Topic: bitfloor needs your help! - page 41. (Read 177459 times)
let the bank run begin
Minimal quality standard I expect from an exchange: https://bitcointalksearch.org/topic/minimal-quality-standard-i-expect-from-an-exchange-83933
New withdrawals are currently on hold while I work through the future of the exchange.
That is unacceptable. Regardless of the future of the exchange you have an obligation to disburse funds to the ACH account on record. You previously handled requests by email. USD funds by depositors are the property of the depositor and not an investment. You have no legal standing to hold those funds pending "anything".
I never store keys on a webserver for a project involving customer funds. If all monies belong to the site operator that's their business, but if there are customer accounts I refuse to write code for someone who isn't willing to put the keys on a separate, heavily locked down server (preferably with no public ip).
I don't wish to go into too many details on this thread about it, but this box was not public facing.
your server were not hacked i didnot see any defacing issue some account were compromised only but your server are not hacked those were not a russian hacker's they were some other countries hacker
I'm not sure why an unencrypted wallet would reside on an unencrypted disk but...
BitFloor should continue operations. Get rid of the Cloud though.
BitFloor will make up the lost coins in due time with regular operations.
BitFloor should continue operations. Get rid of the Cloud though.
BitFloor will make up the lost coins in due time with regular operations.
Could you secure some investor funds to pay back losses to customers now, and payback the investor after your business picks back up?
This would be a possibility if investors interested in helping continue operations show interest. It is certainly something I am thinking about.
Do you have enough funds to cover this loss yourself?
I am having trouble thinking of other options that would allow for trading to resume, without turning to a fractional model, that dont include acquiring new large sums of money.
It beggars belief that people are still not using offline wallets for the majority of the coins they're responsible for.
Yes, I realize this is a very serious mistake.
Why was the majority of this not in a cold wallet?
This.
Based on the OP I assumed (incorrectly) that the attacker "only" got 100% of the hot wallet.
Quote
Even tho only a small majority of the coins are ever in use at any time
Yes. I realize this. I cannot undo it (believe me, I would if I could).
Wow... just wow.
I thought you were better than that.
I never store keys on a webserver for a project involving customer funds. If all monies belong to the site operator that's their business, but if there are customer accounts I refuse to write code for someone who isn't willing to put the keys on a separate, heavily locked down server (preferably with no public ip).
Based on the OP I assumed (incorrectly) that the attacker "only" got 100% of the hot wallet.
It sounds as if the attacker only got the hot wallet, but that unfortunately there was no cold wallet.
It beggars belief that people are still not using offline wallets for the majority of the coins they're responsible for.
Could you secure some investor funds to pay back losses to customers now, and payback the investor after your business picks back up?
This would be a possibility if investors interested in helping continue operations show interest. It is certainly something I am thinking about.
So far BitFloor has been great. I would want the service to continue operation.
Could you secure some investor funds to pay back losses to customers now, and payback the investor after your business picks back up?
Could you secure some investor funds to pay back losses to customers now, and payback the investor after your business picks back up?
+1
I'm out ~ 30 BTC on this one. Probably not as many, but I was intending to get those coins off the exchange soon.
Since neither the USD balances nor account records have been compromised please process scheduled ACH withdraws.
We have a pending ACH withdraw which should be processed today.
Should we send ACH withdraw request for the balance by email since the site will be down for the immediate future?
We have a pending ACH withdraw which should be processed today.
Should we send ACH withdraw request for the balance by email since the site will be down for the immediate future?
ACH withdrawals placed before the compromise have been processed. New withdrawals are currently on hold while I work through the future of the exchange.
Quote
Even tho only a small majority of the coins are ever in use at any time
I guess what this means is that he realizes that he could have continued operating under a fractional banking model but chose not to. Which is good.
This also means most of the coins should have been in cold storage, but they weren't. Which is bad.
So far BitFloor has been great. I would want the service to continue operation.
Could you secure some investor funds to pay back losses to customers now, and payback the investor after your business picks back up?
Since neither the USD balances nor account records have been compromised please process scheduled ACH withdraws.
We have a pending ACH withdraw which should be processed today.
Should we send ACH withdraw request for the balance by email since the site will be down for the immediate future?
We have a pending ACH withdraw which should be processed today.
Should we send ACH withdraw request for the balance by email since the site will be down for the immediate future?
Why was the majority of this not in a cold wallet?
This.
Based on the OP I assumed (incorrectly) that the attacker "only" got 100% of the hot wallet.
Quote
Even tho only a small majority of the coins are ever in use at any time
Yes. I realize this. I cannot undo it (believe me, I would if I could).
Why was the majority of this not in a cold wallet?
hey, I realize this is an interesting question, but we are focused on the future here
Why was the majority of this not in a cold wallet?
This.
Based on the OP I assumed (incorrectly) that the attacker "only" got 100% of the hot wallet.
Quote
Even tho only a small majority of the coins are ever in use at any time
How long, given average operation, would it take to regain the 25K in fees?
We have seen steady growth over the last few months but our 30 day volume is ~64K BTC (717K USD) and given that we get 0.3% from each trade this means we make roughly 2.1k per month in USD (210 BTC at current rate). So quite a long time if trading did not ramp up. Regardless of the recovery time I felt it important to make this announcement as it impacts many users and the community.
What kind of help do you need?
Bitfloor provided a great service and I'm willing to forego collecting my meager holdings of 2.98 BTC if it helps at all with paying out other customers wishing to withdraw.
If there is any way I can help as a bitcoin business owner, please PM me.
Bitfloor provided a great service and I'm willing to forego collecting my meager holdings of 2.98 BTC if it helps at all with paying out other customers wishing to withdraw.
If there is any way I can help as a bitcoin business owner, please PM me.
Jump to: