Topic: MyBitcoin Back Up! (with a press release) - page 2. (Read 12351 times)
I'm not sure who's still collecting information and trying to tie everything together but the goon detectives have found some connections I haven't seen mentioned elsewhere.
For non-Tor: https://www.mybitcoin.com/index.txt
Oh, sry. Didn't know that... non ssl connection redirects to hiden service 
Uh... Nothing to be sorry about =)
Cheers,
Kermee
For non-Tor: https://www.mybitcoin.com/index.txt
Oh, sry. Didn't know that... non ssl connection redirects to hiden service
For non-Tor: https://www.mybitcoin.com/index.txt
For those who doesn't have tor installed:
Quote
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Friday, August 5th, 2011
From the desk of Tom Williams, operator of MyBitcoin.com
For immediate release.
_SECURITY_BREACH_DISCLOSURE_
After careful analysis of the intrusion we have concluded that the software
that waited for Bitcoin confirmations was far too lenient. An unknown
attacker was able to forge Bitcoin deposits via the Shopping Cart Interface
(SCI) and withdraw confirmed/older Bitcoins. This led to a slow trickle of
theft that went unnoticed for a few days. Luckily, we do keep a percentage of
the holdings in cold storage so the attackers didn'tt completely clean us out.
Just to clarify, we weren't "fully" hacked aka "rooted". You can still trust
our PGP, SSL, and Tor public keys.
It appears to be human error combined with a misunderstanding of how Bitcoin
secures transactions into the next block. Our programmer was under the
assumption that one block was good enough to secure a transaction. Two years
ago when the software was written, this single confirm myth was a popular
belief.
In hindsight we should have credited deposits after one confirmation so they
would show up in the transaction history, and held the deposit until it reached
at least 3 confirmations. Keeping track of two balances and displaying them in
the login area would have been trivial.
_CLAIM_PROCESS_DISCLOSURE_
We are in the process of building a claim procedure for the remainder of the
holdings now. We expect that we will have it online soon.
The claim process will consist of a online form where the claimant will be
required to enter their MyBitcoin username and password. Their balance will be
displayed along with the percentage of remaining Bitcoins that we still have in
our holdings. That percentage will be paid to a Bitcoin address of their
choosing. This percentage will be based on our current total liabilities vs.
our existing assets. We will disclose these figures as soon as they have been
totaled.
Each online claim will be written to a ledger and will be manually approved
within 48 hours of being filed online. We have decided to have a manual claim
approval process for better security. The last thing we all need right now is
for someone to breach the claim form. We are confident clients will find this
satisfactory.
_RECEIVERSHIP_
After some research and careful consideration regarding the appointment of a
receiver we have concluded that it would be very costly and slow.
Also, finding a receiver that even understands what a Bitcoin is or how to
handle the claim process online would be troublesome, and would only end up in
increasing our costs. Receivers are typically paid from the remaining assets
and we'd like to maximize the amount that we can disperse to our clients.
We have been trying to figure out a way to appoint a 3rd party to certify the
asset/liability figures, but there are many risks involved. It would involve
having us trust some unknown agent that could possibly just steal the rest of
the holdings out from under us. Or, we could be accused of bribing the 3rd
party to agree with our figures, and on and on. Trust is a real problem with an
anonymous and irrevocable currency.
It is true that we could disclose all of the Bitcoin payment addresses we
manage and let everyone look them up and track the lineage of the coins. This
is also troublesome due to the way that we defragment small payments to keep
the processing engine speedy. Also there are the moral implications of
disclosing our client's finances. We are sure that, unknowingly to us, that our
processing system has been used for nefarious purposes.
_A_GIFT_TO_THE_COMMUNITY_
After the claims have all been filed and dealt with we will be releasing the
entire MyBitcoin processing engine into the public domain. Our only hope is
that the community can improve and adapt the software to all sorts of new and
interesting Bitcoin-related things.
Tom Williams
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MBC v1.0
iQEcBAEBAgAGBQJOPKN1AAoJEJ+5g06lAnqFeOYH/3XC0EPw23Yv9UPvvutvi7rR
2xkC3lQnltmUD9hiW1awCEVqLw3ehaU/5/9tf8NtjOlABhw0OPIGHGDasg3OYDW+
eg80/YRQ/sxfkRU362fxcxA8pQW6MLT75PggAO8YXZ0Dgghed8J3m3kLMcnsaO10
o3kvGYUeuRzoRnF+bCAhbrfJLMWGITFyQRV+36/t4D2Wh6WisEm6xrk388Zwdb/f
KaRxpwxtzopgQXuGHIOf6E3vCk/RsmLXdV6rLjSErL4k/eozEKQ0a7OCx7Yurd0B
eXRp0VOf2k4AeVS89qc2a1wGhVvT40P85agUVpICgSSRKS5vDcBSGmDWVIoQ6PU=
=NDRV
-----END PGP SIGNATURE-----
Hash: SHA1
Friday, August 5th, 2011
From the desk of Tom Williams, operator of MyBitcoin.com
For immediate release.
_SECURITY_BREACH_DISCLOSURE_
After careful analysis of the intrusion we have concluded that the software
that waited for Bitcoin confirmations was far too lenient. An unknown
attacker was able to forge Bitcoin deposits via the Shopping Cart Interface
(SCI) and withdraw confirmed/older Bitcoins. This led to a slow trickle of
theft that went unnoticed for a few days. Luckily, we do keep a percentage of
the holdings in cold storage so the attackers didn'tt completely clean us out.
Just to clarify, we weren't "fully" hacked aka "rooted". You can still trust
our PGP, SSL, and Tor public keys.
It appears to be human error combined with a misunderstanding of how Bitcoin
secures transactions into the next block. Our programmer was under the
assumption that one block was good enough to secure a transaction. Two years
ago when the software was written, this single confirm myth was a popular
belief.
In hindsight we should have credited deposits after one confirmation so they
would show up in the transaction history, and held the deposit until it reached
at least 3 confirmations. Keeping track of two balances and displaying them in
the login area would have been trivial.
_CLAIM_PROCESS_DISCLOSURE_
We are in the process of building a claim procedure for the remainder of the
holdings now. We expect that we will have it online soon.
The claim process will consist of a online form where the claimant will be
required to enter their MyBitcoin username and password. Their balance will be
displayed along with the percentage of remaining Bitcoins that we still have in
our holdings. That percentage will be paid to a Bitcoin address of their
choosing. This percentage will be based on our current total liabilities vs.
our existing assets. We will disclose these figures as soon as they have been
totaled.
Each online claim will be written to a ledger and will be manually approved
within 48 hours of being filed online. We have decided to have a manual claim
approval process for better security. The last thing we all need right now is
for someone to breach the claim form. We are confident clients will find this
satisfactory.
_RECEIVERSHIP_
After some research and careful consideration regarding the appointment of a
receiver we have concluded that it would be very costly and slow.
Also, finding a receiver that even understands what a Bitcoin is or how to
handle the claim process online would be troublesome, and would only end up in
increasing our costs. Receivers are typically paid from the remaining assets
and we'd like to maximize the amount that we can disperse to our clients.
We have been trying to figure out a way to appoint a 3rd party to certify the
asset/liability figures, but there are many risks involved. It would involve
having us trust some unknown agent that could possibly just steal the rest of
the holdings out from under us. Or, we could be accused of bribing the 3rd
party to agree with our figures, and on and on. Trust is a real problem with an
anonymous and irrevocable currency.
It is true that we could disclose all of the Bitcoin payment addresses we
manage and let everyone look them up and track the lineage of the coins. This
is also troublesome due to the way that we defragment small payments to keep
the processing engine speedy. Also there are the moral implications of
disclosing our client's finances. We are sure that, unknowingly to us, that our
processing system has been used for nefarious purposes.
_A_GIFT_TO_THE_COMMUNITY_
After the claims have all been filed and dealt with we will be releasing the
entire MyBitcoin processing engine into the public domain. Our only hope is
that the community can improve and adapt the software to all sorts of new and
interesting Bitcoin-related things.
Tom Williams
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MBC v1.0
iQEcBAEBAgAGBQJOPKN1AAoJEJ+5g06lAnqFeOYH/3XC0EPw23Yv9UPvvutvi7rR
2xkC3lQnltmUD9hiW1awCEVqLw3ehaU/5/9tf8NtjOlABhw0OPIGHGDasg3OYDW+
eg80/YRQ/sxfkRU362fxcxA8pQW6MLT75PggAO8YXZ0Dgghed8J3m3kLMcnsaO10
o3kvGYUeuRzoRnF+bCAhbrfJLMWGITFyQRV+36/t4D2Wh6WisEm6xrk388Zwdb/f
KaRxpwxtzopgQXuGHIOf6E3vCk/RsmLXdV6rLjSErL4k/eozEKQ0a7OCx7Yurd0B
eXRp0VOf2k4AeVS89qc2a1wGhVvT40P85agUVpICgSSRKS5vDcBSGmDWVIoQ6PU=
=NDRV
-----END PGP SIGNATURE-----
Can we keep discussion on mybitcoin instead of whether or not a certain fed program is a fraud?
KTHXBYE!
KTHXBYE!
Maybe once he saw the posts about a bounty on his head, he got a little antsy. These geeks are some great detectives.
this wasn't clear... the bounty will be on the hacker of my bitcoin .. maybe thats Tom Williams him self, and maybe not .. so far we have a poeple have committed a total of 25 btc
how ever we these poeple are holding on to the coins themselves, seeing how no one seems to trust anyone these days
Due to the amount of Bitcoins we are talking Millions of dollars here are we not??? I did not have any coins there, but I am willing to pledge Money, Time, Resources and I think everyone who has lost a significant amount would contribute in some way to at least try and recoup the loss! Where is it upto?
There are protocols for being able to store info online...its just that's its vaporware right now for our community.
