bitfloor needs your help! - page 39.

Severian

sr. member

Activity: 476

Merit: 250

Quote from: greyhawk on September 04, 2012, 02:07:59 PM

Like taking that 5% fee and paying someone who knows something about security to have a look at your stuff and point out obvious weaknesses like "unencrypted copy of the wallet keys" lying around on "supposedly non-public-facing" servers with open connections to public facing servers.

Or maybe one should be responsible for one's own money and btc and not leave them sitting on other peoples' servers for extended periods? Would you leave your wallet and house keys next to someone on the subway to watch for you? You gave him five bucks. He said he'll do his best.

Tuxavant

hero member

Activity: 784

Merit: 1010

Bitcoin Mayor of Las Vegas

Quote from: Stephen Gornick on September 04, 2012, 02:05:33 PM

Disbursing funds to some customers and not others would be a criminal act under those.

I believe a court order (injunction) should be filed to help ensure the exchange operator proceeds as prescribed by law.

Bitcoins were stolen, not cash. That cash is not Bitfloors to distribute to other customers. It's mine.

greyhawk

hero member

Activity: 952

Merit: 1009

Quote from: Severian on September 04, 2012, 02:01:10 PM

Quote from: greyhawk on September 04, 2012, 01:56:04 PM

Quote from: Severian on September 04, 2012, 01:49:04 PM

Bitfloor is a helluva lot cheaper and more convenient than the clip joints being called exchanges out there.

I wonder why...

Are you saying that paying a 5% fee will ensure security?

You can't "ensure" security. You can strive to maximize security however.

Like taking that 5% fee and paying someone who knows something about security to have a look at your stuff and point out obvious weaknesses like "unencrypted copy of the wallet keys" lying around on "supposedly non-public-facing" servers with open connections to public facing servers.

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

Quote from: Dansker on September 04, 2012, 01:56:59 PM

You repay any USD-deposits, since they are all in tact.

You then re-pay what you can of the remaining BTC deposits.

Customer assets are customer assets. It doesn't matter if they are dollars, bitcoins or bananas. If BitFloor does not have reserves (and that was reported in OP) or any other way to make customers whole, then this is a bankruptcy case. This exchange is operating in the U.S., there are very specific laws as to how to proceed.

Disbursing funds to some customers and not others would be a criminal act under those.

I believe a court order (injunction) should be filed to help ensure the exchange operator proceeds as prescribed by law.

[Edited, s/funds/assets/. and added.]

vampire

hero member

Activity: 574

Merit: 500

Quote from: Dansker on September 04, 2012, 01:56:59 PM

How about this:

You repay any USD-deposits, since they are all in tact.

You then re-pay what you can of the remaining BTC deposits.

You will then re-do your security, and publicly post how it will be done right from now on.

You will then re-pay the users who have deposited BTC which you can no longer repay with the incoming transaction fees, untill you have repaid everyone.

Then you will (after a year or two) start making money again. Running the operation untill then will have to be based on your hard work, and possibly investors investing into the company.

Disclosure: I am not invested in any way with any parties to this.

25k BTC is a lot of money. With the current valuation it will take 10 years to repay. And certainly this incident won't increase volume for bitfloor.

Sad.

DigitalHermit

full member

Activity: 150

Merit: 100

Thank you! Thank you! ...

Quote from: Severian on September 04, 2012, 02:01:10 PM

Quote from: greyhawk on September 04, 2012, 01:56:04 PM

Quote from: Severian on September 04, 2012, 01:49:04 PM

Bitfloor is a helluva lot cheaper and more convenient than the clip joints being called exchanges out there.

I wonder why...

Are you saying that paying a 5% fee will ensure security?

... as in pay 5% now or 100% later? Tongue

Severian

sr. member

Activity: 476

Merit: 250

Quote from: greyhawk on September 04, 2012, 01:56:04 PM

Quote from: Severian on September 04, 2012, 01:49:04 PM

Bitfloor is a helluva lot cheaper and more convenient than the clip joints being called exchanges out there.

I wonder why...

Are you saying that paying a 5% fee will ensure security?

Dansker

hero member

Activity: 740

Merit: 500

Hello world!

How about this:

You repay any USD-deposits, since they are all in tact.

You then re-pay what you can of the remaining BTC deposits.

You will then re-do your security, and publicly post how it will be done right from now on.

You will then re-pay the users who have deposited BTC which you can no longer repay with the incoming transaction fees, untill you have repaid everyone.

Then you will (after a year or two) start making money again. Running the operation untill then will have to be based on your hard work, and possibly investors investing into the company.

Disclosure: I am not invested in any way with any parties to this.

greyhawk

hero member

Activity: 952

Merit: 1009

Quote from: Severian on September 04, 2012, 01:49:04 PM

Bitfloor is a helluva lot cheaper and more convenient than the clip joints being called exchanges out there.

I wonder why...

adamstgBit

legendary

Activity: 1904

Merit: 1037

Trusted Bitcoiner

Quote from: ?? on ??

Quote from: TangibleCryptography on September 04, 2012, 12:43:56 PM

Quote from: shtylman on September 04, 2012, 12:35:21 PM

New withdrawals are currently on hold while I work through the future of the exchange.

That is unacceptable. Regardless of the future of the exchange you have an obligation to disburse funds to the ACH account on record. You previously handled requests by email. USD funds by depositors are the property of the depositor and not an investment. You have no legal standing to hold those funds pending "anything".

Since it seems shtylman missed it.

Let me make it more clear. You wanting to continue bitfloor is admirable but it has absolutely nothing to do with client funds. The only purpose of those funds is for CLIENT to purchase bitcoins. Since that is no longer possible the funds should be returned immediately. Not in week, not in a month, not after you get "hacked" again and the attacker makes a bank wire withdraw of all the USD funds to some foreign bank.

ya sending everyone's money back seems like a good first step.

then rebuild a better system, and start making money again.

IveBeenBit

sr. member

Activity: 449

Merit: 250

Quote from: whitslack on September 04, 2012, 01:44:55 PM

I likewise wish to withdraw my remaining USD balance. Since you said all the USD balances are okay and you have all the account records, it should be no problem for you to re-enable enough parts of the site for us to log in and initiate ACH withdrawals. Please don't hold our USD hostage; that would very quickly make you look like the bad guy.

I agree. I hope you can recover from this and re-emerge as a viable exchange. There is very little you can do right now and holding onto our USD will not help get the stolen bitcoins back. Making it difficult or a PITA for us to recover our USD, however will be detrimental to the Bitfloor brand and good will that you have earned in the past.

If you could reenable the site so we can make withdrawal requests that would be nice. I'd also like to double check if I had a bitcoin balance on your site. I'm pretty sure I don't, but need to log on to verify.

Rebuilding your exchange will probably take months. Delaying our USD withdrawals will not speed that up any.

davout

legendary

Activity: 1372

Merit: 1008

1davout

Very sorry to hear that. Sad

Severian

sr. member

Activity: 476

Merit: 250

Sorry to hear this, shtylman. Bitfloor is a helluva lot cheaper and more convenient than the clip joints being called exchanges out there.

Much luck to you all.

whitslack

full member

Activity: 120

Merit: 144

I likewise wish to withdraw my remaining USD balance. Since you said all the USD balances are okay and you have all the account records, it should be no problem for you to re-enable enough parts of the site for us to log in and initiate ACH withdrawals. Please don't hold our USD hostage; that would very quickly make you look like the bad guy.

smickles

sr. member

Activity: 446

Merit: 250

Quote from: mc_lovin on September 04, 2012, 01:37:36 PM

ouch. best of luck resolving this one.. another lesson learned by server admins about hot wallets..

what makes you so sure it was learned? This occurrence seems to indicate that hot wallets are still used or at least used improperly.

Tuxavant

hero member

Activity: 784

Merit: 1010

Bitcoin Mayor of Las Vegas

So I got a grand in USD in my account. How do I get it back asap?

mc_lovin

legendary

Activity: 1190

Merit: 1000

www.bitcointrading.com

ouch. best of luck resolving this one.. another lesson learned by server admins about hot wallets..

notme

legendary

Activity: 1904

Merit: 1002

Quote from: shtylman on September 04, 2012, 01:19:03 PM

Quote from: notme on September 04, 2012, 01:12:57 PM

Still irrelevant. Maybe try understanding the question. It still won't help though since the question isn't directed to you and you don't know the answer. A system, holding an unencrypted copy of the keys was hacked. He claims this system was not public facing, yet he also claims that the attacker connected from a specific IP. If the system was not public facing, how did the attacker connect to it?

The system was connected to from one of our other boxes which was accessed through a virtual console. The wallet box had all public ports blocked but was able to be connected to from a few of the other boxes.

Thanks for confirming. This is why I prefer no incoming connections allowed on the secure box. If you must have occasional ssh, you can have it enabled on boot and then login to disable it. That way you can reboot first if you must login.

mufa23

legendary

Activity: 1022

Merit: 1001

I'd fight Gandhi.

Quote from: ?? on ??

Quote from: BadBear on September 04, 2012, 01:08:38 PM

And stop with the bold, there's no reason to bold everything you say since it's nonsense anyway.

yeah i know what i have wrote and if bold is not allowed why dont u disable bold tags instead of saying to me ?

inb4 ban

shtylman

sr. member

Activity: 243

Merit: 250

Quote from: notme on September 04, 2012, 01:12:57 PM

Still irrelevant. Maybe try understanding the question. It still won't help though since the question isn't directed to you and you don't know the answer. A system, holding an unencrypted copy of the keys was hacked. He claims this system was not public facing, yet he also claims that the attacker connected from a specific IP. If the system was not public facing, how did the attacker connect to it?

The system was connected to from one of our other boxes which was accessed through a virtual console. The wallet box had all public ports blocked but was able to be connected to from a few of the other boxes.

Topic: bitfloor needs your help! - page 39. (Read 177459 times)