If there are any programers out there who would be interested to build or contribute to building such an exchange feel free to PM me. BitFloor's operator has tossed out the idea of open sourcing his code for BitFloor. Intersango has open sourced an old version of their exchange (before it was rewritten). Bitcoin-Central (Paymium) operates their exchange using exchange software they've open sourced. Open Transactions (OT) is likely to be a good starting point for building an exchange today: - http://bitcointalk.org/index.php?topic=96391.0 - http://bitcointalk.org/index.php?topic=95745.0
|
|
|
Only when I tried with an amount that would leave me with a balance of 0.00000001 in my flexcoin wallet did the transfer succeed.
This a problem that most exchanges have with regard to fees on trades and what EWallets have when they charge fees on withdrawals/spending. The problem is that "math is hard". The UI for most of these do nothing to make it so that user isn't forced to know basic math in order to spend the remaining balance. I've never used FlexCoin so I don't know how they handle their transactions, but here's a typical scenario: If the fee is 1% and I have 0.80000012 BTC, then the calculation for the fee is 0.008000001. But that is sub-satoshi, so it rounds up and treats the fee as 0.00800001, leaving 0.79200011 as the amount that can be withdrawn. But my own calculation after manually subtracting the fee I come up with 0.792000119 BTC of funds. If I try to enter that amount, the system knows that 0.792000119 is a number greater than 0.79200011 and thus I am trying to withdraw more than my available balance. If the service were to allow that to occur, what would happen is bots would be written to take advantage of this, earning 1 satoshi at a time, millions of times. Something like this rounding-related issue is likely what is happening here. There are a number of methods of addressing this. For instance, whenever attempting to withdraw more than your balance, the service could calculate and display the maximum amount after fees that you can withdraw. You click OK and the transaction completes. Problem solved.
|
|
|
I can't leave it paired to my main wallet - anyone with access to my phone could steal all my BTC.
Double Encrypt your wallet. Set a second password which will be required when withdrawing funds from your account. In Blockchain.info/wallet -> Account Settings -> Password -> Second Password
|
|
|
Well sadly Stephen was misinformed and likely turned a bad situation into a worse one. His talk of injunctions and criminal activity were simply false. I am just not certain if it was coming from a place of intentional malfeasance or simple ignorance.
Here: But once a corporation reaches insolvency, the fiduciary duties that once flowed to equity-holders divert instead to creditors. Again quoting the Delaware Supreme Court, "the corporation's insolvency makes the creditors the principal constituency injured by any fiduciary breaches that diminish the firm's value.
But once the moment of insolvency arrives, as the Delaware Court of Chancery has explained, "the creditors become the enforcement agents of fiduciary duties because the corporation's wallet cannot handle the legal obligations owed." The court continued: "Because, by contract, the creditors have the right to benefit from the firm's operations until they are fully repaid, it is they who have an interest in ensuring that the directors comply with their traditional fiduciary duties of loyalty and care." - http://www.faegrebd.com/8365tl;dr: Things change when your organization becomes insolvent. I am not a lawyer, but I'm aware that in the U.S., bad things can happen to you as an officer or director if you then take action after establishing insolvency that ends up further harming your creditors -- especially actions which might favor one creditor over another. Now customer funds are even more sacrosanct. My argument was that legal counsel should be obtained BEFORE paying out one single dime. Roman had reopened the site to allow ACH withdrawals so I was making the argument that the only way to stop it was to get an injunction filed. Personally, I don't have that many BTC involved and have already mentally booked mine as a total write off. I could see though how Roman might be persuaded because releasing USDs to depositors would mean some people (those with USD balances) would be less pissed off -- though others (those with BTC balances), would be more pissed off. But an insolvent organization no longer does what is best for the company or for its shareholders and instead is in dire need of legal advice before taking further action. It looks like that might be what then happened.
|
|
|
(At this point, I can basically set my watch by the regularity of high-profile thefts that occur in this community.)
Yup, BitFloor's was right on time!
|
|
|
--- Although OT is uniquely positioned to take advantage of this, I believe our entire community needs to go in the multisig direction, regardless of what software your exchange or web wallet is running.
With today's BitFloor hack, that realization is slowly getting there.
|
|
|
Forced to shut down BitFloor, Shtylman said he has initiated account repayment using funds on hand based on his record books, The latest on that: Please note that I have taken the website offline. I am consulting legal council about the current situation and will post once I have more details. I want to make sure the matter is handled appropriately given the financial situation the exchange is currently in.
I believe the situation changes once you are insolvent due to liabilities, particularly when they are customer funds. Getting legal counsel on the matter before returning funds is the correct course of action.
|
|
|
Yesterday my computer crashed and since then I have been unable to get the Satoshi client to fully load.
The debug.log might help tell you what its doing.
|
|
|
So i need to deposit 220 bitcoins
The bitcoin clients have no limit on how much you can store on them. So you can make purchases of smaller amounts of bitcoins and withdraw the funds to your own wallet. Then you can send a 220 BTC transaction to wherever you would like. To purchase that amount of bitcoins using cash from a single source, you might hit daily limts and/or need to provide verification. Instead you can use cash deposit methods that do not know your identity. For instance, a BitInstant purchase can go to one of your own bitcoin addresses. You can make as many purchases as you want, using a different address for each. - http://www.BitInstant.comYou might also find a local trader and do a cash trade: - http://www.LocalBitcoins.comIf you don't want to install software (e.g., the Bitcoin.org client), you can use a hybrid wallet such as Blockchain.info/wallet or a hosted (shared) wallet, such as Paytunia. At some point, using a third party wallet for a larger much of funds means you'll want to make especially sure you are working from a secure computer. For some transacting larger amounts is something they only do from a LiveCD, for example.
|
|
|
New theft: Bitfloor. Ranks #5 (preliminary, not including Pirate). A quarter million dollars worth of funds gone and it only ranks fifth? Incidentally, the list ordered by USD is missing a few ..., this BitFloor event and also the Linode (Bitcoina, Slush and Faucet), Bitcionica (May) and Bitcoinica (June) events. - http://bitcointalk.org/index.php?topic=83794.0#post_sect_listby_usd
|
|
|
To my knowledge, no USD deposits receive interest correct?
If interest was being earned then those deposits would be a different pool of "customer property" than the USDs deposited for the purpose of trading (which is the same purpose that my BTCs were deposited for -- only for the purpose of trading).
|
|
|
. . .Those with BTCs can get an injunction to freeze the USD funds but apparently nobody cares Why are you so sure that this isn't already happening? Because there were only crickets after this: Who will cooperate in filing an injunction?
I do hope that is happening.
|
|
|
Not sure where people get the idea that bitfloor "can't" repay USD account holders.
Let's say I make sandwiches and I buy on credit some cooking equipment and I bought on credit some bread, meat, vegetables, etc. And then my safe gets robbed overnight and I am insolvent. I am not allowed to then let the cooking equipment vendor come and reclaim his equipment while the unpaid debt to the grocery supplier remains unpaid because I had previously sold the sandwiches and the food is now gone. When you deposited USDs with BitFloor, you are in the same pool as the person that deposited BTCs. They are all the same category -- customer assets. Those with BTCs can get an injunction to freeze the USD funds but apparently nobody cares
|
|
|
between this, bitcoinica, and pirate, i believe that's 3 strikes
There were many questions as to Bitcoinica's security long before they were hacked. As far as pirate, that isn't even close to being in the same category as this. This one was a little different because people presumed that because some good security practices were in place, others (such as what should be rule #1 for an exchange ... Thou shalt keep anything more than a day's worth of bitcoin needs in cold storage) would be followed as well. As we learned too late, they weren't
|
|
|
However, the author really didn't do a good job of explaining how the player can prove the deck was fair.
Well, it isn't something you want to be doing manually. The "greasemonkey script" was described as a way to automate this verification. The thing is that since bitZino doesn't know who is verifying and who isn't. But if even one single verification I do fails, that would be inexcusable and would be not only the last hand I'ld play would be something bitZino would have to come up with a darn good explanation as to how it happened. So while bitZino can be probably fair on any hand, most hands are played without anyone doing the verifying. Unless you are recording the info in each hand (and how you played), you can't go back to previous hands to verify. Again, a greasemonkey script can do all this but the bitZino web app doesn't. With BitLotto and SatoshiDICE for example, proof of fairness can be determined long afterward, as nearly all the info is in the blockchain. For SatoshiDICE, their hash file plus their secrets file is also needed. Their hash file is a static file that has been archived independently, and the secrets file is appended to daily and can be verified at any point in time using the hash file. The additional info necessary for BitLotto comes from the results of a state-run lottery (Megaball) which occurs after the monthly draw deadline. If bitZino (or someone else) were to create a mobile app version that did the verification on each hand, then verification for each hand could be performed, in real time. Of course, that should be an open source app so that the method can be inspected to ensure it is doing the verification properly.
|
|
|
From what I've gathered bitcoind is a command line bitcoin client. Is it bundled with bitcoin Qt, or do I have to download it seperately? If it's bundled, where would I go about finding and starting it on mac OSX?
While you can configure Bitcoin-qt on OS/X to run as a server, bitcoind gives you a method to make the API calls from the command line. If you had a bitcoind, then these would be the steps: Step 0.) of course,,, ... make a backup of your wallet.dat files (even the new one before you have any transactions). 1.) Configure bitcoin.conf with rpcuser=, rpcpassword= and server= so that you can access the API from command line bitcoind. 2.) Run bitcoind (or Bitcoin-qt with -server ) 3.) $ ~/bin/bitcoind -rpcuser=myuser -rpcpassword=mypassword listaccounts for each of those accounts, do a getaddressesbyaccount. For example, for the default account (""): $ ~/bin/bitcoind -rpcuser=myuser -rpcpassword=mypassword getaddressesbyaccount "" Then get the private key (dumpprivkey ) for each of those addresses. e.g., for 1PC9aZC4hNX2rmmrt7uHTfYAS3hRbph4UN do: ./bitcoind -rpcuser=myuser -rpcpassword=mypassword dumpprivkey 1PC9aZC4hNX2rmmrt7uHTfYAS3hRbph4UN 4.) Then with the new, empty wallet, do the same steps 1-3. then importprivkey for each. Now this can be automated with a script if needed. Also if you have wallet encryption enabled, you'll need to issue the RPC command walletpassphrase to make it so subsequent commands are accepted / 5.) Remove or replace bitcoin.conf so that you aren't leaving RPC enabled if you weren't previously using it. This is not something non-technical people are expected to need to do. You may wish to contract with someone (reputable) recover these funds. From an export of the addresses it can be determined how much in unspent funds you have in that wallet. As far as a possible explanation of how this scenario you are in could happen, see issue #1428: - https://github.com/bitcoin/bitcoin/issues/1428
|
|
|
Thank you for allowing ACH withdrawals.
Could you please allow trading to resume? Right now, any USD withdrawals are subject to the funds being clawed back if BitFloor is insolvent. So someone trading and then withdrawing bitcoins is better off (as bitcoin reversals are not reversible) than the party that withdrew USDs. I hope for Roman's sake he either comes up with sufficient capital or if BitFloor is insolvent he gets legal advice before processing a single withdrawal.
|
|
|
I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.
If you had outstanding orders they have all been cancelled.
Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.
Who will cooperate in filing an injunction? Unless an injunction is filed, there is about a quarter million USD worth of customer funds from BTC balances that are going to disappear as Roman is out of the country and he has announced plans to process USD withdrawals. i.e., those USDs are going to be leaving the BitFloor bank accounts very soon unless action is taken. At least with an injunction, cents on the dollar (at the same level as USD depositors get) would be returned on those BTC balances. Personally I don't have enough bitcoins with BitFloor to warrant me pursuing this myself. I would be surprised that nobody else cares though.
|
|
|
BitFloor has reported a security breach. No coins were kept in cold storage, and all coins from the hot wallet are now spent. As a last resort, I will be forced to fully shut BitFloor down and initiate account repayment using current available funds. I still have all of the logs for accounts, trades, transfers. I know exactly how much each user currently has in their account for both USD and BTC. No records were lost in this attack.
- http://bitcointalk.org/index.php?topic=105818.0 - http://bitcointalk.org/index.php?topic=105819.0
|
|
|
|