Topic: BitMarket.Eu has closed down - page 50. (Read 204189 times)

I tried to verify my account some weeks ago, but it never got verified, and I did not even receive an e-mail. E-mails to the support e-mail address were not answered either.

It's fine to me if you don't accept the verification methods suggested by me, but please tell me. At this moment I don't even know whether you received my verification attempts.

If you lack the manpower to process all verification attempts in time, then please give me the option for faster verification by paying you. I'm sure you can get more manpower if you have financial resources  .

Edit: As indicated below, my account is now verified. Thanks!

+1 Dwolla would be an extremely useful option for those of us trading USD, even though in my experiences Dwolla has a long way to go before it's as fast as Paypal... 

Bitmarket.EU is still the best exchange, imho! Keep up the great work! 

Thank you guys for your kind words, we really appreciate that.

As a side note, I'd like to add that when we learned what happened we have put the site down, so no further account would get compromised, scanned the published user/password list and resetted passwords of every user that was found on this list and on our exchange. So I believe there is no user with the same password as on Mt. Gox on our site now.

You provide a free service (supported by donations), it is not your fault (even if what you did is certainly perfectible), you're clearly not to blame here.

Users are responsible for keeping their passwords safe.

Thanks for your service and don't get upset because of this small incident.

I completely agree with tschaboo. If you let yourself hack - that's something which might be discussable. If users are too lazy to change their passwords or to use different passwords on different accounts / mailadresses - that is their problem, not yours.

It might be a good idea to put sth. like that on your website, though, to avoid trouble. (We are not responsible for...) I like the way britcoin did it: "This site is strictly in alpha state. [..] The software is new. Use at your own risk. We will do our best to prevent problems, but mistakes can happen. Only deposit amounts you feel comfortable with in regards to the aforementioned information."

However, I think it is a great sign of integrity that you are considering using your donations to refund. But as said: you paid a hell of work to build up the site and maintain it - you shouldn't spend your donations for this. (Obvisouyl it's your choice in the end - I wouldn't do it, though)

Well, what you should do: being transparent about incidents, informing the public as soon as possible, help investigating the issue. Looks like you did that.

What you shouldn't do: replace the lost BTC. Especially if you informed all your members right after the Mt. Gox incident to do the obvious: don't use the same passwords everywhere. Probably that loss is a good motivation for the affected people to "invest" into good passwords and that might prevent them to loose much more in the future.

What you absolutely shouldn't do: Give out your donations. They are meant to support you and the site.

Today an incident took place on BitMarket.eu, that deserves a few words of explanation.

It seems that the Mt. Gox hack that yielded in revealing the users' logins, emails and passwords has yet to haunt us. As (nearly) everyone knows, the messages about how important it was to change your password that you used on Mt. Gox were all over the place. Yet, some people didn't manage (or didn't give a damn) to change their passwords on BitMarket.

What we have done to avoid problems:

- we have alerted all users having the same login or email address as on Mt. Gox that they should reset the passwords as soon as possible straight after it was clear that Mt. Gox got hacked
- we have enforced a password change on some users (we should have done this with all of them, it seems now)
- we have made it impossible to change the Bitcoin withdrawal address without e-mail confirmation, so that even in case someone hacked an account they would not be able to steal coins

Here's what most likely happened:

One of our users failed to change his password on BitMarket. That woulnd't be a big problem, but this person apparently had exactly the same password on his email account (otherwise the attacker would not be able to change their withdrawal address).
Thus, an attacker was able to take over his account despite of our efforts to avoid this. On top of that, some of our other users kept the same password as on Mt. Gox - which allowed that same person to log in onto their accounts, perform transactions
with the person to whose email address the attacker had access already, and thus he was able to withdraw the coins. We found out about it this morning and immediately blocked all compromised accounts.

The total amount of Bitcoins that were withdrawn this way is 63.78 BTC onto this address:

1B3CtSJCncLGqRcyMG1AFujUFKjFqnJC39

We are thinking on how should we approach this problem, because it hardly is our fault that someone was negligent enough
to keep his now publicly available password not just on BitMarket, but also his email.

Right now we have ~21 BTC from donations, so that wouldn't even be able to cover the losses.

-------

TL;DR: Few members of our site lost their BTCs because they used same passwords on both Mt. Gox and BitMarket.

Sorry about looking a bit impatient (I was aware of the 24-policy), it was my initial reaction that with exchanges, things are a little close to instant when it comes to transactions. I just wondered so far why the first one paid instantly and the other didn't. Wherein my offer was bought/sold to 2 parties (shared). Anyways, I'm quite happy that I have an alternative now for trading.

I also use bitmarket for trading and have made only positive experiences so far. Most of the times, a buyer doesn't reply to the first automated message at all but simply sends you the money. Even with paypal, this sometimes takes a few hours. I guess some people have a real life, too. It is wise just too wait a little bit, I'd say 24 hours for paypal and 72 hours for bank transfer.

After this, I usually write the buyer another message, sending him the payment info again. On rare occasions, the buyer didn't get the intial message sent by bitmarket. If the buyer doesn't reply within 24h, I hand over the matter to bitmarket, which tries to contact the buyer again. If he doesn't answer (within 24 hours, I believe), they'll cancel the transaction manually. In my experiences, this seldomly happens. In fact, out of a couple dozen trades, this only happened once to me so far.

Bottom line: Be a little patient and try to communicate. The hand-picked bitmarket crowd is a very pleasant one, so you shouldn't be too concerned. People are not always in front of the computers, sometimes they eat, sleep, go to school and simply can't react at once. Especially, if you've just been waiting for 5 hours and the amount in question is only 0.7 BTC.

@huayra.agera: We have a policy of at least 24 hours before taking any steps toward cancellation. You have to take into account that a person you're trading with can live in a different timezone and, for example, asleep at the moment of trade.

Oh well, I'll just have to wait then, it's 0.7 BTC by the way. I mentioned in my e-mail to the other party that either way, I can still push through unless the admin completely cancels my request.

5h might be a bit low. I just had to wait 5 days with no communication, but in the end the transaction went through.

Hi, I requested a cancellation since the other party was not responding for like 5 hours now when my sell offer was sold. I already sent an e-mail to the admin, just thought maybe getting inputs here.

My BTC is still frozen, luckily it's a small amount, however if it was big and the other party did not/ or would not cancel the transaction, then my BTC are frozen for quite some time. I hope the admins can work this out. Thanks.

That was very fast! My account is now verified, I'll try some trading done. Thanks BitMarket.eu!

I'm waiting for my account to be confirmed here. Are there a lot of users of Paypal in Bitmarket.eu? I hope my forum reputation here is enough. Didn't do any damage, gave at least suggestive contributions to the community in various threads. =)

Admins, thanks for expanding the minimum offers that can be viewed for each currency. That helped a lot!

maybe a stupid idea but what about equal parts of fees paid by both parties 50%-50% ?

@Bitmarket, would you be open to considering adding Dwolla as an option? It may speed things up and the fee is distributed to both parties (25 cents per transaction on each end, which is often better than any percentage). If you'd like to have sellers pay fees, then one could arrange for it, similar to how it is was done via Paypal.

If you could do this, it'd be appreciated, as otherwise I have to sell BTC for PPUSD, put PPUSD in my bank, and withdraw elsewhere. I think a bunch of us may be in the same boat.

While this is somewhat of an improvement, it still isn't particularly useful. To provide an example:
I have a bank account in England and am interested in trading GBP via local wire transfer. Right now, on the GBP site, there are 8 offers for paypal only, one for a local wire transfer in the Czech Republic, and one for one coin that might actually interest me.
The main problem with both this and the page that simply shows everything is that I have to do detective work to find a relatively small amount of offers that are of interest to me, and the rest are hidden either because of the cut-off or because they are between a bunch of offers that I don't care about.

As I see it, there are two ways of solving this:

• Add pagination to the individual currency offers.
• Add a proper filtering system so that I could search for (e.g.) "GBP or EUR offered via local wire transfer in Britain or Germany".

Of course, having both would be preferable.
I guess the first way would be a nice quick fix, the second one a somewhat more long-term solution. (also, I think the second idea would make the market even more attractive)

Gotcha, thanks a bunch for this.
This is not very clear in the verify form itself though.