Bit LC Theft: Difference between revisions
(Another 30 minutes. About stub moved to technical analysis. All sources integrated. About to prevention, and wrote a new basic description of the case. Introduction, reality, and other sections populated with basic information. Reviewed the website homepage for further information that was available there.) |
(COMPLETE Another 30 minutes. Added prevention section to the wiki with further details. Reviewed and promoted on a Reddit post which was found. Integrated additional sources.) |
||
| Line 1: | Line 1: | ||
{{Case Study Under Construction}} | {{Case Study Under Construction}} | ||
[[File:Bitlcnet.jpg|thumb|Bit LC Logo/Homepage]] | |||
Bit LC was a service provider website which offered a mining pool, online wallet, and a bitcoin exchange. On February 13th, 2013, the website went offline claiming | BitLC was a service provider website which offered a mining pool, online wallet, and a bitcoin exchange. On February 13th, 2013, the website went offline claiming that all coins in the cold storage wallet had been taken by an investor. Users remain with no recovery and limited answers about what happened. | ||
== About Bit LC == | == About Bit LC == | ||
The exchange was reportedly based in Panama. Description from the homepage<ref name=":0">[https://web.archive.org/web/20130115223253/https://www.bitlc.net/ BitLC Homepage Archive January 15th, 2013 3:32:53 PM MST] (Jan 26, 2024)</ref>:<blockquote>We are a ''Bitcoin Service Provider'' offering '''free''' and low cost Bitcoin Services, such as a high-end mining pool, online wallet service, bitcoin exchange and a lot more. We're using cutting edge technology to provide you with the best and most secure services available. Our system have full IPv6 support, is built with highest possible security measurements and we're adding new features and services continuously.</blockquote>Website: bitlc.net<ref name=":0">[https://web.archive.org/web/20130115223253/https://www.bitlc.net/ BitLC Homepage Archive January 15th, 2013 3:32:53 PM MST] (Jan 26, 2024)</ref> | The exchange was reportedly based in Panama. Description from the homepage<ref name=":0">[https://web.archive.org/web/20130115223253/https://www.bitlc.net/ BitLC Homepage Archive January 15th, 2013 3:32:53 PM MST] (Jan 26, 2024)</ref>:<blockquote>We are a ''Bitcoin Service Provider'' offering '''free''' and low cost Bitcoin Services, such as a high-end mining pool, online wallet service, bitcoin exchange and a lot more. We're using cutting edge technology to provide you with the best and most secure services available. Our system have full IPv6 support, is built with highest possible security measurements and we're adding new features and services continuously.</blockquote>Website: bitlc.net<ref name=":0">[https://web.archive.org/web/20130115223253/https://www.bitlc.net/ BitLC Homepage Archive January 15th, 2013 3:32:53 PM MST] (Jan 26, 2024)</ref> | ||
Director: Javier Lopez<ref>[https://www.dnb.com/business-directory/company-profiles.bit_lc_inc.1a9f584203d2024cc35f3bb33cf15a7f.html Bit LC - DNB Business Directory] (Jan 26, 2024)</ref> | Director: Javier Lopez<ref>[https://www.dnb.com/business-directory/company-profiles.bit_lc_inc.1a9f584203d2024cc35f3bb33cf15a7f.html Bit LC - DNB Business Directory] (Jan 26, 2024)</ref> | ||
Founder: Jim Nelin<ref name="archivearchive-21" /> | Founder: Jim Nelin<ref name="archivearchive-21" /> who is BitcoinTalk user Jine. | ||
<ref>https://bitcointalk.org/index.php?topic=62988.0</ref> | |||
== The Reality == | == The Reality == | ||
Funds on the | Funds on the BitLC platform cold storage were directly accessible by the platform operator, who was apparently named Erick. There were no access restrictions preventing the entirety of the customer funds from being transferred away from the platform by Erick. The homepage of the service emphasized the anonymous nature of the bitcoin network<ref name=":0" />.<blockquote>Bitcoin's peer-to-peer topology and lack of central administration make it infeasible for any authority, governmental or otherwise, to manipulate the value of Bitcoins or induce inflation by producing more of them. It also makes it near-impossible trace to you as a person.</blockquote> | ||
== What Happened == | == What Happened == | ||
In mid-January a large investor of the BitLC exchange platform reportedly took the funds from the cold storage wallet. | |||
{| class="wikitable" | {| class="wikitable" | ||
|+Key Event Timeline - Bit LC Theft | |+Key Event Timeline - Bit LC Theft | ||
| Line 37: | Line 40: | ||
|Capture Of Website Notice | |Capture Of Website Notice | ||
|The BitLC website is captured with details of the bankruptcy/closure of the BitLC platform<ref name="archivearchive-21" />. | |The BitLC website is captured with details of the bankruptcy/closure of the BitLC platform<ref name="archivearchive-21" />. | ||
|- | |||
|October 23rd, 2023 12:26:09 PM MDT | |||
|New Reddit Thread | |||
|A new Reddit thread is posted on the BitLC theft<ref name=":1">[https://old.reddit.com/r/Bitcoin/comments/17erb72/victims_of_bitlcnet_almost_a_decade_ago/ Victims of BitLC.net almost a decade ago - Reddit] (Jan 30, 2024)</ref>. | |||
|} | |} | ||
| Line 47: | Line 54: | ||
== Immediate Reactions == | == Immediate Reactions == | ||
The Bit LC website displayed a notice shortly after the cold wallet was emptied<ref name="archivearchive-21" />. | The Bit LC website displayed a notice shortly after the cold wallet was emptied<ref name="archivearchive-21" />. | ||
<ref>https://bitcointalk.org/index.php?topic=175693.0</ref><ref>https://bitcointalk.org/index.php?topic=351513.0</ref> | |||
== Ultimate Outcome == | == Ultimate Outcome == | ||
The incident was ultimately included in the BitcoinTalk forum<ref name="bitcointalklistold-20" /><ref name="bitcointalklist-87" />. | The incident was ultimately included in a list posted on the BitcoinTalk forum<ref name="bitcointalklistold-20" /><ref name="bitcointalklist-87" />, and propagated to other lists. | ||
Jine went inactive in 2016<ref>https://bitcointalk.org/index.php?action=profile;u=14418</ref>. | |||
The BitLC website has been replaced with a cryptocurrency website<ref>https://bitlc.net/</ref>. | |||
== Total Amount Recovered == | == Total Amount Recovered == | ||
| Line 55: | Line 68: | ||
== Ongoing Developments == | == Ongoing Developments == | ||
A recent Reddit post in 2013 has renewed the calls for an investigation, although the post faced limited engagement by the Reddit community<ref name=":1" />.<blockquote>About 11 years ago there was a mining pool called BitLC.net and it was pretty decent pool. A bunch of people were using it when it suddenly went offline and there is speculation that Jine, the owner, stole the funds. | |||
I'm going to consolidate some information here and it's my plan to look into things more. If it seems that the funds are still in a cold wallet and untouched over the past 10 years there likely isn't anything that can be done. If the funds have moved I will look into legal options.</blockquote> | |||
== Individual Prevention Policies == | == Individual Prevention Policies == | ||
{{Prevention:Individuals: | {{Prevention:Individuals:Avoid Third Party Custodians}} | ||
{{Prevention:Individuals:Store Funds Offline}} | |||
{{Prevention:Individuals:End}} | {{Prevention:Individuals:End}} | ||
| Line 64: | Line 82: | ||
Cold storage needs to be a proper multi-signature wallet with all keys stored completely offline. One person should not hold all the keys, especially an unknown person. There needs to be training in place to ensure that all operators are fully aware of best practices. | Cold storage needs to be a proper multi-signature wallet with all keys stored completely offline. One person should not hold all the keys, especially an unknown person. There needs to be training in place to ensure that all operators are fully aware of best practices. | ||
{{Prevention:Platforms: | {{Prevention:Platforms:Implement Multi-Signature}} | ||
{{Prevention:Platforms:Establish Industry Insurance Fund}} | |||
{{Prevention:Platforms:End}} | {{Prevention:Platforms:End}} | ||
== Regulatory Prevention Policies == | == Regulatory Prevention Policies == | ||
{{Prevention:Regulators: | {{Prevention:Regulators:Platform Security Assessments}} | ||
{{Prevention:Regulators:Establish Industry Insurance Fund}} | |||
{{Prevention:Regulators:End}} | {{Prevention:Regulators:End}} | ||
Revision as of 13:17, 30 January 2024
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
BitLC was a service provider website which offered a mining pool, online wallet, and a bitcoin exchange. On February 13th, 2013, the website went offline claiming that all coins in the cold storage wallet had been taken by an investor. Users remain with no recovery and limited answers about what happened.
About Bit LC
The exchange was reportedly based in Panama. Description from the homepage[1]:
We are a Bitcoin Service Provider offering free and low cost Bitcoin Services, such as a high-end mining pool, online wallet service, bitcoin exchange and a lot more. We're using cutting edge technology to provide you with the best and most secure services available. Our system have full IPv6 support, is built with highest possible security measurements and we're adding new features and services continuously.
Website: bitlc.net[1]
Director: Javier Lopez[2]
Founder: Jim Nelin[3] who is BitcoinTalk user Jine.
The Reality
Funds on the BitLC platform cold storage were directly accessible by the platform operator, who was apparently named Erick. There were no access restrictions preventing the entirety of the customer funds from being transferred away from the platform by Erick. The homepage of the service emphasized the anonymous nature of the bitcoin network[1].
Bitcoin's peer-to-peer topology and lack of central administration make it infeasible for any authority, governmental or otherwise, to manipulate the value of Bitcoins or induce inflation by producing more of them. It also makes it near-impossible trace to you as a person.
What Happened
In mid-January a large investor of the BitLC exchange platform reportedly took the funds from the cold storage wallet.
| Date | Event | Description |
|---|---|---|
| January 15th, 2013 3:32:53 PM MST | Website Operating Normally | The BitLC website is captured and appears to be online and operating normally[1]. |
| January 19th, 2013 | Jim Nelin Notices | According to the report on the site, this is when founder Jim Nelin first became aware that the total of all funds was deficient to pay back customers[3]. |
| February 13th, 2013 | Website Notice Published | A notification is published on the bitlc.net website homepage on this date[3], although in one area the date is incorrectly stated as 2012. Erick reportedly "ha[s]n't been in contact with [Jim], anyone [he] know[s,] or tried to sign in to any of our servers for the past 3 months or so." |
| March 2nd, 2013 4:10:15 PM MST | Capture Of Website Notice | The BitLC website is captured with details of the bankruptcy/closure of the BitLC platform[3]. |
| October 23rd, 2023 12:26:09 PM MDT | New Reddit Thread | A new Reddit thread is posted on the BitLC theft[5]. |
Technical Analysis
"This alleged theft was unique in that coins held in the hot wallet were safe, but coins held in a cold wallet compromised. The thief is not expected to have access to the coins regardless, so there was little financial gain from this theft. Erick, allegedly the only one with physical access to Bit LC Inc.'s cold wallet, has failed to communicate and withdraw coins. Bit LC Inc. therefore was required to declare bankruptcy. There is no proof that Erick intentionally stole the coins; indeed, some evidence asserts that he or she may simply have disappeared in some manner."
Total Amount Lost
The total amount lost has been estimated at $51,000 USD.
Immediate Reactions
The Bit LC website displayed a notice shortly after the cold wallet was emptied[3].
Ultimate Outcome
The incident was ultimately included in a list posted on the BitcoinTalk forum[8][9], and propagated to other lists.
Jine went inactive in 2016[10].
The BitLC website has been replaced with a cryptocurrency website[11].
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
Ongoing Developments
A recent Reddit post in 2013 has renewed the calls for an investigation, although the post faced limited engagement by the Reddit community[5].
About 11 years ago there was a mining pool called BitLC.net and it was pretty decent pool. A bunch of people were using it when it suddenly went offline and there is speculation that Jine, the owner, stole the funds. I'm going to consolidate some information here and it's my plan to look into things more. If it seems that the funds are still in a cold wallet and untouched over the past 10 years there likely isn't anything that can be done. If the funds have moved I will look into legal options.
Individual Prevention Policies
When using any third party custodial platform (such as for trading), it is important to verify that the platform has a full backing of all assets, and that assets have been secured in a proper multi-signature wallet held by several trusted and trained individuals. If this can't be validated, then users should avoid using that platform. Unfortunately, most centralized platforms today still do not provide the level of transparency and third party validation which would be necessary to ensure that assets have been kept secure and properly backed. Therefore, the most effective strategy at present remains to learn proper self custody practices and avoid using any third party custodial platforms whenever possible.
Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Cold storage needs to be a proper multi-signature wallet with all keys stored completely offline. One person should not hold all the keys, especially an unknown person. There needs to be training in place to ensure that all operators are fully aware of best practices.
All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.
Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.
Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 1.0 1.1 1.2 1.3 BitLC Homepage Archive January 15th, 2013 3:32:53 PM MST (Jan 26, 2024)
- ↑ Bit LC - DNB Business Directory (Jan 26, 2024)
- ↑ 3.0 3.1 3.2 3.3 3.4 Bit LC Inc. closing all services, effective immediately - BitLC Homepage Archive March 2nd, 2013 2:40:08 PM MST (Feb 4, 2020)
- ↑ https://bitcointalk.org/index.php?topic=62988.0
- ↑ 5.0 5.1 Victims of BitLC.net almost a decade ago - Reddit (Jan 30, 2024)
- ↑ https://bitcointalk.org/index.php?topic=175693.0
- ↑ https://bitcointalk.org/index.php?topic=351513.0
- ↑ List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses [Old] - BitcoinTalk (Jan 28, 2020)
- ↑ List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses - BitcoinTalk (Feb 15, 2020)
- ↑ https://bitcointalk.org/index.php?action=profile;u=14418
- ↑ https://bitlc.net/