Pages:
Author

Topic: Mybitcoin.com Press Release #2 - page 6. (Read 13782 times)

newbie
Activity: 21
Merit: 0
August 05, 2011, 09:13:12 PM
#5
Quote
Their balance will be displayed along with the percentage of remaining Bitcoins that we still have in our holdings. That percentage will be paid to a Bitcoin address of their choosing. This percentage will be based on our current total liabilities vs. our existing assets.

This seems strangely worded, wonder what they mean?
vip
Activity: 1052
Merit: 1155
August 05, 2011, 09:12:40 PM
#4
Tom Williams,

You better come up with %100 of everyone's bitcoins ASAP even if you need to buy them with your own money from one of the exchanges.

Those bitcoins are YOUR responsibility.

I can think of times in my life where I made mistakes,  and paid tens of thousands of dollars out of my own pocket to make things right.

Now it is your turn.

Do the right thing.
legendary
Activity: 1330
Merit: 1000
Bitcoin
August 05, 2011, 09:11:57 PM
#3
Seems like pretty good news to me!

I haven't lost anything.. so easy for me to say I guess.


Kudos for the public domain software release.  Great idea.



Same I haven't lost anything either ...I do like the idea of having a look at the "engine" ...hopefully, this clears somethings up but I don't know really..
legendary
Activity: 1092
Merit: 1001
August 05, 2011, 09:11:13 PM
#2
Seems like pretty good news to me!

I haven't lost anything.. so easy for me to say I guess.


Kudos for the public domain software release.  Great idea.

legendary
Activity: 1330
Merit: 1000
Bitcoin
August 05, 2011, 09:04:58 PM
#1
Friday, August 5th, 2011

From the desk of Tom Williams, operator of MyBitcoin.com

For immediate release.

SECURITY BREACH DISCLOSURE

After careful analysis of the intrusion we have concluded that the software that waited for Bitcoin confirmations was far too lenient. An unknown attacker was able to forge Bitcoin deposits via the Shopping Cart Interface (SCI) and withdraw confirmed/older Bitcoins. This led to a slow trickle of theft that went unnoticed for a few days. Luckily, we do keep a percentage of the holdings in cold storage so the attackers didn’t completely clean us out. Just to clarify, we weren’t “fully” hacked aka “rooted”. You can still trust our PGP, SSL, and Tor public keys.
It appears to be human error combined with a misunderstanding of how Bitcoin secures transactions into the next block. Our programmer was under the assumption that one block was good enough to secure a transaction. Two years ago when the software was written, this single confirm myth was a popular belief.
In hindsight we should have credited deposits after one confirmation so they would show up in the transaction history, and held the deposit until it reached at least 3 confirmations. Keeping track of two balances and displaying them in the login area would have been trivial.

CLAIM PROCESS DISCLOSURE

We are in the process of building a claim procedure for the remainder of the holdings now. We expect that we will have it online soon.

The claim process will consist of a online form where the claimant will be required to enter their MyBitcoin username and password. Their balance will be displayed along with the percentage of remaining Bitcoins that we still have in our holdings. That percentage will be paid to a Bitcoin address of their choosing. This percentage will be based on our current total liabilities vs. our existing assets. We will disclose these figures as soon as they have been totaled.

Each online claim will be written to a ledger and will be manually approved within 48 hours of being filed online. We have decided to have a manual claim approval process for better security. The last thing we all need right now is for someone to breach the claim form. We are confident clients will find this satisfactory.

RECEIVERSHIP

After some research and careful consideration regarding the appointment of a receiver we have concluded that it would be very costly and slow.

Also, finding a receiver that even understands what a Bitcoin is or how to handle the claim process online would be troublesome, and would only end up in increasing our costs. Receivers are typically paid from the remaining assets and we’d like to maximize the amount that we can disperse to our clients.

We have been trying to figure out a way to appoint a 3rd party to certify the asset/liability figures, but there are many risks involved. It would involve having us trust some unknown agent that could possibly just steal the rest of the holdings out from under us. Or, we could be accused of bribing the 3rd party to agree with our figures, and on and on. Trust is a real problem with an anonymous and irrevocable currency.

It is true that we could disclose all of the Bitcoin payment addresses we manage and let everyone look them up and track the lineage of the coins. This is also troublesome due to the way that we defragment small payments to keep the processing engine speedy. Also there are the moral implications of disclosing our client’s finances. We are sure that, unknowingly to us, that our processing system has been used for nefarious purposes.

A GIFT TO THE COMMUNITY

After the claims have all been filed and dealt with we will be releasing the entire MyBitcoin processing engine into the public domain. Our only hope is that the community can improve and adapt the software to all sorts of new and interesting Bitcoin-related things.



Tom Williams
Pages:
Jump to: