[ANN] GorillaTeeth [TEETH] | 10 DAY Staking Confirmation | Good luck dumping it!

[emmnazady]

still dint get my teeth,
3 day now....
username : emmnazady
paul,please take action.

tq

[Leesminer]

Also waiting for my Teeth please
user Name
Leesminer

[JusTrynaMakeIt]

i am dentist.. i take all fuckin teet! ahaahahahaha!!!

[VladMcCloud]

Still have a zero balance for my TEETH. Username: VladMcCloud

[pjcltd]

Server attack (05/05/2015 0830 – 0840am GTM+1

Earlier today, GorillaEx was the victim of a successful attack resulting in a significant loss of GorillaTeeth

This attack did not affect GorillaStake.com at all and was isolated to only GorillaTeeth on GorillaEx, which had a higher than usual balance due to the coin swap. No other coins have been affected

This attack has not affected the exchange's database, users personal information, or any other account. It was isolated to a single account and a user was about to circumvent a withdrawal check thus allowing them to withdraw more coins than they should have. Furthermore, automated protections did step in and protect the bulk of the coin balance. At the time of the attack, more than 30,000 TEETH were in the wallet, meaning more than 2/3rds were protected from withdrawal

Further account audits have verified the user databases and other exchange wallets and services. The server is currently undergoing additional security verifications and will be returned to limited service shortly

We apologize for the inconvenience cause and hope you can understand our actions; our initial response was to protect everything else and deal with the fallout after

All withdrawals will remain suspended until the audit is complete

We basically have a few options at this point:

1) Rollback the GorillaTeeth blockchain, as this was the only coin affected

2) Close GorillaEx and tell everyone to fuck off

3) Ask for it back nicely, offer a fair % in exchange, and the opportunity to help us secure the site

Option number one is out of the question, as I was very vocal about that in the Mintpal situation

Option two is far too common in digital currencies, but not a stance we are ever going to take

Option three is what we are going with. If you are responsible for the attack, we will just ask nicely for you to return the funds and work with us in the future. We will cover the funds ourselves if you do not want to return them, but please don't make us do that; help us make everyone's experience nicer and more secure

Paul's return address for GorillaEx is - GcnBg6ZDJUcbmG8e86EaSZGxmM6KXtpfak - Please do the right thing, or we will cover it ourselves

[freedomsr40]

so are the coins we lost safe???i had about 275.... i really cant afford to just lose those...

[pjcltd]

so are the coins we lost safe???i had about 275.... i really cant afford to just lose those...

if the coins are not returned they will be replaced

[pjcltd]

I'm not going anywhere guys

Well it's 00:13 here I'll be back at 7:am gmt +1
So I'm off to bed

[fonzerrellie]

WoW what a pathetic hater that would do that... gee someones scared of TEETH? or wanted them so bad that they do something so pathetic like that.

[drays]

As the malicious transaction was just few hours or minutes ago, maybe its not too late to hardfork the blockchain at some older point, so the transaction of the thief gets invalidated..?

[Troublesome96]

WoW what a pathetic hater that would do that... gee someones scared of TEETH? or wanted them so bad that they do something so pathetic like that.

Maybe it was someone disgruntled with the 1teeth tx fee?
Maybe it was someone who was on vacation or saved their balls/10k for a rainy day and came back to see that the did not make the cutoff?

I am more concerned with the exploit itself. Is this a common exploit (bc I have heard of something similar a few times)?

If it is fairly known, or a similar method thereof, why was this not already secured against?

Sidenote: I believe that igotspots should cover it all...why? Because he personally vouched for this exchange and he was the largest (or close) snowballs holder. If he brings some innovation to TEETH that the market likes/needs then he would be made whole again by what he has left and paid jobs in the crypto space. Just my two cents.

[Troublesome96]

As the malicious transaction was just few hours or minutes ago, maybe its not too late to hardfork the blockchain at some older point, so the transaction of the thief gets invalidated..?

That sounds good to me assuming necessary checkpoints exist, but the post was rather cryptic as to when it actually happened.

[jc12345]

If you roll back the blockchain you will not be setting precedent as the precedent was set with Mintpal. There is no need to save face because of a previous stance on something. A third of a coin base lost is very significant and the market can be crashed by the attacker at any time. There must be generally accepted rules for a rollback eg. a theft of a certain % of coins eg. 30% or more. People cannot afford to lose such large amounts and the interest of the investors need to be placed first. We are not talking about BTC here and there will probably be a couple of roll-backs in future as well on other coins as the crypto-system is enhanced and made more robust. There is also no regulator yet and in future there will probably be such a body at some time that would need to provide approval for such a step. Also, all alts are part of R&D to build and develop the future digital currency and there will be ****ups along the way.

Ask the attacker to give the funds back by a certain time in order for him to get something out to prevent a roll-back, otherwise do go ahead with a roll-back and the attacker gets nothing. Creating a new exchange is not a trivial thing and coupling that with such a complex swopout makes it even easier for mistakes to be made with the setup and security. **** happens in crypto and lessons are learnt.

You can say about Spots what you want and much of it is probably true and much probably not, but he is doing great work regarding research and development on block chains, staking and economics and he should be allowed to continue with his work. Those that contribute to the research and projects get some profit out of it as well which is win-win. Based on the above I would say do plan A as you did and automatic fall-over to plan B if plan A fails by a certain deadline. However if Spots insists to cover the 30k coins it himself then it is up to him.

[thc4me]

http://gorillastake.com/attack.html

When I first logged in to collect my teeth, a certificate warning was encountered. The certificate was from btcpool so all was OK.

I just tried to access the site and encountered a new warning, the details are:

"gorilla.exchange uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is only valid for WIN-BTSM3MS0G9T

(Error code: sec_error_unknown_issuer)"

Is this some part of the attack or did you install a new certificate.

Do not want to try to get into the site until answered.

[fonzerrellie]

As the malicious transaction was just few hours or minutes ago, maybe its not too late to hardfork the blockchain at some older point, so the transaction of the thief gets invalidated..?

That sounds good to me assuming necessary checkpoints exist, but the post was rather cryptic as to when it actually happened.

and any transactions that happened after would become void as well so there would be butthurts from people who paid btc for theirs today.

it sounds like they have a plan already, and if the team follows through and replaces it... then I'd consider them to be one of the most upstanding exchanges I've seen thus far in crypto and they will have a loyal customer in me.

[jc12345]

If you roll back the blockchain you will not be setting precedent as the precedent was set with Mintpal. There is no need to save face becuase of a previous stance on something. A third of a coin base lost is very significant and the market can be crashed by the attacker at any time. There must be generally accepted rules for a rollback eg. a theft of a certain % of coins eg. 30% or more. People cannot afford to lose such large amounts and the interest of the investors need to be placed first.

Ask the attacker to give the funds back by a certain time in order for him to get something out to prevent a roll-back, otherwise do go ahead with a roll-back and the attacker gets nothing. Creating a new exchange is not a trivial thing and coupling that with such a complex swopout makes it even easier for mistakes to be made with the setup and security. **** happens in crypto and lessons are learnt.

You can say about Spots what you want and much of it is probably true and much probably not, but he is doing great work regarding research and development on block chains, staking and economics and he should be allowed to continue with his work. Those that contribute to the research and projects get some profit out of it as well which is win-win. Based on the above I would say do plan A as you did and automatic fall-over to plan B if plan A fails by a certain deadline.

they mean 1/3 of teeth on exchange not total. he say only 11000 teeth gone before audit check froze it

Ok thats about 10% then. mmm tough call.

[Troublesome96]

Is there a blockexplorer up for TEETH?

It would interesting to see when this occurred and how many tx's were used, also, allowing us to follow the coins.

And allow more people to potentially investigate the tx's.
Potentially turning up the heat on the culprit and at the very least allowing more eyes. (Especially while some are off to bed)

It also appears that c-cex locked down their teeth market as well.

[fonzerrellie]

Is there a blockexplorer up for TEETH?

It would interesting to see when this occurred and how many tx's were used, also, allowing us to follow the coins.

And allow more people to potentially investigate the tx's.
Potentially turning up the heat on the culprit and at the very least allowing more eyes. (Especially while some are off to bed)

It also appears that c-cex locked down their teeth market as well.

yup they closed it down pretty quick... good job cc ex 

[Troublesome96]

As the malicious transaction was just few hours or minutes ago, maybe its not too late to hardfork the blockchain at some older point, so the transaction of the thief gets invalidated..?

That sounds good to me assuming necessary checkpoints exist, but the post was rather cryptic as to when it actually happened.

and any transactions that happened after would become void as well so there would be butthurts from people who paid btc for theirs today.

it sounds like they have a plan already, and if the team follows through and replaces it... then I'd consider them to be one of the most upstanding exchanges I've seen thus far in crypto and they will have a loyal customer in me.

We are unable to see market volume on both exchanges now that they were locked down. And we do not know what time the attacked actually occurred, yet.

But over the last 18hrs the volume of both exchanges was very small when compared to the total value of ~10,000 TEETH. Rolling back to the attack time itself and recreating actual trades that occurred since then on both chains might only end up being a 5btc loss or less. Will it take some work, sure...but I believe if actually thought over it might actually be the best case scenario. This would not be a full rollback, just rolling back to the tx before the attack and then recreating trade histories of the 2 exchanges which are off chain (I am guessing less than 50 buy/sells total between the exchanges).  I am sure I am missing some details that I hope come as responses so that this may be looked at as a viable option.

EDIT: Until then, if anyone has the availability to throw together an explorer or some pull with one of the major explorer sites now would be the time to ask for a pro bono explorer.

EDIT 2: From how I am looking at it, with the above proposed rollback, the only thing lost would be btc and it would be limited to how much the thief dumped on the 2 markets combined.

[Troublesome96]

Is this the official source?
https://github.com/iGotSpots/GorillaTeeth

Nothing is mentioned in the OP.