Author

Topic: [ANN][EXCHANGE] Poloniex - Crypto Exchange with BTC/NXT - page 135. (Read 272454 times)

legendary
Activity: 896
Merit: 1000
Very nice job! This is my first time reading the support thread and I applaud your solid work thus far. Good job with the wallet situation by the way!
full member
Activity: 126
Merit: 100
All funds are safe. Poloniex does use cold wallets.

What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.

Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.

I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.

Once you get everything switched over, would you, please name the hosting provider so many of us here can also protect ourselves by making sure not to use them in the future and/or cease using them currently.
Thank you.

If he did I imagine they would have one hell of a hissy fit over it. Imagine a hosting company just giving out root access so easily? That's a pretty severe breach, especially if they knew their client was in the exchange business.

Many more details are needed, though. Another major breach like this so quickly after the last one is a very real issue.
member
Activity: 70
Merit: 10

Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.


Does this accident affect other, not-BTC deposit addresses? My rigs send regulary small amounts of coins directly to my poloniex deposits, do I need to stop sending now?
I guess that depends on how safe you feel with unlikely. Going by what he said, you should be good but it's best play it safe and stop using all old poloniex coin address as I would assume the wallets were all on the same wallet server (could be wrong).
hero member
Activity: 798
Merit: 500
Thank you for the explaination, that hosting provider should get bankrupt
sr. member
Activity: 434
Merit: 250
All funds are safe. Poloniex does use cold wallets.

What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.

Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.

I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.

Once you get everything switched over, would you, please name the hosting provider so many of us here can also protect ourselves by making sure not to use them in the future and/or cease using them currently.
Thank you.
member
Activity: 60
Merit: 10
Great job mann
feeling safe in poloniex
 Grin
newbie
Activity: 29
Merit: 0

Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.


Does this accident affect other, not-BTC deposit addresses? My rigs send regulary small amounts of coins directly to my poloniex deposits, do I need to stop sending now?
hero member
Activity: 644
Merit: 500
All funds are safe. Poloniex does use cold wallets.

What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.

Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.

I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.


This is all so insane, every exchange getting attacked or attacking us.

If you're still here, can you give a guess as to when you will be back online?
full member
Activity: 230
Merit: 100
Thank you for the update busoni
hero member
Activity: 658
Merit: 500
All funds are safe. Poloniex does use cold wallets.

What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.

Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.

I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.

Top work again Busoni, well done.....
sr. member
Activity: 364
Merit: 250
Owner of Poloniex
All funds are safe. Poloniex does use cold wallets.

What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.

Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.

I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.
full member
Activity: 126
Merit: 100
I'm beginning to wonder if anybody can safely leave 5BTC - 10BTC on an exchange now, when the hell are cold wallets going to become standard practice?

Quit wondering and get serious.
legendary
Activity: 1540
Merit: 1000
I'm beginning to wonder if anybody can safely leave 5BTC - 10BTC on an exchange now, when the hell are cold wallets going to become standard practice?
legendary
Activity: 1960
Merit: 1022
The funds are safe?
sr. member
Activity: 281
Merit: 250
Obviously it is TotalPanda
legendary
Activity: 1960
Merit: 1022

Thanks, i was looking for some information. Anyone knows what´s the problem?
sr. member
Activity: 647
Merit: 260
Kudos for the recent changes.

I really like the sorting, and selecting currencies options. Well done!

One more suggestion:

In the "Options ... Enabled Markets: ... Select All ... Select None",
I suggest a "Select my nonzero balance currencies" to show only those which I am currently holding.

thx

---
pay me for ideas: BTC 1EyyjBMMHjMfx6M3Ngu4sn5M4QJ6HAtWFG


+1
full member
Activity: 230
Merit: 100
Is poloniex down for anyone else?
full member
Activity: 241
Merit: 100
Everyone is crying for captcha to be removed, but if it would then everybody will cry that their account got bruteforced.
Jump to: