A little late to the party but I wanted to post something. When this happened, although poloniex.com is a direct competitor and I've never spoken to him, I gained a massive amount of respect for the owner for:
A) Owning up to what happened and more importantly:
B) Doing something I have NEVER seen an exchange do - actually give pertinent details as to what happened. We got hacked, and this is exactly how it happened. And how you can #LFMF
Immediately after reading that I went into our code to make sure the same thing couldn't happen to us. For that, busoni, you are the man.
Monday morning - we lost some BTC. And had a huge revelation, that had poloniex.com done what we do (and we didn't even know it was added security until I had a panic attack at 6:40am yesterday morning) they wouldn't have lost a single satoshi.
It's a long post, but worth the read. If you just want the technical details and none of the entertainment value, scroll down to about the bottom third.
http://www.allcrypt.com/blog/2014/03/small-bug-leads-to-lost-btc-and-a-huge-revelation-why-arent-all-exchanges-doing-this/
Topic: BTC Stolen from Poloniex - page 5. (Read 167416 times)
I sent 102000USDe to Poloniex, but so fat not confirmed.
TXid: http://cryptexplorer.com/tx/e9eaf49c605e7dfbec8ec65c1d1ea63146e2e2f10a6121fc90671124ee84a18d#o1
TXid: http://cryptexplorer.com/tx/e9eaf49c605e7dfbec8ec65c1d1ea63146e2e2f10a6121fc90671124ee84a18d#o1
So many people in this topic dying to resume sending coins here despite the shockingly poor level of understanding displayed by the operator.
I wonder if these same people will be crying, "don't be mean, how were we meant to know Poloniex was bad, it was mostly okay for ages!" at some point in the near future.
Anyone planning to use this service needs to list off the unique selling features—things that no other exchange can offer today—and weigh those up against the incredibly high risk of placing your funds in the care of someone that demonstrably does not know what they are doing.
I personally cannot imagine what it is that Poloniex offers that could make it worth the risk but I'll assume all those clamouring to throw their money at it do and have done their own risk assessment.
Because there will be no saying that they weren't warned, later on.
I wonder if these same people will be crying, "don't be mean, how were we meant to know Poloniex was bad, it was mostly okay for ages!" at some point in the near future.
Anyone planning to use this service needs to list off the unique selling features—things that no other exchange can offer today—and weigh those up against the incredibly high risk of placing your funds in the care of someone that demonstrably does not know what they are doing.
I personally cannot imagine what it is that Poloniex offers that could make it worth the risk but I'll assume all those clamouring to throw their money at it do and have done their own risk assessment.
Because there will be no saying that they weren't warned, later on.
I sent BTC yesterday and my balance didn't get reduced by 12%. I use Poloniex because it's the only exchange that trades NRS. I buy NRS and immediately withdraw to my wallet. That's it.
I'm somewhat neutral here. I see the point of the PROGRAMMERS who say that Tristan should shut it down pending a rewrite and audit. I see the point of the customers who want it to stay up. And I see the point of Tristan trying to keep his business afloat after a major fuckup. It seems that the majority of his customers are ok with how he's handling it, despite the flaws, because he's been up front and honest about it.
That goes a long way in my book, too. But I must defer to the programmers and experts as well, because I am not one and do want a secure exchange. But yelling at each other isn't going to change or help anything, nor does it add to the conversation.
I think he should compromise. Give everyone a couple of days to withdraw, after suspending trading and deposits, and recode the thing. Then issue shares to help defray the costs of the rewrite, pay back everyone who was harmed in the hack and his solution, and reopen with a new and more secure platform. That way everybody wins in the medium to long term. Oh, and mount an external audit or two, just to be sure. He seems to have the good will of the community, so I do not think the above would harm his long term business prospects. On the contrary, it just might secure them.
+1
Simple and obvious really. Majority of users are OK with that, it seems.
loss/theft was due to the exchanges incompetence, this is not the customers fault. If the theft was only 50k and this guy running an exchange cant pay 50k back, then he is a liar and has no business running this company.
I mean when the exchange is doing good, he is not sharing those profits with his customers. By the same token if his exchange is having problems then he shouldn't make the customers pay for it in any way.
People should show a little more anger, instead of thanking the guy for his incompetence
I mean when the exchange is doing good, he is not sharing those profits with his customers. By the same token if his exchange is having problems then he shouldn't make the customers pay for it in any way.
People should show a little more anger, instead of thanking the guy for his incompetence
When you have a bit of experience in this business, you might show a little humility.
You are a whingeing negative force.. that is more annoying IMO. Better to pull together and trust people's motives until really proven otherwise.
and you Nancy are a Fairy boy living in a Fairy world...
...and this solves what?
When D&T lambasts Tristan, it's with respect and detail. Not to start a fight amongst other users.
I'm somewhat neutral here. I see the point of the PROGRAMMERS who say that Tristan should shut it down pending a rewrite and audit. I see the point of the customers who want it to stay up. And I see the point of Tristan trying to keep his business afloat after a major fuckup. It seems that the majority of his customers are ok with how he's handling it, despite the flaws, because he's been up front and honest about it.
That goes a long way in my book, too. But I must defer to the programmers and experts as well, because I am not one and do want a secure exchange. But yelling at each other isn't going to change or help anything, nor does it add to the conversation.
I think he should compromise. Give everyone a couple of days to withdraw, after suspending trading and deposits, and recode the thing. Then issue shares to help defray the costs of the rewrite, pay back everyone who was harmed in the hack and his solution, and reopen with a new and more secure platform. That way everybody wins in the medium to long term. Oh, and mount an external audit or two, just to be sure. He seems to have the good will of the community, so I do not think the above would harm his long term business prospects. On the contrary, it just might secure them.
Its been confirmed that the vulnerability in their system existed a result of incompetence on their part...
this exchange allowed you to send money in when they know they are being robbed or were just robbed... How can you allow money to come in if you are not sure that money wont be stolen as well, this indicates maliciousness on their part. They allow it because they know you would much sooner bow down then state the obvious and maybe show some anger.
loss/theft was due to the exchanges incompetence, this is not the customers fault. If the theft was only 50k and this guy running an exchange cant pay 50k back, then he is a liar and has no business running this company.
I mean when the exchange is doing good, he is not sharing those profits with his customers. By the same token if his exchange is having problems then he shouldn't make the customers pay for it in any way.
People should show a little more anger, instead of thanking the guy for his incompetence
I mean when the exchange is doing good, he is not sharing those profits with his customers. By the same token if his exchange is having problems then he shouldn't make the customers pay for it in any way.
People should show a little more anger, instead of thanking the guy for his incompetence
When you have a bit of experience in this business, you might show a little humility.
You are a whingeing negative force.. that is more annoying IMO. Better to pull together and trust people's motives until really proven otherwise.
and you Nancy are a Fairy boy living in a Fairy world...
Noticed after logging in I lost .1 btcs in the theft, and .006x has been paid back already... love the way this exchange delt with the problem. Thanks OP!
I really have to say I don't find any problem with functions, withdrawal and deposit working OK.
Same here. New customer since after the theft occurred. I was hesitant, but the way this has been implemented the payback mechanism being discussed here does not at all affect business done after this all went down. Just FYI
I really have to say I don't find any problem with functions, withdrawal and deposit working OK.
Hi admin!
Plz check my Deposit usde issue with my user id: [email protected]:
why i don't see my USDe in my balance?
Status: 52 confirmations
Date: 3/10/2014 22:51
To: poloniex.com GXMc7TB6cQQ1QZsfrA2Cb3Sj4hT5WBHPeV
Debit: -97490.00 USDE
Transaction fee: -1.20 USDE
Net amount: -97491.20 USDE
Transaction ID: 02e5335f9176a05367991f1217a195632b2f367c2d374b6c9f53126bbef67874
thanks you
Plz check my Deposit usde issue with my user id: [email protected]:
why i don't see my USDe in my balance?
Status: 52 confirmations
Date: 3/10/2014 22:51
To: poloniex.com GXMc7TB6cQQ1QZsfrA2Cb3Sj4hT5WBHPeV
Debit: -97490.00 USDE
Transaction fee: -1.20 USDE
Net amount: -97491.20 USDE
Transaction ID: 02e5335f9176a05367991f1217a195632b2f367c2d374b6c9f53126bbef67874
thanks you
What I would ask the manager of Poloniex (Tristan) in a positive way, is , Do you honestly think it might be desirable for the exchange code to be rewritten in a new framework ?
Future security is important for the confidence of everyone involved.
Future security is important for the confidence of everyone involved.
this bank is broken i just withdraw BTC ,,, and the withdraw address changed ,,,, i have NO %
EDIT %
What I would ask the manager of Poloniex (Tristan) in a positive way, is , Do you honestly think it might be desirable for the exchange code to be rewritten in a new framework ?
Future security is important for the confidence of everyone involved.
Future security is important for the confidence of everyone involved.
loss/theft was due to the exchanges incompetence, this is not the customers fault. If the theft was only 50k and this guy running an exchange cant pay 50k back, then he is a liar and has no business running this company.
I mean when the exchange is doing good, he is not sharing those profits with his customers. By the same token if his exchange is having problems then he shouldn't make the customers pay for it in any way.
People should show a little more anger, instead of thanking the guy for his incompetence
I mean when the exchange is doing good, he is not sharing those profits with his customers. By the same token if his exchange is having problems then he shouldn't make the customers pay for it in any way.
People should show a little more anger, instead of thanking the guy for his incompetence
When you have a bit of experience in this business, you might show a little humility.
You are a whingeing negative force.. that is more annoying IMO. Better to pull together and trust people's motives until really proven otherwise.
loss/theft was due to the exchanges incompetence, this is not the customers fault. If the theft was only 50k and this guy running an exchange cant pay 50k back, then he is a liar and has no business running this company.
I mean when the exchange is doing good, he is not sharing those profits with his customers. By the same token if his exchange is having problems then he shouldn't make the customers pay for it in any way.
People should show a little more anger, instead of thanking the guy for his incompetence
I mean when the exchange is doing good, he is not sharing those profits with his customers. By the same token if his exchange is having problems then he shouldn't make the customers pay for it in any way.
People should show a little more anger, instead of thanking the guy for his incompetence
I have been repaid the first small instalment of the 12% BTC 'lost' .
The exchange has behaved properly and openly as far as I can see.
The exchange has behaved properly and openly as far as I can see.
Someday one of these exchanges will be strong-armed by someone who is not used to dealing with someone taking/losing their money.
Imagine a drug dealer who uses your exchange. You 'lose' 12% of their money. I imagine that it wouldn't be too pretty for an exchange owner in that case. It seems that most people here don't really mind losing 12% of their money though.
Imagine a drug dealer who uses your exchange. You 'lose' 12% of their money. I imagine that it wouldn't be too pretty for an exchange owner in that case. It seems that most people here don't really mind losing 12% of their money though.
Damn, I just deposited some BTC to Poloniex and read about this. 
Will it be added to my balance??
edit: It was added. Thank god...
Will it be added to my balance??edit: It was added. Thank god...
sounds like karples reincarnated... I hate bastards that allow deposits but not withdraws, only bastards do something like that.
Hi , I got 2 deposits not arrived after 24 hours can poloniex look into this. because I want to sell these coins.
USDE withdrawal to GKv8uag39gxuRpWw9eTSgwfhsX4RdfNeq7
Transaction id: 4f2941d993b4b49934b4b0ffe614705ba8a9bec7414bda755ead683f1b286a7f
RDD withdrawal to RuxubS3oPumpyH6wsQysTQA34jjaCx6ZCt
Transaction id: c29f5e383be9b440901ea1e9131f65bf361b0e3a832fd8842767e4505e9eb0ac
thanks for your time.
USDE withdrawal to GKv8uag39gxuRpWw9eTSgwfhsX4RdfNeq7
Transaction id: 4f2941d993b4b49934b4b0ffe614705ba8a9bec7414bda755ead683f1b286a7f
RDD withdrawal to RuxubS3oPumpyH6wsQysTQA34jjaCx6ZCt
Transaction id: c29f5e383be9b440901ea1e9131f65bf361b0e3a832fd8842767e4505e9eb0ac
thanks for your time.
Jump to: