|
How about the dev focuses on the development, the designers and marketers focus on the design and marketing, and other people focus on their respective roles?
I think 5-6 people should do the trick
We need 1 or 2 people given the authority to coordinate and manage this project and make things happen.
Let's get this over 200 satoshi! Together, we can make this happen.
|
|
|
|
It would take 5 minutes for "Tristan" to put up a notice on the poloniex website regarding the situation, and regarding deposits/withdrawls. Why has this not yet been done to avoid this ^^^^^ frustration? No actual refunds has been given for BTC deposited after the incident. I'll believe it when I see it. And we can breath a short sigh of relief when the above parties have their funds back. (Assuming that all those deposits will have been refunded and not just those of the persons who happen to post here or on http://poloniex.freshdesk.com/support/discussions/forums/1000078491 like coinmarket did to keep the con game going) |
|
|
|
When someone that has posted above regarding their deposit gets their deposit back please post about it here. |
|
|
|
You could have made this more clear on the actual site, deposited 70vtc I desperately needed to sell and now I'm fucked.
I'm guessing that in the coming days we will all learn how fucked we are (or aren't) |
|
|
|
|
The strategy of any magician is misdirection.
All of you are so busy thinking of the 4 "options". Shares? 12%? Raise fees?
All the while, you ignore the pink elephant in the room. The red flags that tell you something is wrong. But your subconscious doesn't want to hear it because we inherently believe in the good of our fellow human being.
The more minutes that pass while 1) there is no notice on the website; and 2) deposits are still being accepted; and 3) no email has gone out to everyone the more likely this is to be a trick in which we have all (willingly, by now) been aparty to.
|
|
|
|
Personally, I think the owner of Poloniex did the right thing by saying what happened. We have to acknowledge that hackers and exploiters will steal funds time to time and when it does happen, its best to not to go the path of Mt. Gox. When someone does manage to steal funds, we as a community should get together and do our best to track exactly where the stolen money goes and hopefully the money eventually goes to some sort of money exchange service where we can alert the site.
Do you believe they're doing the right thing by: - Continuing to allow deposits but not withdrawls
- not having any notice on their main page OR deposit page
- not immediately sending out a notice to all customers by email
- deducting 12% of coins deposited after the "theft"
Again.. it has been 12+ hours after the incident I suppose most of you are willing to overlook the above red flags??? |
|
|
|
Some of bitoins are stolen, but why the other withdrawals are disabled?
And why the deposit page is up and there is no real notice on the website? I'm losing the opportunity to buy mzc. Why should people who deposited money after the incident should be involved in this? I do not want to call this is a scam, but people who were not affected by the hacker are losing money and opportunities.  Do you think that the "bug" is related just to BTC? If he opens withdrawal for other cryptocoins your altcoins will be stolen. You have to wait until he fixs the code. And I hope for you that you'll wait the right time, not a little. Because I think the code needs a major rewrite. In the first post busoni said his strategy to fix the code, and that was wrong. Someone in this thread wrote a useful post, pointing him to the right, I'd say "normal", strategy. I hope that he is considering these posts, and studying or collaborating with some programmer. No plans to hire a security programmer until after this problem is 'resolved'. Another red flag. |
|
|
|
Some of bitoins are stolen, but why the other withdrawals are disabled?
And why the deposit page is up and there is no real notice on the website? I'm losing the opportunity to buy mzc. Why should people who deposited money after the incident should be involved in this? I do not want to call this is a scam, but people who were not affected by the hacker are losing money and opportunities. This was a conscious decision to leave the deposit function intact while freezing the rest of the site. IMO it's a serious red flag that overshadows the seemingly honest OP. Don't worry. everyone seems to be drinking the coolaid. I said the same things to people in the coinmarket forum. No one wanted to hear it. No one wants to see red flags until everyone else sees them. What you said is worth highlighting. "This was a conscious decision to leave the deposit function intact while freezing the rest of the site." |
|
|
|
Pretty much the same things were said in the coinmarket threads. It means nothing. It's a reference.
This thread was posted by Tristan, if there was a time to run, this was it - if he had bad intentions, why oh why is still here? and also when multiple people know his full details - he's top results on google with all his personal details going back many many years on the web. I'm not saying OP isn't honest. I'm saying your argument doesn't hold water. |
|
|
|
Personally, I think the owner of Poloniex did the right thing by saying what happened. We have to acknowledge that hackers and exploiters will steal funds time to time and when it does happen, its best to not to go the path of Mt. Gox. When someone does manage to steal funds, we as a community should get together and do our best to track exactly where the stolen money goes and hopefully the money eventually goes to some sort of money exchange service where we can alert the site.
Do you believe they're doing the right thing by: - Continuing to allow deposits but not withdrawls
- not having any notice on their main page OR deposit page
- not immediately sending out a notice to all customers by email
- deducting 12% of coins deposited after the "theft"
Again.. it has been 12+ hours after the incident By Busoni on page 11: About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits. meaningless. "Obviously I should have posted a notice on the Balances page" <--- was not done "but it is not difficult to make an exception for recent deposits." <--- promises nothing |
|
|
|
dude. "You also agree not to hold any persons or party liable for loss of funds resulting from third party actions". The hacking is a third party action. It's like that south park episode where they don't read the terms and conditions. human centipede.
The law does not care about South Park d00d or a non-binding Terms document reading like it was written by a 5 year-old. |
|
|
|
Very okay with all of this. Tristan has already capably handled one big error see: https://bitcointalk.org/index.php?topic=395761.msg5305316#msg5305316 (not his fault) which resulted in a large loss. He's gained the respect of multiple people, and is doing the same again. I've personally offered help to cover the security side of things via code review, to help him get a plan for scaling together, I have taken a 12.3% hit on 10+BTC of my own, and have offered a further 1-2 BTC to help him through this. I'd rather support him than risk my personal holdings elsewhere, lost way too much already the last year. Count that as a constructive vote of confidence. Calm down, let Tristan face this on a fresh day, ensure everything is okay, and then get his service running again properly. We can all see his intentions are good, he has taken full responsibility (even though somebody else exploited him), and that past evidence shows he will work through this with us. Pretty much the same things were said in the coinmarket threads. It means nothing. It's a reference. |
|
|
|
12 hours has passed and what now?  ? i deposit my 5 btc after hacking site nobody write dont deposit coins website is hacking so i want back my btc !!!!! The consensus here is to send them more BTC to solve the problem. Must be the fluoride |
|
|
|
Personally, I think the owner of Poloniex did the right thing by saying what happened. We have to acknowledge that hackers and exploiters will steal funds time to time and when it does happen, its best to not to go the path of Mt. Gox. When someone does manage to steal funds, we as a community should get together and do our best to track exactly where the stolen money goes and hopefully the money eventually goes to some sort of money exchange service where we can alert the site.
Do you believe they're doing the right thing by: - Continuing to allow deposits but not withdrawls
- not having any notice on their main page OR deposit page
- not immediately sending out a notice to all customers by email
- deducting 12% of coins deposited after the "theft"
Again.. it has been 12+ hours after the incident |
|
|
|
Will someone who is depositing money right now (because there's no VISIBLE NOTICE on the site regarding the situation) also have their BTC deducted?
If no, then what is the exact time you are using for the "cut off"? 1 hour after theft? 10 hours? This makes no sense, especially when it appears you are still taking deposits.
If yes, are you serious?
Site still has no notice about incident 12+ hours after incident occurred.A small tweet box off to the side does not count. This is obviously VERY important. Still taking deposits, with no notice on deposit page. Again, more than 12+ hours after the incident occurred. Deposit coins = OK! Withdraw coins = not okay  People that are depositing money now may still have 12% deducted from their account. Even thought the "theft" happened long before they deposited their coins. Are you okay with all of the above? And you want to send op MORE BTC for shares??? I smell a rat. |
|
|
|
|
You guys and gals are hopeless. I'll check back on page 56 when communication from op has dropped to nil and you slowly forget about your lost funds. Then I'll link to my post on another exchange's forum when they, too, don't believe that the latest "hack" sounds like BS
|
|
|
|
How is this a security vulnerability that has been known for weeks? This seems more like a code issue and race conditions rather than something that has only been around for weeks. The solution is to push all withdrawals to a pendingwithdrawals table that the engine then hits and deducts balance, this way even if the user tries to game the system and has say 5 withdrawals entered at the same time, those withdrawals are in a "pending" table, when the engine grabs them it then checks balances again sequentially on those rows and any withdrawal that the user does not have enough funds for is set to canceled. This is the type of thing that should be done with ALL user input, orders, cancel orders, etc.
Someone detailed how it could be done on Reddit a few weeks ago, that's how. Bitcoin devs seem to know about it. It is up to exchanges if they want to fortify themselves against such attacks. Apparently, the OP missed the memo. But I don't want to miss the forest for the trees. |
|
|
|
You guys are being twits. This guy has been completely transparent and is clearly working hard to rectify the situation. Would you rather his exchange shut down? How about every exchange that has had problems? Let's go back to the days of google docs and getting scammed most of the time.
Running a business is tough, shit doesn't always go perfectly. What makes the difference is how the managers respond, and busoni's doing everything right. Get a grip.
This is not a mature market, products are still in development, there's no big money backing these guys. You want perfection, wait for apple to open an exchange. By then you'll have missed the bus, but that's ok with me because without you on it bitching all the time it's a much quieter, relaxing ride.
You're a twit for assuming everyone on here is a guy.......perhaps in your fantasy land there are no females. Do I get extra points for saying him/her above? jk |
|
|
|
Sorry.. the more minutes that roll by and there's still NO VERY VISIBLE NOTICE ON THE WEBSITE the more this smells like a scam. Observe: https://poloniex.com/balancesDepositing BTC or other coins? No problem! OP has everyone's email address. Did you get an email letting you know that something happened? Probably not. Same shit that Coinmarket did. |
|
|
|
The next thing that will be done--before markets are unfrozen--is a daemon will be created that continually monitors for negative balances and freezes any account with a negative balance
This isn't the right way to fix the problem. What you need to do is to make sure that users aren't allowed to do two balance-affecting things at the same time. Otherwise they'll just find another way to cheat you. Make "check balance" and "reduce balance" atomic. Checking for negative balances isn't the answer. Suppose I have 30 BTC and try to very quickly withdraw 10 BTC twice. Both "check balance" calls see I have 30 BTC, which is enough. Both "reduce balance" calls set my balance to 20 BTC. Then you send me two separate 10 BTC payments, my balance has never been negative, and I'm 10 BTC up on the deal. You need to make sure that the "check balance" and "update balance" happen without anything else relating to that user happen between them. This is a security issue that has been documented for weeks. OP just didn't keep up with security patches. |
|
|
|
|
Show Posts
