Great job Busoni and team.
You have all acted responsibly and professionally..... as usual
Ppl said polo will be the next nxt-e, but they are wrong. good job. You have all acted responsibly and professionally..... as usual
Topic: [ANN][EXCHANGE] Poloniex - Crypto Exchange with BTC/NXT - page 127. (Read 272454 times)
Great job Busoni and team.
You have all acted responsibly and professionally..... as usual
You have all acted responsibly and professionally..... as usual
That's why your meant to Deposit to your wallet first, it even states it on pools, don't use your Exchange address to deposit your Pool coins...
All funds are safe. Poloniex does use cold wallets.
What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.
Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.
I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.
What about BadgerCoin addresses? My pool has been automatically depositing on the old (frozen) address for more than a day already. Are those funds lost?What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.
Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.
I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.
All funds are safe. Poloniex does use cold wallets.
What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.
Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.
I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.
What about BadgerCoin addresses? My pool has been automatically depositing on the old (frozen) address for more than a day already. Are those funds lost? What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.
Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.
I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.
Nobody else is concerned that this person was able to ssh to the server without firewall rules blocking him?
Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.
Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.
Unfortunately Busoni will probably not be able to give the exact details except that he "caught" it and it never went down
as the attacker hoped. You cannot show all your cards as of course hackers read all this that we write.
Usually in a security situation the site owner cannot say anything at all.
Way to skirt the question. The explanation given does not make any sense if they are really using proper firewall rules for server access. All I can read from this as a security expert is that the SSH port of the wallet server has been open to the entire world this whole time.
Frankly, using SSH keys and disabling PermitRootLogin with password seem like very important steps anyone would use.
Then locking down the one machine with the keys IP address and making sure there's no physical access to the machine, is how I might do it.
But that's just me.
Yeah, only login by ssh key (.pem or .ppk) and allow only login from 1 IP, all the others deny (the service denyhosts works great in this). But good work by not losing the coins.
Best Regards.
I made 2 EBT deposits -one of my wallet+one of pool- that don't show up in my balance nor on last 25 deposit history on poloniex.They're both confirmed .Anyone experience same problems?
great job polo, clearing this up so quickly. isnt the crypto world fun?
nice work, we can use poloniex now
hope i can withdraw FLT as soon as possible
withdrawal still frozen, need some time
good job busoni
hope i can withdraw FLT as soon as possible
withdrawal still frozen, need some time
good job busoni
Nobody else is concerned that this person was able to ssh to the server without firewall rules blocking him?
Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.
Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.
Unfortunately Busoni will probably not be able to give the exact details except that he "caught" it and it never went down
as the attacker hoped. You cannot show all your cards as of course hackers read all this that we write.
Usually in a security situation the site owner cannot say anything at all.
Way to skirt the question. The explanation given does not make any sense if they are really using proper firewall rules for server access. All I can read from this as a security expert is that the SSH port of the wallet server has been open to the entire world this whole time.
Frankly, using SSH keys and disabling PermitRootLogin with password seem like very important steps anyone would use.
Then locking down the one machine with the keys IP address and making sure there's no physical access to the machine, is how I might do it.
But that's just me.
Always trust polo.
Good job.
Good job.
All funds are safe. Poloniex does use cold wallets.
What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.
Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.
I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.
What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.
Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.
I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.
Dam impressive +2
Me too, very great support. I will always trust poloniex.
Great job Busoni and team.
You have all acted responsibly and professionally..... as usual
That's why I love Poloniex so much
You have all acted responsibly and professionally..... as usual
That's why I love Poloniex so much
+1
Great job Busoni and team.
You have all acted responsibly and professionally..... as usual
That's why I love Poloniex so much
You have all acted responsibly and professionally..... as usual
That's why I love Poloniex so much
Is there anyone who lost coins after server comeback?
Poloniex was great!
Since the beginning poloniex is gaining trust. At several points, the owner remained very fair and professionnal. I am convinced this is way more important than any fancy html5 flat design.
Congratz.
Congratz.
@busoni ... hope u make enought money to finance FTTH to your home and have the servers physically under control ^^
respect for catching the guys with their fingers in the cookiebox
save and secure is a constant struggle ... i wonder if 2FA or even 3FA for root acces would be possible
respect for catching the guys with their fingers in the cookiebox
save and secure is a constant struggle ... i wonder if 2FA or even 3FA for root acces would be possible
trollboxteam4ever
Jump to: