Pages:
Author

Topic: Mybitcoin.com Press Release #2 - page 5. (Read 13805 times)

jed
full member
Activity: 182
Merit: 107
Jed McCaleb
August 06, 2011, 12:24:13 AM
#25
Wouldn't these double spend attacks be noticed by other clients though?
legendary
Activity: 1596
Merit: 1100
August 06, 2011, 12:09:25 AM
#24
A post by Theymos on July 1st, in another MyBitcoin thread:

Quote
MyBitcoin is still accepting payments with only 1 confirmation. This is insane for a bank. Any miner capable of mining two blocks in a row can steal money from MyBitcoin pretty easily. I'm surprised no one has attempted it yet.
- https://bitcointalksearch.org/topic/m.309173


Indeed.  mtgox requires 6 confirmations, IIRC.

legendary
Activity: 2506
Merit: 1010
August 06, 2011, 12:08:03 AM
#23
Quote
What they are proporting to have happened has nothing to do with a 'double spend' as it would refer to spending the coins immediatly from the account to elsewhere before the site could see that no deposit showed up in the blockchain.

A post by Theymos on July 1st, in another MyBitcoin thread:

Quote
MyBitcoin is still accepting payments with only 1 confirmation. This is insane for a bank. Any miner capable of mining two blocks in a row can steal money from MyBitcoin pretty easily. I'm surprised no one has attempted it yet.
- https://bitcointalksearch.org/topic/m.309173
hero member
Activity: 504
Merit: 500
August 05, 2011, 11:10:50 PM
#22
It appears to be human error combined with a misunderstanding of how Bitcoin secures transactions into the next block. Our programmer was under the assumption that one block was good enough to secure a transaction. Two years ago when the software was written, this single confirm myth was a popular belief.
In hindsight we should have credited deposits after one confirmation so they would show up in the transaction history, and held the deposit until it reached at least 3 confirmations. Keeping track of two balances and displaying them in the login area would have been trivial.
Luckily for us, this just told us enough that we could validate his whole story. Wasn't someone working on double-spend detection? Well, we need that ASAP.


  What they are proporting to have happened has nothing to do with a 'double spend' as it would refer to Bitcoins. He expects us to believe that the shopping cart was vulnerable to someone using an 'on the fly' type editor like fiddler, etc to put in a fake deposit via the website's shopping cart and then spending the coins immediatly from the account to elsewhere before the site could see that no deposit showed up in the blockchain.

  I'd like to hear a lot more details on the weak point in the SCI that allowed said depsoits. Just seems that if it was as simple as just modifying the input from the client side that someone would have detected and exploited it long before the point this announced breach was discovered.
legendary
Activity: 1204
Merit: 1015
August 05, 2011, 10:56:38 PM
#21
It appears to be human error combined with a misunderstanding of how Bitcoin secures transactions into the next block. Our programmer was under the assumption that one block was good enough to secure a transaction. Two years ago when the software was written, this single confirm myth was a popular belief.
In hindsight we should have credited deposits after one confirmation so they would show up in the transaction history, and held the deposit until it reached at least 3 confirmations. Keeping track of two balances and displaying them in the login area would have been trivial.
Luckily for us, this just told us enough that we could validate his whole story. Wasn't someone working on double-spend detection? Well, we need that ASAP.
legendary
Activity: 1764
Merit: 1015
August 05, 2011, 10:47:58 PM
#20
Tom Williams,

You better come up with %100 of everyone's bitcoins ASAP even if you need to buy them with your own money from one of the exchanges.

Those bitcoins are YOUR responsibility.

I can think of times in my life where I made mistakes,  and paid tens of thousands of dollars out of my own pocket to make things right.

Now it is your turn.

Do the right thing.
qft
legendary
Activity: 1330
Merit: 1000
Bitcoin
August 05, 2011, 10:44:03 PM
#19
If the guy's story is true, I would vote that Bruce be a trusted third party (in spite of a gigantic potential for conflict of interest.)  Maybe I am particularly gullible, but I would bet several BTC that Bruce would err on the side of caution and even against his own personal interests to see that things were wrapped up as fairly as possible.

...but then I had no account at mybitcoin.com.

Bruce is affected as well
The Bitcoin Show - Episode 033 - MyBitcoin, Contacting FBI, Discuss on Freenode https://bitcointalksearch.org/topic/m.426546

And is very hands on with this situation
Make No Mistake: MyBitcoin is NOT Back Up!
https://bitcointalksearch.org/topic/make-no-mistake-mybitcoin-is-not-back-up-34617

I actually PM'd him the press release to find out what he thinks about it waiting word.
hero member
Activity: 630
Merit: 500
Posts: 69
August 05, 2011, 10:09:37 PM
#18
If the guy's story is true, I would vote that Bruce be a trusted third party (in spite of a gigantic potential for conflict of interest.)  Maybe I am particularly gullible, but I would bet several BTC that Bruce would err on the side of caution and even against his own personal interests to see that things were wrapped up as fairly as possible.

...but then I had no account at mybitcoin.com.

Bruce is affected as well
The Bitcoin Show - Episode 033 - MyBitcoin, Contacting FBI, Discuss on Freenode https://bitcointalksearch.org/topic/m.426546

And is very hands on with this situation
Make No Mistake: MyBitcoin is NOT Back Up!
https://bitcointalksearch.org/topic/make-no-mistake-mybitcoin-is-not-back-up-34617
hero member
Activity: 868
Merit: 1002
August 05, 2011, 10:05:13 PM
#17
Well, someone claim their account and tell us what the % is.

If it's like 96% I say all you guys learned a valuable lesson at very little cost. If it's 50%, well, at least you didn't lose it all.
legendary
Activity: 4760
Merit: 1283
August 05, 2011, 09:57:24 PM
#16
If the guy's story is true, I would vote that Bruce be a trusted third party (in spite of a gigantic potential for conflict of interest.)  Maybe I am particularly gullible, but I would bet several BTC that Bruce would err on the side of caution and even against his own personal interests to see that things were wrapped up as fairly as possible.

...but then I had no account at mybitcoin.com.
legendary
Activity: 980
Merit: 1020
August 05, 2011, 09:46:37 PM
#15
When a service go silent, people assume the worst and go on a witchhunt. (That's why all critically important service should have an offsite status page where they can communicate)

Keep a cool head and see how Tom William perform, guys.  
legendary
Activity: 1106
Merit: 1001
August 05, 2011, 09:34:52 PM
#14

OR, they've been taking Bitcoins for a long time. So far they have had enough people keeping BTC in the accounts they have been able to pay when people take BTC out. As the service had more and more people taking BTC out the wallet was getting empty. Then claim part was stolen and refund the remainder once they can no longer pay when people take BTC out.


Yup, and dump thousands into the market in the process, bringing down prices and allowing them to buy back making a profit. Then say they managed to save a percentage, and it's better not to use that money to go into receivership.

We could be taking many tens or hundreds of thousands.
member
Activity: 84
Merit: 10
August 05, 2011, 09:34:24 PM
#13
Sounds to me that this is another story to buy time, it does not make sense at all, they should still have 100% of the coins and as mentioned above by Memory Dealers any missing coins if ANY should be replaced by mybitcoin.com and also as mentioned the double spending etc, it does not all add up.

He / They are not providing a contact email or any IRC Chat for people to discus what is actually going on, by posting stuff randomly like this it seems He / They are watching the forums, and the bitcoin-police in freenode and keeping an eye on how close people are to finding out the truth and identity and real information.

Im hope everyone gets their full return of coins, this liabilities rubbish is not the problem of the depositors that placed the coins there, liabilities are his companies problem.

Hopefully this is dealt with very quickly! Nothing makes sense though!
legendary
Activity: 1386
Merit: 1004
August 05, 2011, 09:33:19 PM
#12
Tom Williams,

You better come up with %100 of everyone's bitcoins ASAP even if you need to buy them with your own money from one of the exchanges.

Those bitcoins are YOUR responsibility.

I can think of times in my life where I made mistakes,  and paid tens of thousands of dollars out of my own pocket to make things right.

Now it is your turn.

Do the right thing.
I have to give that a +1 as well.  Spot on.
hero member
Activity: 672
Merit: 500
BitLotto - best odds + best payouts + cheat-proof
August 05, 2011, 09:30:52 PM
#11

OR, they've been taking Bitcoins for a long time. So far they have had enough people keeping BTC in the accounts they have been able to pay when people take BTC out. As the service had more and more people taking BTC out the wallet was getting empty. Then claim part was stolen and refund the remainder once they can no longer pay when people take BTC out.
sr. member
Activity: 372
Merit: 250
August 05, 2011, 09:22:53 PM
#10
Tom Williams,

You better come up with %100 of everyone's bitcoins ASAP even if you need to buy them with your own money from one of the exchanges.

Those bitcoins are YOUR responsibility.

I can think of times in my life where I made mistakes,  and paid tens of thousands of dollars out of my own pocket to make things right.

Now it is your turn.

Do the right thing.

+1

Couldn't have said it better myself, Memory Dealers.
legendary
Activity: 1092
Merit: 1001
August 05, 2011, 09:21:39 PM
#9
Well since they are bankrupting people will get what they get.  Hopefully for them they kept most of their money in cold storage.  If I were in their shoes I'd try to keep going under partial reserve untill they can recoup the BTC.  Then again their image may be so damaged at this point it's not possible.

Yes - the sad thing is.. If he'd come out with a more immediate statement, and been willing to compromise his identity (at least perhaps to certain community members if not completely publicly) - he might have been able to sell it as a going concern even with the existing liability of missing coins.

Even if the losses are huge - This could have been handled so much better.  I strongly believe there would have been investment funds available only a week or two back because the mybitcoin brand was so big.   The week's silence was devastating.
sr. member
Activity: 462
Merit: 250
August 05, 2011, 09:20:36 PM
#8
He has not explained why people were being locked out of their accounts from over a month ago, nor why they received no responses to requests through the messaging system.
full member
Activity: 125
Merit: 100
August 05, 2011, 09:18:40 PM
#7
The tech explanation doesn't add up. Is he saying they were the victim of double spend attacks?
That's the only reason 1 vs 1000 confirmations should matter.
It would be so hard to pull off a double spend in this manner that this still smacks of BS.
full member
Activity: 126
Merit: 100
August 05, 2011, 09:17:15 PM
#6
Well since they are bankrupting people will get what they get.  Hopefully for them they kept most of their money in cold storage.  If I were in their shoes I'd try to keep going under partial reserve untill they can recoup the BTC.  Then again their image may be so damaged at this point it's not possible.
Pages:
Jump to: