Author Topic: Theft incident happened on bit-u.com @ DigitalOcean  (Read 27365 times)

0 Members and 1 Guest are viewing this topic.

Offline bytemaster

Here is how I would handle it... everyone who he owes money should make an offer on what kind of haircut they are willing to take.  Those willing to take the largest haircut voluntarily should be paid out first.   In this way he will extinguish as much debt as possible on a voluntary basis.   Then he can either pay the holdouts from his own pocket or file bankruptcy protection.

For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline bytemaster

Here is the reality of the situation:

When you sent him your PTS or BTC you he gave your IOUs for that amount in an implied contract (though I doubt he had any binding legal obligations that his customers signed).
He now has a bunch of debts to pay and it honestly doesn't matter where the money comes from.
If I have a mortgage and my home is robbed I still owe the mortgage payment.   

So the way I see it is this, if he ever wants to do business again in the bitcoin space he had better pay his debts.  If he is unable to pay his debts then his only option is to file bankruptcy.   As creditors it is in your interest to settle quickly because unless he has a spare $32K laying around that a bankruptcy judge can get ahold of you will never see your payout and it may take months in court.   Also, the cost of fighting this is probably more than $32K.

And for the record, this isn't a 'bailout' it is a 'bail-in' in the latest bankster jargon.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline marketp2p

  • Full Member
  • ***
  • Posts: 71
    • View Profile
As one of the biggest loser in this theft, I won't be happy about it, but I can accept a 60% recovery rate as long as there's evidence to support what you've claimed.

@TwoKoolFourSkewl: I agree that customer is not the insurance company, you deserve the right for requesting a full refund.

But to be fair he mostly relied on the donations to make any money, and you need to give him some credit for the courage and honesty coming back facing the customers.

Offline TwoKoolFourSkewl

  • Full Member
  • ***
  • Posts: 52
  • Easy as One, Too, Three...
    • View Profile
    • RippleGiveaway.com
Silfax,

Your customers are not YOUR insurance company.  We are NOT liable for your errors and we should NOT be held responsible to pay back your customers.  This is YOUR responsibility.  You were more than eager to take OUR money for commissions and fees and now it seems you're even more eager to have us PAY for your mistakes.  YOU NEED TO FULLY REIMBURSE EVERYONE OUT OF YOUR OWN POCKET IF NECESSARY.

Do we look like the Federal Government?  WE DO NOT GIVE BAILOUTS!

The protoshares that you still have BELONG TO THOSE WHO HELD PROTOSHARE BALANCES with you and need to be given back in full.  The bitcoin that you lost belongs to those customers who held bitcoin balances with you.  You need to pay back protoshares with protoshares and bitcoin with bitcoin.
« Last Edit: November 25, 2013, 01:58:37 am by TwoKoolFourSkewl »
RippleGiveaway.com - Home of the Ripple Faucet!

Offline TwoKoolFourSkewl

  • Full Member
  • ***
  • Posts: 52
  • Easy as One, Too, Three...
    • View Profile
    • RippleGiveaway.com
The PTS wasn't touched, so I still have access to that, and will return it to its owners; I'm thinking most likely to make it most fair that I  convert everyone's balances to PTS, and then reimburse everyone as best I can with what's left.

NO, this doesn't sound fair!  What would be fair is if you accepted responsibility and paid back all of your customers in FULL.

I expect a full 100% reimbursement of the 106 pts that I had on your exchange.  You can send my 106 pts to PqNMYYkjagWKaxShxpX4ussz7mkmcu7mpN.  I expect them to be there within 24 hours.

You can't just claim BETA and absolve yourself of all responsibility.
« Last Edit: November 25, 2013, 01:36:22 am by TwoKoolFourSkewl »
RippleGiveaway.com - Home of the Ripple Faucet!

Offline yago

  • Full Member
  • ***
  • Posts: 188
    • View Profile
Do you think emailing abuse@nforce.com could help?

I dont think so, but you dont lose anything by trying. Maybe a mail to abuse@nforce.com and abuse@privateinternetaccess.com with CC to info@us-cert.gov and info@ncsc.nl

I guess that if you start a legal process, a judge could require the VPN logs stored by privateinternetaccess.com (if any)
« Last Edit: November 24, 2013, 09:20:08 pm by yago »
http://bitsharestalk.org/donate.html  <---- Donate to the BitShares Forum ----> PforumPLfVQXTi4QpQqKwoChXHkoHcxGuA

Offline Silfax

  • Full Member
  • ***
  • Posts: 67
    • View Profile
Do you think emailing abuse@nforce.com could help?

Offline yago

  • Full Member
  • ***
  • Posts: 188
    • View Profile
Access logs on the digitalocean account show that someone logged in from a Norway IP (that's not a TOR node), and a similar IP on the same subnet logged into the VM itself.

The IPs that logged into the server were: 109.201.154.210, and .205, maybe a VPN, maybe someone's actual IP? I looked at the computer there, and apparently there is a Bitcoin node. If anyone feels like playing detective/hacker, please be my guest.

These IPs are seems that are from some USA Netherlands VPN, not Norway. Edit: Strange, geoiplookup db says Norway but after doing a mtr I think that the machine is on Netherlands.

Code: [Select]
% Information related to '109.201.154.128 - 109.201.154.255'

% Abuse contact for '109.201.154.128 - 109.201.154.255' is 'abuse@nforce.com'

inetnum:        109.201.154.128 - 109.201.154.255
netname:        LONDON_TRUST_MEDIA
descr:          VPN services from Private Internet Access
org:            ORG-PIA17-RIPE
country:        NL
admin-c:        LTMR1-RIPE
tech-c:         LTMR1-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-NFORCE
mnt-lower:      MNT-NFORCE
mnt-routes:     MNT-NFORCE
source:         RIPE # Filtered

organisation:   ORG-PIA17-RIPE
org-name:       London Trust Media, Inc.
org-type:       Other
address:        2885 Sanford Ave SW
address:        Suite 20138, Grandville, MI 49418
address:        USA
abuse-mailbox:  abuse@privateinternetaccess.com
remarks:        Phone: +1-855-ANON-VPN
mnt-ref:        MNT-NFORCE
mnt-by:         MNT-NFORCE
source:         RIPE # Filtered

role:           London Trust Media - Representative
address:        2885 Sanford Ave SW
address:        Suite 20138, Grandville, MI 49418
address:        USA
remarks:        +1-855-ANON-VPN
org:            ORG-PIA17-RIPE
nic-hdl:        LTMR1-RIPE
abuse-mailbox:  abuse@privateinternetaccess.com
mnt-by:         MNT-NFORCE
source:         RIPE # Filtered

% Information related to '109.201.128.0/19AS43350'

route:          109.201.128.0/19
descr:          NFOrce Entertainment BV - 109.201.128.0/19 route
origin:         AS43350
mnt-by:         MNT-NFORCE
source:         RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.70.1 (WHOIS4)
« Last Edit: November 24, 2013, 09:19:18 pm by yago »
http://bitsharestalk.org/donate.html  <---- Donate to the BitShares Forum ----> PforumPLfVQXTi4QpQqKwoChXHkoHcxGuA

Offline liquiddrool

  • Jr. Member
  • **
  • Posts: 25
    • View Profile
It sounds like some cryptocurrency nub was the culprit because they only cleaned out the BTC and not PTS.  Anyone with half an idea of what they were doing would have gotten it all.  This supports the theory of a DO employee doing it.
« Last Edit: November 24, 2013, 08:33:17 pm by liquiddrool »

Offline Silfax

  • Full Member
  • ***
  • Posts: 67
    • View Profile
Have yet to decide - presumably something based on the going exchange rate?

Offline bytemaster

Okay, so I still don't have all the details, but I can provide a bit more info.

Our digital ocean VPS that was hosting the wallets got deleted randomly, and the billing information was removed, etc.

Also, the BTC wallet transferred its contents out, but not from the application, seems that someone got access to the VM itself.

Access logs on the digitalocean account show that someone logged in from a Norway IP (that's not a TOR node), and a similar IP on the same subnet logged into the VM itself.

No idea who this was.

My 'partner' was the only person with the password to this DO account, so either it was him, or his personal computer had a targeted key logger of some sort?

It's all so odd - I've asked digital ocean for more info/logs, but they haven't gotten back yet.

Maybe it was a disgruntled DO employee that saw bitcoin related traffic coming from the VM?

The PTS wasn't touched, so I still have access to that, and will return it to its owners; I'm thinking most likely to make it most fair that I  convert everyone's balances to PTS, and then reimburse everyone as best I can with what's left.

38 BTC were taken, I traced the payments, and they are now here: https://blockchain.info/address/1AKvP3NUmJQsfWXkTg6ZczURatKgAb2Cua
and here:
https://blockchain.info/address/16Z6e2qaxg84Kunk1wdT3pr94YJa2pSafR

The address that they went through is this one: https://blockchain.info/address/14wQsMaKWAmTHrEMKamnzCJxaewnFWP7Tg

which also made a small payment (.01) the same day to this address: https://blockchain.info/address/15MJUSKnkbX3cprXfjNwAWsssTG59SXnvd
which looks like someone's personal address, as it's been receiving and sending payments since February. If anyone can shed any light on that, please be my guest.

The IPs that logged into the server were: 109.201.154.210, and .205, maybe a VPN, maybe someone's actual IP? I looked at the computer there, and apparently there is a Bitcoin node. If anyone feels like playing detective/hacker, please be my guest.

I'm of course incredibly sorry that this happened, and not that it does much good at this point, but it was clearly signposted that this was a beta.

If I learn more from DigitalOcean (which I should, because they are at the center of this problem) then I'll post back here.

Thanks for the update.   At what price point will you convert PTS into BTC? 
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

Offline Silfax

  • Full Member
  • ***
  • Posts: 67
    • View Profile
Okay, so I still don't have all the details, but I can still provide a bit more info.

Our digital ocean VPS that was hosting the wallets got deleted randomly, and the billing information was removed, etc.

Also, the BTC wallet transferred its contents out, but not from the application, seems that someone got access to the VM itself.

Access logs on the digitalocean account show that someone logged in from a Norway IP (that's not a TOR node), and a similar IP on the same subnet logged into the VM itself.

No idea who this was.

My 'partner' was the only person with the password to this DO account, so either it was him, or his personal computer had a targeted key logger of some sort?

It's all so odd - I've asked digital ocean for more info/logs, but they haven't gotten back yet.

Maybe it was a disgruntled DO employee that saw bitcoin related traffic coming from the VM?

The PTS wasn't touched, so I still have access to that, and will return it to its owners; I'm thinking most likely to make it most fair that I  convert everyone's balances to PTS, and then reimburse everyone as best I can with what's left.

38 BTC were taken, I traced the payments, and they are now here: https://blockchain.info/address/1AKvP3NUmJQsfWXkTg6ZczURatKgAb2Cua
and here:
https://blockchain.info/address/16Z6e2qaxg84Kunk1wdT3pr94YJa2pSafR

The address that they went through is this one: https://blockchain.info/address/14wQsMaKWAmTHrEMKamnzCJxaewnFWP7Tg

which also made a small payment (.01) the same day to this address: https://blockchain.info/address/15MJUSKnkbX3cprXfjNwAWsssTG59SXnvd
which looks like someone's personal address, as it's been receiving and sending payments since February. If anyone can shed any light on that, please be my guest.

The IPs that logged into the server were: 109.201.154.210, and .205, maybe a VPN, maybe someone's actual IP? I looked at the computer there, and apparently there is a Bitcoin node. If anyone feels like playing detective/hacker, please be my guest.

I'm of course incredibly sorry that this happened, and not that it does much good at this point, but it was clearly signposted that this was a beta.

If I learn more from DigitalOcean (which I should, because they are at the center of this problem) then I'll post back here.
« Last Edit: November 26, 2013, 08:08:58 am by Silfax »

Offline alexkravets

  • Full Member
  • ***
  • Posts: 81
    • View Profile
Moral of the story ? Never hold any IOUs
Get in buy or sell get out


Sent from my iPhone using Tapatalk

Offline pc

  • Hero Member
  • *****
  • Posts: 1530
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BitShares: cyrano
He posted this in the bit-u.com chatbox earlier today:
Quote
(18:04) Silfax: I'm still here, just trying to figure out as much as possible before releasing a statement.
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de

Offline bytemaster

We know his parter, whom he had disagreements over the use of coingrounds domain, had access to the Digital Ocean account password.
For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.