Topic: WARNING Cryptostocks.com INVESTORS SECURITY FLAW - page 4. (Read 17133 times)
I had all my FAS and GRID shares stolen last night on cryptostocks and the thief did not have access to my e-mail.
Hold up.
I can't understand what half of you are asking.
Nothing is decided yet. We have stock holders, and they vote.
The 5000x idea is correct. Our shareholders bought stock at 0.005 for a total of 8000 shares
The account was compromised (by us? are you crazy? how would this help us?) The other 42,000 shares sold at 0.000001 each.
0.000001 x 5000 = 0.005
So that is the correct math. Now if those stocks have since been sold for .00003 or 0.02 or 7 btc it makes no difference. We don't set stock price, the buyers and sellers set stock price. We first and foremost have to make this fair for the 8000 original shares. Everything else is secondary. We can't just delete stocks or as you said, stop the sale. That's not possible. Welcome ideas
But again, we have shareholders, they will make the decision.
I can't understand what half of you are asking.
Nothing is decided yet. We have stock holders, and they vote.
The 5000x idea is correct. Our shareholders bought stock at 0.005 for a total of 8000 shares
The account was compromised (by us? are you crazy? how would this help us?) The other 42,000 shares sold at 0.000001 each.
0.000001 x 5000 = 0.005
So that is the correct math. Now if those stocks have since been sold for .00003 or 0.02 or 7 btc it makes no difference. We don't set stock price, the buyers and sellers set stock price. We first and foremost have to make this fair for the 8000 original shares. Everything else is secondary. We can't just delete stocks or as you said, stop the sale. That's not possible. Welcome ideas
But again, we have shareholders, they will make the decision.
Yes, well, I AM a stock holder, and what I'm saying is that it is up to Altswap to compensate shareholders for what has happened. The most straight forward thing to do would have been to put a full trade stop on shares straight after the security breach, and then for Altswap to buy back the shares that had sold in the meantime for the market price that they were sold for- covering a loss of a few BTC in order to correct the fidelity of the shares should be a given. Why this didn't happen I have no clue- you say that you couldn't have stopped trading? Why the heck not!?!
Instead what you are suggesting is that it is ordinary shareholders who absorb the loss- ie anyone that bought after the incident (a great deal of those who already most likely had holding from the IPO 0.005 price).
In a vacuum the 'math' as you put it is correct, but it does NOT compensate buyers who bought after the incident.
You say 'We don't set stock price, the buyers and sellers set stock price.' - well actually that's EXACTLY what you are proposing to do- to reset the stock price so that a great deal of people will loose out- all of whom ARE legitimate shareholders!
So here's an idea. Altswap needs to look at doing a share buyback to restore some faith in this project- not at 0.000001 but at a level in between- perhaps you can average the orderbook since the incident? This way 0.005 sellers will choose to keep hold of their shares, but later buyers can at least recoup some of their loss- Altswap will then hold a majority of shares again, and then be able re-sync the market through either a second IPO or holding onto these shares until after the site is launched.
Most importantly, launch the site, show value, and the value of the shares will increase accordingly.
But seriously... Come on.
Would I trade in a site which:
1) Is owned by a guy who couldn't even secure his own email
2) Launch is delayed for over a month with lame excuses and lies
3) Smells like a scam for quite a while now
The answer is no.
Crypto-traders is a small community and therefore the word of this will get out so this site is doomed to fail (and I will lose the 0.1 BTC I've stupidly spent on it).
I agree too- I don't have a lot of faith in this thing ever getting off the ground- and most likely they are probably aware of how much they've screwed things up and are looking for the exit. It's better that these operators get called out for some of these practices though, rather than silently getting away with things. Of course they may do a brilliant job, and make a superb exchange- lord knows that a good escrow service is actually something that would be really useful. Unfortunately, the chances of that are probably about 0.000001% right now.
Please, someone from Altswap come and correct me, or at the least post some notifications on the stock issue and a launch date that you are going to stick too.
Hold up.
I can't understand what half of you are asking.
Nothing is decided yet. We have stock holders, and they vote.
The 5000x idea is correct. Our shareholders bought stock at 0.005 for a total of 8000 shares
The account was compromised (by us? are you crazy? how would this help us?) The other 42,000 shares sold at 0.000001 each.
0.000001 x 5000 = 0.005
So that is the correct math. Now if those stocks have since been sold for .00003 or 0.02 or 7 btc it makes no difference. We don't set stock price, the buyers and sellers set stock price. We first and foremost have to make this fair for the 8000 original shares. Everything else is secondary. We can't just delete stocks or as you said, stop the sale. That's not possible. Welcome ideas
But again, we have shareholders, they will make the decision.
I can't understand what half of you are asking.
Nothing is decided yet. We have stock holders, and they vote.
The 5000x idea is correct. Our shareholders bought stock at 0.005 for a total of 8000 shares
The account was compromised (by us? are you crazy? how would this help us?) The other 42,000 shares sold at 0.000001 each.
0.000001 x 5000 = 0.005
So that is the correct math. Now if those stocks have since been sold for .00003 or 0.02 or 7 btc it makes no difference. We don't set stock price, the buyers and sellers set stock price. We first and foremost have to make this fair for the 8000 original shares. Everything else is secondary. We can't just delete stocks or as you said, stop the sale. That's not possible. Welcome ideas
But again, we have shareholders, they will make the decision.
Yes, well, I AM a stock holder, and what I'm saying is that it is up to Altswap to compensate shareholders for what has happened. The most straight forward thing to do would have been to put a full trade stop on shares straight after the security breach, and then for Altswap to buy back the shares that had sold in the meantime for the market price that they were sold for- covering a loss of a few BTC in order to correct the fidelity of the shares should be a given. Why this didn't happen I have no clue- you say that you couldn't have stopped trading? Why the heck not!?!
Instead what you are suggesting is that it is ordinary shareholders who absorb the loss- ie anyone that bought after the incident (a great deal of those who already most likely had holding from the IPO 0.005 price).
In a vacuum the 'math' as you put it is correct, but it does NOT compensate buyers who bought after the incident.
You say 'We don't set stock price, the buyers and sellers set stock price.' - well actually that's EXACTLY what you are proposing to do- to reset the stock price so that a great deal of people will loose out- all of whom ARE legitimate shareholders!
So here's an idea. Altswap needs to look at doing a share buyback to restore some faith in this project- not at 0.000001 but at a level in between- perhaps you can average the orderbook since the incident? This way 0.005 sellers will choose to keep hold of their shares, but later buyers can at least recoup some of their loss- Altswap will then hold a majority of shares again, and then be able re-sync the market through either a second IPO or holding onto these shares until after the site is launched.
Most importantly, launch the site, show value, and the value of the shares will increase accordingly.
But seriously... Come on.
Would I trade in a site which:
1) Is owned by a guy who couldn't even secure his own email
2) Launch is delayed for over a month with lame excuses and lies
3) Smells like a scam for quite a while now
The answer is no.
Crypto-traders is a small community and therefore the word of this will get out so this site is doomed to fail (and I will lose the 0.1 BTC I've stupidly spent on it).
Hold up.
I can't understand what half of you are asking.
Nothing is decided yet. We have stock holders, and they vote.
The 5000x idea is correct. Our shareholders bought stock at 0.005 for a total of 8000 shares
The account was compromised (by us? are you crazy? how would this help us?) The other 42,000 shares sold at 0.000001 each.
0.000001 x 5000 = 0.005
So that is the correct math. Now if those stocks have since been sold for .00003 or 0.02 or 7 btc it makes no difference. We don't set stock price, the buyers and sellers set stock price. We first and foremost have to make this fair for the 8000 original shares. Everything else is secondary. We can't just delete stocks or as you said, stop the sale. That's not possible. Welcome ideas
But again, we have shareholders, they will make the decision.
I can't understand what half of you are asking.
Nothing is decided yet. We have stock holders, and they vote.
The 5000x idea is correct. Our shareholders bought stock at 0.005 for a total of 8000 shares
The account was compromised (by us? are you crazy? how would this help us?) The other 42,000 shares sold at 0.000001 each.
0.000001 x 5000 = 0.005
So that is the correct math. Now if those stocks have since been sold for .00003 or 0.02 or 7 btc it makes no difference. We don't set stock price, the buyers and sellers set stock price. We first and foremost have to make this fair for the 8000 original shares. Everything else is secondary. We can't just delete stocks or as you said, stop the sale. That's not possible. Welcome ideas
But again, we have shareholders, they will make the decision.
Yes, well, I AM a stock holder, and what I'm saying is that it is up to Altswap to compensate shareholders for what has happened. The most straight forward thing to do would have been to put a full trade stop on shares straight after the security breach, and then for Altswap to buy back the shares that had sold in the meantime for the market price that they were sold for- covering a loss of a few BTC in order to correct the fidelity of the shares should be a given. Why this didn't happen I have no clue- you say that you couldn't have stopped trading? Why the heck not!?!
Instead what you are suggesting is that it is ordinary shareholders who absorb the loss- ie anyone that bought after the incident (a great deal of those who already most likely had holding from the IPO 0.005 price).
In a vacuum the 'math' as you put it is correct, but it does NOT compensate buyers who bought after the incident.
You say 'We don't set stock price, the buyers and sellers set stock price.' - well actually that's EXACTLY what you are proposing to do- to reset the stock price so that a great deal of people will loose out- all of whom ARE legitimate shareholders!
So here's an idea. Altswap needs to look at doing a share buyback to restore some faith in this project- not at 0.000001 but at a level in between- perhaps you can average the orderbook since the incident? This way 0.005 sellers will choose to keep hold of their shares, but later buyers can at least recoup some of their loss- Altswap will then hold a majority of shares again, and then be able re-sync the market through either a second IPO or holding onto these shares until after the site is launched.
Most importantly, launch the site, show value, and the value of the shares will increase accordingly.
What about those who have bought in the last few days below 0.005 but well above 0.000001!
this.That action alone will of course make the one that reopened trades, Altswap/Firemine and/or Cryptostocks responsible to compensate anyone that (during the time after trade was reopened) will become victim of loosing on the now announced partial split for buying stocks(above lowest sold price they will recalculate from on respective stocks).
No announcement had been made on either Altswap or Firemine's stock on Cryptostock by the way when they announced here how the fix/split should work and it still haven't been made so more shady business from there side.
Hold up.
I can't understand what half of you are asking.
Nothing is decided yet. We have stock holders, and they vote.
The 5000x idea is correct. Our shareholders bought stock at 0.005 for a total of 8000 shares
The account was compromised (by us? are you crazy? how would this help us?) The other 42,000 shares sold at 0.000001 each.
0.000001 x 5000 = 0.005
So that is the correct math. Now if those stocks have since been sold for .00003 or 0.02 or 7 btc it makes no difference. We don't set stock price, the buyers and sellers set stock price. We first and foremost have to make this fair for the 8000 original shares. Everything else is secondary. We can't just delete stocks or as you said, stop the sale. That's not possible. Welcome ideas
But again, we have shareholders, they will make the decision.
I can't understand what half of you are asking.
Nothing is decided yet. We have stock holders, and they vote.
The 5000x idea is correct. Our shareholders bought stock at 0.005 for a total of 8000 shares
The account was compromised (by us? are you crazy? how would this help us?) The other 42,000 shares sold at 0.000001 each.
0.000001 x 5000 = 0.005
So that is the correct math. Now if those stocks have since been sold for .00003 or 0.02 or 7 btc it makes no difference. We don't set stock price, the buyers and sellers set stock price. We first and foremost have to make this fair for the 8000 original shares. Everything else is secondary. We can't just delete stocks or as you said, stop the sale. That's not possible. Welcome ideas
But again, we have shareholders, they will make the decision.
my question was answered .. they are NOT .. 5000x reduction in their value . .just dumped them off .. at a .12btc loss .. great ..
What about those who have bought in the last few days below 0.005 but well above 0.000001!
this. 
Therefore since the shares at the correct price were 5000x that of those at the lowest price, all shares purchased at 0.005 will be given an additional 5000 shares per 1 owned.
The correct move would be recognition that you're using, and thereby enabling, a contemptible piece of crud (a fact well known to those actually in the bitcoin finance space), and full rectification. That includes taking time off to figure out how the decision that using and thereby enabling a contemptible piece of crud would be okay was made.
All shares will be reissued.
Basically 8000 shares were sold at 0.005btc ea.
42000 shares were sold (due to hack) at 0.000001btc ea.
Therefore since the shares at the correct price were 5000x that of those at the lowest price, all shares purchased at 0.005 will be given an additional 5000 shares per 1 owned.
The price of stock is determined by buyer demand so yes, those are safe to buy however, with 40.000,000 shares coming aboard, everything is a little wacky and unless you see them at a great deal, I'd steer clear.
Basically 8000 shares were sold at 0.005btc ea.
42000 shares were sold (due to hack) at 0.000001btc ea.
Therefore since the shares at the correct price were 5000x that of those at the lowest price, all shares purchased at 0.005 will be given an additional 5000 shares per 1 owned.
The price of stock is determined by buyer demand so yes, those are safe to buy however, with 40.000,000 shares coming aboard, everything is a little wacky and unless you see them at a great deal, I'd steer clear.
This is just madness! Why not put a trade stop on the stock if this was the plan? What about those who have bought in the last few days below 0.005 but well above 0.000001!
All shares will be reissued.
Basically 8000 shares were sold at 0.005btc ea.
42000 shares were sold (due to hack) at 0.000001btc ea.
Therefore since the shares at the correct price were 5000x that of those at the lowest price, all shares purchased at 0.005 will be given an additional 5000 shares per 1 owned.
The price of stock is determined by buyer demand so yes, those are safe to buy however, with 40.000,000 shares coming aboard, everything is a little wacky and unless you see them at a great deal, I'd steer clear.
Basically 8000 shares were sold at 0.005btc ea.
42000 shares were sold (due to hack) at 0.000001btc ea.
Therefore since the shares at the correct price were 5000x that of those at the lowest price, all shares purchased at 0.005 will be given an additional 5000 shares per 1 owned.
The price of stock is determined by buyer demand so yes, those are safe to buy however, with 40.000,000 shares coming aboard, everything is a little wacky and unless you see them at a great deal, I'd steer clear.
https://cryptostocks.com/securities/80 are shares bought today legitamite?
I do appreciate the backing here guys, I really do.
Just want to set a few things straight because a few people are confused...
I'm Jeran, in charge of Customer Service. I am also a stock holder who purchased shares like you all did at 0.005
The CEO is Seth, he has backroom access and is the account holder at cryptostocks.com
---- Someone here said that stocks were selling at 0.00001 or something. I said no they aren't, and then went to check for myself. I saw it was true and could not reach the CEO so I started thinking the worst that possibly Seth was selling off the remaining stocks. I had no backroom access and all I saw was the same thing. I finally talked to Seth who said he had 2fA so there was no way that the stocks were selling that low and that there was a mistake. He tried to log-in and couldn't and when sending service emails to crypto, was having all emails bounce back as spam. He contacted me and asked me to email and see what had happened.
He then called me and said that there is a major flaw in the Crypto site regarding 2FA and overrides with new password. It didn't seem believable to me, because he said someone must have got his email password, and I said surely it would take more than this. So, I tested with my account which also has 2Fa, and all was proven true...
When clicking the link in the email and being taken to a new password screen, once you create your password, you are logged in, bypassing 2fa. The thief then went in and lowered the 42000 additional shares to about 0.000001. The profit that he made was about 1 btc, he then withdrew it to a wallet.
Everyone should see the issue that a password reset should at least start a hold on 1. price change, 2. withdraw, but easiest would be, upon password reset, an auto logoff to where you must enter it all again including 2fa.
Thanks
Just want to set a few things straight because a few people are confused...
I'm Jeran, in charge of Customer Service. I am also a stock holder who purchased shares like you all did at 0.005
The CEO is Seth, he has backroom access and is the account holder at cryptostocks.com
---- Someone here said that stocks were selling at 0.00001 or something. I said no they aren't, and then went to check for myself. I saw it was true and could not reach the CEO so I started thinking the worst that possibly Seth was selling off the remaining stocks. I had no backroom access and all I saw was the same thing. I finally talked to Seth who said he had 2fA so there was no way that the stocks were selling that low and that there was a mistake. He tried to log-in and couldn't and when sending service emails to crypto, was having all emails bounce back as spam. He contacted me and asked me to email and see what had happened.
He then called me and said that there is a major flaw in the Crypto site regarding 2FA and overrides with new password. It didn't seem believable to me, because he said someone must have got his email password, and I said surely it would take more than this. So, I tested with my account which also has 2Fa, and all was proven true...
When clicking the link in the email and being taken to a new password screen, once you create your password, you are logged in, bypassing 2fa. The thief then went in and lowered the 42000 additional shares to about 0.000001. The profit that he made was about 1 btc, he then withdrew it to a wallet.
Everyone should see the issue that a password reset should at least start a hold on 1. price change, 2. withdraw, but easiest would be, upon password reset, an auto logoff to where you must enter it all again including 2fa.
Thanks
I'm gonna have to say someone is spreading some FUD
buy all cheap fee,s now ( they cant roll it back any way lolk ) nom nom nom nom cheap fee,s
This is not a flaw but a design (as it stands today). We must assume that the email address you are using with our site can be trusted, that is the very basic assumption that we must take. If someone has access your email then that person can also contact us from that email and ask us to do various activities to your account, e.g. we often get requests to reset the 2FA because the device is lost. We do so, based on the very same assumption, your email account is not compromised. Hence please implement some sort of 2FA on your email account. The email account is the weakest link in the chain and it needs to be protected accordingly.
In addition, we are planning to implement a 2FA reset function, and guess what it does? It sends you an email to confirm that action. Therefore, if an attacked has access to your email account he/she can request the 2FA reset as well.
Having said that, we are interested to further harden the security by implementing additional restrictions, e.g. delayed reset requests, withdrawal blocks for a period of time. But all these are not solving the root cause, weak or compromised email accounts.
As you can see from the comments, you're the only one that thinks it makes sense.In addition, we are planning to implement a 2FA reset function, and guess what it does? It sends you an email to confirm that action. Therefore, if an attacked has access to your email account he/she can request the 2FA reset as well.
Having said that, we are interested to further harden the security by implementing additional restrictions, e.g. delayed reset requests, withdrawal blocks for a period of time. But all these are not solving the root cause, weak or compromised email accounts.
I don't use gmail for my account on CryptoStocks which means I don't have 2FA on my email...
It doesn't make sense to allow access to an account through the lost password flow as it simply renders the whole point of 2fa useless on your site.
Please fix so we can feel safer with the funds we hold on your site.
Thanks
+1 on this
they can buypass everything buy just hacking your email witch is stupid as fuck
This is not a flaw but a design (as it stands today). We must assume that the email address you are using with our site can be trusted, that is the very basic assumption that we must take. If someone has access your email then that person can also contact us from that email and ask us to do various activities to your account, e.g. we often get requests to reset the 2FA because the device is lost. We do so, based on the very same assumption, your email account is not compromised. Hence please implement some sort of 2FA on your email account. The email account is the weakest link in the chain and it needs to be protected accordingly.
In addition, we are planning to implement a 2FA reset function, and guess what it does? It sends you an email to confirm that action. Therefore, if an attacked has access to your email account he/she can request the 2FA reset as well.
Having said that, we are interested to further harden the security by implementing additional restrictions, e.g. delayed reset requests, withdrawal blocks for a period of time. But all these are not solving the root cause, weak or compromised email accounts.
As you can see from the comments, you're the only one that thinks it makes sense.In addition, we are planning to implement a 2FA reset function, and guess what it does? It sends you an email to confirm that action. Therefore, if an attacked has access to your email account he/she can request the 2FA reset as well.
Having said that, we are interested to further harden the security by implementing additional restrictions, e.g. delayed reset requests, withdrawal blocks for a period of time. But all these are not solving the root cause, weak or compromised email accounts.
I don't use gmail for my account on CryptoStocks which means I don't have 2FA on my email...
It doesn't make sense to allow access to an account through the lost password flow as it simply renders the whole point of 2fa useless on your site.
Please fix so we can feel safer with the funds we hold on your site.
Thanks
This is not a flaw but a design (as it stands today). We must assume that the email address you are using with our site can be trusted, that is the very basic assumption that we must take. If someone has access your email then that person can also contact us from that email and ask us to do various activities to your account, e.g. we often get requests to reset the 2FA because the device is lost. We do so, based on the very same assumption, your email account is not compromised. Hence please implement some sort of 2FA on your email account. The email account is the weakest link in the chain and it needs to be protected accordingly.
In addition, we are planning to implement a 2FA reset function, and guess what it does? It sends you an email to confirm that action. Therefore, if an attacked has access to your email account he/she can request the 2FA reset as well.
Having said that, we are interested to further harden the security by implementing additional restrictions, e.g. delayed reset requests, withdrawal blocks for a period of time. But all these are not solving the root cause, weak or compromised email accounts.
This is the stupidest shit I have ever read. The whole point of 2FA is to protect from keyloggers getting your password details on your computer including your email. In addition, we are planning to implement a 2FA reset function, and guess what it does? It sends you an email to confirm that action. Therefore, if an attacked has access to your email account he/she can request the 2FA reset as well.
Having said that, we are interested to further harden the security by implementing additional restrictions, e.g. delayed reset requests, withdrawal blocks for a period of time. But all these are not solving the root cause, weak or compromised email accounts.
This is not a flaw but a design (as it stands today). We must assume that the email address you are using with our site can be trusted, that is the very basic assumption that we must take. If someone has access your email then that person can also contact us from that email and ask us to do various activities to your account, e.g. we often get requests to reset the 2FA because the device is lost. We do so, based on the very same assumption, your email account is not compromised. Hence please implement some sort of 2FA on your email account. The email account is the weakest link in the chain and it needs to be protected accordingly.
In addition, we are planning to implement a 2FA reset function, and guess what it does? It sends you an email to confirm that action. Therefore, if an attacked has access to your email account he/she can request the 2FA reset as well.
Having said that, we are interested to further harden the security by implementing additional restrictions, e.g. delayed reset requests, withdrawal blocks for a period of time. But all these are not solving the root cause, weak or compromised email accounts.
In addition, we are planning to implement a 2FA reset function, and guess what it does? It sends you an email to confirm that action. Therefore, if an attacked has access to your email account he/she can request the 2FA reset as well.
Having said that, we are interested to further harden the security by implementing additional restrictions, e.g. delayed reset requests, withdrawal blocks for a period of time. But all these are not solving the root cause, weak or compromised email accounts.
A common approach is for things like 2FA-resets to come with a mandatory waiting period between 1 and 4 weeks, during which a reminder email is sent periodically to the users email address informing them of the requested change and the waiting period remaining. This gives a user ample time to react before an attacker gains access to the account.
Right now, you make the users email security a single point of failure for the account-security of your website. It's not a good idea to have a single point of failure being something that is completely out of your control.
Wow an exchange this cheap. Ill support this price 
Jump to: