Yes at 2012-10-23 00:00:01 i got my money. Payment is only for values > 1 BTC.

khminer

Date Paid - 09/24/2012
Order Number -  9144
Trade-In (Y/N) - N
Qty SC Jalapeno -2

Yep I got a tracking # or my 9/1 order yesterday. In an email Jody said estimated delivery was 10/14, but I'm expecting it closer to the 16th, with the weekend and holiday.

The rate of generation of LTC is 4X that of BTC. Also the difficult adjusts 4X faster than BTC.
~scrypt conversion rates for AMD GPUs is 1/1000. So if you have a radeon 7970 it would hash scrypt at somewhere around 500kh/s.

In your case, attacker hit the withdrawal security measure, and couldn't withdraw your funds, so he just left them. I have restored your funds and reverted the transactions, but because this was done "by hand", it could look a bit weird from your accounts perspective.

The accounts were created in the day of attack, so yes, they're just sockpuppets.

Official announcement about October 9th issues

In recent days few of our accounts were compromised. After investigation, I would like to announce that:

- first of all, if you are reading this, and you didn't receive any strange emails lately then
there's no need to worry and your funds are safe.
- less than 20 accounts were affected by this hack, which is a fraction of our user base. By affected I mean accounts with stolen funds.
- majority of accounts were unaffected by this
- attacker used TOR anonymity network, which unfortunately prevents us from tracking him down
- attacker gained access to these accounts via their respective passwords. How he obtains these remain mystery to us, but we must note a few key things:
  - we store our passwords securely (to be exact: SHA-256 uniquely salted hashes of passwords)
  - most of affected users told us that they reused their passwords elsewere. Most notably, on Mt. Gox. We don't have proof that Mt. Gox was source of this leak (it could still be data from the last year's leak), but that's not impossible
  - there were two instances of users that had changed passwords and their account was breached again in very short amount of time. In one case, nothing was missing, hacker just placed one offer. In other, 3 BTC was gone. It's likely, that these passwords were somehow intercepted by hacker (keylogger/trojan/something else).
  - I spent considerable amount of time studying server logs (access logs, auth logs and others) and haven't detected any anomalies. I'm almost certain that our systems were not breached. I just can't think of an attack vector that would leak plain-text passwords from our site when we're hashing them all.

The site is now back up, but I've done three important things:
- I've reset ALL passwords. It's possible that I've interrupted the attacker and it has more passwords, and we don't want him to have them anymore
- I've implemented a security mechanism for confirming transactions. As a seller, you can't now just send BTC through the site, you have to first click on the link you receive via email. This way, it's impossible for anyone that gained access to your account to clear your Bitcoin in any way
- I've changed the withdrawal address procedure. It now always requires email confirmation, even when settings it for the first time.

So all in all, security of BitMarket was increased from this. As of now, even if someone broke into your account, knowing your Bitmarket password, as long as your email is secure, your Bitcoin is secure too.

The question about lost funds remains. I'm sad to report that 182 BTC from all affected accounts were lost in the process (could be more, but few hundred BTCs were blocked from withdrawing by anti-theft limit that I set up few days before). As much as I'd want to reimburse all people affected, I won't, for two reasons:
- BitMarket basically breaks even on donations it receives. I can't reimburse affected users with funds of others
- While I feel bad for people who are affected I don't think I'm responsible for (in most cases) them reusing passwords for Bitmarket and other sites.

If your funds can be recovered, I'll contact you as soon as possible. If you have any comments about above statement, feel free to contact me.

You still didn't explain:
- did you use the same PASSWORD?
- when you changed the password on BitMarket and Mt. Gox, was it same one, or two different passwords?

You answers to these questions are critical for me, so please be honest on this. You can PM me this info if you don't want to share it publicly.

I have more confirmations from other affected users that they used same login details on Mt. Gox. I still don't want to jump in to conclusions, but it's smells fishy...

To everyone involved: please notify me if your BitMarket password was used on any other site. If yes, please post which one (after changing it naturally). Also, if you have had any other similiar incidents in the last days/weeks, please tell me this too.

strange activity is continuing....

this user hacked my offer: CoonBreakair

He  canceled my offer for 11€, then placed sell offer for 12€, but in trnasaction log i see that bitcoins was sold for 18€

I dont understand how it was maked.

seems the admin is sleeping ... normally i expect that they now shut down systems and stop processing until the things a clarified.

first time since 1 year i was hacked. My password is not very strong.