The only reason I trust an online bank is the FDIC.
There will probably never be a bitcoin equivalent to the FDIC anytime soon and therefore your magical protocol is just a sign for "take my bitcoins please". IMHO of course.
Good luck with that.
If the actual money(bitcoin) is held safely online, the wallet can be held just as securely...
I find that proposition to be absurd. I only really trust ME. Not some anonymous guy on the internet.
There are protocols for being able to store info online...its just that's its vaporware right now for our community. That shouldn't stop us from pressing forward towards a long run solution. I dont know of anyone heading towards stuffing gold in mattresses as an ordinary solution to banking. People are putting the cart before the horse and getting trampled.
If the actual money(bitcoin) is held safely online, the wallet can be held just as securely...
I find that proposition to be absurd. I only really trust ME. Not some anonymous guy on the internet.
I trust bitcoins, but I do not trust online wallet services. I keep the bulk of mt btc offline in USB sticks. When they are online they boot up with linux and are in an encrypted wallet. I do it every once in a while to update balances and update the blockchain.
The thieves are going to go where the money is...online or offline. If the actual money(bitcoin) is held safely online, the wallet can be held just as securely...Actually, I don't even view this as a robbery...I view it as a con artist and those guys/gals will smoothtalk their way to it no matter how you store the money.
Maybe once he saw the posts about a bounty on his head, he got a little antsy. These geeks are some great detectives.
this wasn't clear... the bounty will be on the hacker of my bitcoin .. maybe thats Tom Williams him self, and maybe not .. so far we have a poeple have committed a total of 25 btc
how ever we these poeple are holding on to the coins themselves, seeing how no one seems to trust anyone these days
Maybe once he saw the posts about a bounty on his head, he got a little antsy. These geeks are some great detectives.
this wasn't clear... the bounty will be on the hacker of my bitcoin .. maybe thats Tom Williams him self, and maybe not .. GOXED again!
when will people learn to keep their money offline? they could save themselves a lot of time by just throwing their money away.
when will people learn to keep their money offline? they could save themselves a lot of time by just throwing their money away.
For some reason people insist on keeping money online. It baffles me.
Are you being saracastic? Or questioning why someone would trust in bitcoins?
I trust bitcoins, but I do not trust online wallet services. I keep the bulk of mt btc offline in USB sticks. When they are online they boot up with linux and are in an encrypted wallet. I do it every once in a while to update balances and update the blockchain.
I thought they meant to keep your 'coins on an ewallet instead of on your own storage media
GOXED again!
when will people learn to keep their money offline? they could save themselves a lot of time by just throwing their money away.
when will people learn to keep their money offline? they could save themselves a lot of time by just throwing their money away.
For some reason people insist on keeping money online. It baffles me.
Are you being saracastic? Or questioning why someone would trust in bitcoins?
In the Bitcoin vernacular, you're "offline" if you keep your wallet somewhere not connected to the internet. You can still send coins to this address while offline, so you only need to plug in to withdraw.
GOXED again!
when will people learn to keep their money offline? they could save themselves a lot of time by just throwing their money away.
when will people learn to keep their money offline? they could save themselves a lot of time by just throwing their money away.
For some reason people insist on keeping money online. It baffles me.
Are you being saracastic? Or questioning why someone would trust in bitcoins?
Thanks guys,
Thats what I was thinking, the name you guys have become familiar with was just a agent they use. He woould already have a copy of that agents resignation in hand for the day he wants to take control and cash out. That's how they work.
Thats what I was thinking, the name you guys have become familiar with was just a agent they use. He woould already have a copy of that agents resignation in hand for the day he wants to take control and cash out. That's how they work.
Yep, and the company can be dissolved without the identity of the real owners ever being disclosed.
One thing which surprised me was just how cheap it is to set up a Nevis LLC, complete with an agent acting as manager/director and an off-shore bank account (which can be in Belize or Panama rather than Nevis). It only costs about USD 2000.00 to set it up.
Thanks guys,
Thats what I was thinking, the name you guys have become familiar with was just a agent they use. He woould already have a copy of that agents resignation in hand for the day he wants to take control and cash out. That's how they work.
Thats what I was thinking, the name you guys have become familiar with was just a agent they use. He woould already have a copy of that agents resignation in hand for the day he wants to take control and cash out. That's how they work.
What company are you talking about? Did mybitcoin.com have company registered in Nevis? Please provide a link if you have any...
Mybitcoin itself seems to be an LLC registered in Nevis.
Google cache
http://webcache.googleusercontent.com/search?q=cache:zCsRhAIh7eQJ:https://www.mybitcoin.com/legal/terms.php+mybitcoin+llc&cd=2&hl=en&ct=clnk&gl=au&source=www.google.com.au
Meridian Trust - which which shows up in its whois history - and Morning Star holdings are company agents/trustees for shelf companies. There are a lot of similar services in Nevis which act as the registered agents for people wanting to hide the identity of the real owners of off-shore companies.
Jump to: