Bitcoin24 down again
The "new" site has been down for around 24 hours now. The cloudflare error is a rather disturbing "SSL handshake failed". I have been told that neither fiat nor bitcoin withdrawals were being processed as of lately, but I have no way of confirming this as I don't use the site.
No more lawyers, new lawyers?
It appears that RDP is no longer mandated by BTC 24 Ltd. With the helpdesk still offline and no news this begs the question if btc24 is still operational in any meaningful way.
The helpdesk license expired again
Yet again, the helpdesk is closed. It's kinda comical.
Forum up again
The forum by the bitcoin24-victims guys is up again. This time they are using a self-hosted solution which can't be taken down as easily as the old one.
Unfortunately the entire post history seems to be lost.
Hooray for vague TOS
Basically, we can screw you for... ah, whatever, we can screw you whenever we feel like it. Well, it seems to be a free service, so that's not really surprising.
I missed this at first, but the server that serves the old site (184.108.40.206) also serves the new site. This looks like an involuntary information leak, as the bitcoin24 server is usually hidden behind cloudflare.
$ host bitcoin-24.com bitcoin-24.com has address 220.127.116.11 bitcoin-24.com has address 18.104.22.168 bitcoin-24.com mail is handled by 10 mail1.bitcoin-24.com.
If you open the IPs in your browser you can confirm they are cloudflare servers.
However, if you access 22.214.171.124 under the hostname bitcoin-24.com you get the new site. You can verify this by adding an entry for bitcoin-24.com in your hosts files for example. I'm also not sure why serving the site isn't limited to cloudflare proxies, but I haven't really worked with cloudflare yet.
Old site is up again
The old bitcoin24 site is apparently up again, and has been at least since the 21st. An IRC user received an email from bitcoin24 support after weeks of questions and was pointed to http://126.96.36.199/. However, I strongly recommend not to log in or to do anything on the site as it's not available over HTTPS, it could be a phishing site, etc.
The support person also emphasized again that the new LTD is not managing the old site on this IP, even though they use the same ticket system, email addresses etc.
So far, support hasn't answered to inquiries about an HTTPS version.
A few users raised concerns on IRC today because of a few issues.
Insecure ticket system
The ticket system doesn't work properly over HTTPS. So users have to use an unencrypted connection to submit potentially sensitive information. This is quite bad.
No access to old site
On april 18th Simon announced that the old site would be accessible again. After all many users are still waiting for their money to be returned and might want to verify their balances.
This might not surprise users though, as delays are something they might have gotten used to.
Insecure mail server
Bitcoin24's mailserver is also acting as a webserver, and it's not secured. This is bad because it opens potential attack vectors.
The entire world doesn't need access to the installed mail software roundcube.
This makes it easy to check for the installed version, search for potential exploits, etc. This isn't bad in itself, you have to balance security with usability. But this mailserver handles very sensitive information about customers that only staff needs access to. It should be secured more tightly.
It's somewhat telling that there are no developers or sysadmins on the site's team description. There is a person for "technical support", but that doesn't sound like the team of full time sysadmins and developers an exchange should have.
The "new" bitcoin24 team
Some IRC users were wondering who was behind the "new" bitcoin24 website. There was some speculation that the brand might have been sold, or that Simon was not involved any more. This doesn't seem to be the case, as he is listed as a company director/board member on here.
It's a little surprising as Simon isn't listed on the about page.
The bitcoin24 team is apparently busy fixing things I've mentioned a few days ago. Some typos are gone and the shopped office image was replaced.
Bitcoin24 is back
Bitcoin24 is back with a new site, registration is open.
I'm glad to see that bitcoin24 is back and wish them well. Here are some quotes from the site I like.
"We have completel [sic] redesigned our trading engine which is based on an online banking system."
"One year ago we must close Bitcoin-24 because the prosecutors in Poland had seized our bankaccounts in poland without any reason and we still don't know, why they did that."
"Bitcoin-24 makes only winning with the trading fee."
"The safest, fastest and maybe biggest marketplace."
Unfortunately I don't really trade much any more, so I won't be able to use the new, improved, "bigger, stronger & faster then [sic] ever before" bitcoin24 exchange.
Early april fools' joke?
I'm not sure how long the site has been up, but today I noticed it for the first time. The bitcoin24 site was updated and says "Bitcoin-24 2.0 coming soon" and has a sign up form for news.
It's somewhat intriguing.. will somebody try to resurrect the brand? And why? With money still being tied up in litigation, and with the technical things we've seen...
You have to admire the audacity. Or is it just.. I mean, an early april fools' joke?
Other than that, I didn't think there was anything to report in the last four months.
Numerous users have reported that they don't have the SEPA/Wire withdrawal tab (see below). Today, with the official start of the payment phase the problem persists. One user opened a ticket and was told he doesn't need to verify. It's not clear why this was the case. This particular user had used the polish bank.
However, the helpdesk contains a new message:
"We are just waiting for some translations for the Verification Page. I think it will go online later this day."
This probably explains why the announced changes, upload form, etc. aren't online yet.
Edit: One user reported that he opened a ticket and saw the SEPA tab after that.
Several users report that they can access the new verification page, but it doesn't appear in their menu. This is happening to me as well.
If this happens to you, log into your account and visit https://bitcoin-24.com/verification directly.
Unfortunately it's not clear though what happens after you upload documents, if the SEPA tab on the withdrawal page becomes visible if it isn't, etc...
Edit: The missing menu entry was apparently a cache issue, it should be visible now.
Another oddity, the Proof of Identity page says that you should send a "Driver's License, a Passport, or a National ID Card" but that "It must have been issued within the last 3 months." Now, I don't know about you, but I usually get those documents every... ten years or so. It's probably just another mistake like we've seen so many before and should be ignored.
Yeah, well, the first uploaders will have to upload their documents one more time, see this announcement.
Best news ever
"We are pleased to inform you that our client has completed all preparations and will start the payments in the amount of 72% of the funds in the respective account from 9 December 2013."
The process of paying out everything will probably take a long time, but I believe this is the best news we have gotten since April 13th.
New statements in helpdesk
There's a new official news channel. The helpdesk is now apparently being used as a place to publish official news. I hope the licensing is fixed for real this time.
A new statement has been published on the 11th. Basically, the plan is to proceed with paying each btc24 customer 72% of their funds for now, and the rest when the case in Poland is closed.
The Helpdesk system is back online, the lawyers won't reply to customer requests any more. Simon has hired two new employees this week.
The new forum contains the latest news. Jeff is actually in touch with Simon, please check the threads named Mailing #12 to Mailing #14. Uploading verification documents could start soon.
Helpdesk license expired yet again?
I still find it puzzling that btc24 would use a free trial version of the helpdesk software. After all the tickets are somewhat.. important. Anyway.
I'm pretty sure the page just said something like Your free 30 day license has epired a few minutes ago, but now it reads "Take a free 30 day trial and your own Kayako helpdesk could be here in less than 5 minutes.". Oh well, not good either way.
While the bitcoin price soars to record highs RDP publishes a new announcement (EN, DE). A vast majority (82.8%) voted for option 3, but unfortunately it's not clear how many users voted. It's quite possible that many users didn't even know about the vote that was announced two weeks ago and only lasted one week. Option 3 was:
"Payout to all customers of an amount derived from the ratio of 72% (after legitimization of claims and verification of identity)"
Basically, if you want to request a payout you have to submit
- Copy of a valid passport or personal identification card and a residency registration certificate
- Current electricity or mobile phone invoice
- Explanation regarding where the wagered money originates from
- Assurance that the wagered money originates from legal sources
The statement goes on that btc24 will "only make payouts if these data and documentation are plausible". This means a manual review, so things will probably take a very long time.
As of this writing there was no upload form on the btc24 website yet.
If you have problems logging in or if your account balances are incorrect, contact the lawyers by email. But keep in mind that those things can take some time:
"As we have no access to the system, we are not able to intervene directly ourselves. We have no decision-making authority and due to the technical complexity, we must always consult with our client regarding many enquiries in order to solve individual problems."
The statement continues to explain the necessary verification, that bitcoin24 is responsible for making the payments, and that they themselves are not involved with the legal case in poland.
So, go vote!
The poll itself has also been updated and now says that "Voting will end 04.11.2013 - 18:00 UTC+".
Today the poll went online on the bitcoin24 website. The available choices are:
- No payouts until conclusive release of all monies
- Once information and file scrutiny shall have been made available, payouts of audited and legitimate claims
- Payout to all customers of an amount derived from the ratio of 72% (after legitimization of claims and verification of identity)
At the moment it's appears like no notification mails were sent out. My guess is that RDP will issue another press release. In line with patterns observed earlier the poll page also says "The poll will be available until Voting will end 04.10.2013 - 18:00 UTC+1". Let's assume this is a typo as that date is in the past.
Read the discussion in the new forums.
Update: The third poll option was changed during the night and now reads
- Payout to all customers of an amount derived from the ratio of 72% (after legitimization of claims and verification of identity). The remaining amounts will be payed out once the seizure of the Polish account is lifted.
This question had come up in the forum. The date hasn't been fixed though.
Who gets to vote?
User Dan asked me in the comments if I had the option to vote. As I already got all my coins and fiat out of btc24 I really shouldn't have a vote. But yes, if my case is the rule all previous customers get a vote, even those who aren't concerned any more.
"Word has reached me that RDP was planning to release their polling system this friday. While it remains to be seen if they can do that, I took initiative and already sent them the letter."
—Jeff via email
Apparently things start to move. If the voting with regard to cash payout starts that would be some really good news, at last.
Come back later for today's hangout url.
Edit: Hangout at https://plus.google.com/hangouts/_/661267aee9a9290f4fd0768b7e970a78fb120ec0?hl=en (sorry for posting it so late)
Another mail was sent out by the btc24-victims group. They have significantly increased the number of people and assets they represent. This is what they write about the upcoming Google Hangout:
"Regarding the upcoming Google Hangout, the URL to the meeting will be sent by e-mail moments prior the event tomorrow. It will also be posted on the forum located here: http://bitcoin24-support.boards.net/board/1/btc24-english-discussions
Registration is free and I suggest everyone to join and get connected.
This especially is important due to the fact we’re dealing with a lot of money and interests. Since I’ve received the request to keep the names and sums confidential I have not shared the names and sums with anyone. They are still 100% safe and in my posession only.
Should things go from bad to worse, this forum will be the best way to stay organised. So I’ll say it again, join the forum today. "
You can also use btc24.refund AT gmail.com to get in touch.
First of all, thank you for subscribing en masse to btc24.refund and my sympathy for the vast amount of money that is being held hostage/confiscated.
The counter currently stands on: 51 victims with a total sum of €499.087,- *฿*596,- and $8070.
Taken into account this initiative has been launched 4 days ago, I hope we'll cross the 750k mark before upcoming thursday. I can't stress enough to spread the word. Feel free to broadcast this on any medium you see fit. The more people supporting this official letter, the more impact it will have on RDP.
As for our strategy, the planning currently will be to send the official letter after upcoming Google Hangout, which will be Thursday 24th starting at 20:00 central european time. Can't make it? No problem. Usually people will stay there the entire evening. It will be our way of getting together and getting organised. Even when there's nothing to discuss, it's good to stay in touch.
There has been questions about the ratio RDP will use to payout its victims. Rough estimates vary from 50% to 75%. RDP has not been clear on the payout ratio and I suspect this has been done on purpose in the event lawyer costs are rising and Simon cannot pay for it anymore. Logically, our money would be up next to pay for the bills. This is one of the reasons why I want my money out of there as soon as possible. Ofcourse, besides the fact that we're waiting over 6 months which is a terrible tragedy.
Furthermore, paying out a ratio does not mean Simon can forfeit the remaining 50% to 25%. RDP has stated in their statement on writing that the full 100% will be paid out whenever this Polish incident is resolved.
One subscriber has offered his help into translating the english letter into german which will be a great help to our cause. Upcoming friday I will send the letter in english and in german through registered post to the lawfirm RDP. I will also e-mail them our official reply to their statement. There will be no way of denying having received our decision.
Finally, more people will subscribe. Whenever a substantial amount has subscribed, I will sent another mail/e-mail to the lawfirm.
Later on this week I will send the URL to the Google Hangout so you can join instantly.
In the meantime, don't worry too much or do anything silly like jumping off a bridge. We'll get our money back, I'm sure of it!
—Latest email from bitcoin refund
A result of yesterday's hangout was posted. The participants, who represent a low six figures USD sum have drafted a letter to the btc24 lawyers. The more signatures the better.
People who can't post to the forums can also send an email to btc24.refund AT gmail.com. Please include your name and the amount of money stuck in btc24.
Update I just received an email that around a dozen former btc24 users have joined the effort today. This means that there are more than twenty supporters by now.
I received various reports that the btc24help forums are not maintained any more and new accounts never get approved. A new one has been opened at boards.net. I am not affiliated with this effort in any way, but wanted to spread the word.
A user also organized a google hangout which is running right now (8p.m. CET). I have neither camera nor microphone on the box I'm sitting at, but will write an update later if there are any significant updates.
After almost a month we get another update. No good news, no real news at all.
"Unfortunately, there is no notable news from Poland.
Payments [to Commerbank customers without trading activities] are still currently in progress, but are being processed very rapidly.
The Polish authorities are declining to permit our Polish colleagues further scrutiny of the files.
Without the issues prevailing in Poland, the situation for our client’s customers would presumably have been resolved long ago, and all payouts would have been concluded."
So for unknown reasons the polish lawyers can't inspect the files, the polish authorities look bad here. But I don't see how them behaving differently would have led to everything being paid back if the payments that can already be made haven't been concluded yet...
Not so great news
The bitcoin24 lawyers posted another update. People who sent money to the polish account are out of luck for the moment:
"We now have the decision of the Polish Public Prosecutor’s Office, from which it is apparent that the seizure will not be upheld in relation to a large proportion of the money involved. But unfortunately this also means that a part of the money continues to be sequestered.
Before payments can now be made from the Polish account, those accounts subject to the suspicion of illegal use must be first clearly identified.
Payments to customers with no connection to the suspected suspicious activities of individual users may then be made when the Polish Public Prosecutor’s Office makes it possible to identify the suspicious accounts involved."
It sounds like this will take quite some time to be resolved. And after that they payouts have to be processed, which will take even more time. It's good that things are moving forward but I think this isn't the news most international users were hoping for.
We don't know either what will happen to people who sent money to the polish account and traded with it. As far as I know only money that was never used for trading was refunded from the Commerzbank account, so the same could be true for the polish bank?
There's a little more info in the statement about Commerzbank and bitcoin payments and the ticket system. As usual, you should read the full statement.
I Got my money back
The transfer from bitcoin24 just arrived in my account. To sum it up:
- I transferred funds on 11.04. to the german Commerzbank account
- Bitcoin24 closed on 12.04., so I never had the opportunity to trade
- Today I received a little more than my account balance at bitcoin24 showed, the transaction fees were not deducted
So all is well for me, but it's a little disconcerting that after seeing Odd account balances I received slightly more than what was in my account. I can only hope that everybody else will be as fortunate as me, and that it won't take another three months for them.
So approximately one month after € withdrawals were announced I received the email from the bitcoin24 lawyer. It asked for some personal information and confirmed the amount I had wired to the Commerzbank account.
I replied immediately with the necessary information and the next day I received an email saying that SEPA withdrawals were now enabled for me on bitcoin24. So I went to the bitcoin24 site, logged in and accessed the SEPA withdrawal page.
It has an eye-catching notice:
"Please make sure, that you only withdraw the amount which is written in the email from Röhl, Dehm & Partner. If you withdraw more, we can not proceed your withdrawal."
Ok, if you say so... it's just that the € balance displayed on bitcoin24 was smaller than the sum mentioned in the email due to SEPA fees (I presume). I had to add a new bank account before doing the actual withdrawal and then... yeah.. didn't think so.
Well, the obvious fix seems to be to lower my withdrawal to what the site displays as my balance.
That seems to have worked. I'll have to wait and see if the money shows up on my bank account.
All in all it looks like this whole mess could be finished for me. It doesn't really surprise me that the final instructions were faulty. shrug
The withdrawal was confirmed by email the same day I requested it.
Somebody should update the bitcoin24 template:
Those days are long gone.
"In summary, it can be stated that both Bitcoins as well as initial monies shall continue to be paid out. The next big step must now be securing clearance specific to the Polish account; unfortunately, we have less influence over this than we would like, and we can, therefore, also not specify a time at which this will occur."
The document also explains the differences for users of the German and Polish accounts, you should read it.
First € withdrawal reported
Kj1 is the first to report that he got his € back.
No email? Check your gmail spam
I'm not really sure when this text was added to the lawyer's website, but I'll translate it for all the people who don't speak German:
"To all btc-24.com cusomers with gmail addresses: We were informed several times lately that our emails were sorted into the Google GMail spam folder. Please check your spam folder and mark our mails as "not spam". Thank you"
—Lawyer's statement, rough translation by me
First € withdrawal mails reported
User Kj1 reports that he received an email from bitcoin24 asking for some personal information. After sending those he got the following reply:
"Success! We saved your withdraw into the database. We need about 3-6 business days for the payment!"
So.. maybe I will get such an email soon, maybe I won't. Maybe the whole ticket database was lost when the license expired. Maybe it's only that nobody cares about or reads any tickets.
I also still get messages about missing BTC withdrawals, and it looks like nobody can process any tickets...
License has expired!
Bitcoin24's kayako license has expired yesterday. This is probably just another instance of the... competency we've seen at display several times. Still a little unsettling, but it will probably be fixed somewhen. Bitcoin24 used kayako's ticket system as their "Contact" page.
Update 2012-06-14: Ticket system is back. Only took five business days...
Edit june 12th: Oops, had forgotten to post about this, but there was another announcement on june 6th. It just said that withdrawal preparations will take more than a week...
Unsubstantiated suspicions and EUR withdrawal
"As we expected, the seizure of the German accounts has been lifted by the Public Prosecutor's Office in Berlin. This means that the suspicions concerning our client in relation to the alleged fraud and money laundering could not be substantiated."
EUR should be paid out soon to customers who used the german bank account and couldn't trade any BTC yet. That shouldn't be too many people, but other users should follow later. Read the announcement for all the details. So good news for a lucky few right now, hopefully including myself.
One more security thing
I've become accustomed to technical deficiencies and insecurities, but today was another incident. As tweeted the bitcoin24 website went down for a while.
During this downtime I checked the IP of the server behind cloudflare directly . I found the bitcoin24 server's web root that included several domain roots.
The obfuscated subdomain seems to be the admin app for bitcoin-24.com and is accessible now that the server is up again through that domain, but a login is required.
The most interesting part for me was the bitcoin24 error log. It shows a long list of undefined variables ($sum_eur, $sum_btc, $what) and array indices (password, submit, amount, fegenerales, user, key) and mysql-related errors like mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in ... and mysql_num_rows() expects parameter 1 to be resource, boolean given in ....
Those are just PHP warnings but seem to reinforce the notion that the code behind bitcoin24 isn't exactly top notch. The admin app's logs were also accessible and contained warnings for undefined indices like password_admin, cookie_auth_admin, username_admin.
The private SSL certificate was also visible but had the proper permissions so I couldn't download it. I could only find a few visitor IPs, around ten, as only error logs were available.
So all in all a bad server configuration and a few entry points. Not a catastrophy though, as apparently no source code , SSL certificates or significant number of visitor IPs were leaked.
Copy of a witness summons
A user on bitcointalk has posted a PDF that looks like a scan of an official summons of a witness from the Berlin police.
A few things are midly interesting:
- October 25th 2012 is listed as the date of the offense (fraud)
- Around 2.5 million € were frozen to enable victims to make their claims in civil court
- The following 35 questions sound like the prosecution wants a confirmation of previous statements. They are very detailed, how the site worked, how bitcoin and fiat were handled, how trading happened, who was involved, etc.
I hope somebody will translate the questions, I don't have the time at the moment.
Announcement announced yet again, for this friday
Yeah, well, the weekly announcements never happened... but it looks like we'll get something (German) this week at least.
New statement from the lawyer
- Regarding fiat withdrawal there might be news next week as the prosecutors take their time
- Tickets are being processed, albeit slowly due to the high number
- Customers who haven't gotten their BTC withdrawal yet should contact the lawyer
So nothing surprising, but it's good to get an update anyway.
€ Deposits should all be processed
"All EUR sepa deposits are processed and added to your balance, if yours is still missing create a support ticket with the used reference."
According to scalability-junk € deposits for both the german and polish accounts have been processed. Other currencies should follow.
New announcement from bictoin24 lawyer
From the summary:
"Our client would like to act immediately, however, this is not possible as official measures were taken whose reversal again requires an official verification. This takes time and is not within our client's the sphere of influence."
The transaction history is available again, but only for trades before the site closed. This was tweeted.
After today it looks like my initial motivation for writing this post is more or less gone. At last we get regular updates thanks to the lawyers and scalability-junk's tweets. They aren't 100% official as he's just a volunteer, but he's in touch with Simon. I had a small conversation with him and asked:
"just wondering, but when you write stuff like "BTC withdrawals can take more than 24h (sorry to those waiting)" is that coming from simon or do you make that up to react to stuff you've seen?"
"I try to use the short statements from simon and the current events to form infos for the users. [...] posting only simon statements would look like: yeah, no. prosecution poland wednesday :D"
I will focus on really major updates from now on and not write about each small detail or tweet. The information we get is still not ideal, but if you have any questions you can try to:
There seems to be an increasing number of people reporting missing BTC withdrawals. The hotwallet hasn't seen any significant movement in days. Tickets remain unanswered. Fiat account balances still aren't correct. No updates on twitter either.
The bitcoin24 website still has  a... well... false statement on it.
"All withdrawals will be done manually within 24 Hours."
Rumors of fiat withdrawal
Casimir1904 reports that he got an email from Simon with news about fiat withdrawal.
"looks good for release of fiat money soon [...] but in short he said it looks good that they will release soon and the lawyer will make another statement on monday/tuesday"
A few minutes later TheAviator confirmed this:
"got a long message from Simon [...] seems to go into a good direction [...] there will be an official lawyer announcement on monday or tuesday [about fiat withdrawal, nkuttler]"
He also mentioned that Simon is apparently working on relaunching the site, with a new backoffice.
Later the same is also announced on the official twitter account:
"We will release an official statement from our lawyers on Monday/Tuesday about the latest progress."
Security Worst Case Scenario
Yesterday on May 1st  an IRC user named ghash reported that Simon had used the same username/password combination on many sites. Simon's default username and password were leaked in 2010. His password was a single word that can be found in any dictionary.
This is a worst case scenario security-wise. I was able to log into several sites using his credentials, but a helpful IRC user called scalability-junk had already changed the passwords on many other sites by then to protect the accounts.
In a professional environment you should at least use secure passwords, and a different one for every service. In a message Simon sent me he said that he used this username/password combination only for unimportant sites, and that the leak was a long time ago. But Simon was still using the same account info a few months back when he registered on reddit and IRC for example. He also used reddit as the only official communications channel for a few days after the site was closed.
It looks like Simon and everybody using his bitcoin exchange got lucky and nobody managed to find this information in time to cause more harm. I wanted to leave some gambling money in bitcoin24 if the site ever went up again, even after hearing about the other technical shortcomings. But this was the last straw.
Statement concerning cooperation with prosecution
A new statement confirming yesterday's news appears on the bitcoin24 website:
"Today we will able to communicate and discuss the current accusations against BTC 24 with the prosecution in Berlin. We have offered the prosecution full collaboration. The same is true for the prosecution in Gorzow. There we are also expecting progress in the near future. Once all our accounts are fully accessible and available, we will immediately start to continue all business activities."
IRC user scalability-junk reports that he will publish news coming from Simon on the official bitcoin24 twitter account from now. It's not clear at this moment if this means that TheAviator won't provide updates any more.
"so to summarize, we have bitcointalk.org, btc24 official website, reddit, twitter, aviator via phone, this chatroom, his lawyers fax & phone, kuttlers website, btc24help forum"
—BitChaos on the confusing news policy
Bitcoin24 out of BTC?
Update The hotwallet has been refilled!
The known bitcoin24 wallets are empty, but some users still haven't received
their BTC it seems. We're waiting for information... as usual.
Ticket system and SEPA deposits
Bitcoin24 has a ticket system now. Great news.
Several users report that deposits they made shortly before the site closed now appear in their accounts. This hasn't happened for me yet, but it looks like Simon is working on those missing transfers.
Update on fiat withdrawals
According to a post (German) on the btc24-help forums the btc24 lawyers will meet with the prosecutor this week and talk about cash withdrawals.
My BTC arrived
Good news for me, my BTC arrived at last.
Odd account balances
Apparently I'm not the only one.
When this whole mess started I wasn't sure what to think of it. At first I wanted to know that Simon was still in Germany. He is, and I don't think he did anything fraudulent intentionally.
But right now I'm afraid one of my initial suspicions could be right. That the accounting bug that was acknowledged or a similar one were indeed much older and had already been abused in the past.
Or maybe something went wrong when the supposedly buggy trades were rolled back. We'll see.
"he messed up more with the rollback... i have now negative 34 btc, someone else got the btc back who selled to me... so -68 btc for simon only from me..."
More negative BTC balances
"I know for sure that i'm not paying for those 20BTC, i just want the money back that's on the account and another 700€ that i sent to the Commerzbank account two days before the site went down, and then i'm out. I'll keep an eye on your blog for any updates you may post."
—Email I received
"When the Btc24 web interface was shut down, trading through the API was still possible for a while. During this time Imanaged to sell off some of my BTC, but left about 30BTC that shouldstill be on my account."
—Email I received
Many successful withdrawals reported
It looks like many people got their BTC out of bitcoin24. Good news! Let's hope the unresolved issues get fixed as well.
BTC withdrawal today
As announced on the bitcoin24 website BTC withdrawal seems to be possible since today. There are a few reports about inconsistent account numbers. My own BTC and € amount are both wrong for example. It wasn't completely unexpected as I wired money into my account right before the freeze and tried to withdraw some after it. Still, everbody should check their balances.
BTC withdrawal soon?
According to TheAviator Simon has said  that he will get permission to release BTC soon. TheAviator has been confirmed by Simon as some kind of spokesperson. Sounds like good news, but we'll have to see... We had a similar announcement on the 16th and nothing has happened since then.
New info from the bitcoin24 lawyer
- The german and polish bank accounts were frozen by prosecutors
- The money is stuck on those accounts
- The lawyer disagrees with the assertion in the Bundesanzeiger (see below) that people have to sue bitcoin24 to get their money back
- They still don't even know what Simon/bitcoin24 is accused of (!)
- BTC withdrawal should be possible soon
It's great to see some official news!
What I find really interesting about this is that the prosecution allows BTC withdrawal. To me this is a very strong sign that the case against Simon can't be about money laundering, as withdrawing BTC would enable exactly that.
There may be a read-only version of bitcoin24 soon, so that users can verify their account balances. We'll see.
Publication in the Bundesanzeiger
The Bundesanzeiger published a document  from the Berlin prosecution office. The document confirms that around 2.5 Million Euro were confiscated. It says that the confiscation and it's publication enables Tatverletzte (victims basically) to claim their funds through the legal system, which the prosecutor "strongly recommends". This can of course cost money, and there's no guarantee to get your money anyway. And the document speaks of a time limit, creating a sense of urgency.
Even as somebody who is very critical of bitcoin24 I think this document is a travesty. It speaks of victims, when there was no conviction or even indictment yet. The presumption of innocence goes right out the window.
We don't know if there was any fraud or if bitcoin24 will be able to reinstate their services.
But people with a significant investment in bitcoin24 might see that differently. Bitcoin24 still hasn't published anything trustworthy that confirms that all the customer funds can be repaid. An affidavit comes to mind.
Another document is posted on the bitcoin24 site: a list of things that were confiscated during the search. A few papers concerning the polish bank and 20 500€ bills (PDF, german). Boring.
In the evening TheAviator writes a post (English) on the btc24-help forums. He claims to be in touch with Simon and repeats the usual stuff, adding in bits of new info. There is absolutely no way to verify the degree of truth of the post.
- btc24 offices were searched, but no hardware was confiscated
- BTC can't be withdrawn as long as the investigations are ongoing
- All funds (BTC, €, etc.) are safe
- All incorrect transactions due to the trading engine bug were corrected
So even if genuine nothing really new anyway.
So we know there are some serious accusations against TAiS46, but of course he's innocent until proven guilty. It seems to be evident that some time will pass before bitcoin24 goes back online, if ever. Let's hope that Simon is indeed innocent like he has said repeatedly and that his lawyers can sort out this mess.
User TAiS46 has posted a long explanation (google translation) of what has happened to bitcoin24 on the btc24-help forums. He also says that he has pressed charges against the person who runs a facebook group determined to hunt him down. The group has some comments in very bad taste, talking about bloodhounds and calling Simon a fraudster.
This post on a forum suffers from the same problem as all other statements: it can't be verified. But it sounds believable. To me it sounds like Simon is in Germany and working with (or against) the authorities. I am shocked by how badly the whole affair was and is apparently still being handled by him.
The increasing noise and malice makes it very hard to determine which information is relevant and which not.
I and several other users received an email reply by the police in Bremen. There will be an announcement today in the Bundesanzeiger. However, there's some confusion as to if this is about bitcoin-24.com or bitcoin.de. Edit: Well, that didn't happen.
An update has been posted on the frontpage of bitcoin-24.com. The document (PDF) repeats things Simon has said previously but looks more official. It is a (not very good) German translation of what's apparently a legal document by a polish public prosecution office.
A little later another document is posted on bitcoin24. A search warrant (PDF) was apparently issued against Simon (TAiS46). The accusation is basically (rough translation by me) that he has been unable and unwilling to provide Bitcoins to his customers and intended to use received funds for personal things. The orignial document is in German.
Some users claim to have gotten confirmation by the police in Bremen that investigations are ongoing. They say that the police doesn't give any more information. See also the comment by Mike. I couldn't confirm any of this yet.
Simon's girlfriend apparently deleted her facebook account. The link was shared repeatedly by different people. I think this is very bad, there's no need to involve her or Simon's family. If people feel like doing something they should stick to the legal system. There's no need to make this personal.
Totally unrelated but maybe of interest to some: it appears that some bitcoin.de accounts were compromised and BTC withdrawn last night.
Alright, so almost five days after this whole mess started TAiS46 held a Q&A session in IRC . While nothing he said can be verified by me he sounds genuine and gives useful info:
- The hotwallet transactions that happened were in the queue and triggered by a donation
- He plans to add a withdrawal page today
- Withdrawing € will be possible later than the other currencies
- 2,000,000€ are in a bank account he can still access
- 5,000,000€ are frozen in total
- He has hired a coder
- 3,500,000€ are frozen in Poland
TAiS46 posts again, it looks like reddit is now the place to get official company news.
As CoinSheep's comment points out less than 6000 BTC left bitcoin24's wallet the day of the bug. Maybe it was only around 1000 after the bug started to show. So even if some was stolen the situation is much better than I had written earlier.
It looks like Simon registered a new subsidary of the bitcoin24 UK LTD in Germany april 11th. One can only speculate as to why.
"objection is send to the PL government! hope to get the bank account open this week. but I am sure we can clear this. I can't say a date, sorry for that."
—New post by TAiS46, nothing new
User markusmj called the law firm that was listed on the imprint page of bitcoin24. He got somebody on the phone, here's what he says  (nothing really new):
Ok, here we go > They can't say a lot, but THIS lawfirm that is mentioned on the imprint has not been doing anything this weekend, since their lawyer for "Polish Affairs' is on holiday > nobody called their yet about bitcoin-24, we were the first to call Frau  will get back to us tomorrow, she is the laywer for "Polish affairs" in this lawfirm, she was on holidays, so what simon says "his laywers are busy with it" is not true, or it is another lawfirm... but not the one on his imprint they will however say tomorrow morning more to us, they can give some statement, but they didn't know a lot about this , so it's not that important or not a lot is known here... could be, because "bitcoin-24" did not ring a bell to them... could be that this is not the lawfirm of bitcoin-24 at all... not a lot of good info... I don't trust it so we need to know WHICH Lawfirm represents Simon ! very important, put it on the Redditss & Facebook ! but with the "flying to poland with our laywers" it's not this lawfirm... so we need a confirmation from Simon, who actually is his "lawfirm" because the one on his imprint didn't know anything about it so again, the lawfirm mentioned on bitcoin-24's imprint, probably has nothing to do with it, So we need Simon to say, which lawfirm represents him, somebody should ask this on the reddits & facebook
Markusmj is hiring this laywer who is a Polish affairs expert to find out more about the Polish bank closure, you can contact markusmj: markusmj1313 AT gmail.com.
"hey, it is ok to go to the police or your own lawyer. at this moment it would also help us, to make a collective suit to the banks and german government."
—TAiS46 after being told people want to report him
Morkel has created a new website btc24-help.com where he wants to coordinate efforts towards getting more information.
Even later more reddit posts, in one he says a withdrawal page will be up tomorrow. We'll have to see what that means.
TAiS46 made a few posts again on reddit. They seem erratic and his English isn't very good, so it's hard to say what they mean. But what I got from them is:
- The german bank account is frozen as well as the polish one
- There are enough funds to pay everybody
Later that day he wrote another comment where he just refuses to take any responsibility for incoming phished money and blames the banks for everything:
"The Germans are now fighting against me and the "Deutsche Bank" has still the same problems, that people are sending me money from stolen bank accounts! THATS NOT MY PROBLEM!"
TAiS46 made a few posts in the morning on reddit that don't really contain anything new.
"I think that the people who know me know, that I try everything to get the business up again! And I am not the "fucker" which drives now away with YOUR money and YOUR BTC! The money and the BTC are not lost. We are still holding all the funds. The biggest problem is, that we can not access the bank account."
"I am waiting for the "go" from my lawyer to know, what I can write in the official statement I will give all users with email and on reddit."
Later, around noon, trading through the API was apparently disabled.
2013-04-12 The original post
Today some people were very upset because their bitcoin exchange bitcoin-24.com was closed  for five or so hours without any announcement about what had happened.
One visible problem was that there were many reports of incorrect transactions. Users getting twice (or more) the amount of BTC than they should have gotten. Then somebody reported a rather scary mysql question on stackoverflow by the user TAiS46. He is bitcoin24's developer.
This bug would lead to the problem with incorrect booking of orders. It is two months old, so it's very likely that some people have known about it, and that they gamed the site to farm free money. They might have used a flood of micro-orders to do this.
Later today the following statement appeared on the site:
Our Service is momentarily not available. 1. All funds (EUR, USD, PLN, GBP & Bitcoins) are safe. 2. All withdrawals will be gradually processed chronologically from another bank account. 3. The Polish authority closed your [sic] Bank account in Poland. 4. Our lawyers are working with high pressure on a solution. We will back with Bitcoin-24 2.0 on when all declarations are finished. All important Emails can be send to email@example.com
If somebody found a way to exploit the bug reliably and withdrew the money they made, they effectively took other user's money. This makes the "all funds are safe" claim doubtful.
Blockchain and missing money
Here's a list by z3c0 of orders that were executed more than once. This post said that around 6000 BTC had left bitcoin24's wallet, but that info was apparently incorrect, see also CoinSheep's comment below.
More scary technical info
1. Simon, bitcoin24's admin, does seem to have problems with basic coding stuff. A few weeks ago there was another stackoverflow question on rounding. He uses floats to deal with currency.
One reason for the polish bank to close the account could have been that they suspected money laundering. It was possible to withdraw cash with DHL. from bitcoin24. That seems perfect for launderers who only need a safe address to deliver to.
It was also possible to withdraw any amount of BTC, without verification. So phishers and other criminals could have deposited money from highjacked bank accounts into bitcoin24 and withdrawn BTC.
Another important question is when the account was frozen. Some users have been waiting for days for withdrawals. If bitcoin24 knew about the frozen account and didn't inform their customers... well... I'm not a lawyer but that sounds really bad.
Here are some questions I think are important:
- How many bugs were there that lead to booking errors?
- Do the cash and BTC reserves bitcoin24 holds cover the book values of the users?
- Since when was the polish account frozen?
- Will bitcoin24 require verification in the future before allowing withdrawals?
Here's a video that shows an accounting bug in action (presumably):
In the IRC support channel some try to defend bitcoin24 by saying that this isn't the bug that happened on the 12th, but another one. Well, so it seems there was more than one accounting bug.
|||The app directories (most likely) contained PHP files that timed out due to... whatever. I forgot to check revision control subdirectories like .svn, .git etc. If I was more of a black hat I might have thought of this before the IP went down and gotten access to the sources. Could have been fun.|
|||The IP of the "real" server behind cloudflare had been leaked somewhen on IRC. It's not accessible any more and I don't see the need for sharing it.|
|||This was updated shortly after I wrote about it to "as soon as possible"|
|||I didn't publish this information immediately to give Simon some time to secure his stuff.|
|||(1, 2, 3) Unfortunately the site that hosted the IRC logs suffered from data loss. I still have my own logs, contact me if you're interested. A new logbot without the old data has been set up by user dbhas.|
|||Full of cute errors again, and misspelling the domain name again, it's not bitcoins-24.com.|
|||You have to search for "bitcoin sicherungsmaßnahmen" on the site. The Bundesanzeiger website was intentionally designed to make permanent links impossible...|
|||It's a little funny how many errors are in the mail + letter. And it's about bitcoin-24.com, not bitcoin24.com...|
|||From his usual host and identified with nickserv.|
|||Well, not entirely closed. API users could apparently still trade, which could have given them an unfair advantage. And maybe the opportunity to exploit the bug longer. Update The API access was apparently closed in the morning of april 13th.|