Topic: BTC Stolen from Poloniex - page 25. (Read 167444 times)
Pretty much the same things were said in the coinmarket threads. It means nothing. It's a reference.
This thread was posted by Tristan, if there was a time to run, this was it - if he had bad intentions, why oh why is still here? and also when multiple people know his full details - he's top results on google with all his personal details going back many many years on the web.
I'm not saying OP isn't honest. I'm saying your argument doesn't hold water.
Some of bitoins are stolen, but why the other withdrawals are disabled?
And why the deposit page is up and there is no real notice on the website? I'm losing the opportunity to buy mzc. Why should people who deposited money after the incident should be involved in this? I do not want to call this is a scam, but people who were not affected by the hacker are losing money and opportunities. 
I would like to thank everyone for their support and understanding. It really means a lot. Having other people's money taken under my watch has made me feel just about as awful as I've ever felt in my life.
I think I should have a poll to determine how to pay the funds back. Here are the options I'm thinking:
1. Pay back over time with exchange fees.
2. Same as #1, but raise fees to expedite.
3. Sell shares of Poloniex to cover the debt; dividends paid regularly.
4. Award such shares to everyone immediately and consider that repayment.
Let me know if I'm forgetting an option here.
About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.
I will be hiring a security programmer after this is dealt with.
I think I should have a poll to determine how to pay the funds back. Here are the options I'm thinking:
1. Pay back over time with exchange fees.
2. Same as #1, but raise fees to expedite.
3. Sell shares of Poloniex to cover the debt; dividends paid regularly.
4. Award such shares to everyone immediately and consider that repayment.
Let me know if I'm forgetting an option here.
About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.
I will be hiring a security programmer after this is dealt with.
I'd raise the fee to 0.3% or even 0.5% and additionally sell shares. You can then cover the dividends with the extra fee and with the shares you can pay back the 12%.
Yes, this is a good proposal. To refine a bit further:
1. 30 day period of selling shares, say at $4M pre-money valuation, which is a fair valuation for a tech start-up with early traction but high-risk security flaws
- eg. if you sell $1M worth of shares, you would be selling 20% of your Company at $4M pre- and $5M post-money.
- to make this attractive to investors, you may also consider offering a 50% annual preferred return for two years to compensate for the high-risk nature of the operation (which would create a defined path for re-coup of initial capital investment)
2. If you fail to reach the full amount by selling shares, then also raise fees to 0.5% until the full-amount of the debt has been re-paid
3. Under this set-up, the "payment cascade" for incoming fees over the next 2 years would be as follows:
- first, to pay account holders to make them whole (if not fully covered by proceeds from sale of shares)
- second, to pay the 50% preferred return to equity holders
- third, to distribute to equity holders pro rata with their equity share in the business
just giving the fee for some time would be enough i assume to return that 12% pretty fast.
i am in for shares too...
i am in for shares too...
I'd take shares for the missing BTC.
Any word on when withdrawals are going to be resumed? I have a bunch of AUR locked up.
Any word on when withdrawals are going to be resumed? I have a bunch of AUR locked up.
2. Same as #1, but raise fees to expedite. ?
That's saying we pay ourselves back by paying higher fees to cover the amount we're owed. This should come out of the admins funds and profits not users pockets, it was his responsibility not ours to secure the site. Paying it back over time in some way so that the exchange stays solvent makes sense, but higher fees simply means he loses nothing, we pay it all.
I'm also not clear if this involves all balances held there, or just BTC ones?
If you, for example, had a litecoin balance, would that be losing this %?
That's saying we pay ourselves back by paying higher fees to cover the amount we're owed. This should come out of the admins funds and profits not users pockets, it was his responsibility not ours to secure the site. Paying it back over time in some way so that the exchange stays solvent makes sense, but higher fees simply means he loses nothing, we pay it all.
I'm also not clear if this involves all balances held there, or just BTC ones?
If you, for example, had a litecoin balance, would that be losing this %?
https://blockchain.info/charts/received-per-day?timespan=30days&showDataPoints=false&daysAverageString=1&show_header=true&scale=0&address=1N2f642sbgCMbNtXFajz9XDACDFnFzdXzV
Zero till 24th February (coinmarket.io?) till now.
Zero till 24th February (coinmarket.io?) till now.
Personally, I think the owner of Poloniex did the right thing by saying what happened. We have to acknowledge that hackers and exploiters will steal funds time to time and when it does happen, its best to not to go the path of Mt. Gox. When someone does manage to steal funds, we as a community should get together and do our best to track exactly where the stolen money goes and hopefully the money eventually goes to some sort of money exchange service where we can alert the site.
Do you believe they're doing the right thing by:
- Continuing to allow deposits but not withdrawls
- not having any notice on their main page OR deposit page
- not immediately sending out a notice to all customers by email
- deducting 12% of coins deposited after the "theft"
Again.. it has been 12+ hours after the incident
By Busoni on page 11:
About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.
meaningless.
"Obviously I should have posted a notice on the Balances page" <--- was not done
"but it is not difficult to make an exception for recent deposits." <--- promises nothing
Pretty much the same things were said in the coinmarket threads. It means nothing. It's a reference.
This thread was posted by Tristan, if there was a time to run, this was it - if he had bad intentions, why oh why is still here? and also when multiple people know his full details - he's top results on google with all his personal details going back many many years on the web.
Some of bitoins are stolen, but why the other withdrawals are disabled?
Is it really so difficult for you to understand why? Because everyone would flee and only those that were late fleeing would pay for the loss... this way everyone shares the loss...
What i want to know now is how much is kept in the 'hot' and 'cold' wallet.
For every hour of the day there is BTC coming in and BTC going out. Only a small amount is needed in the 'hot' wallet. If someone were to withdraw a large amount, say 5 BTC, and there isn't enough in the 'hot' wallet, then withdrawal should be classed as pending with an email sent explaining that it is pending until physical transfer from the 'cold' wallet is done. It may require a bit more work from Poloniex but at least it will reduce the amount of BTC in the 'hot' wallet, thus improving security and reducing theft. The extra time for one who withdrew 5 BTC would be no more than 20 minutes. Surely we can live with that.
On certain days when there is a huge influx of BTC coming in, huge deposit or Insanity Sunday, there would be a need for more active physical management of BTC by transferring BTC to 'cold' wallet and back to 'hot' wallet, depending on supply and demand.
For every hour of the day there is BTC coming in and BTC going out. Only a small amount is needed in the 'hot' wallet. If someone were to withdraw a large amount, say 5 BTC, and there isn't enough in the 'hot' wallet, then withdrawal should be classed as pending with an email sent explaining that it is pending until physical transfer from the 'cold' wallet is done. It may require a bit more work from Poloniex but at least it will reduce the amount of BTC in the 'hot' wallet, thus improving security and reducing theft. The extra time for one who withdrew 5 BTC would be no more than 20 minutes. Surely we can live with that.
On certain days when there is a huge influx of BTC coming in, huge deposit or Insanity Sunday, there would be a need for more active physical management of BTC by transferring BTC to 'cold' wallet and back to 'hot' wallet, depending on supply and demand.
dude. "You also agree not to hold any persons or party liable for loss of funds resulting from third party actions". The hacking is a third party action. It's like that south park episode where they don't read the terms and conditions. human centipede.
The law does not care about South Park d00d or a non-binding Terms document reading like it was written by a 5 year-old.
Everything pretty much ends up in this account if you follow the chain
https://blockchain.info/address/1N2f642sbgCMbNtXFajz9XDACDFnFzdXzV
and now he's taking everything out of that one too..
45000 BTC!!!!!!!!!!! Ouch!!!!!!!!!!!!!https://blockchain.info/address/1N2f642sbgCMbNtXFajz9XDACDFnFzdXzV
and now he's taking everything out of that one too..
Total Received 49,949.85811075 BTC
So 1N2f642sbgCMbNtXFajz9XDACDFnFzdXzV has received as much as the
http://bitcoinrichlist.com/top100
Is it possible that 1N2f642sbgCMbNtXFajz9XDACDFnFzdXzV is an exchange? How to know?
Some of bitoins are stolen, but why the other withdrawals are disabled?
I traded my BTC down to 1 satoshi (for AuroraCoin!) so I guess you can't freeze 1/8th of that? 
So far I like, and very much so, the transparent way that the Poloniex founder is dealing with this issue. Hoping for more good things from this site. Everyone has growing pains. Learn from them.
So far I like, and very much so, the transparent way that the Poloniex founder is dealing with this issue. Hoping for more good things from this site. Everyone has growing pains. Learn from them.
The right time to hire a security programmer is when you 1) own an exchange; and 2) hear about security issues at the biggest exchange and hear the Bitcoin community talk about double-spending; and 3) hear about security issues at other exchanges
OP had a few weeks++ to lock the site down and make it secure. Hiring someone after these issues are resolved (what? 1 month? 2 months? and have more BTC stolen?) is not the way to go.
if ( $x < 0 ) exit $alert;
But yes, then there are a lot of traders, crying about a break of their trading platform.
I would like to thank everyone for their support and understanding. It really means a lot. Having other people's money taken under my watch has made me feel just about as awful as I've ever felt in my life.
I think I should have a poll to determine how to pay the funds back. Here are the options I'm thinking:
1. Pay back over time with exchange fees.
2. Same as #1, but raise fees to expedite.
3. Sell shares of Poloniex to cover the debt; dividends paid regularly.
4. Award such shares to everyone immediately and consider that repayment.
Let me know if I'm forgetting an option here.
About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.
I will be hiring a security programmer after this is dealt with.
I think I should have a poll to determine how to pay the funds back. Here are the options I'm thinking:
1. Pay back over time with exchange fees.
2. Same as #1, but raise fees to expedite.
3. Sell shares of Poloniex to cover the debt; dividends paid regularly.
4. Award such shares to everyone immediately and consider that repayment.
Let me know if I'm forgetting an option here.
About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.
I will be hiring a security programmer after this is dealt with.
I'd raise the fee to 0.3% or even 0.5% and additionally sell shares. You can then cover the dividends with the extra fee and with the shares you can pay back the 12%.
Very okay with all of this.
Tristan has already capably handled one big error see: https://bitcointalksearch.org/topic/m.5305316 (not his fault) which resulted in a large loss. He's gained the respect of multiple people, and is doing the same again.
I've personally offered help to cover the security side of things via code review, to help him get a plan for scaling together, I have taken a 12.3% hit on 10+BTC of my own, and have offered a further 1-2 BTC to help him through this. I'd rather support him than risk my personal holdings elsewhere, lost way too much already the last year.
Count that as a constructive vote of confidence.
Calm down, let Tristan face this on a fresh day, ensure everything is okay, and then get his service running again properly. We can all see his intentions are good, he has taken full responsibility (even though somebody else exploited him), and that past evidence shows he will work through this with us.
Tristan has already capably handled one big error see: https://bitcointalksearch.org/topic/m.5305316 (not his fault) which resulted in a large loss. He's gained the respect of multiple people, and is doing the same again.
I've personally offered help to cover the security side of things via code review, to help him get a plan for scaling together, I have taken a 12.3% hit on 10+BTC of my own, and have offered a further 1-2 BTC to help him through this. I'd rather support him than risk my personal holdings elsewhere, lost way too much already the last year.
Count that as a constructive vote of confidence.
Calm down, let Tristan face this on a fresh day, ensure everything is okay, and then get his service running again properly. We can all see his intentions are good, he has taken full responsibility (even though somebody else exploited him), and that past evidence shows he will work through this with us.
Pretty much the same things were said in the coinmarket threads. It means nothing. It's a reference.
12 hours has passed and what now?
?
i deposit my 5 btc after hacking site
nobody write dont deposit coins website is hacking so i want back my btc !!!!!
?i deposit my 5 btc after hacking site
nobody write dont deposit coins website is hacking so i want back my btc !!!!!
The consensus here is to send them more BTC to solve the problem.
Must be the fluoride
Or some killer coolaide
Jump to: