Pages:
Author

Topic: BTC Stolen from Poloniex - page 34. (Read 167466 times)

legendary
Activity: 924
Merit: 1000
March 04, 2014, 06:12:24 AM
How many bitcoins is 12.3%?

This keeps getting posted in the trollbox, but I have no idea about the veracity of it:

https://blockchain.info/address/1Ktq7TE3J5vZ3c99M5weqKfFcNkHQdqPrq



Is there a way of stopping and taking those BTC back?
full member
Activity: 168
Merit: 100
March 04, 2014, 06:11:59 AM
Does anyone know when exactly the market froze? I started a BTC withdrawal +5 hours ago but it's stuck in PENDING.
newbie
Activity: 37
Merit: 0
March 04, 2014, 06:11:40 AM
What about BTC deposits after the announcement? Will they be affected?
member
Activity: 78
Merit: 12
March 04, 2014, 06:10:31 AM
How about issuing fee share to all affected accounts?

For example, issue 200,000 shares @ 1 mBTC each (for a total of 200 BTC)

For each 1 mBTC loss, issue 1 share to the account.

Rising fee to 1.5% is like committing suicide, I'm quite sure that many people (including myself) will leave.
member
Activity: 93
Merit: 10
March 04, 2014, 06:09:28 AM
Address of the thief https://blockchain.info/address/1Ktq7TE3J5vZ3c99M5weqKfFcNkHQdqPrq
Total loss is around $50,000
If that's indeed him, Googling the address brings up a russian forum with his address... If the site cooperates we can find the guy:
http://2ch-b.ru/2014/03/03/privet-anon-hochu-besplatno-gb-na-drpbx-libo-posovetuj-drugoj-63603242.html
More on this?
It some faucet. Giveaway 0.1LTC for anyone registering on dropbox... So no additional info from here, beside the fact what the thief speaking russian.
legendary
Activity: 924
Merit: 1000
March 04, 2014, 06:08:28 AM
The major problem here is that the auditing and security features were not explicitly looking for negative balances. They add deposits and withdrawals and check that accounts are in balance. If you have 2 BTC, withdraw 10 BTC, and are left with -8 BTC, the software would see that you deposited 2, withdrew 10, and have exactly what you should: -8.


This is pathetic. Any programmers would not have allowed this to happen in the first place. It's basic programming level. If you have 2 BTC, withdraw 10 BTC, then "withdrawal rejected due to lack of funds."

Secondly, one by one the exchanges are going pear shaped. One by one suspicious of scams are raised.

Is there any honest people on the Bitcointalk forum apart from myself?

Any rises in fees, especially up to 1.5% is suicide. Users will simply move to another exchange. All businesses should have insurance policies in place and funds held in reserve.

Poloniex a fast growing site and revenues are going up, therefore as more coins are added, the revenues will increase further. So no need for an increase in fees but the owner need to trust that the revenues will grow. Any fees increase will compound the problem, thus lowering revenues.

Fixed the basic programming error and continue as best you can. Users will then be able to continue as normal and the revenues will grow.

I would support a small .20% withdrawal fee as a temporary measure.

member
Activity: 93
Merit: 10
March 04, 2014, 06:07:00 AM
So, the users will pay for that flaw again (with rised fees). It were some understandable with XCP, where the flaw was on protocols side, but here? Great idea busoni. Why not take the amount you was stolen of from all the users?
hero member
Activity: 812
Merit: 500
March 04, 2014, 06:05:32 AM
 Wink Simply are gone ...by Magic !  Damn man that sucks i hope it will be fine . Add more coins i also recommend you too add Franko & Magic Internet Money , Maza & Auroracoin make some volume bro . That would be awesome !
member
Activity: 63
Merit: 10
March 04, 2014, 05:56:06 AM
Serious mistakes have certainly been made, but I do think it's correct to applaud Poloniex from the perspective of swift, good and effective communication. Being transparent, letting everyone know exactly what happened, and how, is something I would like to see more of.

I don't think I've ever seen so many new accounts hype a hack to be the best thing ever.

It really is mindblowing that you are all commending him for not having the basics right in the first place.

But alas, you'll get paid over time right?
sr. member
Activity: 406
Merit: 250
March 04, 2014, 05:46:50 AM
#99
Address of the thief https://blockchain.info/address/1Ktq7TE3J5vZ3c99M5weqKfFcNkHQdqPrq
Total loss is around $50,000
If that's indeed him, Googling the address brings up a russian forum with his address... If the site cooperates we can find the guy:
http://2ch-b.ru/2014/03/03/privet-anon-hochu-besplatno-gb-na-drpbx-libo-posovetuj-drugoj-63603242.html
More on this?
full member
Activity: 233
Merit: 102
March 04, 2014, 05:46:31 AM
#98
I don't think I've ever seen so many new accounts hype a hack to be the best thing ever.

It really is mindblowing that you are all commending him for not having the basics right in the first place.

But alas, you'll get paid over time right?

Honesty is fantastic.
Competence is even better because some asshole made $50k from a flaw where your system could be overloaded with negatives balances? Why would a negative balance ever be OK?
The new system you describe for future security still needs to notify the admin of unusual activity. How long does it take to steal $50k? Less than the time you're sleeping I'm sure.

I'm sorry, but I was a big Poloniex fan and appreciate the honesty, but for Christs' Sake hire some fucking white hat hackers for $25k and you're already ahead.
full member
Activity: 194
Merit: 100
March 04, 2014, 05:45:47 AM
#97
My deposit hasn't appeared either Sad
hero member
Activity: 840
Merit: 1000
March 04, 2014, 05:38:40 AM
#96
Thank you. I am ok, with that. Does that mean ALL bitcoins are stored online at the site?

It certainly sounds that way, and no mention of cold/offline storage was mentioned in the OP. I would also like to know the answer to this, as storing all funds online is extremely irresponsible.

 I would hope only a small % of funds are stored in a hot wallet, otherwise this hack could have been a lot more disastrous than 12.3% had he not caught on soon enough. Would be good if busoni can provide clarification on this.

Anyway, I'm a fan of the exchange and will continue to use it. It seems like Poloniex has went through some insane growth lately which I imagine is all a bit overwhelming. The hack is unfortunate, but he's handling this better than most.
legendary
Activity: 1094
Merit: 1006
March 04, 2014, 05:35:54 AM
#95
Race attack again? Looks like we need a basic hacking an exchange guidebook. This has happened to quite a few exchanges.
sr. member
Activity: 490
Merit: 250
March 04, 2014, 05:35:38 AM
#94
I have made a btc deposit that has not yet been credited. Is this related

Where is my btc deposit. 8 confirms on the block chain
Same problem, over 10 confirms but no pending deposit. Busoni please explain too.
hero member
Activity: 574
Merit: 500
Growcoin Chief
March 04, 2014, 05:34:20 AM
#93
busoni... respect bro...  Cool
member
Activity: 115
Merit: 10
March 04, 2014, 05:32:11 AM
#92
I have made a btc deposit that has not yet been credited. Is this related

Where is my btc deposit. 8 confirms on the block chain
full member
Activity: 139
Merit: 100
March 04, 2014, 05:27:55 AM
#91
I don't think I've ever seen so many new accounts hype a hack to be the best thing ever.

It really is mindblowing that you are all commending him for not having the basics right in the first place.

But alas, you'll get paid over time right?
Finally a response I can agree with is. All this praise for an exchange with such fundamental flaws is incredible. This is why a good exchange needs funding, so you can have this stuff tested, certified and possibly even insured. Just because the way other exchanges deal with hacks is even worse doesn't make this solution a good one.

Hiking up fees: bad idea, it's not the users fault, you're going to lose enough users over this without punishing them through higher fees.
Locking up 12.3% of (the remaining) BTC: bad idea as well as mathematically incorrect. 12.3% of 100 is not the same as 12.3% of 87.7. You fucked up, you never asked people if they would be willing to put up their BTC to cover your mistakes. Take it from all these fanboys who are willing to, not those who aren't.
legendary
Activity: 1151
Merit: 1003
March 04, 2014, 05:26:19 AM
#90
Dear Busoni!
I am sorry about incident.
Thanks for transparent interpretation of stolen BTC there.
You can start to collect donations for covering exchange losses.
Hope it will be good.
sr. member
Activity: 350
Merit: 250
March 04, 2014, 05:22:21 AM
#89
I don't think I've ever seen so many new accounts hype a hack to be the best thing ever.

It really is mindblowing that you are all commending him for not having the basics right in the first place.

But alas, you'll get paid over time right?
Pages:
Jump to: