Topic: [ANN][XCP] Counterparty - Pioneering Peer-to-Peer Finance - Official Thread - page 484. (Read 1276923 times)
February 19, 2014, 02:50:39 PM
If I regain all the XCP I bought today through this monster dump I also pledge 5% to the white hat (chapeau) and 5% to the security bounty.
February 19, 2014, 02:48:09 PM
Attention: Please see this post.
Just wanted to bump this post again for any newcomers.
UPGRADE YOUR CLIENT BEFORE SENDING XCP ANYWHERE!
It's worth repeating that counterpartyd, since v5.0, will force you to upgrade. (Of course this check can be disabled.)
I just wanted to ask whether you HAVE to upgrade as this would be very concerning in case a malicious upgrade ever gets pushed.
February 19, 2014, 02:17:42 PM
Attention: Please see this post.
Just wanted to bump this post again for any newcomers.
UPGRADE YOUR CLIENT BEFORE SENDING XCP ANYWHERE!
It's worth repeating that counterpartyd, since v5.0, will force you to upgrade. (Of course this check can be disabled.)
February 19, 2014, 02:11:01 PM
Attention: Please see this post.
Just wanted to bump this post again for any newcomers.
UPGRADE YOUR CLIENT BEFORE SENDING XCP ANYWHERE!
February 19, 2014, 02:08:07 PM
Good to see that the community is right on top of this. This is what makes this project tick.
I'll also earmark 10% of my poloniex balance for this "security bounty".
Rebuilding will take a few hours. Please check balances then.
I'll also earmark 10% of my poloniex balance for this "security bounty".
Rebuilding will take a few hours. Please check balances then.
February 19, 2014, 02:02:09 PM
Maybe one address for this white hat and then one address for future bounty if someone find big bug that amount can turn black hat to white hat.
Yes, agreed. Two addresses.
February 19, 2014, 01:59:07 PM
Thanks Busoni, and thanks benevolent hacker
February 19, 2014, 01:57:16 PM
Cityglut, I know you have a lot on your plate, but when you have some time perhaps you can send out a wallet address for a security bounty fund?
If it turns out the "roll back" is 100% retroactive (and I get all of my XCP back on Poloniex), I will happily contribute 100 XCP to the bounty fund to get it started.
As a proposal for the community, perhaps we could send the first, say, [1000] XCP raised to the whitehat who exposed this exploit?
Will anyone else make a pledge to contribute alongside me?
If it turns out the "roll back" is 100% retroactive (and I get all of my XCP back on Poloniex), I will happily contribute 100 XCP to the bounty fund to get it started.
As a proposal for the community, perhaps we could send the first, say, [1000] XCP raised to the whitehat who exposed this exploit?
Will anyone else make a pledge to contribute alongside me?
+1, I will happily contribute.
February 19, 2014, 01:56:40 PM
Block index is being reindexed now. We're not out of the woods yet--I won't know what the situation on Poloniex is until I see what is in the balance, and the benevolent hacker has not returned the BTC yet. (He might be waiting to see how much XCP he has.) I'll keep everyone updated.
February 19, 2014, 01:53:43 PM
As someone said before--do NOT buy XCP from anyone until this is fixed. Not on the DEX, not privately, not anywhere.
It sounds like the hacker is being cooperative, so probably a good guy and aligned with the success of the project and helping us to harden the code.
To resolve the situation, maybe devs could offer to pay the hacker a 'security bounty' to reward him for isolating this vulnerability and because he's been cooperative / good guy, and also create a standing "security bounty" for anyone else in the wider community who finds exploits in the future.
Yes. Setting up a formal bug bounty system is definitely on our 'to do' list.
Cityglut, I know you have a lot on your plate, but when you have some time perhaps you can send out a wallet address for a security bounty fund?
If it turns out the "roll back" is 100% retroactive (and I get all of my XCP back on Poloniex), I will happily contribute 100 XCP to the bounty fund to get it started.
As a proposal for the community, perhaps we could send the first, say, [1000] XCP raised to the whitehat who exposed this exploit?
Will anyone else make a pledge to contribute alongside me?
A great idea. This will be taken care of in the next few hours. Thanks again, everyone, for all the support, and for staying level-headed. It means a lot to us.
