Pages:
Author

Topic: SOLVED: how to get BTC out of a Bitstamp account without verifying (Read 15048 times)

member
Activity: 112
Merit: 10
1FRpXqj6kedknh5uNpdo8FS3U49XJPJJy1
It's great that you found out they forgot to limit the API. Congratulations on getting your coins back. Hope this lasts...
member
Activity: 87
Merit: 10
It's actually strange that a company asks for people for ID documents, yet they don't provide any information about themselves on their site except a forwarding address of their shell company.
Does anybody know just where Bitstamp offices actually are and who are the people behind it?

And while KYC requirements are understable for depositing/withdrawing fiat, applying it to BTC withdrawals is an obvious attempt by them to steal some coins. I'm a verified user on Bitstamp, because a couple of months back I had to send my ID documents to somebody somewhere (in Slovenia maybe?) just to get my money out. How is this legal?
legendary
Activity: 3038
Merit: 1032
RIP Mommy
hero member
Activity: 658
Merit: 500
Quote
MODIFICATION OF TERMS
Bitstamp reserves the right to change, add or remove portions of these Terms, at any time, in an exercise of its sole discretion. You will be notified of any changes in advance through your Account. Upon such notification, it is your responsibility to review the amended Terms. Your continued use of the Site following the posting of a notice of changes to the Terms signifies that you accept and agree to the changes, and that all subsequent transactions by you will be subject to the amended Terms.
Highlighting by me, see https://en.bitstamp.net/article/bitstamp-new-verification-requirements/ as well as the notification in your account.

If you fail to look into your account for weeks and then don't want to supply KYC info, just ask the "Gigamining" people how much it helps to complain.

so if they post that now all transaction have a 50 btc fee and post it and 1 minute later enforce it against you, you are ok with that?
hero member
Activity: 980
Merit: 500
FREE $50 BONUS - STAKE - [click signature]
Next time you can register a company for £99 in the UK, verify with company documents, withdraw and then delete all

Or buy some bum a bottle of vodka for £10 and use his id.
hero member
Activity: 900
Merit: 1000
Crypto Geek
Next time you can register a company for £99 in the UK, verify with company documents, withdraw and then delete all
newbie
Activity: 26
Merit: 0
Thanks eldentyrell for the idea! My coins where held hostage too, and i don't trust them enough to send them my identity documents.

The good news is: the withdrawal trick with the old API still works with the new API with a newly generated API key.
Be quick if you want to withdraw. Who knows how long that is working. Details are here: https://www.bitstamp.net/api/
donator
Activity: 980
Merit: 1004
felonious vagrancy, personified
I'm still wondering what a full set of identity docs would be worth.  There must be some user here who has a quasi-criminal friend who could shed light on this.

I'd like to know as well, mostly to shut up the people who keep bleating "just send them yer doxx".

A lot of people outside the USA underestimate how astronomically bad the identity-security situation is here, and how much stuff around here is based on the totally broken identity system.  You can't even rent a place to live without getting tangled up in it (something that foreign grad students are constantly getting screwed by).

The US is notorious for lack of information privacy laws, and that sucks, but most states have identity security laws, notably California's which makes it a crime to fail to notify customers if a business suffers a data breach that exposes identity information.  This means that we at least find out about these breaches as long as the company has at least one customer in California and one employee in the US who isn't wiling to go to jail to cover his boss' ass.

Sadly these laws are strong only because the identity-verification system is so pathetically weak.  Other countries with sensible identity-security systems don't need them.
legendary
Activity: 4760
Merit: 1283
...
However, I think you probably could just change a fake name to your real one and then send in the KYC docs and could get your funds out.  However, I don't blame you if you don't want to send all that stuff to Slovenia...there is some risk involved for sure.

I'm still wondering what a full set of identity docs would be worth.  There must be some user here who has a quasi-criminal friend who could shed light on this.  If so, let's take the following example:

 - male, age 30's
 - lives in a major metro area in the US.
 - pulls in a six-figure salary.
 - respectable credit score.
 - credit cards with $10k-ish credit limits.

Any ideas?

hero member
Activity: 518
Merit: 500
Yes, they didnt inform their customers properly, i for one have never seen that well hidden page.

Yes it was absurd that they didn't email their customers about this.  I just luckily heard someone talking about it online or I wouldn't have been aware.  I didn't use my real name on my Bitstamp acct, so I quickly got my funds out of there.

However, I think you probably could just change a fake name to your real one and then send in the KYC docs and could get your funds out.  However, I don't blame you if you don't want to send all that stuff to Slovenia...there is some risk involved for sure.
newbie
Activity: 56
Merit: 0
If they allow to change the user info on the account, ill send in my kyc docs to them to withdraw btc for people, for 1% of what's in account each.
donator
Activity: 980
Merit: 1004
felonious vagrancy, personified
so all of a sudden they are thieves because they didn’t email you ?

No, they're thieves for refusing to give me back my coins (until I hacked their API).
newbie
Activity: 29
Merit: 0
Thanks for the tip. But you should do AML to help funding terrorists.
legendary
Activity: 1316
Merit: 1003

This is unbelievable.  With no warning (unless you're "facebook friends" with them) Bitstamp is refusing to let customers withdraw BTC they've deposited.  They're even refusing requests to close accounts.

Bitstamp never emailed me about this policy (even though they've sent me dozens of emails in the past to confirm trades/withdrawals).

Now they've basically stolen my money and won't give it back unless I send enough high-resolution documentation to steal my identity to some dude in Slovenia.

I've offered to let them wire the funds to my US-based bank, which has full AML documentation for me on file and who will confirm that I am the signatory for the account.

I want to stop using bitstamp and get my coins back.  They're refusing to close my account.  Scam scam scam.

Apparently they've stolen from a whole lot of people now:

Seems you missed this then:

"To be in line with financial standards, as of September 30th, 2013, bitcoin and bank transfers will only be available to verified customers."

https://www.bitstamp.net/article/bitstamp-new-verification-requirements/

This was a warning on their site prior to sep 30th, so all of a sudden they are thieves because they didn’t email you ?

Yes, they didnt inform their customers properly, i for one have never seen that well hidden page.
hero member
Activity: 952
Merit: 1009
Got my BTC; see update to first post.

Holy crap, you really ARE Elden Tyrell.  Shocked
legendary
Activity: 1316
Merit: 1003
Excellent workaround, lets hope they dont close it soon.
donator
Activity: 980
Merit: 1004
felonious vagrancy, personified
You might think about outlining a recipe for someone who doesn't really know how to use the API

Yeah, unfortunately the software I used for this is not released and is not really releasable at this point…

I don't know what other trading software is out there, but if it supports withdrawal-via-API that should work.  Any decent arbitrage bot would have this.

Here is their API documentation:

 https://direct.bitstamp.net/api/

The API call you want is "BITCOIN WITHDRAWAL" accessed via HTTP POST to this URL:

  https://www.bitstamp.net/api/bitcoin_withdrawal/

The call is a simple POST and you add two parameters "user" and "password" (the endpoint is SSL so this is at least somewhat okay).  So something approximately close this this should work:

Code:
curl \
  --data "user=31337&password=mypass&amount=1.0&address=1PC9aZC4hNX2rmmrt7uHTfYAS3hRbph4UN" \
  https://www.bitstamp.net/api/bitcoin_withdrawal/

… where you replace "31337" with your numerical user id on bitstamp, "mypass" with your password, "1.0" with the number of BTC to withdraw and "1PC9aZC4hNX2rmmrt7uHTfYAS3hRbph4UN" with the destination address.

My account is closed now so I can't test this.

This will not work if you asked for an API key; in that case you have to use their newer API and I don't know if the loophole exists there too or not.  You also have to have the "enable old API" setting switched on in your account; mine was switched on when they created it since I had been using the API… I'm not sure what the default is for new accounts or if they'll let you switch it on if you've never used it before.  My account might have been grandfathered.

They're shutting off the old API in two weeks so my guess is they might have some bitrot in that code and are afraid to change it.
legendary
Activity: 4760
Merit: 1283
Got my BTC; see update to first post.

Sweet.  Congratulations and nice work!  You might think about outlining a recipe for someone who doesn't really know how to use the API and may not have used one before so that they might get some justice before the loophole is closed.

donator
Activity: 980
Merit: 1004
felonious vagrancy, personified
Got my BTC; see update to first post.
legendary
Activity: 1316
Merit: 1003
Have they offered any reason for why this had to apply to BTC as well as fiat?  Damn shame.
They cant, not even in fascist America BTCs are regulated to comply with AML/KYC.
Pages:
Jump to: