Topic: Make No Mistake: MyBitcoin is NOT Back Up! (Read 7950 times)
@Bruce did you get 1/2 of your Bitcoins back?
The jury is still out on if they were stolen or not... see my problem is why return anything if it was stolen? Why this elaborate scheme of returning 1/2 of them? Why not just run?
Stalling tactic because the owner was worried peoples' investigations were getting too close to comfort? 
MyBitcoin.com USERS HAD BITCOIN STOLEN. They are returning a portion 49% of them to you: Not sure where to send them? CALL ME. 646-580-0022
Bruce, what are you proposing? Do you really want everyone looking for a secure wallet to call you? If I file a claim, I'll be getting 0.588 BTC back; should I call you?
If he's building plans that deep to steal from people. he's not just a thief... he's a criminal.
I don't think it was planned, actually. I think he was just planning to take all the money and run, but when he noticed people weren't going to just let him run off and were talking about contacting the FBI and were starting to collect bounties, etc etc, he got scared and decided to take half of the money (maybe the rest is already sold?) and give it back, hoping that would save him while still getting away with a fortune. It seems pretty convenient that it's almost exactly half of the money that's gone. I also find it hard to believe for that much money to simply "trickle away".
That said, no one can be certain whether "Tom Williams" is lying or telling the truth. Yet. But I think this smells way too fishy. You'd think he would have at least posted something here on the forum when he took the site down if his claims were indeed true.
MyBitcoin.com USERS HAD BITCOIN STOLEN. They are returning a portion 49% of them to you: Not sure where to send them? CALL ME. 646-580-0022
The jury is still out on if they were stolen or not... see my problem is why return anything if it was stolen? Why this elaborate scheme of returning 1/2 of them? Why not just run?
If he's building plans that deep to steal from people. he's not just a thief... he's a criminal.
MyBitcoin.com USERS HAD BITCOIN STOLEN. They are returning a portion 49% of them to you: Not sure where to send them? CALL ME. 646-580-0022
The jury is still out on if they were stolen or not... see my problem is why return anything if it was stolen? Why this elaborate scheme of returning 1/2 of them? Why not just run?
MyBitcoin.com USERS HAD BITCOIN STOLEN. They are returning a portion 49% of them to you: Not sure where to send them? CALL ME. 646-580-0022
The jury is still out on if they were stolen or not... see my problem is why return anything if it was stolen? Why this elaborate scheme of returning 1/2 of them? Why not just run?
MyBitcoin.com USERS HAD BITCOIN STOLEN. They are returning a portion 49% of them to you: Not sure where to send them? CALL ME. 646-580-0022
We have an ongoing investigation in #bitcoin-police on freenode, most of the information we have is being kept here. If you have any information that could be important please drop #bitcoin-police or message MrTiggr or myself on IRC (or PM me here).
Though, if he really is a BTC millionaire, why would he be stealing petty cash from commoners at the risk of plunging the value of what he already had?
think my brains got a 24 hour satellite delay Bringing yesterdays news...... tomorrow
Yesterday just emailed me. It want's it's news back.
Latest update on MyBitcoin ------
ARCHIVED RELEASE FROM AUGUST 4 2011
PGP-SIGNED COPY OF THIS RELEASE
Friday, August 5th, 2011
From the desk of Tom Williams, operator of MyBitcoin.com
For immediate release.
SECURITY BREACH DISCLOSURE
After careful analysis of the intrusion we have concluded that the software that waited for Bitcoin confirmations was far too lenient. An unknown attacker was able to forge Bitcoin deposits via the Shopping Cart Interface (SCI) and withdraw confirmed/older Bitcoins. This led to a slow trickle of theft that went unnoticed for a few days. Luckily, we do keep a percentage of the holdings in cold storage so the attackers didn’t completely clean us out. Just to clarify, we weren’t “fully” hacked aka “rooted”. You can still trust our PGP, SSL, and Tor public keys.
It appears to be human error combined with a misunderstanding of how Bitcoin secures transactions into the next block. Our programmer was under the assumption that one block was good enough to secure a transaction. Two years ago when the software was written, this single confirm myth was a popular belief.
In hindsight we should have credited deposits after one confirmation so they would show up in the transaction history, and held the deposit until it reached at least 3 confirmations. Keeping track of two balances and displaying them in the login area would have been trivial.
CLAIM PROCESS DISCLOSURE
We are in the process of building a claim procedure for the remainder of the holdings now. We expect that we will have it online soon.
The claim process will consist of a online form where the claimant will be required to enter their MyBitcoin username and password. Their balance will be displayed along with the percentage of remaining Bitcoins that we still have in our holdings. That percentage will be paid to a Bitcoin address of their choosing. This percentage will be based on our current total liabilities vs. our existing assets. We will disclose these figures as soon as they have been totaled.
Each online claim will be written to a ledger and will be manually approved within 48 hours of being filed online. We have decided to have a manual claim approval process for better security. The last thing we all need right now is for someone to breach the claim form. We are confident clients will find this satisfactory.
RECEIVERSHIP
After some research and careful consideration regarding the appointment of a receiver we have concluded that it would be very costly and slow.
Also, finding a receiver that even understands what a Bitcoin is or how to handle the claim process online would be troublesome, and would only end up in increasing our costs. Receivers are typically paid from the remaining assets and we’d like to maximize the amount that we can disperse to our clients.
We have been trying to figure out a way to appoint a 3rd party to certify the asset/liability figures, but there are many risks involved. It would involve having us trust some unknown agent that could possibly just steal the rest of the holdings out from under us. Or, we could be accused of bribing the 3rd party to agree with our figures, and on and on. Trust is a real problem with an anonymous and irrevocable currency.
It is true that we could disclose all of the Bitcoin payment addresses we manage and let everyone look them up and track the lineage of the coins. This is also troublesome due to the way that we defragment small payments to keep the processing engine speedy. Also there are the moral implications of disclosing our client’s finances. We are sure that, unknowingly to us, that our processing system has been used for nefarious purposes.
A GIFT TO THE COMMUNITY
After the claims have all been filed and dealt with we will be releasing the entire MyBitcoin processing engine into the public domain. Our only hope is that the community can improve and adapt the software to all sorts of new and interesting Bitcoin-related things.
Tom Williams
ARCHIVED RELEASE FROM AUGUST 4 2011
PGP-SIGNED COPY OF THIS RELEASE
Friday, August 5th, 2011
From the desk of Tom Williams, operator of MyBitcoin.com
For immediate release.
SECURITY BREACH DISCLOSURE
After careful analysis of the intrusion we have concluded that the software that waited for Bitcoin confirmations was far too lenient. An unknown attacker was able to forge Bitcoin deposits via the Shopping Cart Interface (SCI) and withdraw confirmed/older Bitcoins. This led to a slow trickle of theft that went unnoticed for a few days. Luckily, we do keep a percentage of the holdings in cold storage so the attackers didn’t completely clean us out. Just to clarify, we weren’t “fully” hacked aka “rooted”. You can still trust our PGP, SSL, and Tor public keys.
It appears to be human error combined with a misunderstanding of how Bitcoin secures transactions into the next block. Our programmer was under the assumption that one block was good enough to secure a transaction. Two years ago when the software was written, this single confirm myth was a popular belief.
In hindsight we should have credited deposits after one confirmation so they would show up in the transaction history, and held the deposit until it reached at least 3 confirmations. Keeping track of two balances and displaying them in the login area would have been trivial.
CLAIM PROCESS DISCLOSURE
We are in the process of building a claim procedure for the remainder of the holdings now. We expect that we will have it online soon.
The claim process will consist of a online form where the claimant will be required to enter their MyBitcoin username and password. Their balance will be displayed along with the percentage of remaining Bitcoins that we still have in our holdings. That percentage will be paid to a Bitcoin address of their choosing. This percentage will be based on our current total liabilities vs. our existing assets. We will disclose these figures as soon as they have been totaled.
Each online claim will be written to a ledger and will be manually approved within 48 hours of being filed online. We have decided to have a manual claim approval process for better security. The last thing we all need right now is for someone to breach the claim form. We are confident clients will find this satisfactory.
RECEIVERSHIP
After some research and careful consideration regarding the appointment of a receiver we have concluded that it would be very costly and slow.
Also, finding a receiver that even understands what a Bitcoin is or how to handle the claim process online would be troublesome, and would only end up in increasing our costs. Receivers are typically paid from the remaining assets and we’d like to maximize the amount that we can disperse to our clients.
We have been trying to figure out a way to appoint a 3rd party to certify the asset/liability figures, but there are many risks involved. It would involve having us trust some unknown agent that could possibly just steal the rest of the holdings out from under us. Or, we could be accused of bribing the 3rd party to agree with our figures, and on and on. Trust is a real problem with an anonymous and irrevocable currency.
It is true that we could disclose all of the Bitcoin payment addresses we manage and let everyone look them up and track the lineage of the coins. This is also troublesome due to the way that we defragment small payments to keep the processing engine speedy. Also there are the moral implications of disclosing our client’s finances. We are sure that, unknowingly to us, that our processing system has been used for nefarious purposes.
A GIFT TO THE COMMUNITY
After the claims have all been filed and dealt with we will be releasing the entire MyBitcoin processing engine into the public domain. Our only hope is that the community can improve and adapt the software to all sorts of new and interesting Bitcoin-related things.
Tom Williams
i live and work in the U.K so calling the FBI is not really option.
Just out of curiosity, has anyone's bitcoins actually moved since the site went down?
from what I am hearing no.... that doesn't mean that they didn't in whole... but just from what I have been reading in the forums the people that knew their bitcoin address didn't move IE: no transactions since July 29th, which is a good sign.
The radio talk show host (of Free Talk Live) who mentioned his bitcoin loss on-air seemed to think he had been having funds periodically siphoned from his donation address for some time.
But I don't know how Mybitcoin held a user's funds, so that might not even be relevant.
The problem I have is this hurts the entire bitcoin community ... it has far more widespread than just 25,000 coins here.. or a 100,000 or more coins there...
It makes every bitcoin service look bad... even if the other one is steller it appears to be crap in this new light. He setback the entire bitcoin economy by at least a year or more.
It makes every bitcoin service look bad... even if the other one is steller it appears to be crap in this new light. He setback the entire bitcoin economy by at least a year or more.
Or this is the prime opportunity for someone to step forward and shine as a reputable service. Bitcoin needs some more grownup infrastructure. We need services that are going to make holding bitcoin more secure and easy.
I challenge the people posting here who are outraged about this to start something of your own. I'm sure we can all pool our heads together and come up with good ideas for services that can build the bitcoin community and move it forward.
Cheers
Jonathan
Just out of curiosity, has anyone's bitcoins actually moved since the site went down?
from what I am hearing no.... that doesn't mean that they didn't in whole... but just from what I have been reading in the forums the people that knew their bitcoin address didn't move IE: no transactions since July 29th, which is a good sign.
Just out of curiosity, has anyone's bitcoins actually moved since the site went down?
If everyone who has used MyBitcoin and had the "Payment Notification" feature set to ON... could please do this:
(1) Do a search for ALL emails in your email (or gmail) archives for messages with a SUBJECT containing: "MyBitcoin Payment Notification" .....or the FROM address containing, "MyBitcoin Robot" ......or "[email protected]"
(2) If possible, Save all of these messages into a ZIP file and submit them for analysis..... so that the Community can be tracking those bitcoin addresses and watching for any movement of funds. You can email them to [email protected]
Optionally...
(3) If the notification says, "You have received Bitcoins!" ......then enter the TO bitcoin address into a spreadsheet, along with the Transaction number, the date and time, the amount, and your email address.
(4) If the notification says, "You have sent Bitcoins!" ......then enter the FROM bitcoin address into a spreadsheet, along with the Transaction number, the date and time, the amount, and your email address.
Semantics I guess, but to me not using a software that steals your resources, refuses to allow a security audit and has been known to tap conversations is a privacy issue. Much like i don't get how anyone would have put much into an online wallet, I don't get why anyone would use skype.
Yes, because it would be simply horrible if an interview that is going to be shown to the public anyway gets tapped!you miss the point, but enjoy your spyware.
I agree with you twobits, but this isn't exactly normal circumstances.... I personally hate skype... but at the same time I think that guy should man up and talk to people that lost their 1.3 million USD or so regarding it.
Jump to: