How trolls took down Coin Fire with a DMCA

Last month, Coin Fire posted a report about current SEC actions that could have a major impact on a large number of players in the cryptocurrency space.

CloudFlare Traffic Report Image In Question

A few short hours after that report had been posted, Coin Fire received a record number of over 900,000 unique page views in a 24 hour period according to our Cloud Flare report. Our staff immediately received telephone calls, emails, and some angry messages from some members of the community.

At approximately 9:00am EDT that day, the primary account email for Coin Fire received an email stating that a DMCA notice had been received against an image on the Coin Fire site. The image was one of the SEC letter covers that we had uploaded and placed in our report the day earlier.

Initially, our staff was confused. The image was created from a series of documents we had received and ourselves redacted before uploading to protect the parties and sources involved with our report. Our staff had taken extra precaution to use pages from various letters and placed them together in order to conceal which letters were used and their sources whom we had directly received from in person.

A DMCA notice against this particular image was perplexing to our staff. The notice was created from a document that tax payer dollars had funded, and it had been created from several documents.

We sent an email requesting further information and a copy of the DMCA action notice as it had been filed and immediately contacted our attorney.

Thirty minutes later, the Coin Fire site displayed a FORBIDDEN ERROR to all visitors and our email was no longer responsive. Brendon immediately called our legal representation who had assured us the week prior that we likely could expect some sort of retaliation although we had not committed a crime by releasing and redacting the documents.

I immediately visited our hosting provider’s website, filled out a trouble ticket, and opened a live chat session. (Our attorneys have advised us NOT to name the hosting company in question until after the entire situation is evaluated in the near future. We are still considering a dispute about the mishandling of a DMCA notice.)

Brendon reached our legal representation and I spoke with our attorney. Our attorney said we had a right to remove the offending content before our site was seemingly taken down. During this time, I continued waiting to speak with someone via live chat. I also dialed our hosting company whose hold message said it would be a thirty minute wait.

Coin Fire Backup Files

In the meantime, I began trying to connect via SSH to our VPS machine and access our site. We download a backup of the site files, databases, images, and other content off-site daily. I knew the best course of action would be to take our site online somewhere else in the meantime, but we had run our backup the day before prior to publishing the SEC piece and we would need to repost it.

We opened the backups from earlier that day and began reviewing our download when we found one of the files had become corrupted. That file was our database backup. We immediately called our provider to respectfully ask that they give us SSH access so that we could at the very least download our files before moving them to another provider.

Having seen how the situation had played out thus far, I honestly did not want to give our provider another dollar or our hard-earned money and very much wanted a new provider. Knowing that a DMCA request had come in and that we hadn’t been given adequate time to respond was very disturbing–not only to myself, but the rest of our team and our legal representation.

Another thirty minutes passed by while I was still on hold. Our hosting company’s message still indicated that my wait time was thirty minutes, and I started to become very frustrated with the situation. Our site was entirely offline, our email was shut-off, and our server was no longer responsive via SSH. Even still, I tried to stay calm knowing that a simple mistake had possibly been made and that we would be able to work it out rather quickly.

By 11:00am EDT, we started opening up other backup files and discovered that the database had been corrupted in them as well. We had made the fatal flaw of taking backups without throughly inspecting them to ensure the files were okay (we have since made necessary changes to guarantee that mistake will not take place again). We had no idea who sent the DMCA request, how it was processed so quickly, and when we would be getting our site back online.

At 11:30am, I finally had reached someone on the other end and gave them the relevant account information. I was told that a DMCA request had been received, we had not adequately responded to the request, and that our account would be fully restored if only we agreed to remove the image in question. I was very upset at this point, but still calmly explained that we had not been given adequate time to respond and we were unaware of who was behind the request. I explained that we were unable to proceed with the removal as a result and wanted to see the actual full request before responding. I was placed on hold.

Fifteen minutes later, I was told the first request was sent via email and the hosting company was unable to send it again due to security reasons. I reviewed our email account, but we had not received any information in the request nor any information on who it had come from. I asked again for a notice or details on who was behind the notice–as we are legally allowed to make those requests. I was told “that is just not possible” and placed on hold again. Apparently, the email we had received was the second notice.

At this point, we prepared to bring our attorney into the call. When a representative from our hosting company come back on the line at  12:25pm EDT, I had our lawyer on standby and had closed the chat window which was still unresponsive.

We still were unable to see the initial DMCA request a few hours later, but were FINALLY allowed the ability to download all of our files from the server and take them elsewhere. Josh with BitVPS had reached out to us and said they would be willing to host us. They offered us a discount on a VPS machine that would be not only better suited to handling DDOS attacks and large levels of traffic, but would also help defend against DMCA attacks such as the one we were currently experiencing.

We began downloading everything, moving it to a new machine, and changing our DNS information. We were also still waiting to see the DMCA request that our previous host claimed they were unable to give to us. I was incredibly angry at this point, but had several phone discussions with several members of the community that helped keep me in check. It was time to simply batten down the hatches and move forward.

I began working extremely hard to get our site back online thanks to our friends at BitVPS and Josh. Both Josh and BitVPS were most helpful getting some bugs worked out with myself and Brendon.

We were able to bring Coin Fire back online and breathe a sigh of relief that at least one fire had been put out. Now we just needed to deal with that “pesky” DMCA request. Our hosting company told us they would mail us the DMCA request, but that was unacceptable to our team. After a few hours later and some phone calls with representatives at our old hosting company’s legal department, we were given the name of the company that had brought us offline.

COIN NEWS INC is the company that ultimately filed a DMCA against us. Our attorneys began searching for validation on this company, where they are located, and how to get in touch with the legal department at the company. They promptly found more roadblocks.

A quick search on DuckDuckGo shows no results for “COIN NEWS INC”, and we immediately became more suspicious. Our attorneys demand to see the full DMCA request and are still fighting to this day to see the entire request.

Our attorneys have explained to us at Coin Fire that a DMCA notice has to be filed with certain information, such as an address and other relevant information, to confirm a claim being made. We have the right to this information and have been denied the information to date.

COIN NEWS INC is a bogus company that doesn’t exist. Apparently, we are more capable than the people making the choice as to whether a DMCA request is valid or not by simply doing an internet search.

We still aren’t sure who COIN NEWS INC is, if they even exist, and who is behind the “company” or the bogus take down letter. Our team is still actively working to resolve these issues though, and we hope to provide an update to our readers in the near future.

Please rest assured that we have taken countless steps to work with our new host BitVPS and our attorneys to prevent this sort of thing from happening again in the future.