Pages:
Author

Topic: BTC Stolen from Poloniex - page 26. (Read 167480 times)

member
Activity: 157
Merit: 10
March 04, 2014, 01:23:17 PM
Personally, I think the owner of Poloniex did the right thing by saying what happened. We have to acknowledge that hackers and exploiters will steal funds time to time and when it does happen, its best to not to go the path of Mt. Gox. When someone does manage to steal funds, we as a community should get together and do our best to track exactly where the stolen money goes and hopefully the money eventually goes to some sort of money exchange service where we can alert the site.

Do you believe they're doing the right thing by:

  • Continuing to allow deposits but not withdrawls
  • not having any notice on their main page OR deposit page
  • not immediately sending out a notice to all customers by email
  • deducting 12% of coins deposited after the "theft"

Again.. it has been 12+ hours after the incident

By Busoni on page 11:

About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.
member
Activity: 82
Merit: 10
March 04, 2014, 01:23:08 PM
I would like to thank everyone for their support and understanding. It really means a lot. Having other people's money taken under my watch has made me feel just about as awful as I've ever felt in my life.

I think I should have a poll to determine how to pay the funds back. Here are the options I'm thinking:

1. Pay back over time with exchange fees.
2. Same as #1, but raise fees to expedite.
3. Sell shares of Poloniex to cover the debt; dividends paid regularly.
4. Award such shares to everyone immediately and consider that repayment.

Let me know if I'm forgetting an option here.


About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.

I will be hiring a security programmer after this is dealt with.

My vote:  #2
newbie
Activity: 56
Merit: 0
March 04, 2014, 01:21:49 PM
12 hours has passed and what now?Huh?
i deposit my 5 btc after hacking site
nobody write dont deposit coins website is hacking so i want back my btc !!!!!

The consensus here is to send them more BTC to solve the problem.

Must be the fluoride
hero member
Activity: 574
Merit: 500
March 04, 2014, 01:21:03 PM
The next thing that will be done--before markets are unfrozen--is a daemon will be created that continually monitors for negative balances and freezes any account with a negative balance

facepalm. Php or the frontend interface only for receiving requests from users not executing them. When user makes order, the server replies, "yes we got it", and come up with a script on the backend to process user requests atomically -- trader order, deposit, withdraw... once it's done on the backend, send ajax / websocket responds back to the front end that it's done, etc, or have user refresh it manually if such lazy.


This is what I. Described above, not sure why this guy thinks this has anything to do with bitcoin vulnerabilities oh well Wink
newbie
Activity: 56
Merit: 0
March 04, 2014, 01:20:35 PM
Personally, I think the owner of Poloniex did the right thing by saying what happened. We have to acknowledge that hackers and exploiters will steal funds time to time and when it does happen, its best to not to go the path of Mt. Gox. When someone does manage to steal funds, we as a community should get together and do our best to track exactly where the stolen money goes and hopefully the money eventually goes to some sort of money exchange service where we can alert the site.

Do you believe they're doing the right thing by:

  • Continuing to allow deposits but not withdrawls
  • not having any notice on their main page OR deposit page
  • not immediately sending out a notice to all customers by email
  • deducting 12% of coins deposited after the "theft"

Again.. it has been 12+ hours after the incident
newbie
Activity: 44
Merit: 0
March 04, 2014, 01:20:14 PM
OP.. you said this just a couple of days ago:

"One more thing--about security. Very few Poloniex accounts have been hacked--less than five, I think--but I still think reminders like this don't hurt. ...
This is money we're talking about, which means people will always be trying to steal it. "

When someone asked you about security you avoided it https://bitcointalksearch.org/topic/m.5471836

  • There's nothing visible about security on your website or FAQ
  • It does not appear that you have anyone to secure the website and will be looking to hire someone 'later'
  • when asked about site security you appear to have avoided the question. Isn't this important to discuss?

Further, per your own Terms you are legally liable for the loss that has occurred. You have a very short Terms page. Big mistake. It says only, "You agree not to hold Poloniex liable for any loss of funds resulting from incorrect information provided by you. "

which means you are liable for other losses. Though you say, "These terms and conditions may be changed at any time without notice. By continuing to use the services provided by Poloniex.com, you agree to any and all such changes." it would not apply to previous agreements.

I'm guessing you were an easy target for hackers because you did not have much security. You did not therefore do your best to secure the deposits of clients. And you are liable for the loss.

I'm sure the good folks here would not think of suing you (and neither would I) but you may want to CYA.
dude. "You also agree not to hold any persons or party liable for loss of funds resulting from third party actions". The hacking is a third party action. It's like that south park episode where they don't read the terms and conditions. human centipede.
newbie
Activity: 6
Merit: 0
March 04, 2014, 01:18:49 PM
12 hours has passed and what now?Huh?
i deposit my 5 btc after hacking site
nobody write dont deposit coins website is hacking so i want back my btc !!!!!
full member
Activity: 140
Merit: 100
March 04, 2014, 01:18:29 PM
Very okay with all of this.

Tristan has already capably handled one big error see: https://bitcointalksearch.org/topic/m.5305316 (not his fault)  which resulted in a large loss. He's gained the respect of multiple people, and is doing the same again.

I've personally offered help to cover the security side of things via code review, to help him get a plan for scaling together, I have taken a 12.3% hit on 10+BTC of my own, and have offered a further 1-2 BTC to help him through this. I'd rather support him than risk my personal holdings elsewhere, lost way too much already the last year.

Count that as a constructive vote of confidence.

Calm down, let Tristan face this on a fresh day, ensure everything is okay, and then get his service running again properly. We can all see his intentions are good, he has taken full responsibility (even though somebody else exploited him), and that past evidence shows he will work through this with us.
legendary
Activity: 1666
Merit: 1000
March 04, 2014, 01:18:18 PM
Will someone who is depositing money right now (because there's no VISIBLE NOTICE on the site regarding the situation) also have their BTC deducted?

If no, then what is the exact time you are using for the "cut off"? 1 hour after theft? 10 hours? This makes no sense, especially when it appears you are still taking deposits.

If yes, are you serious?
This is the problem of beeing transparent and honest. Mt.Gox had to deduct 100% many months ago, but they didn't tell us the truth.
full member
Activity: 176
Merit: 100
March 04, 2014, 01:17:43 PM
Personally, I think the owner of Poloniex did the right thing by saying what happened. We have to acknowledge that hackers and exploiters will steal funds time to time and when it does happen, its best to not to go the path of Mt. Gox. When someone does manage to steal funds, we as a community should get together and do our best to track exactly where the stolen money goes and hopefully the money eventually goes to some sort of money exchange service where we can alert the site. Instead of assuming the site owner or one of their employees are in on a conspiracy to steal your money every single time..
legendary
Activity: 1596
Merit: 1000
March 04, 2014, 01:14:59 PM
what happens to the btc which were in active orders?
legendary
Activity: 924
Merit: 1000
March 04, 2014, 01:14:30 PM
I would like to thank everyone for their support and understanding. It really means a lot. Having other people's money taken under my watch has made me feel just about as awful as I've ever felt in my life.

I think I should have a poll to determine how to pay the funds back. Here are the options I'm thinking:

1. Pay back over time with exchange fees.
2. Same as #1, but raise fees to expedite.
3. Sell shares of Poloniex to cover the debt; dividends paid regularly.
4. Award such shares to everyone immediately and consider that repayment.

Let me know if I'm forgetting an option here.


About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.

I will be hiring a security programmer after this is dealt with.

#3 and #4 add too much complexity and may become a source of problems in future.

Just deduct that 12% from the btc pot (excluding new deposits after trade got halted) and return it from fees over time. Add a small tax on withdrawals if you think it is needed. Add a small interest on the paybacks to balance the time needed to recover the full pot (I mean, people will get BTC back in, let's say, 1 or 2 months? Then give them a bit more than they lost, which will compensate also the rise on taxes, but sooner or later you will get it done)

Giving dividends is the same as giving BTC back, in the end, but dividends are slower and not good for you after the debt is payed. Just consider this: is it good to share future benefits with a lot of people once the theft is returned? That is what will happen if you open shares, and honestly, it will be much more clear for _everyone_ to get BTC returned hour by hour or day by day in a global payback.

Fecking socialist want tax Grin Grin Grin Grin
member
Activity: 231
Merit: 10
March 04, 2014, 01:14:01 PM
You're a twit for assuming everyone on here is a guy.......perhaps in your fantasy land there are no females.

Get over yourself.  It's colloquial... Roll Eyes

"The term guy is generally restricted to males, as in Was that a guy or a girl?, but the form you guys may be used for groups of any combination of genders whether it is all male, all female or any combination."

http://en.wiktionary.org/wiki/you_guys
newbie
Activity: 7
Merit: 0
March 04, 2014, 01:12:36 PM
You guys and gals are hopeless. I'll check back on page 56 when communication from op has dropped to nil and you slowly forget about your lost funds. Then I'll link to my post on another exchange's forum when they, too, don't believe that the latest "hack" sounds like BS

Ok if you're all about thinking about this logically, then do so. Even if he's going to run away with the money (which I personally don't think he will actually), then he's already done it.

I say give him the chance to do right, instead of trying to spread panic. For what cause? Are you so desperate to tell someone I told you so? You're being childlike and stupid.

Yes please come back when there is a page 56. Or honestly, maybe not at all.
hero member
Activity: 966
Merit: 546
March 04, 2014, 01:11:24 PM
newbie
Activity: 56
Merit: 0
March 04, 2014, 01:08:52 PM
Will someone who is depositing money right now (because there's no VISIBLE NOTICE on the site regarding the situation) also have their BTC deducted?

If no, then what is the exact time you are using for the "cut off"? 1 hour after theft? 10 hours? This makes no sense, especially when it appears you are still taking deposits.

If yes, are you serious?

Site still has no notice about incident 12+ hours after incident occurred.
A small tweet box off to the side does not count. This is obviously VERY important.

Still taking deposits, with no notice on deposit page. Again, more than 12+ hours after the incident occurred.

Deposit coins = OK!
Withdraw coins = not okay Sad

People that are depositing money now may still have 12% deducted from their account. Even thought the "theft" happened long before they deposited their coins.

Are you okay with all of the above? And you want to send op MORE BTC for shares???

I smell a rat.
legendary
Activity: 1078
Merit: 1002
Bitcoin is new, makes sense to hodl.
March 04, 2014, 01:07:25 PM
The next thing that will be done--before markets are unfrozen--is a daemon will be created that continually monitors for negative balances and freezes any account with a negative balance

facepalm. Php or the frontend interface only for receiving requests from users not executing them. When user makes order, the server replies, "yes we got it", and come up with a script on the backend to process user requests atomically -- trader order, deposit, withdraw... once it's done on the backend, send ajax / websocket responds back to the front end that it's done, etc, or have user refresh it manually if such lazy.
hero member
Activity: 720
Merit: 500
March 04, 2014, 01:06:11 PM
I'm happy with the way this has been dealt with, respect for that. I'm still going to do all my trading at Polo, their security is only stronger as a result of this experience I guess.
sr. member
Activity: 294
Merit: 250
March 04, 2014, 01:04:34 PM
I am sorry fo all the loss here and hope the exchange opens again for trading fast  Smiley and I will support Poloniex. I am not a big trader but I have coins in there I have been working hard to earn so really hope it opens soon.
full member
Activity: 212
Merit: 100
March 04, 2014, 01:01:53 PM
Could we possibly donate toward the missing funds to get things back to normal faster with a benefit of portion of fees coming back to us for a bit? Smiley
Pages:
Jump to: