Bitcoin Forum

Dear Community,

We at https://bitdaytrade.com (https://bitdaytrade.com) are ready to open the bitcoin margin trading feature to trusted beta testers .

If you are interested please drop  us a message to info@bitdaytrade.com with a link to your forum profile or similar references.

The site new version will be unrolled gradually to all users after a brief testing phase.

Thank you!

Hi,

I just have signed on to this test phase.
I have already asked you the following via your contact form. Because my question is maybe relevant to more people I share my post here, so you can publicly give your clarification on it:

I am still a bit worried about my risk when funding bitcoins to the account. Can you explain how the transferred funds are somehow safe in your hands? I have experience in trading with leverage products. I know quite a buffer is needed to withstand the volatility in the wrong direction. I hope my question to you is clear and I am looking forward to your answer. Thanks in advance!!

Bitdaytrade Customer Support
 
Hi there,

Thanks for your interest in our services. Your funds are safe to a
level with us because of the security practices in place at BDT. Such
as, keeping the majority of  funds offline, using double factor for
all our exchanges account, processing withdrawal manually and storing
your password using the bcrypt hashing method. What concerns you about
"the buffer" ?

Thank you
BDT team

[First off all: don't take this one hard, it is just a possible "bad" scenario, no harm intended! It is just a worry!]

How are customers protected in case you "disappear" (and take all the funds of the customers with you....)
In the real world brokers have a disclaimer and general terms which protects customers (and the broker itself) in some way.

So is there currently any disclaimer or general terms and are there any plans for it yet?

Thank you!

You can read our terms of service
https://bitdaytrade.com/tos (https://bitdaytrade.com/tos)
We are in the process of dealing with an insurance company for securing customer funds.

BDT

Hi,

Are there currently any other people (test) trading with bitdaytrade?
At this moment it is possible to buy contracts XAU/USD, but the price is not updating. ?
According to the FAQ the market should be open from 9 a.m. EST....
I have also reported this issue to support (info@bitdaytrade.com)
Has anyone else the same experience?

It appears I am the only one testing this platform.
Till now I have none replies on my emails regarding issues.
Is it safe to liquidate my position without any loss?
 

as can be witnessed in this thread: https://bitcointalk.org/index.php?topic=88803.0;all and has been experienced by me via email, too, Alberto is usually not very responsive. So if you can manage: don't worry.

Thanks!

Not sure how you reached this conclusion.

Your last two posts are about 1 hour apart, it's unrealistic to expect 24/7 live support from a 1-man crew.

You have a point (in case you are right about a one man crew),

However,

some more information is very appreciated.

It is (my) real money on the table.
Profitable positions should be able to liquidate; even in a test environment.

Alberto is helped by friends, outsourced contractors and consultants (that includes me), but he really is the only one directly involved.

If you can demonstrate that loss / missed profit was caused by bugs in the system Alberto will be happy to compensate you after the fact.

Here we go:
My position (which I want to liquidate):
https://dl.dropbox.com/u/1380448/position.png

Current price of gold:
https://dl.dropbox.com/u/1380448/pog.png

As you can see, when I want to liquidate my position I have a loss due the wrong price of the XAU/USD contract. This price is still 1604, while the actual price of gold is around 1612

Hope Alberto can correct this.
Thanks in advance

is it possible you opened this position just now taking advantage of the broken gold data feed? to be honest *cough*: that's what I did, hoping the feed will come back online before the price potentially drops again.

I think the gold feed is broken... maybe the developing contractors should put in some sort of stop-flag to disable things while the feed is delivering false data?

Well, I could still do this, but I have not done this with this position.
However I don't care to get rid of the position even without any profit, but CERTAINLY I do not take any loss, because that is really unjustified.
What should I do? Close the position with a loss? And claim the loss to Alberto? Or should I stay in and take the risk of a falling gold price?

I suggest you leave the position open and wait for Alberto, he's the only one who can actually fiddle with the system afaik. Make screenshots so you can prove stuff just in case. I don't think that it will be necessary: he's been generous before and it's clearly the sites fault that you can't close at a profit, which you should be able to.

Should the XAU fall under 1606, I'm confident he would liquidate your position without loss manually or reimburse you somehow.

I hope the screenshots above are prove enough? I really do not know what more screenshots are needed? Its all I got :-(

Development work isn't one of the things that's outsourced.

Do not worry due small things, ;) this service needs to be testers, I think, will I soon open a theme in the Russian sub-forum. After fixing some important bugs ...


http://i1.imageban.ru/out/2012/08/06/5a995ff4b32c89129c8013b84ac402c2.jpg (http://imageban.ru)

Send as un email with details of your position. today i have had internet connection troubles and have been able to restart the trading engine only by 14:00 local time (GMT+1 - Italy). This was due because the gold market stops on the weekend and i have to manually restart it on monday. I'll setup a backup solution to avoid this happening again in the future. apologizes for the issue, we offer to adjust all positions unjustly closed to 0 profit/loss. It might have happened that i've missed some emails or messages, this is because i'm currently still busy with my day job, which involves hotel+restaurant management and here it is currently Summer and the hottest season for tourism. I'll be able to dedicate more time very soon. Please send again an email with your issue if you didn't receive a reply.

Thank you for your interest.

The site is down. What happened?

Some security flaws have been suggested so Alberto has shut down the site until he can get home and work it out.

Cool. Thanks for the quick response. Nice to see a controlled take-down instead of a forced one.

Actually it was forced, there were dozens of SQL injections and the entire API was vulnerable to CSRF... he tried masking the vulnerabilities one at a time and pretending like they weren't there. At some point he just had to shut it off because he couldn't lie anymore, and because everybody withdrew what they had and their user database was corrupted intentionally so that people couldn't get others' password information.

I'm bothered by all the people ignoring just how bad this was botched and how he was dishonest about their password storage method.

http://i.qkme.me/3577o7.jpg

Interesting. How do you know he experienced SQL injections? Are you talking about SQL injection vulnerabilities, or actual SQL injection attempts?

I have a hard time understanding why people who seem uneducated about computer security would want to develop an online bitcoin trading site. I would think the numerous hacks would work as a deterrent of some sort.
I sure as hell wouldn't open a site without some serious studying of these various vulnerabilities.

There where some threads on reddit.
Several self-claimed security experts were posting there in a rather demanding and assertive tone.

They claimed that the site is littered with tons of beginner errors. When dissecting the posts and cutting away all that vanity and self-approval (which isn't untypical for these kind of guys -- we know, we need to pay them some respect  ;) -- then at least some facts were discovered, like a mechanism to gain other accounts password, and a mechanism which would allow to get at the source code via the web.

Shortly thereafter, a business political quarrel unfolded, which seemingly was going on already behind the scenes for some time. The author and initiator of bitdaytrade seemingly was cooperating earlier this year with the guys behind Kronos.io and zipconf and they parted in dissent. The latter ones announced semi-publicly that they would do everything possible to hinder and block bitdaytrade. In the light of this information, it looks likely that the "uncovering" of these security holes was an orchestrated action.

Any serious IT professional would discuss such security holes in private with the operators first, instead of yelling in a unrelated public forum.

Well, speaking as a developer here, security can be a tricky matter. Today's web development frameworks are especially made to ease the process of creating web sites to the point where everyone and my grandmother can hack together an online business in 3 days. To build exactly the same service to even average professional standards and with a semi-hardened setup and serious testing would require lots of additional expertise and require about 20 times the effort (two months instead of 3 days), to start with.

This is a well-known and frequently discussed dilemma. People working in the industry and trying to keep up some kind of craftsmanship see themselves put under pressure by their bosses all the time ("hey, what are you toying around, my 15-year old son hacks together that crap in 3 days!"). Even large-scale companies fall for the temptation to make additional money by reducing time-to-market.

I don't know about the person who uncovered it first, but you may have missed this exchange with the owner:

http://www.reddit.com/r/Bitcoin/comments/y99z3/go_long_or_short_with_bitcoin_again_up_to_10x/c5tts8s?context=15

The guy identified many other vulnerabilities which I myself confirmed. I also independently found a couple. They were scattered over the website.

In that thread and on other occasions he outright denied there were issues, without even explaining. I'm sorry, but if the vendor doesn't seem to be adequately aware/concerned about the massive amounts of vulnerabilities, getting further public attention is warranted. That is the premise of responsible disclosure, after all.

Isn't it cool how he suddenly disappeared, just like last time, to leave everyone else to clean up the mess? We haven't heard anything from him for days.

Um, he didn't disappear. He was out of home for several days during which I communicated with him daily, he's back now and starting to work on resolving the situation. He also wrote a lengthy reply to the accusations just two days ago (was poorly formatted and didn't focus on the right things IMO but whatever). See also this (https://bitcointalk.org/index.php?topic=93445.msg1114170#msg1114170).

It's fine to want responsiveness especially in times of turmoil, but people have lives too and things take more than a few minutes to resolve.

This is my 2000th post.

yes, those threads indicate that there might be problems, but actually they show no really verifiable information, aside from that demonstration with the password.

But besides that, those quoted threads show exactly that kind of adolescent and immature behaviour (by "marshal banana"), which voids much of the credibility of these accusations.


And, frankly, what's so difficult with doing it properly?

If someone finds a bug, what's so difficult with first writing a personal mail to the support?

And, in case the support really ignores such feedback (which I doubt, given my own experience with Bitdaytrade support), whats so difficult with publishing a well-researched report, including really verifiable material (like screenshots or a session transcript)? And what's so difficult with just refraining form calling another person a liar?


If you find what I write here outrageous, then there's a simple litmus test:

Lets assume you're a payed employee programmer, and this "Alberto" is your co worker, sitting at the same desk 5 days a week. And lets assume your co-worker "Alberto" has lesser capabilities and tends to make a lot of errors. How would you deal with him? Yell at him? Call him an idiot?

See my point? Why are you dealing differently with an anonymous internet entity called "Alberto"?


To make one thing absolutely clear: No one denies that there are bugs and problems in Bitdaytrade. Like you, I've also found some and reported them; And for sure there is still some work required to get that platform into release shape. Guess that's why we're all here.

It seems hardening the site takes some time... probably a good thing.

I think the site has gone further here:
http://bitcoinmagazine.net/icbit-se-bitcoin-margin-trading-reloaded/

ICBIT had nothing to do with bitdaytrade (fortunately)

https://bitcointalk.org/index.php?topic=93445.msg1139370#msg1139370

Waves at Meni Rosenfeld.

Waving from a wannabe porn star like you it is not encouraging for Meni, since you are a men.

https://bitcointalk.org/index.php?topic=102333.msg1121264#msg1121264

Ok.

LOL - what is the level that they are safe until?  $250K value or $500K value?  When will you fake a theft and walk away with all the coins?