If i could send my could to you, I would not be here bitching and screaming.

I think what you meant to say is "businesses SHOULD not lock out a customer"... because obviously they can, and there is nothing anyone can do about it.  I know one case where MtGox's locking a man out of his account is causing severe stress... He is an older man, US citizen, has 7 stents (valves in heart), living off-the-grid in south America for 7 years, and was paying his healthcare, rent,  buying food with bitcoins.  Now he has no money, and therefore no access to rent, healthcare or food.  But MtGox stands my their "you need to validate yourself", and has so far, not accepted the documentation he has sent in (because he has no permanent address or apostille sealed document less than 6 months old)

If you stand by your "cannot" statement, then, when MtGox's policies actually DO lock someone out, who does one call to remedy this (I mean besides MtGox, who does nothing).?  Is there any kind of oversight group that monitors/regulates these exchanges?  Becaus  the way it is now, the client is the last voice to be heard. 

It seems that only MtGox actually enforces them.  Are they now a PSP or bank?

MtGox says the reason they prohibit wallet-to-wallet bitcoin transfers (yes, they are prohibiting for unverified accounts now - even if you put your coins in there long ago) is because of the AML laws... yet, no other wallet site (that I know of or use) has this restriction, as they all allow me to transfer bitcoins to another address without the need to verification.

So, either MtGox is making up it's own AML rules, or none of the other sites, like Blockchain, for example, are following them.

Does any know what the real deal is with these AML laws?  it is all kept very secret.  In fact, the AML laws require that the exchange NOT notify the users in advance before the exchange put in place any new restrictions or limits...but only AFTER they are in place.

The real question is... where can I read the AML laws, specifically on how they apply to bitcoins? (although I still find it hard to believe they even Do apply for wallet-to-wallet transaction... but that is what I am told by MtGox)

and they should be treated as such.

They just told me i can not get any of my bitcoins unless I get verified (coins they gladly took without verification), which in absolutely impossible for me, as I live on-the=road and off-the-grid.

So, they changed their rules, without notification, and now that have my coins... forever.

How many other people are having to deal with this bullshit from MtGox? 

Personally, i do not believe them... I think they are just making a grab for a bunch of bitcoins that they know many people will never be able to get again, thanks to their new Orwellian policies.

Stay away from MtGox, and spread the word.

sucks for me, as I can not get verified.  I do not have the papers they demand.  I live extremely off the grid, but up until last week I was able to withdraw bitcoins... today, no.  Does this mean I will never get my coins back!? These guys just became worse than the banks!

hmmm... I have also lived in Italy, Spain, California, NYC and Argentina... all of whom have gone bankrupt AFTER I lived there!... Again the common thing between all these bankrupt states is ME.  my God!  I am the Grim Reaper of economies!!  I mean, this must be the case because, following your flawless reasoning, no one else you has had money in bitcoin exchanges has lost any money, and the polish government closing down the bitcoun-24, well, that would absolutely be my doing only if i really was the dark could of financial doom.... unless you can provide another reason as to hoe my being me caused the German and Polish officials to take down BTC-24.

Ok, well, let's see what new economic disaster I can bring about.

well, my passwords (rather the ROT(n) versions of them, which i changed)
were "gafa973p3l5h7" to login and "txtxtx18" to withdraw.  Granted these may not be award winning passwords, but they are not THAT easy to hack, are they?  And the 2nd passwd can only be entered on a virtual keyboard. 

Here is the complete list of all warning on my linux, from 'rkhunter'

[19:21:23] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text
[19:22:20] Checking if SSH root access is allowed          [ Warning ] 
[19:22:20] Warning: Hidden directory found: '/etc/.java'
[19:22:20] Warning: Hidden directory found: '/dev/.udev'
[19:22:20] Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'

none of these have the ability to read a virtual keyboard.

As for the multiple hacks, no, not on the samne service

1) BTC-e (and consequently MtGox as I used the same password)  (100btc)
2) Bitcoin-24 (government shutdown, but no bitcoins were confiscated... they simply have decided to not return them) (100btc)
3) Blockchain (300btc)

Now, one of many things that is weird about BTC-e is, i always get a "Successful authorization." when I log into BTC-e.  But the day I was hacked, there was no such notices... just a "Successful Withdrawl" as midnight, followed by a "Successful auth" from my IP 2 hours later when I logged in, which implies they did not log into my account but came in another way, no?   

they could be a little clearer on what "enter your one time password" means... but other then that, very good!

For the record, I do not think these are scam sites.  If I did I never would have used them at all.  My complaint had to do with the "sucks for you" attitude these major sites have... other than mtgox.  BTCE support, feedback, help, etc... was/is abysmal.  Not saying they are scams, just really crappy at communication.  Bitcoin-24 and Blockchain are worse. Where as BTCE replied with a basic "No", blockchain and bitcoinc-24 did not even look at my ticket.  Again, not saying they are a scam, just support challenged.

well, i tried trading bitcoins without having any in my online accounts, but it didn't really work so well.  Perhaps it's my learning disability that prevents me from figuring this out.  Please help me and explain it like you were talking to a 3 year old.  Thank you

I did at one time, yes...  but i un-installed it before changing both my passwords on blockchain.

so, that is the answer I was afraid of... basically saying "no, there is no safe place to keep your money online.  You have to hide it under your pillow, next to your gun.", which makes banks a little bit more attractive, even with all their downsides.  it is surprising to me that a bank can do this security easy-peasy, yet crypto-nerds can't.  It shakes my faith.

As for the hacks, it was not all at once, but over a year, and unless someone secretly installed a vnc server on my linux box, and then secretly open that port, they could not know the 2nd password (at blockchain) entered on a virtual keyboard.  I think there is a far more likely scenario.  And the bitcoin-24 shutdown certainly had nothing to do with my security.

I had no problem either, until I did.

isn't this like saying "hey, I also drive a car and I have never had an accident"?

I seriously doubt my heavily firewalled with encrypted FS (where my bitcoin info is) linux is compromised, but even if it was, the 2nd password on blockchain uses a virtual keyboard to thwart keyloggers.   But more to your point, I have taken steps to insure my security locally.   Really, it is just blockchain that shocks me.  BTCE has been hacked up one side and down the other (a google search will confirm this, no flames please), and bitcoin-24 was flirting with legal disaster from the beginning, so loosing money to those guys is not a big surprise.

ok, so think of it like a penny arcade.  you give the cashier 1 dollar and she gives you 10 tokens, which you can spend in the arcade.  When you leave, you cash in your remaining tokens.   

Bitcoins are send yo the account to get credits and then bitcoins are sent back to client when they cash in their credits.  That is how the coins are used.

Now, i assume (perhaps in error) that the mtgox's and blockchain  of the world have better security than i can privide while allowing me to receive/send bitcoins.

If I do not keep them online anywhere, how does that work?  Do I send all the accumulated coins to my private wallet every hour, and then make a cd backup of that wallet every hour? 

Regardless of how I use the coins, the question is the same:  What is the best way to make an online wallet secure?

Hi,
so i am wondering if the lack of anything that even closely resembles customer support or even semi-ethical behaviour is simply something I have to get used is I choose to play in th ebitcoins world.

** My account  (and many others) was hacked at BTCE, and their responsce was "Nope"
** Bitcoins-24 closed my account and took all my coins, and have not respoced to one request for their return
** And the latest, my double password protected account at blockchain was emptied of all bitcoins two weeks ago and my ticket asking them if anything had gone wrong is still in the "This request is awaiting assignment to a support agent" queue

I was under the impression that Blockchain was one of the more 'professional' outfits out there.

So far, the only organization that has made any effort in responding to my queries is MtGox.  in fact, they were very helpful in protecting my account after my BTCE account was hacked (as I made the mistake of using the same password on MtGox as BTCE).   

you would think that an industry already suspected my MSM of being overpopulated and driven by money laundering criminals, drug dealers, terrorists and child molesters would make SOME effort to to up their image, and not respond (if they respond) with a "yeah, sucks for you" response, even when their own incompetence is to blame.

I am painfully aware of the risks involved with keeping bitcoins online (https://bitcointalk.org/index.php?topic=255369.msg2749654)... but i i can't trust the exchanges, and I can trust double password access, what is the secure way to store bitcoins onl9ine, specifically with regards to running an online business that moves bitcoins to and fro? 

My original plan was to keep them in blockchain as they seem to have very good security, but as their security was not able to stop my 300 coins for getting disappeared, I guess that is out of the question... so, what IS the best way to store coins online what they HAVE to be stored online?

hmm... so I guess I will just have to accept that they have my coins, and could return them if they so desired, but choose rather to just keep them.  Well, i preferred it when I thought that all my correspondences with them and their lawyers were ignored because of incompetence, rather than blatant thievery.

Damn!  Just bad luck for me, I guess, cause I still ain't seen hide nor hair of any of my 100 'disappeared' coins, and my attempt to withdraw when that was made available simply responded with a "you coins will be returned within 24 hours".  At this point it is clear that have no plans sice then, nor made any effort, to refund.. 

I am curious, did you have any euros in your account as well?  Because if you did, that supports my conspiracy theory that they took care of (only) clients that had the right to go to official legal channels.

I only access with hardwired linux box.  I have no bitcoin info on my android, except for my blockchain.info app, which I rarely use but absolutely have not used sined i changed my password a month before they were hacked.  yes, i suspected that keylogger as well, but a) I can not imagine how that would have been possible to install on my linux box 2) the 2nd withdrawal password on blockchain.info uses a virtual keyboard specifically so keylogger can not see the password.

ah... interesting about 0,0.  makes sense. thanks

honestly I am not sure how much I trust ANY of the exchanges.  They are all vulnerable to hackers and greed.  If someone at blockchain decided to empty my account (and, occasionally some other persons account), they can easily say "hey, you should have used better passwords/security/etc/etc' and there is nothing the victim can do.  As bitcoins are not even money, I dount you could even get any real attention on such acts.  Although i think that is a .01% possibility of what happened to my bitcoins, I think there is a 50% chance that is what happened with BTC-E and a 99.9999% chance that (or something very similar) this happened with Bitcoin-24

Well, this is depressing...  After i lost 100 BTC to the Polish/German government/banks when Bitcoins-24 was shutdown [1], and someone managing to discover my BTE-E password [2] and took another 100 BTC from me, I moved all my coins to Blockchain, with double passwords (one to get in, another to withdraw)... passwords I have never used before or written down anywhere... very good passwords.  Sadly, I can not use Yubikey or 2-pass auth here in Argentina.  Nevertheless, I get a message from blockchain at midnight two nights ago saying "Withdrawal from your account".. Of course, I look and yes, the account has been completely wiped out by some address that appears in the ocean off the west African coast.  Once upon a time I had 500 BTC.  Between what has been lost (hard drive crash with no backup), commandeered by TPTB, and stolen,  I am left with 25 coins.   

I am not the only person with this story.  the one big question mark I have about the future of bitcoins is for all the cryptology involved in 'securing' the coin, they seem to be about as secure a gold bars under my mattress. 


[1] has ANYONE received anything of their BTC back? I know they keep saying "we are working on it", but I kinda think they are full 'o crap.  I think they are refunding the euros but just keeping the BTC and blatantly screwing their BTC clients because they know there is little or nothing that can be done to them.  But with actual money they can be prosecuted.  So they return the money and simply steal the BTC.

[2] my BTC-E account was emptied at 8pm, then 20 minutes later, my Vircurex account (which used the same password) was emptied, and there were failed attempts to log into other account.  My theory is they managed to steal my username/passwd from BTC-E then use dthat same combo on every exchange out there, and they managed to get lucky with Vircurex, and not with the others.  I asked BTC-E if they had been hacked, and they said nothing at all had happened, but a quick search will show that BTC-E seems to be a favorite for thieves and hackers.