Pages:
Author

Topic: Bitcoin7 a new exchange - page 3. (Read 20871 times)

newbie
Activity: 29
Merit: 0
June 20, 2011, 10:47:09 AM
#90
The system is automatic and upon receiving on funds they appear in the recipient's account.

However, as I said, we missed a payment method which appeared as instant to our system, but was marked as pending in the payment provider's system. This also triggered the manual check and led to the taken actions.
legendary
Activity: 1372
Merit: 1008
1davout
June 20, 2011, 09:46:33 AM
#89
Hello,

[...]

Otherwise if the money transaction wouldn't prove to be correct and we haven't responded quickly, we would have needed to reimburse the sellers.

If I get you correctly, you credited a user account based on the micropayment.de information before it was fully confirmed ?
This credit was then used to buy coins before you decided to reverse the trades because the payment finally appeared as being fraudulent ?

Is this correct or am I missing something ?
full member
Activity: 140
Merit: 101
June 20, 2011, 09:29:59 AM
#88
Hello,

Please accept this as an official reply from Bitcoin7.com

We admit we had to reverse 4 transactions on the Euro market. The cause of the problem was a bigger delayed transaction through the German payment method Micropayment.de. As we couldn't identify on time if the payment was correct or not we had to reverse these transactions in order to defend the seller of the BTC. All BTC have been returned to the sellers.

We don't expect such problem with the following method to occur again as we removed the methods from their base, which would allow delay or even reversal/chargeback.

Our goal is to defend both the buyers and sellers on the bitcoin7 platform. Reversing the BTC to the seller's wallet was the only 100% defensive method we could have done. Otherwise if the money transaction wouldn't prove to be correct and we haven't responded quickly, we would have needed to reimburse the sellers.

Reasonable. Thx for the explanation.
newbie
Activity: 29
Merit: 0
June 20, 2011, 06:32:30 AM
#87
Hello,

Please accept this as an official reply from Bitcoin7.com

We admit we had to reverse 4 transactions on the Euro market. The cause of the problem was a bigger delayed transaction through the German payment method Micropayment.de. As we couldn't identify on time if the payment was correct or not we had to reverse these transactions in order to defend the seller of the BTC. All BTC have been returned to the sellers.

We don't expect such problem with the following method to occur again as we removed the methods from their base, which would allow delay or even reversal/chargeback.

Our goal is to defend both the buyers and sellers on the bitcoin7 platform. Reversing the BTC to the seller's wallet was the only 100% defensive method we could have done. Otherwise if the money transaction wouldn't prove to be correct and we haven't responded quickly, we would have needed to reimburse the sellers.
sr. member
Activity: 395
Merit: 250
June 19, 2011, 05:08:02 PM
#86
I got the money in EUR so it should have been right (at least from my side). It was not mixed with USD trades, they were at different prices. Hope I'm getting a reply tomorrow. Will post the answer here.
full member
Activity: 140
Merit: 101
June 19, 2011, 01:11:19 PM
#85
yeah, that one wasn't mine. I sold at 17 EUR, which was still high but not completely unreasonable (kind of risk premium for not knowing the exchange).

It's possible they posted it as Eur and it was actually USD. They didn't want to eat the difference so canceled the trade. One hell of an error but nonetheless. Let us know their response to you.
sr. member
Activity: 395
Merit: 250
June 19, 2011, 11:41:04 AM
#84
yeah, that one wasn't mine. I sold at 17 EUR, which was still high but not completely unreasonable (kind of risk premium for not knowing the exchange).
hero member
Activity: 698
Merit: 500
June 19, 2011, 04:00:39 AM
#83
I saw some 1btc for 100 euro transactions yesterday, probably it was a testing of some kind...
sr. member
Activity: 395
Merit: 250
June 18, 2011, 04:12:22 PM
#82
Funny story? Bitcoin 7 cancelled some of my trades. This exchange is supposed to be an instant trade market like MtGox or Britcoin. So, one advantage is that you cannot reverse a trade. But that's exactly what they did. Somebody bought from me well above market, trade got through and got revorded (you can still see it in Bitcoinchart history for instance) they credited me with the money and took my BTC. I lock in today again - I got my BTC back but the money got refunded. WTF?Huh
I'm writing them a mail - but for the time being I can only say - stay away from Bitcoin7!
sr. member
Activity: 385
Merit: 250
June 18, 2011, 10:32:52 AM
#81
Thanks for the information in this thread, especially cuddlefish and davout.

I was going to add this to my bokmarks of good exchanges.

Now I won't.


The guy obviously knows nothing about the technology his site is using, doesnt care to educate himself, minimises serious flaws, then attempts to belittle and alienate those trying to help him, bascially lying to everyone else that there were/are no problems.

Basically a BS artist PR guy grasping at straws trying to add some fake legitimacy.

I refuse to do business with people like that, let alone trust them with my money.

Avoid this exchange at all costs in my opinion.

PS - plus i seen where he tried to bribe a bitcoin developer to say that bitcoin7 was better than mtgox.
newbie
Activity: 55
Merit: 0
June 17, 2011, 11:01:19 PM
#80
Check his source, of, wait a minute, only bitcoin-central.net is open source and correctly stores passwords using bcrypt (yes, hashes and salts are good but bcrypt is much better Wink)

Yeah!. I love bitcoin-central.com its a really good RoR App.
legendary
Activity: 1386
Merit: 1004
June 17, 2011, 03:23:08 PM
#79
You should pay DAVOUT for the work he has done
I just posted code to exploit the vulnerability to show how simple it was.
ok  Smiley
sr. member
Activity: 364
Merit: 250
member
Activity: 69
Merit: 10
firstbits.com/1c3qpa
June 17, 2011, 02:50:33 PM
#77
Caught them using sockpuppets.
full member
Activity: 140
Merit: 101
June 17, 2011, 02:45:12 PM
#76
Your constantly dismissive attitude is not reasonable when there are serious concerns being raised.  Security is crucial when dealing with other people's money.  Especially when transactions are irreversible.  Instead of "it's not a problem", try "thanks for the report, I'll have my engineers look at it".  Davout, cuddlefish, and others are donating their time to help you get your issues straightened out.  Please be more respectful of their knowledge.  To me, dismissive hand waving is worse than no response.

I'm quite certain they respect the security issues being brought about but try and be understanding. B7 is getting attacked on all fronts and trying to cooperate when dealing with many personality types from different cultures.

They are being accused of many things and being called names so of course there will be some defensiveness.

Professionalism is also in the delivery of a message not in the receipt solely. Let's tone down the rhetoric, offer advice and hold them accountable. More progress will be made and we will have another respectable exchange.
full member
Activity: 182
Merit: 100
June 17, 2011, 08:21:18 AM
#75
Your constantly dismissive attitude is not reasonable when there are serious concerns being raised.  Security is crucial when dealing with other people's money.  Especially when transactions are irreversible.  Instead of "it's not a problem", try "thanks for the report, I'll have my engineers look at it".  Davout, cuddlefish, and others are donating their time to help you get your issues straightened out.  Please be more respectful of their knowledge.  To me, dismissive hand waving is worse than no response.
jr. member
Activity: 56
Merit: 1
June 17, 2011, 03:52:44 AM
#74
if there're holes, EXPLOIT THE GODDAMN THING, JUST FOR THE LULZ!
it's yours that i'm going to exploit for the lulz

That's a disturbing image Smiley

Quote from: Bitcoin7.com
We had flaws, we still have, we were not ready for the start yesterday, but we are working 24/7 on all requests.

Let me reshuffle that sentence for you: "We had flaws, we were not ready for the start yesterday. We still have, we are still not ready for the start today."

(good thing about that: it's reusable)
sr. member
Activity: 266
Merit: 250
June 17, 2011, 03:22:46 AM
#73
How simple is what? The exploit should bring result, right? We tested it and there was no result. (we saw you tested it too, selling 1 BTC for 1$ -> if it was you, you made someone very happy Smiley )

Did you have any result? Yes or no?


P.S. We offered cuddlefish to test additionally for us, but he preferred to spam the forum with his first discovery. Pity this was more important to him.

I appreciate that cuddlefish and davout point out publicly that there are issues.   Other users need to know that.  

I also think that their quick examples were pretty clear to experts, but can be confusing for novices.  So let me try to explain.  Maybe this will help you fix the issues.

Picture this scenario:  Someone logs into your site, and leaves it logged in, while they are, say um, reading bitcoin forums for example.  That doesn't seem too far fetched, does it?  And then they read a forum post that has an interesting link in it.  And they click on that link.  Maybe the post reads "Here's what you REALLY need to know about Bitcoin7's security" and then has a tiny url.  The user clicks on the link, and they are taken to a page on some remote server that POSTS to your site an instruction to sell bitcoins for a dollar.

Bam.  They have been exploited.  All because you have a vulnerability in your site.  
Or worse, it could post to a page that transfers Bitcoins to a particular Bitcoin Address.


See how serious that is?

Davout and cuddlefish, please correct me if I didn't describe that correctly.

Now, cuddlefish gave a WORKING demonstration, but he put "!!!" in the URL so that someone didn't click it by accident.  But if you were signed into your Bitcoin7 account in one tab, while you clicked on his link in another, you would have transmitted funds to instawallet.   Pretty scary.

Got it?
Don't minimize the advice that you are getting here.  This is a sharp group. They may not be explaining things at novice level, but do NOT assume you have nothing to learn from others!  Very risky!
sr. member
Activity: 364
Merit: 250
June 17, 2011, 03:16:37 AM
#72
How simple is what? The exploit should bring result, right? We tested it and there was no result. (we saw you tested it too, selling 1 BTC for 1$ -> if it was you, you made someone very happy Smiley )

Did you have any result? Yes or no?


P.S. We offered cuddlefish to test additionally for us, but he preferred to spam the forum with his first discovery. Pity this was more important to him.

Okay, the next time I see an error that lets you steal all your Bitcoins, I won't tell you, wait a day, then tell #bitcoin-cabal and PM you, then wait a few hours and post it on the forums. I'll just let the black-hats handle /that/.

Security > Usability > Good graphics.

You're great at #2 and #3. #1.... not so much.
newbie
Activity: 29
Merit: 0
June 17, 2011, 01:55:59 AM
#71
How simple is what? The exploit should bring result, right? We tested it and there was no result. (we saw you tested it too, selling 1 BTC for 1$ -> if it was you, you made someone very happy Smiley )

Did you have any result? Yes or no?


P.S. We offered cuddlefish to test additionally for us, but he preferred to spam the forum with his first discovery. Pity this was more important to him.
Pages:
Jump to: