Topic: [Payout Updates] Bitcoinica site is taken offline for security investigation - page 66. (Read 156693 times)

Cool story bro,

So where are the refunds?

Probably nobody asked before, but: Are you 100% sure that was really the cause?

After all, if the password reset email was sent to 4 different emails how can you be sure that they clicked the link from Patricks email and it wasn't Zhou Tong to click it from his email or someone else?

Just askin'...

No. It was hacked because someone's personal email was compromised.

This is the third time Bitcoinica has been compromised. Everyone knew there were security problems. That's why we were signed on to help secure it. Not only that, but the site was losing money because of the inefficient way it was being run. These were problems which were identified, and a plan drawn up to fix them. The plan did not get a chance to run beyond the bare beginning. Normally our policy for identified flaws in Intersango is to shut down the site until it's fixed. However I think with Bitcoinica, it wasn't our site to shut down (imagine bringing someone on and they shut down your site). But once Bitcoinica was compromised, we had it shut down, and it will stay shut down until people are paid. It will not go back online unless it is secure and in our total control. This is different to Bitomat or MtGox who were compromised and had identified flaws, but kept operating regardless. The situation here is complicated by the fact that Bitcoinica was undergoing a transition during this interval, and the specifics or leadership and technicals were still being agreed upon. It was during this time, that the keys were being slowly handed over and the documents were being signed (I only went to try and notarise my signature the day before the attack).

We have quickly added database locking to every single transaction that involves money. Database locking ensures and strictly requires concurrent processes to process data entries exclusively.


You were running Bitcoinica on ISAM!!??

How many times are you going to make this mistake? Don't stop posting!
What do you mean by technical problems have been resolved? Does that mean the entire database has been reconstructed?
And if not, how much has been reconstructed so far?

Are you really that dumb or just playing dumb?

There were no backups.

Until Saturday (or so), I was working on helping process the claims. Since then I've been working on libbitcoin and Electrum.

Now the thing is that for payments to be processed, we need legal authorisation from the person in charge. Tihan denies being in charge, which means his parent company (Core Credit) has to authorise the payments. However Tihan is saying we don't need that.

The problem is that Bitcoinica Consultancy only begun the process of being formed when the attack happened. The paper work was not completed and we weren't acting as GP. Tihan is asking us to finish completing the formation of Bitcoinica Consultancy first, while we are asking for legal authorisation to conduct payments on their behalf.

But I think the issue may be resolved now although I'm not sure of the specifics (I'm not a lawyer). Hopefully someone acting on proper legal representation can respond.

Anyway I'm going to avoid posting now, since the technical problems have been resolved, and the remaining things are legal. I've probably made a bunch of mistakes or inaccuracies above as I don't have a complete understanding of this and don't have a legal background.

Zhou Thank you for looking into it personally and for responding so fast. You can send me the MTGOX CODES in a PM this way the admins can confirm the payment. Again thank you Zhou it makes me happy to hear that the big accounts will be paid out first!!

Thank you Zhou Tong!! I will keep the community posted.

Maria.

PS: This is the last email i received from bitcoinca.

Bitcoinica's Recent Data Errors
September 20
 
 
What happened?

We have been constantly upgrading our algorithm to provide better services and cheaper rates to our customers. However, despite the intensive testing that has done internally, sometimes the algorithm may break under certain market conditions (such as a spike or crash).

Therefore, we have also implemented a data integrity checker, which verifies the consistency and integrity of all important financial data of our customers.

Today, our data integrity checker has reported an abnormally high percentage of errors. And we have also received service requests from a few customers regarding this issue. Common problems are: duplicated orders, extra orders or positions and unupdated account balance after liquidation.
 
Why it happened?

Bitcoinica has a scaling issue about two days ago. Since our site is expanding so fast, certain types of processing jobs are slower and slower due to the huge increase in database size. We have added more processes ("dynos" in Heroku term) into the application stack, and the extra concurrency seems to solve the problem.

After that, we have found that it's possible to have two concurrent processes processing the same order or user at the same time. This has caused some conflicts, which result in duplication of some data entries. Some users' account balances haven't been updated correctly because of this.

We have quickly added database locking to every single transaction that involves money. Database locking ensures and strictly requires concurrent processes to process data entries exclusively.

However, some of our database locking was not correctly implemented. Concurrency problems still continued. Today, during the spike in BTCUSD, increased number of orders have added extra probability of processing the same order at the same time. And our system was kept busy with a long queue of tasks.
 
Is it corrected?

We have an automated system to correct these errors. In order to protect our customers, and fulfill our promise of "bear the cost of financial losses that were not caused by our customers", we have implemented this policy:

If you were made worse off (less profit or more loss than expected) because of the errors, all errors have been corrected for you.

If you were made better off (more profit or less loss than expected) because of the errors, we bear all the associated cost and your account remained unchanged.

In the extreme cases (such as $1,000 difference in adjustment), we have reviewed on case-by-case basis and taken manual actions respectively.

We hope our resolution for this recent issue is much more professional than simply reverse the trades.
 
What should I do next?

You should check your account, and make sure that all the data is correct.

If there are still some incorrect data entries, please send an email to [email protected], including the following information:

- Your username
- What is incorrect
- What should be the correct value

We will verify your information as soon as possible.

If you were made better off because of the errors, or you simply want to share part of your profit with us to help Bitcoinica grow, you can donate to Bitcoinica anonymously by sending any amount of Bitcoins to this address:

196D4C3f2MgFrjfRoAh4mkQKfALBvPEnB1

At this moment, our finances are healthy and we can absolutely afford to compensate for this issue. More importantly, we will keep Bitcoinica continued and more exciting features will be announced soon.
 
The Bug Bounty Program

We're introducing the Bug Bounty Program. If you have found any bugs, security loopholes or irregularities in our technical systems, you can report them to us and get the chance to win bounties. This is our offering:

Security-related or critical loopholes: 5 - 100 BTC each

Operational bugs: 1 - 25 BTC each

User experience issues: 1 - 25 BTC each

Please note that only the first person that reports a particular issue can win the bounty. Also, "potential improvements" are not considered as bugs as long as the features are fairly working.

We will determine the amount of the bounties based on the urgency and importance of the issue.

Please send any issues you have found to [email protected], including detailed instructions on how to reproduce the issue.
 
Thank you!

Thank you for your support! We hope that Bitcoinica can become your favorite trading platform for Bitcoins.

More features are coming up soon. We will continue using newsletters to communicate with you all.

Again, thank you!

Incredible as it may seem I didn't saw even 1 person complaining that coinexchanger kept their money, shills or no shills.

Can you say the same about Bitcoinica?

"Know as much as Zhou"?

In that case, why hasn't there been a daily message from Genjix saying "number of accounts verified: 35%"?

What exactly is this secret information that isn't known by Genjix?  As the general partner shouldn't Bitcoin Consultancy know everything?  Even if there is stuff you don't know: announce that.  "We are currently trying to reconcile X with Y".  "We are working on a policy for liquidations".

Even posting what it is you don't know, or haven't decided would be some encouragement to us all that you are not packing your bags and buying new passports.  Communication of unknowns is still communication.

It's pretty easy, Genjix, what are you working on today?  Right now.  What is Patrick working on?  What is Donald working on?  You are all hard working guys, and can't be just sitting around drinking coffee.  What exactly is it that you've spent the last four weeks doing?  Even if the answer isn't "writing cheques to repay you", just tell us.  It's not like you can be "incorrect" or "inaccurate" about what you're doing.

Looks like Zhoutong caught himself another Coinexchanger shill. Great work!

Dear Bitcoinica LP, please stop trying to bamboozle us with waffle and start paying out. Nobody here really wants to feed damn lawyers.

Some accounts like mine for example have not had any significant transactions for many weeks. What is the problem with verifying those? Do you have any backups at all, even if two month old?

Couldn't have said it better myself.
Add to it that Bitcoinica's main currency was USD and not Bitcoin and it's uber trolling.

Exactly! They are just making things worse for themselves.

Unless their legal advisor explicitly told them not to give any further information on the forum nothing would speak against giving daily updates. Everybody would have been much more relaxed and lawsuits might have been prevented.

Matthew is just taunting all the uber libertarians here, I bet.

Sorry, I still don't grasp the Bitcoin involvement in it.

I'm playing Devi's advocate if you hadn't noticed. It doesn't matter what reality is, if lawsuits are made, this will be our new slogan to the unwashed masses:

"Bitcoin: When the going gets tough, the tough go back on their principles of decentralization."