Please explain this one:
"There is also a very precise reason why the claims period had to be limited to a fixed time-frame."
"There is also a very precise reason why the claims period had to be limited to a fixed time-frame."
I think this has been answered before, but it doesn't really matter, the answers are probably buried in this thread among giszmo's butthurt and tvbcof's irrelevance.
We've been hacked and got proof that the hacker got access to our database in read/write. (and no IW didn't leak wallet URLs, if anyone is interested I can link the proper humiliation I gave Roger Wehbe who was trying to peddle this nonsense for weeks, meanwhile begging for tips, anyway, I digress).
So our hacker got access to our database, meaning access to all wallet URLs (and all the information you have provided for that matter). So if you follow that meant we *had* to define a specific claims timeframe.
Had we allowed the claims to run forever the following would have happened :
- legitimate users claim their funds
- six months later, when no one cares anymore the hacker comes and picks up what's not been claimed
With a deadline we were forcing the hacker to reveal himself if he tried to claim wallets, we figured most decent wallets would be claimed by their users and that a double claim would immediately raise suspicions (especially if they were coming from the same/a weird IP or if we fingerprinted the same browser on 100 large duplicate claims).
So that was the first reason.
The second reason to have the 90 days time frame is quite simple too, as you know, Bitcoin wallets after being hacked are quite often insolvent.
So the reason for the fixed time-frame is that it allowed everyone to file a claim without rushing in a bank-run like scenario where the first claimants would get paid 100% and the rest would get whatever was left. By having a fixed time-frame we managed to accurately determine whom to pay and how much at the end of said period.
Since we had to set the payouts in stone before actually paying it also meant we'd have to start paying everyone at the same moment, so when we had to determine the time-frame length 3 months seemed the appropriate number in order for people to get access to their money in a reasonable time-frame while at the same time leaving a reasonable delay for people to place a claim.
Does this answer your question ?
This all makes sense but I doubt it is legal. If my bank shuts down and doesn't inform me that in 90 days my money will be theirs to use as they please, I doubt they would get away with it. Why not 900 days? Why not 9 seconds?
90 days are completely arbitrary and while it might be a nice incentive to get the hacker to come forward, it can't possibly be a way to steal users' funds the way you try now. Keeping the money is not just legally wrong, it also is morally wrong.
If you would give the remaining money to charity, you would win on moral ground but run into trouble once people come after you on legal ground.
I guess the best way would be to put this money into escrow with some reputable entity and fully disclose the legal situation. Giving the remaining money to charity after a 10 years delay (guess in Germany such liabilities would not expire for 10 years) might turn out interesting, too
