re-develop entirely (which will take months instead of days).
- The preliminary decision: reimburse for the full amount, including margin balances and position P/L.
- The root cause of this problem is an email server compromise. The email server belongs to one of our team members.
- Reminder again: Please do not reuse your Bitcoinica passwords as the database server was compromised. Do not click any links in the email. All Bitcoinica announcements will be updated on Bitcoinica website when available.

Important Disclaimer: I'm not a partner of Bitcoinica LP after the corporate reorganisation. Therefore, I have no financial obligation in this matter as I'm only an employee of Bitcoinica LP responsible for daily operations (no shares, no voting). However, I'll do my best with the team to resolve this problem as quickly as possible and minimize the impact for the community. I appreciate your patience and understanding.

Hope everything works out in the end.

zhoutong

vip

Activity: 490

Merit: 502

Quick Update

- It's more serious than we thought. We need some additional time to come up with a compensation proposal.
- Likely we will either shut down the platform or re-develop entirely (which will take months instead of days).
- The preliminary decision: reimburse for the full amount, including margin balances and position P/L.
- The root cause of this problem is an email server compromise. The email server belongs to one of our team members.
- Reminder again: Please do not reuse your Bitcoinica passwords as the database server was compromised. Do not click any links in the email. All Bitcoinica announcements will be updated on Bitcoinica website when available.

Important Disclaimer: I'm not a partner of Bitcoinica LP after the corporate reorganisation. Therefore, I have no financial obligation in this matter as I'm only an employee of Bitcoinica LP responsible for daily operations (no shares, no voting). However, I'll do my best with the team to resolve this problem as quickly as possible and minimize the impact for the community. I appreciate your patience and understanding.

Clipse

hero member

Activity: 504

Merit: 502

Quote from: Realpra on May 12, 2012, 04:42:32 AM

Lulz I have better security for my 2.14 coins and thought of buying more and hence the need to be even more secure!

Who trusts 4 email accounts with root access?

Seems like we have a new BitCoin rule of thumb: "A bitcoin site is not safe until it has been hacked at least once"

In this case, atleast twice ? or does the first linode invasion count as .5 ?

Realpra

hero member

Activity: 815

Merit: 1000

Lulz I have better security for my 2.14 coins and thought of buying more and hence the need to be even more secure!

Who trusts 4 email accounts with root access?

Seems like we have a new BitCoin rule of thumb: "A bitcoin site is not safe until it has been hacked at least once"

disclaimer201

legendary

Activity: 1526

Merit: 1001

If my 100 coins are gone, I doubt that I will use a bitcoin business again. It's our fault to trust in such businesses obviously.

organofcorti

donator

Activity: 2058

Merit: 1007

Poor impulse control.

Quote from: dustintrammell on May 12, 2012, 02:38:26 AM

Quote from: theymos on May 11, 2012, 11:31:24 PM

Cool way of releasing a message. The thief clearly has some familiarity with Bitcoin.

Familiarity with Bitcoin? Perhaps not so much... There's lots of more interesting ways to embed a message in Bitcoin transactions if you're familiar with the data formats and the protocol, such as the one described here for example:

https://bitcointalksearch.org/topic/bitcoin-deanonymization-34458

Having the transaction amounts be binary seems a bit rudimentary, actually.

Sure it's blatant. One look at that list of numbers and it was pretty obvious what the 'code' was - a sequence of increasing mounts to enable ordering and then a string of 0s and 1s - what else could it be? But I wouldn't call it rudimentary. It's a good use of the tools at hand.

Sure, he could have coded a way more leet message which someone may have discovered at some point in a few months or years, but this was a way he could pass his message on and be sure interested parties would get the message almost immediately and achieve further notoriety without having to give up any more anonymity than he already has.

Topic: [Emergency ANN] Bitcoinica site is taken offline for security investigation - page 62. (Read 224562 times)