Complaints from Bitcoin Users

[iFixBTCmemoryIssues]

I like the Gavin/Hearn model of taking actions. We should grow up to ignore the Core. Make them irrelevant/obsolete.

"Right now they seem to have too much power/arrogance." - ajvw

[iFixBTCmemoryIssues]

It is not decentralisation

"when you organize meeting every three months with the handful of people able to force any change they want over the network...." - Ant-n

[iFixBTCmemoryIssues]

I NEVER agree with Swanson. But this is spot on!

"Secret meetings with limited participants is not Bitcoin. And I'm personally disgusted by the second secret meeting organized by Blockstream. This is against everything Bitcoin stands for." - Ponchero

[iFixBTCmemoryIssues]

is blockstream a sort of new Rambus ? remember it ? it tried to coerce a silly and over-complicated tech on the entire industry , planning to extort astronomic royalties via patents trolling

"and lawyers in the process ." - realistbtc

[iFixBTCmemoryIssues]

Remember when bitcoin was accepted at businesses? 0 confirmations were relatively safe? The transaction was pretty much guaranteed to go through?

"Good times." - loveforyouandme

[iFixBTCmemoryIssues]

Bitcoin has, in my eyes, officially failed to become what it was meant to be.

"The CORE team has obviously 'centralized' the Bitcoin network as far as I'm concerned. The entire draw to Bitcoin for so many was it's decentralized nature. However this is no longer the case as one small group of devs forged Bitcoin into what THEY want it to be and they don't seem to be losing steam. The way I see it, the currency is centralized around this small group of developers." - Weioo

[iFixBTCmemoryIssues]

Time to take bitcoin

"back." - q00p

[iFixBTCmemoryIssues]

Complaints from users, Day 47 (03/08/2016):

Sigh. Help me understand. ELI5 why 1% of all BTC in existence get left on a hot wallet on an exchange.

"Its 2016 right?" - superconfused333

[iFixBTCmemoryIssues]

The problem was a lack of process and a lack of people.

"This was amateur hour, and it was entirely obvious from even an armchair viewing of Bitfinex operations. I only had to listen to one of their Skype chats to conclude that their employees had no idea how to run an exchange and did not emphasize putting their hands on people that did. And I'm speaking as someone who also has no idea how to run an exchange." - AlLnAtuRalX

[iFixBTCmemoryIssues]

but if it turns out a poor system design was influenced / forced by government regulators, the rest of us should make a HUGE deal out of it

"even if Bitfinex is too scared to directly make a big deal of it themselves." - MemoryDealers

[iFixBTCmemoryIssues]

I have stopped using BitPay until it becomes clear

"they do not have a deal or are otherwise siding with Blockstream." - ashmoran

[iFixBTCmemoryIssues]

Core developer is suggesting that Bitfinex contact miners

"to blacklist coins that were stolen on the exchange" - BitcoinXio

[iFixBTCmemoryIssues]

This seems to be typical of Blockstream people,

"talking out of both sides of their mouths." - EncryptEverything

[iFixBTCmemoryIssues]

Bitcoin Price Dives 22%

"After $60 Million Bitfinex Hack" - Harpua1983

[iFixBTCmemoryIssues]

63 million USD at current prices.

"That's game over." - update_in_progress

[iFixBTCmemoryIssues]

This sucks for all of us in Bitcoin. Bad publicity, depressed price, anxiety among people. But ^ this is the right advice. Never ever keep any significant amount of Bitcoin on a web-based exchange. MtGox, Bitstamp, Cryptsy, Bitcoinica, Poloniex, ... so many had funds stolen.

"Learn from it!" - svenr

[iFixBTCmemoryIssues]

If you don't hold the private key, you don't own the bitcoins; someone owes you some bitcoins.

"It's an account and not a wallet." - pecuniology

[iFixBTCmemoryIssues]

Not using cold storage in 2016 is like begging for bankruptcy.

"Seems like you are just the communication/media manager so I feel sorry for you, but your technical engineers deserve to lose their jobs." - 7a11l409b1d3c65

[iFixBTCmemoryIssues]

Complaints from users, Day 48 (04/08/2016):

How is BitGo Getting Off the Hook So Easily?

"A lot of people are complaining that https://www.reddit.com/user/zanetackett is just giving out useless information. I think in a lot of ways this is true. But if we read into the words he is posting, there are actually some very important details that have been disclosed.

The one I'd like to focus on is the BitGo relationship. BitGo is the company that scored a contract to provide Bitfinex with their multisig security system. You know, the one that is "100% secure". With BitGo being implemented with Bitfinex's systems, it would appear their sole responsibility would be to keep the site's Bitcoins safe. They do not provide a solution for Ethereum, Litecoin, or even USD. Just Bitcoin. You'll notice that the only assets stolen in this hack were... Bitcoins.

So why is it that Bitfinex are in such a rush to absolve BitGo from responsibility in this hack? One of the most direct and meaningful things said by our friend https://www.reddit.com/user/zanetackett was:

We're still investigating the hack to figure out exactly how we were compromised, but it does look like it's on us.

https://gyazo.com/736f1caefe64fa5ddb8a770eac315ee9

This was right as all the pandemonium began, August 2nd. Hours after the hack was discovered, Bitfinex had already decided that BitGo was not at fault. Now, take a step back and examine that. This is akin to buying a parachute for your son from a company that claimed to make 100% safe parachutes, him doing a skydive, and then splattering on the ground, and saying after only a cursory look at his corpse that it wasn't the parachute manufacturer's fault.

This doesn't make any sense to me, unless the implementation of BitGo on Bitfinex was so horribly set up by Bitfinex, that it was blatantly obvious in only a few hours how this person broke in and stole 120,000 BTC, bypassing the entire security system of BitGo. However, this implies that BitGo had no assistance in the implementation of their technology with BitFinex. I find this incredibly hard to believe. For such a complex and critical client, I cannot fathom that BitGo left the implementation of its own systems entirely up to their client's developers.

This situation just doesn't make sense. How can BitGo not be responsible?

How is their product working as intended, if someone can steal $60M+ in Bitcoin through their "multisig" system. This is a screenshot from their website: https://gyazo.com/a3723d9c97ae954cce56aef604d819c5

How can they possibly say they provided those services before signing these transactions?" - r2pleasent

[iFixBTCmemoryIssues]

Yep this is very weird.

"The only reasonable explanation is that Bitfinex went against all BitGo's recommendations and thus BitGo forced them to sign a waiver.

But it's still BitGo's fault: if customer doesn't want to implement the system properly, they should reject the deal. Otherwise their reputation is tarnished.

And BTW while we are here, this whole disaster could be prevented if BitGo offered a very basic 2FA." - killerstorm

[iFixBTCmemoryIssues]

Bitgo is responsible no doubt.

"I wonder how they got both the keys from bitfinix and bitgo. Could be an insider. The whole fiasco is very suspicious. Price started to decline few days before the hack. There was a huge dump on bitfinix bringing the price from $655 to $633. Both days before the hack Bitfinix volume was above $30 mil. very suspicious." - Mt-Everest-adventure

[iFixBTCmemoryIssues]

Bitfinex should've had a person monitoring volume and transactions as well as set up alerts and investigations in case of high volume withdrawals. API access should've been on separate server with different OS within different sub-domain or even top-level domain which requires a user to check a checkbox or do some action on the website manually. API server and main server which has the key should have no control over each other.

"Their root users should've been disabled and websites themselves should've ran in virtual containers with no access to any hardware including 0 access to file systems. It should've been a push system and not pull.

This major disaster happened because these companies did not hire professionals and do excessive pentest.

If I would not been a specialist in this case I would've thought that it might be malice, but I'm pretty sure it's stupidity. I mean Karpeles was a one-man show and where he is now? He made 1 mistake in script. 1 MISTAKE and it cost 600k bitcoins.

I did not make even 1 mistake in scripting bitcoin withdrawal, but still shit my pants when could not decipher bitcoin key generated by script. Thought we got hacked... but it was just compressed vs uncompressed keys.

So many standards now it's overwhelming... I mean have you read about this hailcorporate clusterfuck which resides in bitcoin https://github.com/bitcoin/bips/blob/ma ... .mediawiki? Why not JSON or YAML? Why the fuck this piece of shit library, for which you have no rational support in many languages, is in the main client? Why couldn't it be just one json request ala "{'pay_here': '1345fGIEYduhfe25','amount' : 3503035000, refund_end_point: 'https://end_point_address_to_request_refund'}"" - Ikinoki

[iFixBTCmemoryIssues]

I am/was a whale on Bitfinex.

"I am not pleased with the non-update today, and the general wording by Bitfinex. Especially talking about "customer losses", "all possible options" and "not affected".

As I see it, Bitfinex got hacked and lost a big amount of Bitcoins they owe their users. I assume they can't cover all losses. This makes them bankrupt.

I won't accept a haircut or 100% loss for (selected) Bitcoin users only.

I plan to prepare for a legal case to put them in bankruptcy and to share all left over values among all users.

Who wants to join in?

Who has details and information on how to proceed?

I am unsure if Hongkong or Taipei is the place to call, and how to proceed." - chargingwhale

[iFixBTCmemoryIssues]

I plan to take the same course of action

"if Bitfinex thinks they can just let "affected" users take the loss." - dmmPker10

[iFixBTCmemoryIssues]

I believe they are planning to commit criminal offenses by selectively favoring certain counter parties and allowing them to withdraw their balances,

"court need to step in a relieve them of control." - workorpork

[iFixBTCmemoryIssues]

Complaints from users, Day 49 (05/08/2016):

BitGo execs should be arrested on the simple fact they signed over 1% of bitcoins in hours with no questions asked then declared their system did what it was supposed to.

"Nobody in security in their right mind would have such a system. They left the door open intentionally!" - vroomDotClub

[iFixBTCmemoryIssues]

how can an illegal(not licensed) company to announce the police about this incindent? the first question would be : "are you authorize to act as a forex/broker/exchanger?"

"Bitfinex along others well know exchangers(Kraken, Poloniex, BTC-e, OKcoin and so on) are illegal services and they will never go to any authority to complain about anything. Yes, Bitfinex owners will run with your money. Why? Because you used a shitty exchanger, with no financial license. you didn't care about that and now, you are despaired that Bitfinex is playing with you." - kroter

[iFixBTCmemoryIssues]

The communication from Bitfinex so far has been absolutely inadequate.

"There has been no real announcement about how they're going to address this situation. All we get is stalling tacticts , by having their reddit guy give the same noncommittal replies for three days now.

The way Bitfinex is going to handle this will have life changing consequences for a lot of us, and the way it looks right now, many will be ruined. And their only communication is leaking drops of info via their PR rep on reddit by giving completely unclear and misleading answers." - Tvgiafi

[iFixBTCmemoryIssues]

I have filed a Cybercrime report with the CSTCB in HK

"and I would urge everyone affected by the hack to do the same: https://secure1.info.gov.hk/police/efor ... ime_en.php" - TechWizardry

[iFixBTCmemoryIssues]

I got a lot of shit for taking Bitfinex to task about their last outage, how they had no obvious disaster recover plan, among other things.

And now we see that their incompetence extends to their wallet management, too.

"If you continue to trade with these guys, you have no one to blame but yourself, assuming they'll even continue after this debacle." - MinersFolly