Pages:
Author

Topic: bitfloor needs your help! - page 41. (Read 177467 times)

legendary
Activity: 3374
Merit: 4738
diamond-handed zealot
September 04, 2012, 12:45:08 PM
#30
let the bank run begin
legendary
Activity: 1896
Merit: 1353
September 04, 2012, 12:44:40 PM
#29
sr. member
Activity: 476
Merit: 250
Tangible Cryptography LLC
September 04, 2012, 12:43:56 PM
#28
New withdrawals are currently on hold while I work through the future of the exchange.

That is unacceptable.  Regardless of the future of the exchange you have an obligation to disburse funds to the ACH account on record.  You previously handled requests by email.  USD funds by depositors are the property of the depositor and not an investment.  You have no legal standing to hold those funds pending "anything".
sr. member
Activity: 243
Merit: 250
September 04, 2012, 12:42:27 PM
#27
I never store keys on a webserver for a project involving customer funds.  If all monies belong to the site operator that's their business, but if there are customer accounts I refuse to write code for someone who isn't willing to put the keys on a separate, heavily locked down server (preferably with no public ip).

I don't wish to go into too many details on this thread about it, but this box was not public facing.
newbie
Activity: 28
Merit: 0
September 04, 2012, 12:41:32 PM
#26
your server were not hacked i didnot see any defacing issue some account were compromised only but your server are not hacked those were not a russian hacker's they were some other countries hacker
full member
Activity: 210
Merit: 100
September 04, 2012, 12:41:13 PM
#25
I'm not sure why an unencrypted wallet would reside on an unencrypted disk but...

BitFloor should continue operations. Get rid of the Cloud though.

BitFloor will make up the lost coins in due time with regular operations.
legendary
Activity: 1008
Merit: 1000
September 04, 2012, 12:40:59 PM
#24
Could you secure some investor funds to pay back losses to customers now, and payback the investor after your business picks back up?

This would be a possibility if investors interested in helping continue operations show interest. It is certainly something I am thinking about.

Do you have enough funds to cover this loss yourself?

I am having trouble thinking of other options that would allow for trading to resume, without turning to a fractional model, that dont include acquiring new large sums of money.
sr. member
Activity: 243
Merit: 250
September 04, 2012, 12:40:14 PM
#23
It beggars belief that people are still not using offline wallets for the majority of the coins they're responsible for.

Yes, I realize this is a very serious mistake.
legendary
Activity: 1904
Merit: 1002
September 04, 2012, 12:39:40 PM
#22
Why was the majority of this not in a cold wallet?

This. 

Based on the OP I assumed (incorrectly) that the attacker "only" got 100% of the hot wallet.

Quote
Even tho only a small majority of the coins are ever in use at any time


Yes. I realize this. I cannot undo it (believe me, I would if I could).

Wow... just wow.

I thought you were better than that.

I never store keys on a webserver for a project involving customer funds.  If all monies belong to the site operator that's their business, but if there are customer accounts I refuse to write code for someone who isn't willing to put the keys on a separate, heavily locked down server (preferably with no public ip).
legendary
Activity: 2940
Merit: 1333
September 04, 2012, 12:38:29 PM
#21
Based on the OP I assumed (incorrectly) that the attacker "only" got 100% of the hot wallet.

It sounds as if the attacker only got the hot wallet, but that unfortunately there was no cold wallet.

It beggars belief that people are still not using offline wallets for the majority of the coins they're responsible for.
sr. member
Activity: 243
Merit: 250
September 04, 2012, 12:37:01 PM
#20
Could you secure some investor funds to pay back losses to customers now, and payback the investor after your business picks back up?

This would be a possibility if investors interested in helping continue operations show interest. It is certainly something I am thinking about.
sr. member
Activity: 283
Merit: 250
September 04, 2012, 12:36:52 PM
#19
So far BitFloor has been great.  I would want the service to continue operation.

Could you secure some investor funds to pay back losses to customers now, and payback the investor after your business picks back up?

+1

I'm out ~ 30 BTC on this one. Probably not as many, but I was intending to get those coins off the exchange soon.
sr. member
Activity: 243
Merit: 250
September 04, 2012, 12:35:21 PM
#18
Since neither the USD balances nor account records have been compromised please process scheduled ACH withdraws.

We have a pending ACH withdraw which should be processed today.
Should we send ACH withdraw request for the balance by email since the site will be down for the immediate future?

ACH withdrawals placed before the compromise have been processed. New withdrawals are currently on hold while I work through the future of the exchange.
legendary
Activity: 1008
Merit: 1000
September 04, 2012, 12:34:46 PM
#17
Quote
Even tho only a small majority of the coins are ever in use at any time

I guess what this means is that he realizes that he could have continued operating under a fractional banking model but chose not to.  Which is good.

This also means most of the coins should have been in cold storage, but they weren't.  Which is bad.


So far BitFloor has been great.  I would want the service to continue operation.

Could you secure some investor funds to pay back losses to customers now, and payback the investor after your business picks back up?
sr. member
Activity: 476
Merit: 250
Tangible Cryptography LLC
September 04, 2012, 12:33:47 PM
#16
Since neither the USD balances nor account records have been compromised please process scheduled ACH withdraws.

We have a pending ACH withdraw which should be processed today.
Should we send ACH withdraw request for the balance by email since the site will be down for the immediate future?
sr. member
Activity: 243
Merit: 250
September 04, 2012, 12:29:56 PM
#15
Why was the majority of this not in a cold wallet?

This. 

Based on the OP I assumed (incorrectly) that the attacker "only" got 100% of the hot wallet.

Quote
Even tho only a small majority of the coins are ever in use at any time


Yes. I realize this. I cannot undo it (believe me, I would if I could).
legendary
Activity: 3374
Merit: 4738
diamond-handed zealot
September 04, 2012, 12:28:47 PM
#14

Why was the majority of this not in a cold wallet?




hey, I realize this is an interesting question, but we are focused on the future here

 Roll Eyes
donator
Activity: 1218
Merit: 1079
Gerald Davis
September 04, 2012, 12:28:28 PM
#13
Why was the majority of this not in a cold wallet?

This. 

Based on the OP I assumed (incorrectly) that the attacker "only" got 100% of the hot wallet.

Quote
Even tho only a small majority of the coins are ever in use at any time
sr. member
Activity: 243
Merit: 250
September 04, 2012, 12:26:47 PM
#12
How long, given average operation, would it take to regain the 25K in fees?

We have seen steady growth over the last few months but our 30 day volume is ~64K BTC (717K USD) and given that we get 0.3% from each trade this means we make roughly 2.1k per month in USD (210 BTC at current rate). So quite a long time if trading did not ramp up. Regardless of the recovery time I felt it important to make this announcement as it impacts many users and the community.
edd
donator
Activity: 1414
Merit: 1002
September 04, 2012, 12:25:39 PM
#11
What kind of help do you need?

Bitfloor provided a great service and I'm willing to forego collecting my meager holdings of 2.98 BTC if it helps at all with paying out other customers wishing to withdraw.

If there is any way I can help as a bitcoin business owner, please PM me.
Pages:
Jump to: