Topic: Bitcoin7 a new exchange - page 3. (Read 20834 times)

The system is automatic and upon receiving on funds they appear in the recipient's account.

However, as I said, we missed a payment method which appeared as instant to our system, but was marked as pending in the payment provider's system. This also triggered the manual check and led to the taken actions.

If I get you correctly, you credited a user account based on the micropayment.de information before it was fully confirmed ?
This credit was then used to buy coins before you decided to reverse the trades because the payment finally appeared as being fraudulent ?

Is this correct or am I missing something ?

Reasonable. Thx for the explanation.

Hello,

Please accept this as an official reply from Bitcoin7.com

We admit we had to reverse 4 transactions on the Euro market. The cause of the problem was a bigger delayed transaction through the German payment method Micropayment.de. As we couldn't identify on time if the payment was correct or not we had to reverse these transactions in order to defend the seller of the BTC. All BTC have been returned to the sellers.

We don't expect such problem with the following method to occur again as we removed the methods from their base, which would allow delay or even reversal/chargeback.

Our goal is to defend both the buyers and sellers on the bitcoin7 platform. Reversing the BTC to the seller's wallet was the only 100% defensive method we could have done. Otherwise if the money transaction wouldn't prove to be correct and we haven't responded quickly, we would have needed to reimburse the sellers.

I got the money in EUR so it should have been right (at least from my side). It was not mixed with USD trades, they were at different prices. Hope I'm getting a reply tomorrow. Will post the answer here.

It's possible they posted it as Eur and it was actually USD. They didn't want to eat the difference so canceled the trade. One hell of an error but nonetheless. Let us know their response to you.

yeah, that one wasn't mine. I sold at 17 EUR, which was still high but not completely unreasonable (kind of risk premium for not knowing the exchange).

I saw some 1btc for 100 euro transactions yesterday, probably it was a testing of some kind...

Funny story? Bitcoin 7 cancelled some of my trades. This exchange is supposed to be an instant trade market like MtGox or Britcoin. So, one advantage is that you cannot reverse a trade. But that's exactly what they did. Somebody bought from me well above market, trade got through and got revorded (you can still see it in Bitcoinchart history for instance) they credited me with the money and took my BTC. I lock in today again - I got my BTC back but the money got refunded. WTF?
I'm writing them a mail - but for the time being I can only say - stay away from Bitcoin7!

Thanks for the information in this thread, especially cuddlefish and davout.

I was going to add this to my bokmarks of good exchanges.

Now I won't.


The guy obviously knows nothing about the technology his site is using, doesnt care to educate himself, minimises serious flaws, then attempts to belittle and alienate those trying to help him, bascially lying to everyone else that there were/are no problems.

Basically a BS artist PR guy grasping at straws trying to add some fake legitimacy.

I refuse to do business with people like that, let alone trust them with my money.

Avoid this exchange at all costs in my opinion.

PS - plus i seen where he tried to bribe a bitcoin developer to say that bitcoin7 was better than mtgox.

Yeah!. I love bitcoin-central.com its a really good RoR App.

ok 

They also CSRF'd Witcoin. Bit ironic, really.

Caught them using sockpuppets.

I'm quite certain they respect the security issues being brought about but try and be understanding. B7 is getting attacked on all fronts and trying to cooperate when dealing with many personality types from different cultures.

They are being accused of many things and being called names so of course there will be some defensiveness.

Professionalism is also in the delivery of a message not in the receipt solely. Let's tone down the rhetoric, offer advice and hold them accountable. More progress will be made and we will have another respectable exchange.

Your constantly dismissive attitude is not reasonable when there are serious concerns being raised.  Security is crucial when dealing with other people's money.  Especially when transactions are irreversible.  Instead of "it's not a problem", try "thanks for the report, I'll have my engineers look at it".  Davout, cuddlefish, and others are donating their time to help you get your issues straightened out.  Please be more respectful of their knowledge.  To me, dismissive hand waving is worse than no response.

That's a disturbing image


Let me reshuffle that sentence for you: "We had flaws, we were not ready for the start yesterday. We still have, we are still not ready for the start today."

(good thing about that: it's reusable)

I appreciate that cuddlefish and davout point out publicly that there are issues.   Other users need to know that.  

I also think that their quick examples were pretty clear to experts, but can be confusing for novices.  So let me try to explain.  Maybe this will help you fix the issues.

Picture this scenario:  Someone logs into your site, and leaves it logged in, while they are, say um, reading bitcoin forums for example.  That doesn't seem too far fetched, does it?  And then they read a forum post that has an interesting link in it.  And they click on that link.  Maybe the post reads "Here's what you REALLY need to know about Bitcoin7's security" and then has a tiny url.  The user clicks on the link, and they are taken to a page on some remote server that POSTS to your site an instruction to sell bitcoins for a dollar.

Bam.  They have been exploited.  All because you have a vulnerability in your site.  
Or worse, it could post to a page that transfers Bitcoins to a particular Bitcoin Address.


See how serious that is?

Davout and cuddlefish, please correct me if I didn't describe that correctly.

Now, cuddlefish gave a WORKING demonstration, but he put "!!!" in the URL so that someone didn't click it by accident.  But if you were signed into your Bitcoin7 account in one tab, while you clicked on his link in another, you would have transmitted funds to instawallet.   Pretty scary.

Got it?
Don't minimize the advice that you are getting here.  This is a sharp group. They may not be explaining things at novice level, but do NOT assume you have nothing to learn from others!  Very risky!

Okay, the next time I see an error that lets you steal all your Bitcoins, I won't tell you, wait a day, then tell #bitcoin-cabal and PM you, then wait a few hours and post it on the forums. I'll just let the black-hats handle /that/.

Security > Usability > Good graphics.

You're great at #2 and #3. #1.... not so much.

How simple is what? The exploit should bring result, right? We tested it and there was no result. (we saw you tested it too, selling 1 BTC for 1$ -> if it was you, you made someone very happy )

Did you have any result? Yes or no?


P.S. We offered cuddlefish to test additionally for us, but he preferred to spam the forum with his first discovery. Pity this was more important to him.