Author

Topic: Anything suspicious to consider about this? (Read 194 times)

member
Activity: 322
Merit: 20
Come on, guys, I don't think he's testing someone. I just remember my first time when I used BTC, and I also couldn't get what these long cominations of random letters and numbers are and where to insert each of them.
By the way, you probably have his email, so you may send him a mail asking whether he needs any help.
newbie
Activity: 70
Merit: 0
Your users will be wasting withdrawal fees if they do that, right? But since you allowed it, he may now be convinced that it is sloppyly done and there might be more vulnerabilities he can exploit.
jr. member
Activity: 293
Merit: 1
Hi guys,

I'm currently running a very small crypto exchange platform for about 3 mths.

So, what i want to ask is:

There is an user who deposited 0.1 BTC. He deposited that 0.1 BTC into an address which is controlled by me. Let's say the address is 3bb2c

So that user did request a withdrawal and given me the address. Apparently, it's a withdrawal to of 0.1 BTC to the address 3bb2c, which is the same address that he deposited into the first place.

Do you guys have any idea if this guy is just making a newbie mistake or is he trying something funny?

hmmmmm

Appreciate your opinions. Wink

This story makes fun for me, because I remember the first time I was going to attract bitcoin. which I do almost the same as the one above. chances are there are two, maybe he forgot and the second he might not know how to withdraw bitcoin.
member
Activity: 140
Merit: 10
I don't think I understand your question at all.

I think OP meaned the following:

  • User A deposits 0.1 BTC to Address X given from OP's exchange as deposit address to user A
  • A then tries to withdraw these 0.1 BTC to the deposit address (address X)


@OP:
I don't think this user tried to be 'funny'. He probably wanted to check how your system works and if you have implemented some bugs which might allow him to double deposit/withdraw.
It is basically a form of finding/exploiting vulnerabilities in less-known crypto services. Chances are high an exchange without a proper security-/developer- team does have a few critical vulnerabilities which could be exploited.
Hi everyone, I think this is the most accurate explanation of the scenario. Thanks for the clear up and sorry to everyone who had to read my sophisticated explanation.

Okay so based on everyone's feedback, seems like more towards exploring/testing for vulnerability on site? Perhaps I will implement the address detection where my users would not be able to transfer to their own same address. I hope this solves the issue...

My exchange is small. Don't wanna get into issues.  Angry
newbie
Activity: 140
Merit: 0
The client that endeavored to pull back to the address might've had a go at duplicating his pull back address yet lamentably it wasn't replicated when featuring the address at that point wound up sticking his store address that buddy most likely surged the withdrawal ask for and didn't took a second look to check on the off chance that it was the right address or not. Long time prior I did likewise botch on a betting site and just lost some mineworker charges.
hero member
Activity: 1148
Merit: 504
There should be checks on your exchange so that it would not happen. Your users will be wasting withdrawal fees if they do that, right? But since you allowed it, he may now be convinced that it is sloppyly done and there might be more vulnerabilities he can exploit.
legendary
Activity: 4508
Merit: 3425
The account could belong to a blockchain analysis company trying to determine which addresses you control.

Also, since you control both ends of the transaction, there is no need to make an on-chain transaction.
newbie
Activity: 78
Merit: 0
I think he is trying to do some experimental transaction to convince himself that what he is doing is something safe for him, but there is no definite reference of the intent of the person doing the activity because he knows the reason he did it is he alone.
legendary
Activity: 4424
Merit: 4794
as someone else said, it sounds like a user is testing your security.
things they can find out about your system such as

do funds cycle through certain cold wallets inbetween a deposit/withdrawal.
do you even have a cold wallet.
what other addresses are linked to you
member
Activity: 322
Merit: 20
I don't think that he knows something that we don't, so it's probably just a mistake of him. You should have some mistake pop-up saying "you can't send funds to the address you're already using" or something like this that could be easy to understand. I wonder, what will happen if we do this on other exchanges, whether they have some warning or just take a transaction fee but don't transact anything actually.
hero member
Activity: 3052
Merit: 651
Its blurry with the sentences he make.
Try to enumerate it for further assisstance here.
It is kind of confusing when you read it at a whole sentence. Do numbers.
1.
2.
3.
4.
Something like that. Then we might be able to help.

You are running an exchange so I am thinking that sample is a deposit address of your exchange?
jr. member
Activity: 96
Merit: 1
Nice Trip With Us
Hi guys,

I'm currently running a very small crypto exchange platform for about 3 mths.

So, what i want to ask is:

There is an user who deposited 0.1 BTC. He deposited that 0.1 BTC into an address which is controlled by me. Let's say the address is 3bb2c

So that user did request a withdrawal and given me the address. Apparently, it's a withdrawal to of 0.1 BTC to the address 3bb2c, which is the same address that he deposited into the first place.

Do you guys have any idea if this guy is just making a newbie mistake or is he trying something funny?

hmmmmm

Appreciate your opinions. Wink

So it is with me who does not understand what all that means, but if you look closely maybe the person wants to get back the amount of BTC he sends to the address you manage so he asks you to send back the number of BTC.
legendary
Activity: 2464
Merit: 1387
I also think it smells a bit fishy! but it could be a very basic copy/paste
mistake. Everyone knows if you want to withdraw funds from an address
you are not going to provide that same address.


Its either that of checking out your platform, Can you not ask him to provide another address?
legendary
Activity: 3374
Merit: 1922
Shuffle.com
The user that tried to withdraw to the address might've tried copying his withdraw address but unfortunately it wasn't copied when highlighting the address then ended up pasting his deposit address that dude probably rushed the withdrawal request and didn't looked twice to check if it was the correct address or not. Long time ago I did the same mistake on a gambling site and only lost some miner fees.
sr. member
Activity: 644
Merit: 259
CryptoTalk.Org - Get Paid for every Post!
I don't think I understand your question at all. He deposited 0.1 BTC to an address that you control in an exchange? how did he get it in the first place? If the address is yours in the exchange, him being able to withdraw it make no sense.
I don't thnk the user is making any mistakes here at all, he knows exactly what he is doing. There must be an ulterior motives at play here though.
legendary
Activity: 1624
Merit: 2481
I don't think I understand your question at all.

I think OP meaned the following:

  • User A deposits 0.1 BTC to Address X given from OP's exchange as deposit address to user A
  • A then tries to withdraw these 0.1 BTC to the deposit address (address X)


@OP:
I don't think this user tried to be 'funny'. He probably wanted to check how your system works and if you have implemented some bugs which might allow him to double deposit/withdraw.
It is basically a form of finding/exploiting vulnerabilities in less-known crypto services. Chances are high an exchange without a proper security-/developer- team does have a few critical vulnerabilities which could be exploited.
staff
Activity: 3500
Merit: 6152
I don't think I understand your question at all. He deposited 0.1 BTC to an address that you control in an exchange? how did he get it in the first place? If the address is yours in the exchange, him being able to withdraw it make no sense.
member
Activity: 140
Merit: 10
Hi guys,

I'm currently running a very small crypto exchange platform for about 3 mths.

So, what i want to ask is:

There is an user who deposited 0.1 BTC. He deposited that 0.1 BTC into an address which is controlled by me. Let's say the address is 3bb2c

So that user did request a withdrawal and given me the address. Apparently, it's a withdrawal to of 0.1 BTC to the address 3bb2c, which is the same address that he deposited into the first place.

Do you guys have any idea if this guy is just making a newbie mistake or is he trying something funny?

hmmmmm

Appreciate your opinions. Wink
Jump to: