[ANN][XCP] Counterparty - Pioneering Peer-to-Peer Finance - Official Thread - page 482.

Spekulatius

legendary

Activity: 1022

Merit: 1000

Quote from: busoni on February 19, 2014, 05:11:38 PM

Quote from: led_lcd on February 19, 2014, 04:56:47 PM

Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?

If they don't return that BTC, Poloniex would be out of pocket in a huge way.

I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.

He said he would, but I haven't heard from him since he explained the vulnerability. My guess is he is waiting on the block chain rebuild to see where he stands with XCP.

If all the XCP gets returned to the Poloniex account, then the dump will stand, and he can keep the BTC. If not... then let's hope he returns it, and I'm going to have to roll back some trades.

Hooray for that!

ginko-B

member

Activity: 82

Merit: 10

Quote from: freedomfighter on February 19, 2014, 06:50:15 PM

Hi Busoni- what'up with the site? cant get on it for the past 20 minutes

also- just before it went dead - I made a withdrawal of 2BTC received an email confirmation request that also cant connect the the site- so obviously cant confirm

Oops! Google Chrome could not find www.poloniex.com

Google Search

weird... its working for me

freedomfighter

full member

Activity: 210

Merit: 100

Hi Busoni- what'up with the site? cant get on it for the past 20 minutes

also- just before it went dead - I made a withdrawal of 2BTC received an email confirmation request that also cant connect the the site- so obviously cant confirm

Oops! Google Chrome could not find www.poloniex.com

Google Search

nakaone

hero member

Activity: 742

Merit: 500

Quote from: ddink7 on February 19, 2014, 05:14:02 PM

Quote from: dhanumitra on February 19, 2014, 05:08:07 PM

I am worried how this hack affects the future of XCP... Sad

I imagine there will be a drop in price ones trades begin functioning again. In the long term, I don't see any problems. Devs are clear that this is alpha level code and problems may arise. Personally, I think we've seen that a) the devs had a fix within hours (very, very impressive), b) we have a good and responsive community, including Busoni and the white hat. So I think there is some positive takeaway here.

nxt had a similar critical bug just a week ago, but without the pumping (also white hat), nothing happened to the development or even short term price

xnova

sr. member

Activity: 390

Merit: 254

Counterparty Developer

Updated windows installer: https://github.com/xnova/counterpartyd_binaries/raw/master/counterpartyd-v6.0-amd64_install.exe

DaFockBro

newbie

Activity: 126

Merit: 0

Quote from: ?? on ??

I approve this coin.

Chuck Norris approves, thank God.

Everything is going to be alright.

ginko-B

member

Activity: 82

Merit: 10

Quote from: flayway on February 19, 2014, 06:11:05 PM

Quote from: ginko-B on February 19, 2014, 05:21:12 PM

Quote from: led_lcd on February 19, 2014, 04:56:47 PM

Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?

If they don't return that BTC, Poloniex would be out of pocket in a huge way.

I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.

Does anyone know, what is market-rate for identifying a critical exploit these days? What are Google and some of the big tech companies paying, for example?

Maybe if we make bigger critical exploit bounty than google pay we can get some mainstream news also about that, but then all hackers coming try kill us coin same time. Cheesy

Flayway, it is a most interesting observation that you make! You are right, it could be expensive if we attract a bunch of top hackers before we are out of the alpha phase and code is still rapidly changing. Nevertheless, offering some market-rate bounties may be the price we have to pay to ensure safety and security of our code base... would love to hear perspectives of the devs and other community members on this question...

flayway

full member

Activity: 219

Merit: 102

Quote from: ginko-B on February 19, 2014, 05:21:12 PM

Quote from: led_lcd on February 19, 2014, 04:56:47 PM

Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?

If they don't return that BTC, Poloniex would be out of pocket in a huge way.

I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.

Does anyone know, what is market-rate for identifying a critical exploit these days? What are Google and some of the big tech companies paying, for example?

If we make bigger critical exploit bounty than some big company pay, maybe we can get then some mainstream news about that also. But then all hackers coming try kill us coin same time. Cheesy

ginko-B

member

Activity: 82

Merit: 10

Quote from: busoni on February 19, 2014, 05:11:38 PM

Quote from: led_lcd on February 19, 2014, 04:56:47 PM

Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?

If they don't return that BTC, Poloniex would be out of pocket in a huge way.

I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.

He said he would, but I haven't heard from him since he explained the vulnerability. My guess is he is waiting on the block chain rebuild to see where he stands with XCP.

If all the XCP gets returned to the Poloniex account, then the dump will stand, and he can keep the BTC. If not... then let's hope he returns it, and I'm going to have to roll back some trades.

Hmmm...its still feeling like the fair and reasonable thing to do under the circumstances is to offer the hacker a fair-market rate bounty for identifying the exploit... Then the onus would be on the hacker to choose how s/he will be remembered in history.

Either s/he chooses to become a whitehat, a hero. And can live with fame, personal pride, and good karma ... not to mention much respect, trust, and future opportunity from within this community!

Or s/he chooses to be a blackhat, a thief. And inevitably experience some guilty conscience, maybe loss of sleep, bad karma in this life ... possibly the next life too =(

Lets get this bounty sorted out, and then hopefully our hacker will make the right decision!

venomouskid

newbie

Activity: 19

Merit: 0

can some one please fill me in here, I deposited some btc on polonex after seeing that ridiculous dump earlier. I was too late to pick up any cheap xcp so set a buy order up and now my btc is no longer in my account, what the fuck has happened am I gunna get it back?

trilli0n

newbie

Activity: 48

Merit: 0

Quote from: ginko-B on February 19, 2014, 05:21:12 PM

Quote from: led_lcd on February 19, 2014, 04:56:47 PM

Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?

If they don't return that BTC, Poloniex would be out of pocket in a huge way.

I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.

Does anyone know, what is market-rate for identifying a critical exploit these days? What are Google and some of the big tech companies paying, for example?

Maybe if we can offer the white hat a fair market rate or a little bit higher, then he she will feel fairly compensated and ultimately quite satisfied with the outcome, and as a community we will have a specific amount to target for our community fundraiser.

And how to establish this fair market rate? Put it on the DEx?

ginko-B

member

Activity: 82

Merit: 10

Quote from: led_lcd on February 19, 2014, 04:56:47 PM

Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?

If they don't return that BTC, Poloniex would be out of pocket in a huge way.

I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.

Does anyone know, what is market-rate for identifying a critical exploit these days? What are Google and some of the big tech companies paying, for example?

Maybe if we can offer the white hat a fair market rate or a little bit higher, then he she will feel fairly compensated and ultimately quite satisfied with the outcome, and as a community we will have a specific amount to target for our community fundraiser.

trilli0n

newbie

Activity: 48

Merit: 0

Quote from: busoni on February 19, 2014, 05:11:38 PM

Quote from: led_lcd on February 19, 2014, 04:56:47 PM

Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?

If they don't return that BTC, Poloniex would be out of pocket in a huge way.

I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.

He said he would, but I haven't heard from him since he explained the vulnerability. My guess is he is waiting on the block chain rebuild to see where he stands with XCP.

If all the XCP gets returned to the Poloniex account, then the dump will stand, and he can keep the BTC. If not... then let's hope he returns it, and I'm going to have to roll back some trades.

Isn't this the Poloniex balance? Balance as seen v6.0:

c:\>counterpartyd balances 15vA2MJ4ESG3Rt1PVQ79D1LFMBBNtcSz1f c:\>echo off Balances +-------+----------------+ | Asset | Amount | +-------+----------------+ | BTC | 0.0 | | XCP | 48154.78725249 | +-------+----------------+

ddink7

legendary

Activity: 1120

Merit: 1000

Quote from: dhanumitra on February 19, 2014, 05:08:07 PM

I am worried how this hack affects the future of XCP... Sad

I imagine there will be a drop in price ones trades begin functioning again. In the long term, I don't see any problems. Devs are clear that this is alpha level code and problems may arise. Personally, I think we've seen that a) the devs had a fix within hours (very, very impressive), b) we have a good and responsive community, including Busoni and the white hat. So I think there is some positive takeaway here.

busoni

sr. member

Activity: 364

Merit: 250

Owner of Poloniex

Quote from: led_lcd on February 19, 2014, 04:56:47 PM

Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?

If they don't return that BTC, Poloniex would be out of pocket in a huge way.

I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.

He said he would, but I haven't heard from him since he explained the vulnerability. My guess is he is waiting on the block chain rebuild to see where he stands with XCP.

If all the XCP gets returned to the Poloniex account, then the dump will stand, and he can keep the BTC. If not... then let's hope he returns it, and I'm going to have to roll back some trades.

trilli0n

newbie

Activity: 48

Merit: 0

Quote from: PhantomPhreak on February 19, 2014, 04:57:05 PM

Attention: There's a typo in a recent commit to develop, so if you just pulled from that branch, pull again and get at least version 6.1. (It's not a protocol-level issue, so no reparsing or rebuilding is required.)

Did a pull but don't see the update (-V reports v6.0).

EDIT: removed comment on code (github is for that).

dhanumitra

newbie

Activity: 30

Merit: 0

I am worried how this hack affects the future of XCP... Sad

PhantomPhreak

sr. member

Activity: 476

Merit: 300

Counterparty Chief Scientist and Co-Founder

Attention: There's a typo in a recent commit to develop, so if you just pulled from that branch, pull again and get at least version 6.1. (It's not a protocol-level issue, so no reparsing or rebuilding is required.)

led_lcd

sr. member

Activity: 262

Merit: 250

Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?

If they don't return that BTC, Poloniex would be out of pocket in a huge way.

I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.

fudge

hero member

Activity: 666

Merit: 500

@devs,

could you please update winx64 compiled binaries?

Topic: [ANN][XCP] Counterparty - Pioneering Peer-to-Peer Finance - Official Thread - page 482. (Read 1276928 times)