Maybe one address for this white hat and then one address for future bounty if someone find big bug that amount can turn black hat to white hat.
February 19, 2014, 01:51:36 PM
I'll also pledge 100 XCP to the bounty fund.
February 19, 2014, 01:45:07 PM
As someone said before--do NOT buy XCP from anyone until this is fixed. Not on the DEX, not privately, not anywhere.
It sounds like the hacker is being cooperative, so probably a good guy and aligned with the success of the project and helping us to harden the code.
To resolve the situation, maybe devs could offer to pay the hacker a 'security bounty' to reward him for isolating this vulnerability and because he's been cooperative / good guy, and also create a standing "security bounty" for anyone else in the wider community who finds exploits in the future.
Yes. Setting up a formal bug bounty system is definitely on our 'to do' list.
Cityglut, I know you have a lot on your plate, but when you have some time perhaps you can send out a wallet address for a security bounty fund?
If it turns out the "roll back" is 100% retroactive (and I get all of my XCP back on Poloniex), I will happily contribute 100 XCP to the bounty fund to get it started.
As a proposal for the community, perhaps we could send the first, say, [1000] XCP raised to the whitehat who exposed this exploit?
Will anyone else make a pledge to contribute alongside me?
A great idea. This will be taken care of in the next few hours. Thanks again, everyone, for all the support, and for staying level-headed. It means a lot to us.
February 19, 2014, 01:43:43 PM
As someone said before--do NOT buy XCP from anyone until this is fixed. Not on the DEX, not privately, not anywhere.
It sounds like the hacker is being cooperative, so probably a good guy and aligned with the success of the project and helping us to harden the code.
To resolve the situation, maybe devs could offer to pay the hacker a 'security bounty' to reward him for isolating this vulnerability and because he's been cooperative / good guy, and also create a standing "security bounty" for anyone else in the wider community who finds exploits in the future.
Yes. Setting up a formal bug bounty system is definitely on our 'to do' list.
Cityglut, I know you have a lot on your plate, but when you have some time perhaps you can send out a wallet address for a security bounty fund?
If it turns out the "roll back" is 100% retroactive (and I get all of my XCP back on Poloniex), I will happily contribute 100 XCP to the bounty fund to get it started.
As a proposal for the community, perhaps we could send the first, say, [1000] XCP raised to the whitehat who exposed this exploit?
Will anyone else make a pledge to contribute alongside me?
I approve your proposal.
February 19, 2014, 01:42:32 PM
Will anyone else make a pledge to contribute alongside me?
I will pledge -security is a top priority
February 19, 2014, 01:39:32 PM
As someone said before--do NOT buy XCP from anyone until this is fixed. Not on the DEX, not privately, not anywhere.
It sounds like the hacker is being cooperative, so probably a good guy and aligned with the success of the project and helping us to harden the code.
To resolve the situation, maybe devs could offer to pay the hacker a 'security bounty' to reward him for isolating this vulnerability and because he's been cooperative / good guy, and also create a standing "security bounty" for anyone else in the wider community who finds exploits in the future.
Yes. Setting up a formal bug bounty system is definitely on our 'to do' list.
Cityglut, I know you have a lot on your plate, but when you have some time perhaps you can send out a wallet address for a security bounty fund?
If it turns out the "roll back" is 100% retroactive (and I get all of my XCP back on Poloniex), I will happily contribute 100 XCP to the bounty fund to get it started.
As a proposal for the community, perhaps we could send the first, say, [1000] XCP raised to the whitehat who exposed this exploit?
Will anyone else make a pledge to contribute alongside me?
February 19, 2014, 01:36:12 PM
Busoni-- I didnt trade with your exchange yet but now you just demonstrated that you are trustworthy and dependable so it is all for the best. you made a good name for yourself- will not hesitate using your exchange in the future
February 19, 2014, 01:34:14 PM
Did the attacker actually own the initial 35000 ?
February 19, 2014, 01:32:48 PM
Great work devs and Busoni!
Any ETA when Poloniex will be back up?
Any ETA when Poloniex will be back up?
February 19, 2014, 01:32:43 PM
Absolutely fabulous. Will the massive sell-off be rolled back now?
February 19, 2014, 01:32:27 PM
busoni +1
PhantomPhreak +1
PhantomPhreak +1
Jump to: