Author

Topic: [ANN][EXCHANGE] Poloniex - Crypto Exchange with BTC/NXT - page 133. (Read 272544 times)

newbie
Activity: 12
Merit: 0
Keep on your work . I am patient to wait.
full member
Activity: 338
Merit: 100
https://eloncity.io/
sr. member
Activity: 433
Merit: 250
Another breach happening so soon from the last one... this is fucked up.

What makes it worse is all the bitches who keep thanking them, can you morons at least wait until their statements are backed up by actions, such as the site coming back with your funds in tact.
You are obliviously new to poloniex, Relax, go for a walk, bang the missus, and come back refreshed ready to trade again later Smiley
hero member
Activity: 644
Merit: 500
Why did your hosting provider have root access to a server with wallets?  If your hosting provider has super admin you have no security.  An attacker or employee you rob you at will.
member
Activity: 104
Merit: 10
I'm not sure how long it will be. A new server is being set up right now, but it might not be ready until tomorrow. It shouldn't take more than a few hours after that to get the site running. I'll update you all when I have a better idea of the timing.

It is likely that when the site does come back up, several alt markets will remain frozen until all wallets are moved.

Thank you all for your support and patience!

And thanks for keeping us posted.
I hope your exchange will be soon back.
sr. member
Activity: 644
Merit: 251
All funds are safe. Poloniex does use cold wallets.

What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.

Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.

I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.

I send some sourcecoin just before you shut down the server. Will these coins be safe too?
donator
Activity: 1218
Merit: 1079
Gerald Davis
Why did your hosting provider have root access to a server with wallets?  If your hosting provider has super admin you have no security.  An attacker or employee you rob you at will.
newbie
Activity: 30
Merit: 0
Yea i freaked out for a min xbc payout on [Suspicious link removed] went nutz with out fair market value. Thanks a bunch to Mr B. And whoevr els is working on issues you guys are the best!
sr. member
Activity: 378
Merit: 250

If he did I imagine they would have one hell of a hissy fit over it. Imagine a hosting company just giving out root access so easily?

You'd be surprised... (not related to crypto), but i've "talked my way" into reclaiming servers for some companies in the past (i'd say even within the past few years).... None was for nefarious reasons, just getting them ownership of their sites... I bet this still happens, even on some of the larger hosting providers... the verification they ask for is not that strict (or at least it wasn't) in many cases.

full member
Activity: 233
Merit: 102
What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.

Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.

I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.

Busconi. There's 3 zero day hacks going around. All require sure diligence. I'm amazed YOU need to catch this in time. Perhaps you'll have white hats assess your systems. Check pm for third 0 day hack
sr. member
Activity: 433
Merit: 250
Well done Again, Mr B,
My confidence in you and Poloniex grows each time, You have to overcome a disaster.
Love your work and your exchance Smiley
sr. member
Activity: 458
Merit: 265
Does this accident affect other, not-BTC deposit addresses? My rigs send regulary small amounts of coins directly to my poloniex deposits, do I need to stop sending now?
Yes you should absolutely stop sending small deposits from mining. If every one of those deposits needs to be manually recovered for you then you will only be wasting time. I can't recall if Poloniex specifically has a statement listed in the balance page, but many exchanges have something along the lines of "Please don't send small auto-payouts from mining." So basically you should never be doing it to begin with.
+1
legendary
Activity: 1540
Merit: 1000
All funds are safe. Poloniex does use cold wallets.

What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.

Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.

I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.

Once you get everything switched over, would you, please name the hosting provider so many of us here can also protect ourselves by making sure not to use them in the future and/or cease using them currently.
Thank you.

If he did I imagine they would have one hell of a hissy fit over it. Imagine a hosting company just giving out root access so easily? That's a pretty severe breach, especially if they knew their client was in the exchange business.

Many more details are needed, though. Another major breach like this so quickly after the last one is a very real issue.

Considering I've been on the receiving end of an incompetent and argumentative webhost that caused problems and dragged things on for weeks ( I can say what I like now since I'm free of them *cough* SYNWEBHOST *cough* ) I don't see why we should spare the feelings of a webhost who refuse to get their fucking act together since it's an annoyingly common thing in the webhost industry these days, I know their pain if this is the case. We can only hope this kind of thing doesn't just become a recurring problem.

Good luck, nice to see you're still talking and haven't fucked off with our money.
sr. member
Activity: 364
Merit: 250
Owner of Poloniex
I'm not sure how long it will be. A new server is being set up right now, but it might not be ready until tomorrow. It shouldn't take more than a few hours after that to get the site running. I'll update you all when I have a better idea of the timing.

It is likely that when the site does come back up, several alt markets will remain frozen until all wallets are moved.

Thank you all for your support and patience!
legendary
Activity: 1386
Merit: 1023

Is there an ETA on server migration? Is this a 24 hour deal or is this more like 8 hours?

Thanks and keep up the good work.
newbie
Activity: 8
Merit: 0
...now I know why Busoni is treated like a God....because he is one. Good work!  Grin
hero member
Activity: 504
Merit: 500
All funds are safe. Poloniex does use cold wallets.

What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.

Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.

I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.

Thanks for the update, you rock, as always!!!!
full member
Activity: 127
Merit: 100
Another breach happening so soon from the last one... this is fucked up.

What makes it worse is all the bitches who keep thanking them, can you morons at least wait until their statements are backed up by actions, such as the site coming back with your funds in tact.
o3u
sr. member
Activity: 393
Merit: 250
Money comes, money goes
When will it be back up?
member
Activity: 101
Merit: 10

This GIF is EXACTLY how i feel too.

Thank you Busoni for seriously handling that professionally.
Jump to: