Sorry, posting in newbie because I just registered and cannot respond in the relevant thread.
This is in response to:
https://bitcointalk.org/index.php?topic=81045.msg897900#msg897900We are building an account claim page. You can submit your account information, financial information (balances) and trading information to verify your identity. We will then match with the records we have. If they have matched, we will send Bitcoin balance to your nominated Bitcoin address within 24 hours and USD balance with unrealized P/L to your email as a Mt. Gox code. If you sent the funds to us via Wire (i.e. you don't use Mt. Gox at all), we will try our best to fulfill wire transfer requests.
Current positions will all be liquidated at a settlement price. We haven't decided the price yet, but my personal estimate is 4.98 / 4.94. (All long positions can liquidate at 4.98 and all short positions can liquidate at 4.94, we pay the spread for you.) All unrealized P/L will be settled in USD. If you don't have sufficient USD balance, we will use your BTC to settle, with the mid-point exchange rate (again, we pay the spread).
The page will be up in a few days but I don't have accurate information on this. Patrick is working on the page now. Thanks for your understanding and patience.
This worries me. Some people have a significant amount of USD and BTC tied up in Bitcoinica. The hacker seems to have had full access to the MySQL database containing account information, balances etc. The hacker also hinted this will be public information soon using the 'MASS LEAK SOON' message in the stolen bitcoin transactions. So matching accounts based on name, email, account balance is a poor idea. I understand the AML data is not compromised but not everybody might have the exact digital copies of the documents they sent initially, and it might be easy to forge and/or find similar data online for some cases. This process depends on human judgement and is not foolproof.
Any bitcoin transfer has to be at least authorized through the owners email address. Not just through some random 'claim page'. Sending bitcoins and/or USD as a MtGox code is also a poor idea since email is not encrypted and can be intercepted. Since the hacker compromised a mailserver already and is notified the claim process will work like this I can imagine they will try to intercept all MtGox claim codes sent out over email by Bitcoinica to drain customer accounts.
Finally, Would it not be possible to bring back a read-only version of bitcoinica with trading disabled that still allows users to log in using their password & two-factor code and use the exiting transfer functionality that does not depend on email? Unless the 2-factor login has been compromised also I assume this should be a more secure approach?
Worst case: Impersonator using leaked account data runs away with my BTC, and the hacker intercepts the unencrypted MtGox codes for USD sent to my email.