Pages:
Author

Topic: BTC Stolen from Poloniex - page 28. (Read 167480 times)

sr. member
Activity: 434
Merit: 250
March 04, 2014, 12:17:23 PM
Isn't sum from that account pointinb here? Whos address is this?
https://blockchain.info/address/1N2f642sbgCMbNtXFajz9XDACDFnFzdXzV
legendary
Activity: 924
Merit: 1000
March 04, 2014, 12:13:32 PM
I would like to thank everyone for their support and understanding. It really means a lot. Having other people's money taken under my watch has made me feel just about as awful as I've ever felt in my life.

I think I should have a poll to determine how to pay the funds back. Here are the options I'm thinking:

1. Pay back over time with exchange fees.
2. Same as #1, but raise fees to expedite.
3. Sell shares of Poloniex to cover the debt; dividends paid regularly.
4. Award such shares to everyone immediately and consider that repayment.

Let me know if I'm forgetting an option here.


About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.

I will be hiring a security programmer after this is dealt with.

1. Correct. It's your company and you will benefit from this profit wise in the long run. No one should bail out your company as it smacks of socialism.
2. Introduce small withdrawal fee of .20%. Only sensible option available that can be done quickly and easily.
3. Too complicated unless you know what you are doing. Expensive and time consuming. Would require full information of the company Poloniex and all company accounts. Would require contracts, legally binding and in the UK where we have contract laws etc. I would not accept any other countries.
4. same as 3.
5. Ask for 'donations', whereas if someone were to donate BTC now, you will pay them back in 3 months plus 5% interest for 3 months loan. Hell lot better return than the fiat banks.

newbie
Activity: 56
Merit: 0
March 04, 2014, 12:12:09 PM
It's amazing that people are saying "Yes! We have all of the information we need about this incident. You've been transparent enough. Now let us send you more BTC for our shares!"

rather than, "We'd like more detailed information about this incident in order to make a more informed decision."

Amazing...
newbie
Activity: 56
Merit: 0
March 04, 2014, 12:05:43 PM
I traded my BTC down to 1 satoshi (for AuroraCoin!) so I guess you can't freeze 1/8th of that?  Cool

So far I like, and very much so, the transparent way that the Poloniex founder is dealing with this issue. Hoping for more good things from this site. Everyone has growing pains. Learn from them.

The right time to hire a security programmer is when you 1) own an exchange; and 2) hear about security issues at the biggest exchange and hear the Bitcoin community talk about double-spending; and 3) hear about security issues at other exchanges

OP had a few weeks++ to lock the site down and make it secure. Hiring someone after these issues are resolved (what? 1 month? 2 months? and have more BTC stolen?) is not the way to go.
full member
Activity: 140
Merit: 100
March 04, 2014, 12:04:36 PM
I traded my BTC down to 1 satoshi (for AuroraCoin!) so I guess you can't freeze 1/8th of that?  Cool

So far I like, and very much so, the transparent way that the Poloniex founder is dealing with this issue. Hoping for more good things from this site. Everyone has growing pains. Learn from them.

Exactly, would rather support somebody transparent through this, than risk crypto at a new exchange where it could all be lost with no comeback or support.

The scum at coins-e who owe oh so much money could learn a lesson from this.
legendary
Activity: 1372
Merit: 1014
March 04, 2014, 12:03:22 PM
The transparency is excellent

The issue can be fixed via debt-to-equity swap (issueing shares)

The whole thing gives me the creeps because it is not clear which other marketplaces can have the exact same problem without us knowing. We need a marketplace that got actual real world deposit insurance and regular auditing by an external auditing firm.

Not regulation, but insurance and auditing is key.
newbie
Activity: 56
Merit: 0
March 04, 2014, 12:03:08 PM
Will someone who is depositing money right now (because there's no VISIBLE NOTICE on the site regarding the situation) also have their BTC deducted?

If no, then what is the exact time you are using for the "cut off"? 1 hour after theft? 10 hours? This makes no sense, especially when it appears you are still taking deposits.

If yes, are you serious?
hero member
Activity: 579
Merit: 500
CoinQuacker
March 04, 2014, 12:02:26 PM
I traded my BTC down to 1 satoshi (for AuroraCoin!) so I guess you can't freeze 1/8th of that?  Cool

So far I like, and very much so, the transparent way that the Poloniex founder is dealing with this issue. Hoping for more good things from this site. Everyone has growing pains. Learn from them.
legendary
Activity: 1372
Merit: 1022
Anarchy is not chaos.
March 04, 2014, 11:58:50 AM
I would like to thank everyone for their support and understanding. It really means a lot. Having other people's money taken under my watch has made me feel just about as awful as I've ever felt in my life.

I think I should have a poll to determine how to pay the funds back. Here are the options I'm thinking:

1. Pay back over time with exchange fees.
2. Same as #1, but raise fees to expedite.
3. Sell shares of Poloniex to cover the debt; dividends paid regularly.
4. Award such shares to everyone immediately and consider that repayment.

Let me know if I'm forgetting an option here.


About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.

I will be hiring a security programmer after this is dealt with.

I got no dog in the fight, so I'm fairly dispassionate on this. I think you should have posted 3 and 4 as a single item, and that's the way I'm gonna vote. If you do it, I would not mind a chance at buying some of those shares.

I also recommend, as Warren had posted earlier, that you start putting some of your income into an insurance fund to cover such things if they happen again.

Your honesty in this has probably saved your business, but coming as it did on the heels of the Empty Gox debacle, you are probably going to feel some pain for some time to come. I would try to sell shares at a rate twice what you lost to raise reserves against any sort of disaster. And I would do it through a third party with multisig verification.
sr. member
Activity: 420
Merit: 250
March 04, 2014, 11:56:22 AM

Busoni, a few ppl in the box made a poll earlier. The link is here: https://bitcointalksearch.org/topic/how-to-deal-with-poloniex-situation-500157

Thanks for the link, seems as im not the only one that wants some shares.

Well, I voted for shares, but mainly because I think increasing fees is not the way to go. There are some options missing in that poll.

"it really wouldn't be fair to deduct deposits made after the BTC was taken."... why not?

Seems logical to me. The BTC was taken from the 'main pot', in which all the BTC from everyone was who had BTC on the exchange at that moment. Apparently people deposited to the pot after the BTC was stolen. Why would their BTC be reduced, even though nothing was taken from their BTC?
full member
Activity: 140
Merit: 100
March 04, 2014, 11:54:55 AM
Don't know if this has been posted before, but the poloniex hack gets a mention in the UK Guardian (after the flexcoin business):

http://www.theguardian.com/technology/2014/mar/04/bitcoin-bank-flexcoin-closes-after-hack-attack

All publicity is good publicity, right? Wink
newbie
Activity: 56
Merit: 0
March 04, 2014, 11:54:36 AM

One anonymous poster vouching for another?

"If he was a thief he could easily have..." could apply to anyone before they do something wrong. But anyway.

It's a good exchange, sure. And I hope that all is the way that is said. I'm just suggesting that we not automatically assume that everything anonymous people say on the internet is true, especially when it comes to money.

You can check the thread history for him on here asking for help on how to retrieve BTC from a customer's wallet however, that is very real.

Yes, that's very nice. There are plenty of posts from Mark Karpeles being helpful too. We don't have the whole story yet (even if the first post is 100% true) because it has not been provided to us.
sr. member
Activity: 434
Merit: 250
March 04, 2014, 11:52:35 AM

Busoni, a few ppl in the box made a poll earlier. The link is here: https://bitcointalksearch.org/topic/how-to-deal-with-poloniex-situation-500157

Thanks for the link, seems as im not the only one that wants some shares.
newbie
Activity: 56
Merit: 0
March 04, 2014, 11:52:24 AM
[snips throughout[

it really wouldn't be fair to deduct deposits made after the BTC was taken.

Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.

I will be hiring a security programmer after this is dealt with.

You have NOT posted a VERY VISIBLE post on your website. This means people are still unknowingly sending you money. I consider this dishonest.

Hiring a security programmer after this is dealt with? You need one NOW not later.

"it really wouldn't be fair to deduct deposits made after the BTC was taken."... why not?
hero member
Activity: 714
Merit: 512
March 04, 2014, 11:50:56 AM
Dang... was hoping to sell my Q2C on Poloniex today.
newbie
Activity: 56
Merit: 0
March 04, 2014, 11:49:06 AM
Here's the way I see it. One of these is true. I hope it's the first one.

1) OP is 100% honest [great] <---- this is what we all want. But we don't always get to go to Disneyland, kids.

2) OP is partially honest [not bad, but still okay. Not a sign of theft. Theft is more clever and thought-out, like #3]

3) Impose a Cyprus-style "tax" on deposits. Suggest raising fees in order to make up the difference.

4)  Impose a Cyprus-style "tax" on deposits. Suggest raising fees in order to make up the difference, hoping that someone else (perhaps a friend) will suggest a share offering to get even more BTC [steal money, then get people to hand it over]

Once OP gives us more evidence and detail about what happened, #1 becomes more likely.

Openness, honesty, and transparency dictates an honest OP.

If this doesn't happen, or this post is shouted down (if organically or by friends of OP there's no way to know) then I think 4 is more likely.
member
Activity: 98
Merit: 10
March 04, 2014, 11:46:33 AM
The major problem here is that the auditing and security features were not explicitly looking for negative balances. They add deposits and withdrawals and check that accounts are in balance. If you have 2 BTC, withdraw 10 BTC, and are left with -8 BTC, the software would see that you deposited 2, withdrew 10, and have exactly what you should: -8.


This is pathetic. Any programmers would not have allowed this to happen in the first place. It's basic programming level. If you have 2 BTC, withdraw 10 BTC, then "withdrawal rejected due to lack of funds."

I think you've misunderstood. The problem wasn't that it didn't check for negative balance. If you had 2 BTC, it would not let you withdraw a single amount of 10 BTC. The problem was that the withdrawals did not have atomicity, meaning that you could withdraw 10 BTC from a balance of 2 BTC by spamming lots of withdrawals for 1 BTC in a very short space of time.

You made my point in bold above.....bad programming pure and simple. Spamming lots of withdrawals is irrelevant. The code should access one request at a time and each request to be completed before accepting another request.

Current balance - withdrawal request - request equal or less than balance = request accepted - withdrawal completed - new balance. Then repeat for each request. If there are many requests at the same time then only 1 request can be processed and others rejected.

I wasn't disagreeing that it's bad programming. Just clearing up the nature of the flaw.
sr. member
Activity: 280
Merit: 250
March 04, 2014, 11:45:49 AM
I would like to thank everyone for their support and understanding. It really means a lot. Having other people's money taken under my watch has made me feel just about as awful as I've ever felt in my life.

I think I should have a poll to determine how to pay the funds back. Here are the options I'm thinking:

1. Pay back over time with exchange fees.
2. Same as #1, but raise fees to expedite.
3. Sell shares of Poloniex to cover the debt; dividends paid regularly.
4. Award such shares to everyone immediately and consider that repayment.

Let me know if I'm forgetting an option here.


About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.

I will be hiring a security programmer after this is dealt with.

Busoni, a few ppl in the box made a poll earlier. The link is here: https://bitcointalksearch.org/topic/how-to-deal-with-poloniex-situation-500157
legendary
Activity: 1246
Merit: 1000
March 04, 2014, 11:45:42 AM

One anonymous poster vouching for another?

"If he was a thief he could easily have..." could apply to anyone before they do something wrong. But anyway.

It's a good exchange, sure. And I hope that all is the way that is said. I'm just suggesting that we not automatically assume that everything anonymous people say on the internet is true, especially when it comes to money.

You can check the thread history for him on here asking for help on how to retrieve BTC from a customer's wallet however, that is very real.

sr. member
Activity: 434
Merit: 250
March 04, 2014, 11:44:10 AM
Love all the negativity in the forum. You guys are just great!

Busoni, in regards to your post on your site I just wanted to put my vote in for shares/dividend payments. I think this would be the route to go over increased fees.

In any case, I think Polo is one of my favorite exchanges for the alts. Shit happens, at least you took responsibility and opened up to the community as soon as this happened. I will still certainly trade there.

Voting for the same: shares/dividend payments

and +1 for the rest of the post, couldnt have said it better.

edit: I would prefer option 3 oder 4 from the post above, always wanted to have shares from my favorite exchange so far before  Grin
Lets make it a "reverse-steal" similar to the stackcoin reverse-scam  Cool
Pages:
Jump to: