Topic: BTC Stolen from Poloniex - page 6. (Read 167416 times)

Yap, me too I have checked today and payed me a little , can someone tell me if BTC withdrawals are going through, please....don't want to risk a small amount anymore....thank you

Just checked - received about 5.8% of my deducted balance.

Also, to anyone wondering, I placed a BTC deposit yesterday to purchase some PTS, and and a few hours later made a successful withdrawal to Cryptsy.

Amen

They? You mean you?

Weren't you the one asking?

Like I said, if I had to ask I wouldn't use them despite them being the only one trading a particular coin.

i think we are getting paid little by little..check your balances

I didn't know about the stolen and yesterday I deposited 100000USDE.

So far not confirmed anything.

It's right?

I'm in agreement with DeathAndTaxes and Mike Hearn that this exchange needs to return everyone's money and shut down.

If the operator wants to continue running it as soon as possible then I think at minimum:

• They need to hire someone to do an audit of existing code, and have the exchange shut down while that is happening.
• A report of the code audit should be publicly released, any deficiencies found should be fixed or mitigated until there is time for a proper fix.
• An experienced developer should be hired to do the bulk of the work in future.

This is not a project for which the operator should be learning on the job.

The difficulty with the above will be reassuring the customer base that it's actually happening and that properly competent auditors and coders have been hired.

If there's not enough profit in Poloniex to support this then I don't see that there is any way forward but to shut it down.

Unfortunately there are so many unconditionally trusting people in this thread that the temptation will be huge for the operator to do none of this, or just pay lip service to it, because it looks like very few customers will be lost in the short term.

If the operator was interested in truly doing the right thing, he would take the whole thing offline and spend a couple months learning what he should have known before he started.  The spend a couple months building it right from the ground up.  Before the launch he could launch a test site with dummy accounts and data and offer a security challenge ( https://www.crowdcurity.com/ )*.  


As for where to start, based on the responses given by the operator himself he lacks even the basic knowledge on proper database design and operation.  Sorry if that is "harsh" but it is the reality.  This isn't a "one wrong line of code" issue.  He should start with a book which teaches fundamental concepts about how relational databases work.  Normally I would recommend a freshman computer science book on database design and operation but honestly they are way overpriced (as all academic books are) and excessively wordy.  

Something like the following would be a good proxy:
http://www.amazon.com/Database-Design-Mere-Mortals-Relational/dp/0321884493/

The idea that an experienced developer should either "shut up and stop being mean" or help the guy build it right for free is a false dichotomy.  Top developers generally make $150K to $200K a year.  If the site operator is willing to offer $80 a hour I am sure someone qualified would be willing to mentor him.  However based on his responses to the problem that money would likely be wasted at this point. You can't just slap some additional code on a flawed design and expect it to be secure.  The entire transaction processing engine probably needs to be rebuilt from the ground up to be ACID compliant.  Due to the scope of the problem we don't know what other problems exist but I doubt the code in other critical areas (authentication and authorization) is better.

For the record I am not saying "don't use the site" or "you are an idiot for using the site".  I am a libertarian, I don't really feel it is my business what you do with your money.  However please don't be surprised when it happens again.

* Before I get accused of "do as I say not as I do, BitSimple will be launching a challenge soon.

What would you suggest? That's not snark, you seem to have your head on in a lot of areas. I'm not a programmer, so I got nothing to offer. But Poloniex is often the first exchange for a new coin, and they do have a good reputation overall. I was in fact about to register there when this came down. I can't risk it till this is resolved, but I would like to see it resolved.

This isn't a "bug", it is a fundamental flaw in how financial data should be processed.  Mike was being truthful when he said it is "database 101".  It wasn't that the site used transactions to ensure that withdraws were ACID compliant and there was bug on an edge case which resulted in them not being so.  There was no transactions used at all.   The proposed solution was more broken design (as opposed to just broken code) to check existing broken design.

The exchange WILL be robbed again.  It is merely a matter of when not if.

I am not currently a customer, so take it for what it's worth. However, Busoni said it would only affect the balances at the time the bug was discovered, nothing later. I have no idea how many people that affected, but it's not supposed to carry forward. Also, I'm nearly certain that he had said it ONLY affected BTC, not any other coin. Though there were some issues with alt-coin functionality for a few days.

I do my business at Poloniex because I like it.

UNIQUE to Poloniex is that he trades XCP which no other exchange can do because they are stupider than Poloniex and content to just keep adding shill coins because it makes money.

Poloniex makes the effort to be the first exchange in the world to offer something.  And nobody gives him credit.

Its not coming to an exchange near you because your exchange of choice is stupid and slow so eveybody trades alt coins, and pretends its not a bubble.

OK man, I'll stick to Poloniex

How flustered are you btw?   

So many people in this topic dying to resume sending coins here despite the shockingly poor level of understanding displayed by the operator.

I wonder if these same people will be crying, "don't be mean, how were we meant to know Poloniex was bad, it was mostly okay for ages!" at some point in the near future.

Anyone planning to use this service needs to list off the unique selling features—things that no other exchange can offer today—and weigh those up against the incredibly high risk of placing your funds in the care of someone that demonstrably does not know what they are doing.

I personally cannot imagine what it is that Poloniex offers that could make it worth the risk but I'll assume all those clamouring to throw their money at it do and have done their own risk assessment.

Because there will be no saying that they weren't warned, later on.

Which coin would you like to buy. I either have it or can get it. Save your money, putting money into something like this is like giving money to the guy holding a sign "will work for food" and expecting him to cut your grass. Message me if you are looking for coins, can use escrow to protect your funds. Much safer than this.

Not dinging the site dev but we all can't be engineers. Remember each time an exchange or other crypto currency related site is damaged, hacked, or robbed it impacts the overall legitimacy of the CC markets. When someone much more skilled than you says sorry buddy, your PM makes it obvious you are in over your head, get out now. It is a warning that more pain is coming. The sad thing is the users on the site are the ones who will feel the pain, not him. Perfect example. The recent btc loss did not come out of his pocket, it came out of every user on the site paying for his mistakes. Until that money is refuneded to each person and the slate is clean this site deserves to be on the "dirty dining' list of exchanges. Hey, now that is a site to make! The rate site of scam pools and exchanges. Sort of like a chamber of commerce (without the political ties) for our currency markets.

I beg to differ.

This so-called exchange accepts deposits but often withdrawals are blocked, is still unclear about who's gonna review the code, and the likely answer is "nobody", and still people are sending money there.

Furthermore, just look at the dozens of posts from stupid users "hey were's my money, hey there, hey that", like they just either didn't bother to read anything and just wrote their stupid post, or they did read and somehow their so-called brain is letting them believe that writing their post will actually serve any purpose.

I just made a deposit.  i will let you know the outcome.

Because they are the only exchange which lists the coin I want to buy?

People are not stupid. If they want to put in money after being aware of the risk, there must be some big potential gain.

I want to deposit about 0.5 btc so that I can invest in Myriad Coin. However would it be safe to deposit in this exchange?

If you have to ask that question why are you even considering sending funds to that exchange?

For me, if I had to question the outcome of my deposit on to an exchange I would not be using them. Period.

Bump. I want to know this too.

If I deposit 1BTC, will I get 1BTC in my Poloniex account or will Poloniex deduct 12% from the 1BTC?