Author

Topic: [OT] Stellar e Ripple - Come perdere irrimediabilmente i propri soldi (Read 1076 times)

hero member
Activity: 500
Merit: 500
Appena ricevuta questa mail da JustCoin. Sembra che il bug fosse presente da molto tempo ma i dev non abbiano detto o fatto nulla. Fate attenzione con "monete" come XRP e STR che di buono hanno solo l'idea che ci sta sotto.

E' una feature del protocollo Ripple, che riguarda i partial payments, mal gestita da Justcoin perché
poco documentata da RippleLabs e abusata in modo fraudolento da qualcuno.

Anche qui, come su bitcoin, il punto debole non è il protocollo, ma il gateway/exchange.

/paci
legendary
Activity: 1038
Merit: 1000
Bitcoin entrepreneur and Pro Trader
Appena ricevuta questa mail da JustCoin. Sembra che il bug fosse presente da molto tempo ma i dev non abbiano detto o fatto nulla. Fate attenzione con "monete" come XRP e STR che di buono hanno solo l'idea che ci sta sotto.

Altre info qua
https://www.cryptocoinsnews.com/ripple-tfpartialpayment-causes-gox-style-hack-justcoin-exchange/

Quote
 
Dear Justcoin user,

You are receiving this email because you have a balance of STR at Justcoin. STR deposits, withdrawals and trading have been disabled for the last three days. This is an explanation of what has happened and what the status is.

A network-wide weakness in how both Ripple and Stellar communicated transactions was exploited by an unknown third-party to to deposit false IOUs through Ripple/Stellar to Justcoin. These were consequently withdrawn to their own payment networks as native currencies. The result was that our hotwallets were emptied. Most of our customers' funds is in cold storage but the amounts were still significant. Justcoin will not operate as a fractional reserve and therefore we decided to lock down all services affected until we had a solution ready.

Justcoin cannot and will not accept taking the responsibility for this weakness in the network. It is caused by a feature that is poorly documented and has been present in both Ripple and Stellar for a long time. Other gateways, exchanges and native transaction explorers have also been affected. There is also documented that the security vulnerability has been known by the network developers for at least 2 months without any kind of explicit and direct warning to affected gateways and other services. A thorough and technical explanation of the weakness can be read here: https://medium.com/@abrkn/partial-payments-ripple-stellar-vulnerability-in-the-wild-29aaefd8a7ac .

The result is that as of now there will be imposed a partial 'hold' on all STR balances. This hold will be representing the amount of STR that is missing. Deposits will be disabled until we are 100% confident that we are no longer affected by this weakness or any other yet undiscovered. Deposits that have been made between the shutdown and now will be credited in full once deposits are opened. Trading and withdrawal of the STR that is not on hold is now enabled. Please allow delays on withdrawals due to moving of funds from cold storage to hot wallet. The percentage of each STR balance that is on partial hold is 4,18%.

We can assure you that it is our intention that the partial holds will be lifted. We are looking at different options and are having a dialogue with Ripple Labs and Stellar foundation. We will try to figure out a way to solve this, one way or another. Expect regular updates.

We are terribly sorry for the situation but are asking for your understanding and patience. If you have any questions that are not answered here please don't hesitate to ask. Allow some time for us to answer as our support is under high pressure at this time.

Jump to: