[Payout Updates] Bitcoinica site is taken offline for security investigation - page 13.

Phinnaeus Gage

legendary

Activity: 1918

Merit: 1570

Bitcoin: An Idea Worth Spending

Quote from: ?? on ??

Intersango guys were paid to do a review of the source code. I got this personally from an Intersango guy. If they checked this out and left the password in the code? Umm? WTF?

And if Intersango guys uploaded that code and password to the public?

WTF!!

I see why police will not be called....

For several hours last night, I conducted a lot of research and meant to comment on this post before calling it a night. I, too, find it odd that Bitcoinica's security audit was conducted by Intersango. That's akin to Mt Gox having their exchange audited by their own (made-up) Security: The Gathering.

~Bruno~

Vod

legendary

Activity: 3668

Merit: 3010

Licking my boob since 1970

Quote from: proudhon on July 15, 2012, 10:33:08 AM

What else is there to say, really?

July 15, 2012 - We are sad to report someone has broken into our home and taken our laptop containing the cold storage wallet for the remainder of the bitcoinica funds. We didn't think to encrypt the wallet because we thought it was safe. Sorry Sad

proudhon

legendary

Activity: 2198

Merit: 1311

Quote from: HorseRider on July 15, 2012, 10:28:40 AM

it's really astonishing for me that after 70+ pages of dicussion, genjix has been able to remain silence.

What else is there to say, really?

HorseRider

donator

Activity: 1120

Merit: 1001

it's really astonishing for me that after 70+ pages of dicussion, genjix has been able to remain silence.

Mushoz

hero member

Activity: 686

Merit: 500

Bitbuy

So how is this latest disaster going to affect the payouts? When will the payouts resume?

Bitcoin Oz

hero member

Activity: 686

Merit: 500

Wat

repentance

hero member

Activity: 868

Merit: 1000

Quote from: Phinnaeus Gage on July 13, 2012, 10:30:00 PM

Secure more VC? He provides VC!

The two aren't mutually exclusive.

Bitcoin Oz

hero member

Activity: 686

Merit: 500

Wat

If more money gets stolen its less he needs to pay out. No wonder he didnt change the password

Phinnaeus Gage

legendary

Activity: 1918

Merit: 1570

Bitcoin: An Idea Worth Spending

Quote from: repentance on July 13, 2012, 10:13:28 PM

Quote from: markm on July 13, 2012, 10:04:36 PM

Some idiot angel venture capital investor invested $500,000 in these imbeciles!?!?!?

I had no idea any of this was connected to the whole "$500,000 to talk game companies into a scheme" plan was anything to do with the rest of this.

How skilled a con-person does one have to be to talk an angel investor out of $500,000?

This gets weirder and weirder...

-MarkM-

No. CoinLab is a separate venture altogether in which Tihan is (was) involved. While I believe that he might play hardball as a businessman, it's hard to believe that he'd intentionally fuck up Bitcoinica given the likelihood of him wanting to secure more VC for future projects.

http://www.forbes.com/sites/jonmatonis/2012/04/24/coinlab-attracts-500000-in-venture-capital-for-bitcoin-projects/

Secure more VC? He provides VC!

Phinnaeus Gage

legendary

Activity: 1918

Merit: 1570

Bitcoin: An Idea Worth Spending

Quote from: markm on July 13, 2012, 10:04:36 PM

Some idiot angel venture capital investor invested $500,000 in these imbeciles!?!?!?

I had no idea any of this was connected to the whole "$500,000 to talk game companies into a scheme" plan was anything to do with the rest of this.

How skilled a con-person does one have to be to talk an angel investor out of $500,000?

This gets weirder and weirder...

-MarkM-

EDIT: Aha, who was the angel? The chronic haxor(s) who have dogged bitcoin's footsteps since way back when?

I suggest next time anyone sells some bitcoin business they bear in mind that the purchaser(s) of Bitcoinica might not be the only haxors who regret not having got into the "be a trusted site" game early like MyBitcoin and see buying an existing site as a way to make up for that lost time...

-MarkM-

Believe it or not, there's a lot to be said about this post.

First, I share this. Google TS and take a close look at his mug, noting the age. 'Nough about that.

Next, there sure the hell is a major connection between Coinlabs and this debacle (damn, I'm in a good mood). Also, Coinlabs seems to have a name change(s) issue of their own, namely some Carlos dude (sorry for not providing a last name, but he keeps changing it).

~Bruno~

markm

legendary

Activity: 2940

Merit: 1090

Quote from: Phinnaeus Gage on July 13, 2012, 10:17:10 PM

Tihan is also smart enough to protect his cards while sitting in the #10 seat and still in a hand. This post reminds me of something I read the other day while researching Tihan, but I'm not sure how long it would take for me to re-find it. The dude knows more than what meets the eye, with securing data being one such attribute in his arsenal.

~Bruno~

So his failing to have the password changed would have to have been intentional then, right, given his expertise at securing data?

-MarkM-

Phinnaeus Gage

legendary

Activity: 1918

Merit: 1570

Bitcoin: An Idea Worth Spending

Quote from: Raoul Duke on July 13, 2012, 08:21:10 PM

Quote from: ?? on ??

Quote from: markm on July 13, 2012, 08:04:38 PM

Quote from: repentance on July 13, 2012, 07:53:28 PM

(the reason Tihan keeps repeating that his role was hands off is because he'd lose safe harbour protection from liability if he took part in the day to day running of the company).

He had the critical password, apparently. So while he might be able to wash his hands of responsibility for money-laundering going through his pipelines he remains a prime suspect in the theft. He could have insisted that password be changed had he wanted to wash his hands of that.

-MarkM-

I dont think he had it alone. He was provided with this password at best, Tihan isn't really an IT developer to go through the code base, pull mtgox key and set as a master key in last pass. ZT said he didn't do it

He is competent enough to edit source code files and push commits to github at least.

Code:

commit 0f075c054416ebba0f7c0a4809b8394d3a11cca6
Author: mode80
Date: Fri May 4 16:56:05 2012 -0700

Updates deposit page with the Core Credit wire transfer address.

commit 97bbfe51bafb0a99345fcb90000a1e2343a7ed83
Author: mode80
Date: Sat Apr 21 10:54:41 2012 -0700

Fix deposit page brokenness? (take 3)

commit d76c555941f4a7dce53a24cf03c36acf6af2b623
Author: mode80
Date: Sat Apr 21 10:41:18 2012 -0700

Fix deposit page brokenness? (take 2)

commit 47a50db07a01e6c42c858c3de138d616b51a40aa
Author: mode80
Date: Sat Apr 21 10:21:43 2012 -0700

Fixes deposit page brokenness?

commit fe493606b0bb03c212f703c9284a0d9d42416a41
Merge: 520894c 04a6fc4
Author: mode80
Date: Sat Apr 21 09:55:54 2012 -0700

Merge branch 'master' of github.com:bitcoinica/bitcoinica

And some more if you run a git log on the bitcoinica source code that genjix leaked

Tihan is also smart enough to protect his cards while sitting in the #10 seat and still in a hand. This post reminds me of something I read the other day while researching Tihan, but I'm not sure how long it would take for me to re-find it. The dude knows more than what meets the eye, with securing data being one such attribute in his arsenal.

~Bruno~

repentance

hero member

Activity: 868

Merit: 1000

Quote from: markm on July 13, 2012, 10:04:36 PM

Some idiot angel venture capital investor invested $500,000 in these imbeciles!?!?!?

I had no idea any of this was connected to the whole "$500,000 to talk game companies into a scheme" plan was anything to do with the rest of this.

How skilled a con-person does one have to be to talk an angel investor out of $500,000?

This gets weirder and weirder...

-MarkM-

No. CoinLab is a separate venture altogether in which Tihan is (was) involved. While I believe that he might play hardball as a businessman, it's hard to believe that he'd intentionally fuck up Bitcoinica given the likelihood of him wanting to secure more VC for future projects.

http://www.forbes.com/sites/jonmatonis/2012/04/24/coinlab-attracts-500000-in-venture-capital-for-bitcoin-projects/

Bitcoin Oz

hero member

Activity: 686

Merit: 500

Wat

Quote from: markm on July 13, 2012, 08:29:40 PM

Quote from: zhoutong on July 13, 2012, 08:12:09 PM

My version of the story is, Tihan selected a password from one of the Mt. Gox API keys and we face-to-face agreed to use that. There was no plan to release the source code ever (and if I did it myself, I would at least remove the credentials). The password has never been changed for 5 months, despite the transfer of ownership.

I didn't expect to be able to log in to LastPass after Bitcoinica Consultancy took over. So I didn't try.

That nicely fits another nice little theory which is simply that the entire gameplan of buying bitcoinica from you was from the start to pull a MyBitcoin. Leaving the password unchanged would in such a storyline be deliberate, a way to tar you with the same brush they planned all along to be painting all the pots and kettles black with.

You should have insisted they change all passwords to one you would not know. Heck in furire I would consider getting that in writing, so that if at any future time it emerged they used any password that was known to you you could sue them for deliberate attempt at defamation of character and/or framing you or adding you to a suspects list.

I sure hope the Canadian Imperial Bank of Commerce data centre changed the vault combination when I left them, I'd hate to find myself swept up in a dragnet someday due to something nasty happening and it turning out they neglected that simple standard normal expectable step.

-MarkM-

I hope my last workplace changed the keys on their factory that I had a copy of. Id hate to be blamed when the company property dissapears.

Bitcoin Oz

hero member

Activity: 686

Merit: 500

Wat

Quote from: markm on July 13, 2012, 08:04:38 PM

Quote from: repentance on July 13, 2012, 07:53:28 PM

(the reason Tihan keeps repeating that his role was hands off is because he'd lose safe harbour protection from liability if he took part in the day to day running of the company).

He had the critical password, apparently. So while he might be able to wash his hands of responsibility for money-laundering going through his pipelines he remains a prime suspect in the theft. He could have insisted that password be changed had he wanted to wash his hands of that.

-MarkM-

If he had the master password then he should be liable to some degree.

markm

legendary

Activity: 2940

Merit: 1090

Some idiot angel venture capital investor invested $500,000 in these imbeciles!?!?!?

I had no idea any of this was connected to the whole "$500,000 to talk game companies into a scheme" plan was anything to do with the rest of this.

How skilled a con-person does one have to be to talk an angel investor out of $500,000?

This gets weirder and weirder...

-MarkM-

EDIT: Aha, who was the angel? The chronic haxor(s) who have dogged bitcoin's footsteps since way back when?

I suggest next time anyone sells some bitcoin business they bear in mind that the purchaser(s) of Bitcoinica might not be the only haxors who regret not having got into the "be a trusted site" game early like MyBitcoin and see buying an existing site as a way to make up for that lost time...

-MarkM-

repentance

hero member

Activity: 868

Merit: 1000

Quote from: markm on July 13, 2012, 08:04:38 PM

Quote from: repentance on July 13, 2012, 07:53:28 PM

(the reason Tihan keeps repeating that his role was hands off is because he'd lose safe harbour protection from liability if he took part in the day to day running of the company).

He had the critical password, apparently. So while he might be able to wash his hands of responsibility for money-laundering going through his pipelines he remains a prime suspect in the theft. He could have insisted that password be changed had he wanted to wash his hands of that.

-MarkM-

Why risk CoinLab in that way, though? CoinLabs had just secured $500,000 in venture capital not long before the announcement that "the Intersango guys" (I think it's important for people to understand the distinction between Intersango itself and the role of Patrick, Donald and Amir in Bitcoinica) would be operating Bitcoinica.

I seriously think we need a flow chart of everything which has happened with Bitcoinica since the mysterious Wendon bought Bitcoinica in October 2011. We know it was Tihan's group which brought the Intersango guys onboard in March 2012, but there's not a whole lot of information about the intervening period. The fact that zhoutong was still being paid such a large monthly amount for his continued services to Bitcoinica also suggests that nobody else really knew how to keep it running.

markm

legendary

Activity: 2940

Merit: 1090

Quote from: zhoutong on July 13, 2012, 08:12:09 PM

My version of the story is, Tihan selected a password from one of the Mt. Gox API keys and we face-to-face agreed to use that. There was no plan to release the source code ever (and if I did it myself, I would at least remove the credentials). The password has never been changed for 5 months, despite the transfer of ownership.

I didn't expect to be able to log in to LastPass after Bitcoinica Consultancy took over. So I didn't try.

That nicely fits another nice little theory which is simply that the entire gameplan of buying bitcoinica from you was from the start to pull a MyBitcoin. Leaving the password unchanged would in such a storyline be deliberate, a way to tar you with the same brush they planned all along to be painting all the pots and kettles black with.

You should have insisted they change all passwords to one you would not know. Heck in future I would consider getting that in writing, so that if at any future time it emerged they used any password that was known to you you could sue them for deliberate attempt at defamation of character and/or framing you or adding you to a suspects list.

I sure hope the Canadian Imperial Bank of Commerce data centre changed the vault combination when I left them, I'd hate to find myself swept up in a dragnet someday due to something nasty happening and it turning out they neglected that simple standard normal expectable step.

-MarkM-

sadpandatech

hero member

Activity: 504

Merit: 500

Quote from: zhoutong on July 13, 2012, 08:12:09 PM

Quote from: ?? on ??

I dont think he had it alone. He was provided with this password at best, Tihan isn't really an IT developer to go through the code base, pull mtgox key and set as a master key in last pass. ZT said he didn't do it

My version of the story is, Tihan selected a password from one of the Mt. Gox API keys and we face-to-face agreed to use that. There was no plan to release the source code ever (and if I did it myself, I would at least remove the credentials). The password has never been changed for 5 months, despite the transfer of ownership.

I didn't expect to be able to log in to LastPass after Bitcoinica Consultancy took over. So I didn't try.

no worries there. The fact that the password was the exact same 5 months later and was in the source that magicly got 'hacked' from Genjix's 'box' tells me that Intersango noticed upfront that the source and lastpass were the same and kept it that way intentionally for later use....
that's my version of the story. ;p

Raoul Duke

legendary

Activity: 1358

Merit: 1002

Quote from: ?? on ??

Quote from: markm on July 13, 2012, 08:04:38 PM

Quote from: repentance on July 13, 2012, 07:53:28 PM

(the reason Tihan keeps repeating that his role was hands off is because he'd lose safe harbour protection from liability if he took part in the day to day running of the company).

He had the critical password, apparently. So while he might be able to wash his hands of responsibility for money-laundering going through his pipelines he remains a prime suspect in the theft. He could have insisted that password be changed had he wanted to wash his hands of that.

-MarkM-

I dont think he had it alone. He was provided with this password at best, Tihan isn't really an IT developer to go through the code base, pull mtgox key and set as a master key in last pass. ZT said he didn't do it

He is competent enough to edit source code files and push commits to github at least.

Code:

commit 0f075c054416ebba0f7c0a4809b8394d3a11cca6
Author: mode80
Date: Fri May 4 16:56:05 2012 -0700

Updates deposit page with the Core Credit wire transfer address.

commit 97bbfe51bafb0a99345fcb90000a1e2343a7ed83
Author: mode80
Date: Sat Apr 21 10:54:41 2012 -0700

Fix deposit page brokenness? (take 3)

commit d76c555941f4a7dce53a24cf03c36acf6af2b623
Author: mode80
Date: Sat Apr 21 10:41:18 2012 -0700

Fix deposit page brokenness? (take 2)

commit 47a50db07a01e6c42c858c3de138d616b51a40aa
Author: mode80
Date: Sat Apr 21 10:21:43 2012 -0700

Fixes deposit page brokenness?

commit fe493606b0bb03c212f703c9284a0d9d42416a41
Merge: 520894c 04a6fc4
Author: mode80
Date: Sat Apr 21 09:55:54 2012 -0700

Merge branch 'master' of github.com:bitcoinica/bitcoinica

And some more if you run a git log on the bitcoinica source code that genjix leaked

Topic: [Payout Updates] Bitcoinica site is taken offline for security investigation - page 13. (Read 156711 times)