[ANN][EXCHANGE] Poloniex - Crypto Exchange with BTC/NXT - page 127.

Hotodamoon

newbie

Activity: 31

Merit: 0

Quote from: kache on May 03, 2014, 06:52:26 AM

Quote from: busoni on May 02, 2014, 05:44:03 PM

All funds are safe. Poloniex does use cold wallets.

What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.

Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.

I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.

What about BadgerCoin addresses? My pool has been automatically depositing on the old (frozen) address for more than a day already. Are those funds lost?

OMG. Really? your BadgerCoin lost?

kache

full member

Activity: 140

Merit: 100

Bored

Quote from: busoni on May 02, 2014, 05:44:03 PM

All funds are safe. Poloniex does use cold wallets.

What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.

Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.

I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.

What about BadgerCoin addresses? My pool has been automatically depositing on the old (frozen) address for more than a day already. Are those funds lost?

rmoraos

sr. member

Activity: 452

Merit: 250

Quote from: altcoinherald on May 03, 2014, 05:06:57 AM

Quote from: chiznitz on May 02, 2014, 11:32:53 PM

Quote from: YoyodyneSystems on May 02, 2014, 11:28:46 PM

Quote from: chiznitz on May 02, 2014, 11:22:28 PM

Nobody else is concerned that this person was able to ssh to the server without firewall rules blocking him?

Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.

Unfortunately Busoni will probably not be able to give the exact details except that he "caught" it and it never went down
as the attacker hoped. You cannot show all your cards as of course hackers read all this that we write.

Usually in a security situation the site owner cannot say anything at all.

Way to skirt the question. The explanation given does not make any sense if they are really using proper firewall rules for server access. All I can read from this as a security expert is that the SSH port of the wallet server has been open to the entire world this whole time.

Frankly, using SSH keys and disabling PermitRootLogin with password seem like very important steps anyone would use.

Then locking down the one machine with the keys IP address and making sure there's no physical access to the machine, is how I might do it.

But that's just me.

Yeah, only login by ssh key (.pem or .ppk) and allow only login from 1 IP, all the others deny (the service denyhosts works great in this). But good work by not losing the coins.

Best Regards.

juve4v

hero member

Activity: 505

Merit: 500

I made 2 EBT deposits -one of my wallet+one of pool- that don't show up in my balance nor on last 25 deposit history on poloniex.They're both confirmed .Anyone experience same problems?

dcgirl

sr. member

Activity: 448

Merit: 250

great job polo, clearing this up so quickly. isnt the crypto world fun?

BigBoy89

legendary

Activity: 1512

Merit: 1011

nice work, we can use poloniex now
hope i can withdraw FLT as soon as possible
withdrawal still frozen, need some time
good job busoni

altcoinherald

full member

Activity: 126

Merit: 100

Quote from: chiznitz on May 02, 2014, 11:32:53 PM

Quote from: YoyodyneSystems on May 02, 2014, 11:28:46 PM

Quote from: chiznitz on May 02, 2014, 11:22:28 PM

Nobody else is concerned that this person was able to ssh to the server without firewall rules blocking him?

Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.

Unfortunately Busoni will probably not be able to give the exact details except that he "caught" it and it never went down
as the attacker hoped. You cannot show all your cards as of course hackers read all this that we write.

Usually in a security situation the site owner cannot say anything at all.

Way to skirt the question. The explanation given does not make any sense if they are really using proper firewall rules for server access. All I can read from this as a security expert is that the SSH port of the wallet server has been open to the entire world this whole time.

Frankly, using SSH keys and disabling PermitRootLogin with password seem like very important steps anyone would use.

Then locking down the one machine with the keys IP address and making sure there's no physical access to the machine, is how I might do it.

But that's just me.

ShiThing

member

Activity: 60

Merit: 10

Always trust polo.
Good job.

lordzskull

member

Activity: 70

Merit: 10

Quote from: busoni on May 02, 2014, 05:44:03 PM

All funds are safe. Poloniex does use cold wallets.

What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.

Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.

I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.

Dam impressive +2

ParkExcite

member

Activity: 89

Merit: 10

Me too, very great support. I will always trust poloniex.

ibfragalot

member

Activity: 98

Merit: 10

Quote from: maccaspacca on May 03, 2014, 04:14:02 AM

Great job Busoni and team.

You have all acted responsibly and professionally..... as usual

That's why I love Poloniex so much

+1

maccaspacca

sr. member

Activity: 278

Merit: 258

Twitter: @maccaspacca1

Great job Busoni and team.

You have all acted responsibly and professionally..... as usual

That's why I love Poloniex so much

eastwind_ja

hero member

Activity: 910

Merit: 500

Is there anyone who lost coins after server comeback?

RhodaGila

hero member

Activity: 615

Merit: 500

Poloniex was great!

deodecagone

sr. member

Activity: 490

Merit: 250

Since the beginning poloniex is gaining trust. At several points, the owner remained very fair and professionnal. I am convinced this is way more important than any fancy html5 flat design.

Congratz.

riddler_xyz

full member

Activity: 223

Merit: 100

@busoni ... hope u make enought money to finance FTTH to your home and have the servers physically under control ^^

respect for catching the guys with their fingers in the cookiebox Wink

save and secure is a constant struggle ... i wonder if 2FA or even 3FA for root acces would be possible Wink

Faura888

member

Activity: 70

Merit: 10

trollboxteam4ever

Ting1989

newbie

Activity: 21

Merit: 0

Happy to see poloniex is back to service. I still have some btc in it.

rhkazani1

hero member

Activity: 504

Merit: 500

Keep Rocking!!!!

chickenliver503

full member

Activity: 204

Merit: 100

Quote from: iqacid on May 03, 2014, 02:58:04 AM

badgercoin is frozen when do you let us to withdraw it?

the other coins will be back up tomorrow/later today within 12 hours or so

Topic: [ANN][EXCHANGE] Poloniex - Crypto Exchange with BTC/NXT - page 127. (Read 272544 times)