bitfloor needs your help! - page 37.

LoweryCBS

sr. member

Activity: 364

Merit: 250

firstbits 1LoCBS

I'd buy Bitfloor-issued bonds. Or even Bitfloor stock.

Quote from: gllen on September 04, 2012, 02:58:22 PM

Man, that's really too bad.

I've been nothing but impressed by bitfloor; from the video interview, to the github code, to the API and testnet, BF seems like one of the best implemented exchanges out there.

63k BTC (30 day volume) = 3.15k fees (converted to BTC)?

Maybe a dumb idea, but you could offer trade-able bonds to the current BTC balance holders, with a 12-24 month term, and a generous (but achievable) rate.

ErnestoJuarell

member

Activity: 113

Merit: 10

¿Sabe lo que quiero decir?

Quote from: shtylman on September 04, 2012, 02:54:02 PM

Quote from: SgtSpike on September 04, 2012, 02:49:51 PM

Quote from: shtylman on September 04, 2012, 02:42:21 PM

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.

So basically, BTC withdrawals will be delayed until you have the funds to pay for them? Or both BTC and USD withdrawals (after you allow whoever wants to withdraw via ACH to do so)? What if I trade for USD (once you re-enable trading), then request an ACH withdrawal?

The BTC are gone but I have records of how much each person had at the time of the theft. Once trading resumes you will be free to deposit new BTC and trade those for USD.

Was the box holding the records compromised? How can you be sure the hacker didn't mess with the figures. Do you have offline backups to compare to to look for something fishy?

gllen

donator

Activity: 21

Merit: 0

Man, that's really too bad.

I've been nothing but impressed by bitfloor; from the video interview, to the github code, to the API and testnet, BF seems like one of the best implemented exchanges out there.

63k BTC (30 day volume) = 3.15k fees (converted to BTC)?

Maybe a dumb idea, but you could offer trade-able bonds to the current BTC balance holders, with a 12-24 month term, and a generous (but achievable) rate.

Edit: 0.3% fees = 189 BTC gross. My math above is way off Undecided

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

Quote from: runeks on September 04, 2012, 02:56:25 PM

Dammit! I'm sorry to hear this shtylman. I really had high hopes for bitfloor as well. The user interface is by far the best of any exchange I've seen.

I really hope you will release more information about how the attack was carried out. At least tell us what you know. Exchange security will never improve if we don't know how these hackers get in. Based on the number of exchanges that have been compromised, I assume that the attacks aren't terribly advanced. I mean, not via the sort of vulnerabilities that go for $100k on the black market and take months to discover. It would really help to know if it's SQL injection or an Apache/nginx vulnerability or something else.

This I would be willing to donate towards a fund for the victims if detailed information on the attack as well as post-attack analysis and mitigating steps were provided. I hope I am not the only one. It could improve the security of other exchanges and service providers.

EnergyVampire

full member

Activity: 210

Merit: 100

Quote from: BitPay Business Solutions on September 04, 2012, 02:30:20 PM

Quote from: DeathAndTaxes on September 04, 2012, 02:22:51 PM

There is no single solution which meets the needs of every single service provider. That being said having a hotwallet with 100% of the funds is simply inexcusable. More than anything else it is sad. Bitfloor was growing rapidly and was a great source of liquidity outside of MtGox (which is important IMHO). It is destroyed now and honestly shtylman is better than that.

Agreed. If Roman really learns as much as possible from this, let others review his security procedures, he can build the most secure exchange out there. Large withdrawals may not be instant, who cares, at least they are safe. If I deposit 1000 BTC with him, I want to trade it, not withdraw it back out immediately.

+1 I agree with BitPay(Tony?)

On another note, it might be possible to raise funds with a bond or equity (preferred shares, maybe?) issue. Not sure about the legality, regardless BitFloor will absorb the lost coins but at least your customers will be satisfied imo.

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

Quote from: vampire on September 04, 2012, 02:54:51 PM

Quote from: Stephen Gornick on September 04, 2012, 02:52:48 PM

Quote from: ErebusBat on September 04, 2012, 02:49:00 PM

Quote from: Stephen Gornick on September 04, 2012, 02:43:33 PM

shtylman, where physically are you for service of process?

https://bitfloor.com/about

Quote

Mailing Address
Bitfloor Inc.
27-29 W 60th St. #21053
New York, NY 10023

Roman recently had traveled or moved possibly out of the country (London ?).

The address is USPS PO Box. Roman went for the conference to london?

He's been there since July at least:

- https://bitcointalksearch.org/topic/london-bitcoin-meetups-94975

Related thread:

- https://bitcointalksearch.org/topic/kye-know-your-exchange-bitfloor-93655

Otoh

donator

Activity: 3108

Merit: 1166

Quote from: shtylman on September 04, 2012, 02:42:21 PM

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.

wow, sounds like he's found an angel backer, maybe it's the hacker, at least that would help sort out basic security issues as he wouldn't want anyone else running off with his new golden goose

runeks

legendary

Activity: 980

Merit: 1008

Dammit! I'm sorry to hear this shtylman. I really had high hopes for bitfloor as well. The user interface is by far the best of any exchange I've seen.

I really hope you will release more information about how the attack was carried out. At least tell us what you know. Exchange security will never improve if we don't know how these hackers get in. Based on the number of exchanges that have been compromised, I assume that the attacks aren't terribly advanced. I mean, not via the sort of vulnerabilities that go for $100k on the black market and take months to discover. It would really help to know if it's SQL injection or an Apache/nginx vulnerability or something else.

vampire

hero member

Activity: 574

Merit: 500

Quote from: Stephen Gornick on September 04, 2012, 02:52:48 PM

Quote from: ErebusBat on September 04, 2012, 02:49:00 PM

Quote from: Stephen Gornick on September 04, 2012, 02:43:33 PM

shtylman, where physically are you for service of process?

https://bitfloor.com/about

Quote

Mailing Address
Bitfloor Inc.
27-29 W 60th St. #21053
New York, NY 10023

Roman recently had traveled or moved possibly out of the country (London ?).

The address is USPS PO Box. Roman went for the conference to london?

shtylman

sr. member

Activity: 243

Merit: 250

Quote from: SgtSpike on September 04, 2012, 02:49:51 PM

Quote from: shtylman on September 04, 2012, 02:42:21 PM

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.

So basically, BTC withdrawals will be delayed until you have the funds to pay for them? Or both BTC and USD withdrawals (after you allow whoever wants to withdraw via ACH to do so)? What if I trade for USD (once you re-enable trading), then request an ACH withdrawal?

The BTC are gone but I have records of how much each person had at the time of the theft. Once trading resumes you will be free to deposit new BTC and trade those for USD.

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

Quote from: ErebusBat on September 04, 2012, 02:49:00 PM

Quote from: Stephen Gornick on September 04, 2012, 02:43:33 PM

shtylman, where physically are you for service of process?

https://bitfloor.com/about

Quote

Mailing Address
Bitfloor Inc.
27-29 W 60th St. #21053
New York, NY 10023

Roman recently had traveled or moved possibly out of the country (London ?).

Vladimir

hero member

Activity: 812

Merit: 1001

-

Quote from: DeathAndTaxes on September 04, 2012, 02:43:10 PM

Quote from: Vladimir on September 04, 2012, 02:40:45 PM

Replace word "bitcoins" by "potatoes" and any judge will figure out on the spot what to do.

Potatoes aren't a digital construct thinly traded only on unregulated exchanges. I do agree that Bitcoin will need to be regulated eventually. It simply can't co-exist with fiat currencies without definition. However that day isn't today.

Of course. However, potatoes have value, they can be stolen too. Imagine a commodity exchange where you can deposit bags of potatoes that you and other customers have "farmed". Those potatoes can be sent to the exchange as well as fiat money (legal tender btw). Someone have stolen all the potatoes, exchange goes BK... Effectively a judge has only two choices:

1. Distribute all fiat back to depositors and leave potato sellers to hold the bag (an empty potato bag no less).
2. Value all the lost potato deposits in fiat, distribute whatever fiat left proportionally.

I bet it will be 2.

SgtSpike

legendary

Activity: 1400

Merit: 1005

Quote from: shtylman on September 04, 2012, 02:42:21 PM

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.

So basically, BTC withdrawals will be delayed until you have the funds to pay for them? Or both BTC and USD withdrawals (after you allow whoever wants to withdraw via ACH to do so)? What if I trade for USD (once you re-enable trading), then request an ACH withdrawal?

ErebusBat

hero member

Activity: 560

Merit: 500

I am the one who knocks

Quote from: Stephen Gornick on September 04, 2012, 02:43:33 PM

shtylman, where physically are you for service of process?

https://bitfloor.com/about

Quote

Mailing Address
Bitfloor Inc.
27-29 W 60th St. #21053
New York, NY 10023

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

Quote from: ErebusBat on September 04, 2012, 02:43:36 PM

Unless you have gotten legal advice to the contrary (if you have please let us know), I would advise processing ACH withdrawals on a as needed basis.

If BitFloor is insolvent, unable to meet all withdrawal request of all customers, then disbursing even one penny is a criminal act.

ErebusBat

hero member

Activity: 560

Merit: 500

I am the one who knocks

Quote from: TangibleCryptography on September 04, 2012, 12:43:56 PM

Quote from: shtylman on September 04, 2012, 12:35:21 PM

New withdrawals are currently on hold while I work through the future of the exchange.

That is unacceptable. Regardless of the future of the exchange you have an obligation to disburse funds to the ACH account on record. You previously handled requests by email. USD funds by depositors are the property of the depositor and not an investment. You have no legal standing to hold those funds pending "anything".

I agree with TangibleCryptography.

In your own words:

Quote from: shtylman on September 04, 2012, 12:08:52 PM

I know exactly how much each user currently has in their account for both USD and BTC. No records were lost in this attack.

Unless you have gotten legal advice to the contrary (if you have please let us know), I would advise processing ACH withdrawals on a as needed basis.

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

Quote from: shtylman on September 04, 2012, 02:42:21 PM

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.

Who will cooperate in filing an injunction?

shtylman, where physically are you for service of process?

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

Quote from: Vladimir on September 04, 2012, 02:40:45 PM

Replace word "bitcoins" by "potatoes" and any judge will figure out on the spot what to do.

Potatoes aren't a digital construct thinly traded only on unregulated exchanges which hasn't yet been defined by FinCEN or any other regulatory body. I do agree that Bitcoin will need to be regulated eventually. It simply can't co-exist with fiat currencies under existing laws without regulation and definition.

Still I think this is a case of people wanting to have their cake and eat it to. Either Bitcoin is outside of regulation and statutes or it isn't. It can't be "kinda" under the law. If it is regulated that means tight AML, trade reporting to IRS, regulatory requirements for handling Bitcoins, licensing (VA requires a $500K bond to be a money transmitter for example), etc.

It can't be under the law when you want something and then outside regulation all the other times. It is all or nothing baby.

Personally like it or not, I think on a long enough time line we will be in the "all" category.

Severian

sr. member

Activity: 476

Merit: 250

Quote from: ErebusBat on September 04, 2012, 02:37:12 PM

Obviously you don't trade alot. If you want to take advantage of the swings then you must hold a balance on the exchanges.

No, I don't. I'm buy and hold. Bitfloor isn't so much an exchange as a bitcoin "store", which is a much needed service.

shtylman

sr. member

Activity: 243

Merit: 250

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.

Topic: bitfloor needs your help! - page 37. (Read 177459 times)