BTC Stolen from Poloniex - page 26. | Bitcointalksearch.org

bato323

member

Activity: 157

Merit: 10

Quote from: jtpeters on March 04, 2014, 02:20:35 PM

Quote from: crazynoggin on March 04, 2014, 02:17:43 PM

Personally, I think the owner of Poloniex did the right thing by saying what happened. We have to acknowledge that hackers and exploiters will steal funds time to time and when it does happen, its best to not to go the path of Mt. Gox. When someone does manage to steal funds, we as a community should get together and do our best to track exactly where the stolen money goes and hopefully the money eventually goes to some sort of money exchange service where we can alert the site.

Do you believe they're doing the right thing by:

Continuing to allow deposits but not withdrawls
not having any notice on their main page OR deposit page
not immediately sending out a notice to all customers by email
deducting 12% of coins deposited after the "theft"

Again.. it has been 12+ hours after the incident

By Busoni on page 11:

About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.

ginko-B

member

Activity: 82

Merit: 10

Quote from: busoni on March 04, 2014, 12:41:58 PM

I would like to thank everyone for their support and understanding. It really means a lot. Having other people's money taken under my watch has made me feel just about as awful as I've ever felt in my life.

I think I should have a poll to determine how to pay the funds back. Here are the options I'm thinking:

1. Pay back over time with exchange fees.
2. Same as #1, but raise fees to expedite.
3. Sell shares of Poloniex to cover the debt; dividends paid regularly.
4. Award such shares to everyone immediately and consider that repayment.

Let me know if I'm forgetting an option here.

About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.

I will be hiring a security programmer after this is dealt with.

My vote: #2

jtpeters

newbie

Activity: 56

Merit: 0

Quote from: ryback on March 04, 2014, 02:18:49 PM

12 hours has passed and what now? Huh

?
i deposit my 5 btc after hacking site
nobody write dont deposit coins website is hacking so i want back my btc !!!!!

The consensus here is to send them more BTC to solve the problem.

Must be the fluoride

chiznitz

hero member

Activity: 574

Merit: 500

Quote from: romerun on March 04, 2014, 02:07:25 PM

Quote from: busoni on March 04, 2014, 04:31:32 AM

The next thing that will be done--before markets are unfrozen--is a daemon will be created that continually monitors for negative balances and freezes any account with a negative balance

facepalm. Php or the frontend interface only for receiving requests from users not executing them. When user makes order, the server replies, "yes we got it", and come up with a script on the backend to process user requests atomically -- trader order, deposit, withdraw... once it's done on the backend, send ajax / websocket responds back to the front end that it's done, etc, or have user refresh it manually if such lazy.

This is what I. Described above, not sure why this guy thinks this has anything to do with bitcoin vulnerabilities oh well Wink

jtpeters

newbie

Activity: 56

Merit: 0

Quote from: crazynoggin on March 04, 2014, 02:17:43 PM

Personally, I think the owner of Poloniex did the right thing by saying what happened. We have to acknowledge that hackers and exploiters will steal funds time to time and when it does happen, its best to not to go the path of Mt. Gox. When someone does manage to steal funds, we as a community should get together and do our best to track exactly where the stolen money goes and hopefully the money eventually goes to some sort of money exchange service where we can alert the site.

Do you believe they're doing the right thing by:

Continuing to allow deposits but not withdrawls
not having any notice on their main page OR deposit page
not immediately sending out a notice to all customers by email
deducting 12% of coins deposited after the "theft"

Again.. it has been 12+ hours after the incident

crypto era

newbie

Activity: 44

Merit: 0

Quote from: jtpeters on March 04, 2014, 01:23:53 PM

OP.. you said this just a couple of days ago:

"One more thing--about security. Very few Poloniex accounts have been hacked--less than five, I think--but I still think reminders like this don't hurt. ...
This is money we're talking about, which means people will always be trying to steal it. "

When someone asked you about security you avoided it https://bitcointalksearch.org/topic/m.5471836

There's nothing visible about security on your website or FAQ
It does not appear that you have anyone to secure the website and will be looking to hire someone 'later'
when asked about site security you appear to have avoided the question. Isn't this important to discuss?

Further, per your own Terms you are legally liable for the loss that has occurred. You have a very short Terms page. Big mistake. It says only, "You agree not to hold Poloniex liable for any loss of funds resulting from incorrect information provided by you. "

which means you are liable for other losses. Though you say, "These terms and conditions may be changed at any time without notice. By continuing to use the services provided by Poloniex.com, you agree to any and all such changes." it would not apply to previous agreements.

I'm guessing you were an easy target for hackers because you did not have much security. You did not therefore do your best to secure the deposits of clients. And you are liable for the loss.

I'm sure the good folks here would not think of suing you (and neither would I) but you may want to CYA.

dude. "You also agree not to hold any persons or party liable for loss of funds resulting from third party actions". The hacking is a third party action. It's like that south park episode where they don't read the terms and conditions. human centipede.

ryback

newbie

Activity: 6

Merit: 0

12 hours has passed and what now? Huh

?
i deposit my 5 btc after hacking site
nobody write dont deposit coins website is hacking so i want back my btc !!!!!

InsanityDev

full member

Activity: 140

Merit: 100

Very okay with all of this.

Tristan has already capably handled one big error see: https://bitcointalksearch.org/topic/m.5305316 (not his fault) which resulted in a large loss. He's gained the respect of multiple people, and is doing the same again.

I've personally offered help to cover the security side of things via code review, to help him get a plan for scaling together, I have taken a 12.3% hit on 10+BTC of my own, and have offered a further 1-2 BTC to help him through this. I'd rather support him than risk my personal holdings elsewhere, lost way too much already the last year.

Count that as a constructive vote of confidence.

Calm down, let Tristan face this on a fresh day, ensure everything is okay, and then get his service running again properly. We can all see his intentions are good, he has taken full responsibility (even though somebody else exploited him), and that past evidence shows he will work through this with us.

kneim

legendary

Activity: 1666

Merit: 1000

Quote from: jtpeters on March 04, 2014, 01:03:08 PM

Will someone who is depositing money right now (because there's no VISIBLE NOTICE on the site regarding the situation) also have their BTC deducted?

If no, then what is the exact time you are using for the "cut off"? 1 hour after theft? 10 hours? This makes no sense, especially when it appears you are still taking deposits.

If yes, are you serious?

This is the problem of beeing transparent and honest. Mt.Gox had to deduct 100% many months ago, but they didn't tell us the truth.

crazynoggin

full member

Activity: 176

Merit: 100

Personally, I think the owner of Poloniex did the right thing by saying what happened. We have to acknowledge that hackers and exploiters will steal funds time to time and when it does happen, its best to not to go the path of Mt. Gox. When someone does manage to steal funds, we as a community should get together and do our best to track exactly where the stolen money goes and hopefully the money eventually goes to some sort of money exchange service where we can alert the site. Instead of assuming the site owner or one of their employees are in on a conspiracy to steal your money every single time..

kashish948

legendary

Activity: 1596

Merit: 1000

what happens to the btc which were in active orders?

The One

legendary

Activity: 924

Merit: 1000

Quote from: alioven on March 04, 2014, 01:57:28 PM

Quote from: busoni on March 04, 2014, 12:41:58 PM

I would like to thank everyone for their support and understanding. It really means a lot. Having other people's money taken under my watch has made me feel just about as awful as I've ever felt in my life.

I think I should have a poll to determine how to pay the funds back. Here are the options I'm thinking:

1. Pay back over time with exchange fees.
2. Same as #1, but raise fees to expedite.
3. Sell shares of Poloniex to cover the debt; dividends paid regularly.
4. Award such shares to everyone immediately and consider that repayment.

Let me know if I'm forgetting an option here.

About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.

I will be hiring a security programmer after this is dealt with.

#3 and #4 add too much complexity and may become a source of problems in future.

Just deduct that 12% from the btc pot (excluding new deposits after trade got halted) and return it from fees over time. Add a small tax on withdrawals if you think it is needed. Add a small interest on the paybacks to balance the time needed to recover the full pot (I mean, people will get BTC back in, let's say, 1 or 2 months? Then give them a bit more than they lost, which will compensate also the rise on taxes, but sooner or later you will get it done)

Giving dividends is the same as giving BTC back, in the end, but dividends are slower and not good for you after the debt is payed. Just consider this: is it good to share future benefits with a lot of people once the theft is returned? That is what will happen if you open shares, and honestly, it will be much more clear for _everyone_ to get BTC returned hour by hour or day by day in a global payback.

Fecking socialist want tax Grin

cubicdissection

member

Activity: 231

Merit: 10

Quote from: The One on March 04, 2014, 01:40:05 PM

You're a twit for assuming everyone on here is a guy.......perhaps in your fantasy land there are no females.

Get over yourself. It's colloquial... Roll Eyes

"The term guy is generally restricted to males, as in Was that a guy or a girl?, but the form you guys may be used for groups of any combination of genders whether it is all male, all female or any combination."

http://en.wiktionary.org/wiki/you_guys

shdwoflyte

newbie

Activity: 7

Merit: 0

Quote from: jtpeters on March 04, 2014, 02:00:16 PM

You guys and gals are hopeless. I'll check back on page 56 when communication from op has dropped to nil and you slowly forget about your lost funds. Then I'll link to my post on another exchange's forum when they, too, don't believe that the latest "hack" sounds like BS

Ok if you're all about thinking about this logically, then do so. Even if he's going to run away with the money (which I personally don't think he will actually), then he's already done it.

I say give him the chance to do right, instead of trying to spread panic. For what cause? Are you so desperate to tell someone I told you so? You're being childlike and stupid.

Yes please come back when there is a page 56. Or honestly, maybe not at all.

WaffleMaster

hero member

Activity: 966

Merit: 546

jtpeters

newbie

Activity: 56

Merit: 0

Quote from: jtpeters on March 04, 2014, 01:03:08 PM

Will someone who is depositing money right now (because there's no VISIBLE NOTICE on the site regarding the situation) also have their BTC deducted?

If no, then what is the exact time you are using for the "cut off"? 1 hour after theft? 10 hours? This makes no sense, especially when it appears you are still taking deposits.

If yes, are you serious?

Site still has no notice about incident 12+ hours after incident occurred.
A small tweet box off to the side does not count. This is obviously VERY important.

Still taking deposits, with no notice on deposit page. Again, more than 12+ hours after the incident occurred.

Deposit coins = OK!
Withdraw coins = not okay Sad

People that are depositing money now may still have 12% deducted from their account. Even thought the "theft" happened long before they deposited their coins.

Are you okay with all of the above? And you want to send op MORE BTC for shares???

I smell a rat.

romerun

legendary

Activity: 1078

Merit: 1002

Bitcoin is new, makes sense to hodl.

Quote from: busoni on March 04, 2014, 04:31:32 AM

The next thing that will be done--before markets are unfrozen--is a daemon will be created that continually monitors for negative balances and freezes any account with a negative balance

facepalm. Php or the frontend interface only for receiving requests from users not executing them. When user makes order, the server replies, "yes we got it", and come up with a script on the backend to process user requests atomically -- trader order, deposit, withdraw... once it's done on the backend, send ajax / websocket responds back to the front end that it's done, etc, or have user refresh it manually if such lazy.

TingCoin

hero member

Activity: 720

Merit: 500

I'm happy with the way this has been dealt with, respect for that. I'm still going to do all my trading at Polo, their security is only stronger as a result of this experience I guess.

qiwoman

sr. member

Activity: 294

Merit: 250

I am sorry fo all the loss here and hope the exchange opens again for trading fast

and I will support Poloniex. I am not a big trader but I have coins in there I have been working hard to earn so really hope it opens soon.

clintar

full member

Activity: 212

Merit: 100

Could we possibly donate toward the missing funds to get things back to normal faster with a benefit of portion of fees coming back to us for a bit?

Topic: BTC Stolen from Poloniex - page 26. (Read 167444 times)