Pages:
Author

Topic: bitfloor needs your help! - page 39. (Read 177473 times)

sr. member
Activity: 476
Merit: 250
September 04, 2012, 02:13:27 PM
#70

Like taking that 5% fee and paying someone who knows something about security to have a look at your stuff and point out obvious weaknesses like "unencrypted copy of the wallet keys" lying around on "supposedly non-public-facing" servers with open connections to public facing servers.

Or maybe one should be responsible for one's own money and btc and not leave them sitting on other peoples' servers for extended periods? Would you leave your wallet and house keys next to someone on the subway to watch for you? You gave him five bucks. He said he'll do his best.
hero member
Activity: 784
Merit: 1010
Bitcoin Mayor of Las Vegas
September 04, 2012, 02:11:55 PM
#69
Disbursing funds to some customers and not others would be a criminal act under those.

I believe a court order (injunction) should be filed to help ensure the exchange operator proceeds as prescribed by law.

Bitcoins were stolen, not cash. That cash is not Bitfloors to distribute to other customers. It's mine.
hero member
Activity: 952
Merit: 1009
September 04, 2012, 02:07:59 PM
#68
Bitfloor is a helluva lot cheaper and more convenient than the clip joints being called exchanges out there.

I wonder why...

Are you saying that paying a 5% fee will ensure security?

You can't "ensure" security. You can strive to maximize security however.

Like taking that 5% fee and paying someone who knows something about security to have a look at your stuff and point out obvious weaknesses like "unencrypted copy of the wallet keys" lying around on "supposedly non-public-facing" servers with open connections to public facing servers.
legendary
Activity: 2506
Merit: 1010
September 04, 2012, 02:05:33 PM
#67
You repay any USD-deposits, since they are all in tact.

You then re-pay what you can of the remaining BTC deposits.

Customer assets are customer assets.  It doesn't matter if they are dollars, bitcoins or bananas.  If BitFloor does not have reserves (and that was reported in OP) or any other way to make customers whole, then this is a bankruptcy case.  This exchange is operating in the U.S., there are very specific laws as to how to proceed.

Disbursing funds to some customers and not others would be a criminal act under those.

I believe a court order (injunction) should be filed to help ensure the exchange operator proceeds as prescribed by law.

[Edited, s/funds/assets/.  and added.]
hero member
Activity: 574
Merit: 500
September 04, 2012, 02:04:53 PM
#66
How about this:

You repay any USD-deposits, since they are all in tact.

You then re-pay what you can of the remaining BTC deposits.

You will then re-do your security, and publicly post how it will be done right from now on.

You will then re-pay the users who have deposited BTC which you can no longer repay with the incoming transaction fees, untill you have repaid everyone.

Then you will (after a year or two) start making money again. Running the operation untill then will have to be based on your hard work, and possibly investors investing into the company.

Disclosure: I am not invested in any way with any parties to this.

25k BTC is a lot of money. With the current valuation it will take 10 years to repay. And certainly this incident won't increase volume for bitfloor.

Sad.
full member
Activity: 150
Merit: 100
Thank you! Thank you! ...
September 04, 2012, 02:03:22 PM
#65
Bitfloor is a helluva lot cheaper and more convenient than the clip joints being called exchanges out there.

I wonder why...

Are you saying that paying a 5% fee will ensure security?

... as in pay 5% now or 100% later?  Tongue
sr. member
Activity: 476
Merit: 250
September 04, 2012, 02:01:10 PM
#64
Bitfloor is a helluva lot cheaper and more convenient than the clip joints being called exchanges out there.

I wonder why...

Are you saying that paying a 5% fee will ensure security?
hero member
Activity: 740
Merit: 500
Hello world!
September 04, 2012, 01:56:59 PM
#63
How about this:

You repay any USD-deposits, since they are all in tact.

You then re-pay what you can of the remaining BTC deposits.

You will then re-do your security, and publicly post how it will be done right from now on.

You will then re-pay the users who have deposited BTC which you can no longer repay with the incoming transaction fees, untill you have repaid everyone.

Then you will (after a year or two) start making money again. Running the operation untill then will have to be based on your hard work, and possibly investors investing into the company.

Disclosure: I am not invested in any way with any parties to this.
hero member
Activity: 952
Merit: 1009
September 04, 2012, 01:56:04 PM
#62
Bitfloor is a helluva lot cheaper and more convenient than the clip joints being called exchanges out there.

I wonder why...
legendary
Activity: 1904
Merit: 1037
Trusted Bitcoiner
September 04, 2012, 01:54:20 PM
#61
New withdrawals are currently on hold while I work through the future of the exchange.

That is unacceptable.  Regardless of the future of the exchange you have an obligation to disburse funds to the ACH account on record.  You previously handled requests by email.  USD funds by depositors are the property of the depositor and not an investment.  You have no legal standing to hold those funds pending "anything".

Since it seems shtylman missed it.  

Let me make it more clear.  You wanting to continue bitfloor is admirable but it has absolutely nothing to do with client funds.  The only purpose of those funds is for CLIENT to purchase bitcoins.  Since that is no longer possible the funds should be returned immediately.  Not in week, not in a month, not after you get "hacked" again and the attacker makes a bank wire withdraw of all the USD funds to some foreign bank.



ya sending everyone's money back seems like a good first step.

then rebuild a better system, and start making money again.
sr. member
Activity: 449
Merit: 250
September 04, 2012, 01:53:14 PM
#60
I likewise wish to withdraw my remaining USD balance. Since you said all the USD balances are okay and you have all the account records, it should be no problem for you to re-enable enough parts of the site for us to log in and initiate ACH withdrawals. Please don't hold our USD hostage; that would very quickly make you look like the bad guy.

I agree. I hope you can recover from this and re-emerge as a viable exchange. There is very little you can do right now and holding onto our USD will not help get the stolen bitcoins back. Making it difficult or a PITA for us to recover our USD, however will be detrimental to the Bitfloor brand and good will that you have earned in the past.

If you could reenable the site so we can make withdrawal requests that would be nice. I'd also like to double check if I had a bitcoin balance on your site. I'm pretty sure I don't, but need to log on to verify.

Rebuilding your exchange will probably take months. Delaying our USD withdrawals will not speed that up any.
legendary
Activity: 1372
Merit: 1008
1davout
September 04, 2012, 01:51:12 PM
#59
Very sorry to hear that.  Sad
sr. member
Activity: 476
Merit: 250
September 04, 2012, 01:49:04 PM
#58
Sorry to hear this, shtylman. Bitfloor is a helluva lot cheaper and more convenient than the clip joints being called exchanges out there.

Much luck to you all.
full member
Activity: 120
Merit: 144
September 04, 2012, 01:44:55 PM
#57
I likewise wish to withdraw my remaining USD balance. Since you said all the USD balances are okay and you have all the account records, it should be no problem for you to re-enable enough parts of the site for us to log in and initiate ACH withdrawals. Please don't hold our USD hostage; that would very quickly make you look like the bad guy.
sr. member
Activity: 446
Merit: 250
September 04, 2012, 01:43:32 PM
#56
ouch.  best of luck resolving this one.. another lesson learned by server admins about hot wallets..
what makes you so sure it was learned? This occurrence seems to indicate that hot wallets are still used or at least used improperly.
hero member
Activity: 784
Merit: 1010
Bitcoin Mayor of Las Vegas
September 04, 2012, 01:41:03 PM
#55
So I got a grand in USD in my account. How do I get it back asap?
legendary
Activity: 1190
Merit: 1000
www.bitcointrading.com
September 04, 2012, 01:37:36 PM
#54
ouch.  best of luck resolving this one.. another lesson learned by server admins about hot wallets..
legendary
Activity: 1904
Merit: 1002
September 04, 2012, 01:27:24 PM
#53
Still irrelevant.  Maybe try understanding the question.  It still won't help though since the question isn't directed to you and you don't know the answer.  A system, holding an unencrypted copy of the keys was hacked.  He claims this system was not public facing, yet he also claims that the attacker connected from a specific IP.  If the system was not public facing, how did the attacker connect to it?

The system was connected to from one of our other boxes which was accessed through a virtual console. The wallet box had all public ports blocked but was able to be connected to from a few of the other boxes.

Thanks for confirming.  This is why I prefer no incoming connections allowed on the secure box.  If you must have occasional ssh, you can have it enabled on boot and then login to disable it.  That way you can reboot first if you must login.
legendary
Activity: 1022
Merit: 1001
I'd fight Gandhi.
September 04, 2012, 01:22:01 PM
#52
And stop with the bold, there's no reason to bold everything you say since it's nonsense anyway.
yeah i know what i have wrote  and if bold is not allowed why dont u disable bold tags instead of saying to me ?

inb4 ban
sr. member
Activity: 243
Merit: 250
September 04, 2012, 01:19:03 PM
#51
Still irrelevant.  Maybe try understanding the question.  It still won't help though since the question isn't directed to you and you don't know the answer.  A system, holding an unencrypted copy of the keys was hacked.  He claims this system was not public facing, yet he also claims that the attacker connected from a specific IP.  If the system was not public facing, how did the attacker connect to it?

The system was connected to from one of our other boxes which was accessed through a virtual console. The wallet box had all public ports blocked but was able to be connected to from a few of the other boxes.
Pages:
Jump to: