Topic: https://bitdaytrade.com Bitcoin Gold & Commodities margin trading - page 2. (Read 19476 times)

My name is Alberto Armandi, i was born in Italy, 19/09/1983. I'm an internet entrepreneur who got caught in the Bitcoin phenomena about one and a half year ago.
Before Bitcoin, i have tried to launch several startups on my own, Wozad being one, a system for targeting digital ads based on your browsing history. It was doing well until Google Inc decided
to include the same type of targeting into their pervasive Adsense. The next effort was an hardware startup, Enso Limited, with which i've launched the highly controversial Zenpad. An early 5 inches
tablet powered by Android operating system. Enso managed to fail too, because of lack of funding but my failed endeavours did not leave a trail of destruction behind as i had and still have the determination to face any kind of trouble.
This is s short background, for those who missed it earlier, it can be easily found on the Official Bitcoin forum, in the Securities/BDT thread.
Now, fast forward to around April/May 2012 : I happened to get in touch with Jonathan Ryan Owens, who since the start of our relationship pictured himself as a sort of "Mr. Big" in the Bitcoin world and
shown to be able to use language fluenty, and to be able to convince anybody that he's actually skilled and a serious business man.
Since i did not have a real clue of who's who in this crazy, messed up community (do no take this as an insult, i'm referring to people who don't have exitation in runing other people lifes) i believed him,
and his claims of big success and profits and have developed trust on him and the group of people he was working with, again, i'm not trying to involve other people in this debacle, let's focus on Mr. Jonathan Ryan Owens.
We chatted extensively for a while and one day he came up with the ZipConf idea, inspired by some of my inputs and brainstorming. He started working on that and soon enough a site was online with that name.
Site's scope was allowing instant bitcoin transfers, without waiting confirmation from the network, as in classical bitcoin transactions. Business proposition seemed nice initially and Mr. JRO worked out
a lot of words to convince me and others it was so. He went ahead and held an IPO for this, as he said he needed lots of coins to make this happen. I was so convinced of the genuinity of this operation
that i have put Mr.JRO in touch with a guy i happened to know earlier, which is an important internet business man and investor. I valued highly my relationship with this guy, as he was funding my operations
and showing a lot of trust in me. I was hesitant, but finally made that mistake, i've procured about 2000 bitcoin in funds for the ZipConf endeavour, funded by this guy, which will go unnamed for privacy reasons.
Mr. JRO managed to put in place a written contract between him and this guy, the deal was that Mr.Jro would pay some interest over the 2000 bitcoin loan. I have later learned that this contract was never
signed and everything remained in the form of a legal agreement, bringing in even more liabilites for me, since i was the one to introduce the investor to JRO.
Everything seemed to be taking a great turn and I have then let Mr.JRO join the project i was working on, a custom Bitcoinica clone, coded entirely by me. It was intended to launch under the domain name btcxchange.net, which i own since July 2011, at that time Mr. JRO
said the brand name wasn't going places, and we agreed to call it Kronos.io. I went ahead, completed the coding work and deployed the site onto Mr. JRO controlled servers. The user interface i had
deployed was exactely the same i have in place at bitdaytrade, but Mr. JRO wanted a new design, so he hired someone to work out another skin, that took a couple of days. Please note that Mr.JRO managed
some very talented developers at that time, those who worked on ZipConf, but he never delegated them to have a check on Kronos.io source code, i've only later realized how much this is in contrast
with his claims of operating with high security standards and didn't link it directly to any malice backed act.
Almost At the same time, i was working on an unrelated project  Bitcoinrebate. After having shown Mr. JRO business plans and financial projections for said business, we decided to hold an IPO for it, to gather additional funds to be used on both rebate and Kronos.io.
At that time i demanded a payment for all the time and efforts i was putting in our projects and i was sent about 1000 bitcoin by Mr. JRO, claiming they were coming from a "trusted big lender".
I wasn't aware of how glbse worked at that time, nor i had realized the impact it might have had on my reputation, if things didn't go the way I expected. I have later learned that Bitcoinrebate IPO
was able to raise about 5000 bitcoin. I was never informed about this, not even a word.Mr JRO monopolized it all so i don't have a clue of where those coins (minus the 1000 i have received) ended up.
After Bitcoinrebate IPO i was instructed by JRO ( who always acted like a dictator and a boss ) to complete the work for Kronos ( implementing the new skin ) and prepare it for launch.
I have executed my duties and the site was launched. About one week later, Mr. JRO came up that he didn't need the coins initially funded by the unnamed investor and asked to return them back, to avoid
paying useless interests. Stupidly enough, i told him to just send him back in a mtgox account i was sharing with the investor, for different kind of operations, without asking him confirmation first.
I thought it was safe to do so and really didn't have a clue of what would be going to happen shortly.
I have made another mistake in this context, i have used this mtgox account for testing the Kronos.io hedging bot without asking direct confirmation from the investor, just assuming he would be ok with it
since my agreement with the investor was about generating profits from the coins he lend to me. I was managing money for this guy for a while and so i thought it was ok doing so.
The mtgox account passwords were know only to me and the investor, but Kronos.io had an automatic withdrawal feature, so the mtgox account was configured to allow bitcoin withdrawals via API.
Some days passed and apparently everything was going well, but one morning i woke up to find the mtgox account emptied and Kronos.io hacked.
I freaked out for a while then went ahead trying to track down what happened. It turned out that someone with knowledge of how the site worked internally (someone who was in possession of the source code)
had exploited it, exactely like it happened today with Bitdaytrade, but unfortunately, the mtgox account was emptied too, because of the automatic withdrawal feature.
I still have full logs of what happened then, with IP addresses and bitcoin addresses that received the loot.
Mr.JRO reaction to this was controversial, first he disappeared for days, claiming he was in a confused mental state, and dutied other people to deal with me. I was obviously trying to get in touch with him
like crazy, i couldn't get a hold of him on the phone at that time and i've tried for weeks. Then after some weeks he re-appeared online and blamed me harshly of incompentence and stupidity. Just like
it's happening now with Bitdaytrade, he deemed Kronos.io project dead, and gave me advice to work on different things and forget about Bitcoin.
Obviously i felt deeply ripped off, i had the investor who lost thousands of coins out of this big mess asking me what was my plan to recover the loss and going forward, with our relationship completely
destroyed on a trust level, and on the other hand i had Mr.JRO blaming me in a unmeaningful way about stupidity, incompetence, and such.I had determined at that time that my only choice was going forward with
the project, alone, i had high hopes that i would be able to repay the cumulated debt with profits i would be making from it. I then decided on another brand name, Bitdaytrade, asked support from some trusted
community members for holding an IPO to raise the necessary funds for its operations and went ahead modifying
the source code to allow Gold trading, finally launched a beta with this limited service, to avoid thousands of users flocking in, and keeping the risk level at a minimum while i ironed out all the kinks left.
Sometime passed, some users reported bugs and other problems, i had worked hard to fix all the issues and get the service to an acceptable level for the community. A lot of hack attempts where attempted
but the site did not suffer any major breach, and it was deemed safe by me.
I had initially implemented the blowfish/bcrypt algorithm for storing passwords safely but because of some recent technical problems i had to swith back temporarely to MD5. I had setup the site in way so that
when a user logged in, his password would be recovered and stored in MD5, you could have seen that by looking at the javascript files used in the login page.
Bitdaytrade IPO was held and necessary funds raised, for doing this i had to leverage the trust of other community Members, which Mr.JRO tried to block from putting trust in me, banking on the Kronos hack
story, and telling them all that i was obviously a thief. He didn't succeed as all of you noticed and Bitdaytrade started operating, i've first allowed BTC/USD margin trading feature privately for a week
and then opened it to the public, on Monday 13 of August.
Mr. JRO got in touch with me about a week ago, trying a last approach to block me, he demanded a "rapid prototype of a margin trading site" and in exchange he would not have made the Kronos.io hack public.
He added that i was losing out a great opportunity of working with him on a realworld exchange for virtual currencies and a sort of startup incubator
for bitcoin related projects.I have then understood where the funds from ZipConf, Rebate and Kronos.io ended up and obviously passed on this offer and went ahead with my plans.
What happened today is a reiteration of this blackmailing attempts, but with a more evil and criminal plan.
I strongly believe, and what i wrote in this explainative post gives a clear evidence of, that behind everything that was posted on reddit.com against bitdaytrade there is Mr. Jonathan Ryan Owens.
He used the previously stolen from him Kronos.io source code to orchestrate all of that you witnessed today, and managed apparently to have the community believe his story.
Not even one bitcoin was withdrawn from Bitdaytrade.com under today's attacks, and all funds are safe. Server will be kept offline for further investigation, and gathering of evidences to be presented upon
filing a criminal deposition with all the legal authorities i am/will be able to. Stay tuned for developments.
I'm deeply sorry and i publicly apologize to everyone for the mistakes i made in this mess but it will be sorted out and in a elegant way.

Best Regards
Alberto Armandi

There are a bunch of sockpuppets on reddit accusing BDT of being the thief responsible for the Kronos hack.  One previously promoted Yoon Yeonghwa's launch of posadoll.  Could MNW (a known sockpuppeter) be trying to sling mud on BDT?

http://www.reddit.com/r/Bitcoin/comments/yc6rf/we_demand_a_public_apology_from_uthezenpadguy/c5ua667


Is MNW responsible for the Kronos hack, and sees the BDT hack as an opportunity to shift the blame?

I'm always willing to test new platforms, this brings me once again say, give me back my Bitcoins

Someone pulled the plug and the bath water is running out.

wuz up with site? can't withdraw nor everything. any statement here?

edit: extreme laggy, withdraw now requested

Fail.

Don't trust your money to this service, or anything created by a friend of a friend of this guy.

http://www.reddit.com/r/Bitcoin/comments/y99z3/go_long_or_short_with_bitcoin_again_up_to_10x/c5thkwg

^ This thread is the most brazenly dishonest thing I have ever read. When confronted with issues, he lies about them, then when the specific method for exploiting the vulnerability is shown to him, he patches that and nothing else, as if it'll make a difference. Then pretends like there was no exploit to begin with.

He clearly lied about passwords being stored with bcrypt.

He probably lied about hiring a security auditor, I went through the website and almost every major JSON api function has an SQL injection. All of them are exploitable with CSRF as well, which he had no adequate response to.

LOAD_FILE() appears to work and people can dump your PHP files, including the database file.

Instead of silently ignoring SQL errors or handling them, they are just die()'d in their entirety.

Were you making this service to scam people out of money once you had enough deposits or did you intend on going somewhere with this? Because you have just lost any and all credibility, and I highly recommend people withdraw everything they have.

Just when I was considering investing some coins. Bitdaytrade?

Any comments on this?

http://www.reddit.com/r/Bitcoin/comments/ybaut/do_not_invest_in_bitdaytrade_this_website_is/

Apparently the website is filled with SQL injections and you use unsalted MD5. Is this true?

What you have seen is incompetence by the people who ran the site you are referring to ( bitcoinica i suppose ). Linode is our choice for a short phase of testing. Next step is housing the server in a safe local datacenter.

hosted at linode?

margin trading?

haven't we seen this play before?

We fixed the slowness issues. Site is now blazingly responsive.

Regarding the spread, it is computed automatically based on a number of parameters, such a slippage likehood, market depth, etc.
We plan on experimenting with different models.

Alberto

The site is quite slow... I've noticed that too.

Any word on whether you'll be able to get the spread smaller?  Part of the fun of Bitcoinica was swing trading, but when you have to be in-the-money by at least the $0.50 spread to profit, there isn't much room for short-term speculation.

unfortunately I am having a similar experience..   

Hello,

is it just me....?

Bitdaytrade site is painstakingly slow.
Opening an XAU/BTC position: more than 30 seconds
Cancelling an BTC/USD position: no reaction, even after 2 minutes.

What's the experience of other beta testers? Does the site still work OK for those only using the Gold trading?

X-Post https://bitcointalksearch.org/topic/m.1092784

After an IRC chat with Nefario we had clarified my position and I'm now able to release further updates. The reason that caused BDT freeze in first place is my involvement with Jonathan Ryan Owens (read JRO from here on), rebate IPO and suspicious funds management practices. It did not came without reasons and i believe in fact that Nefario just did the right choice the protect GLBSE market integrity. Some time ago i was working with JRO on some projects, and it was decided to hold an IPO on GLBSE for (malware). At that time i was not fond of how GLBSE worked and didn't have time to investigate as i was busy with development, so i've trusted JRO to handle the IPO and funds on my behalf entirely. At some point i said i needed money for all the work i was doing, and got sent about 1000 BTC out of the rebate funds. I never knew the total amount raised, and didn't feel it was necessary to investigate. I have later learned that a total of 5000 bitcoin were raised. My relationship with JRO was interrupted shortly after, because of diverse reasons. After we parted ways JRO enquired me a number of times about taking the lead on the rebate project but we didn't reach an agreement. I was never enquired about profitability of the site or any financial detail. At this point, i have no idea where the rest of the funds raised from the sale of rebate bonds are gone, or if they have been exchanged to hard currency. Nefario transferred the totality of bonds to my account, i'll determinate the exact amount of bitcoin i got from JRO in the context of this project, and proceed with paying that amount back to investors through dividend payments in a unique solution. This was determined to be the best solution until we know how much can be recovered from JRO. Kudos to Nefario for handling matters in a professional way.

BDT trading is resumed since it was also determined that the asset has no involvement with this incident, and that there are no threats for GLBSE users. I'll proceed to execute dividends payment in the next hours. We won't pay late fees as it was determined that this incident is not directly caused by us.

Bests
Alberto Armandi
BDT

Apologizes, there was a problem with your withdrawal approval and it got stuck in the execution queue. It seems be executed properly now. Again apologizes for all issues caused.

Hello albert my withdraw still not process it is 0.99xx btc my id [email protected]

pls. Process my withdraw as soon as possible.

Thanks

OK thanks albert from solving my issue... 

Hi Albert (bitdaytrade),

Where is my withdraw??? it's been 36 hours.

I already sent email to customer service and get replied
"Hi there, we're looking into your request and executing it in a few
minutes. Apologizes for long delay."

It's been 12 hour since that reply and I haven't got my money.

If u seriously doing business please improve the service, nobody will happy to wait for 24 hour for deposit and wait for more than 36 hour and counting for withdraw. My account is [email protected] Thank You.

Regards,
Handy