Bitcoin Forum
April 18, 2014, 12:15:10 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: 1 2 3 4 5 [6] 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
  Print  
Author Topic: bitfloor needs your help!  (Read 92112 times)
shtylman
Sr. Member
****
Offline Offline

Activity: 243



View Profile

Ignore
September 04, 2012, 07:54:02 PM
 #101

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.
So basically, BTC withdrawals will be delayed until you have the funds to pay for them?  Or both BTC and USD withdrawals (after you allow whoever wants to withdraw via ACH to do so)?  What if I trade for USD (once you re-enable trading), then request an ACH withdrawal?

The BTC are gone but I have records of how much each person had at the time of the theft. Once trading resumes you will be free to deposit new BTC and trade those for USD.
1397780110
Hero Member
*
Offline Offline

Posts: 1397780110

View Profile Personal Message (Offline)

Ignore
1397780110
Reply with quote  #2

1397780110
Report to moderator
1397780110
Hero Member
*
Offline Offline

Posts: 1397780110

View Profile Personal Message (Offline)

Ignore
1397780110
Reply with quote  #2

1397780110
Report to moderator
1397780110
Hero Member
*
Offline Offline

Posts: 1397780110

View Profile Personal Message (Offline)

Ignore
1397780110
Reply with quote  #2

1397780110
Report to moderator
Private Internet Access™ - No logs, Unlimited Bandwidth, PC Magazine's Editor's Choice
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397780110
Hero Member
*
Offline Offline

Posts: 1397780110

View Profile Personal Message (Offline)

Ignore
1397780110
Reply with quote  #2

1397780110
Report to moderator
1397780110
Hero Member
*
Offline Offline

Posts: 1397780110

View Profile Personal Message (Offline)

Ignore
1397780110
Reply with quote  #2

1397780110
Report to moderator
1397780110
Hero Member
*
Offline Offline

Posts: 1397780110

View Profile Personal Message (Offline)

Ignore
1397780110
Reply with quote  #2

1397780110
Report to moderator
vampire
Hero Member
*****
Offline Offline

Activity: 574



View Profile

Ignore
September 04, 2012, 07:54:51 PM
 #102

shtylman, where physically are you for service of process?
https://bitfloor.com/about

Quote
Mailing Address
Bitfloor Inc.
27-29 W 60th St. #21053
New York, NY 10023

Roman recently had traveled or moved possibly out of the country (London ?). 

The address is USPS PO Box. Roman went for the conference to london?
runeks
Hero Member
*****
Offline Offline

Activity: 812



View Profile WWW

Ignore
September 04, 2012, 07:56:25 PM
 #103

Dammit! I'm sorry to hear this shtylman. I really had high hopes for bitfloor as well. The user interface is by far the best of any exchange I've seen.

I really hope you will release more information about how the attack was carried out. At least tell us what you know. Exchange security will never improve if we don't know how these hackers get in. Based on the number of exchanges that have been compromised, I assume that the attacks aren't terribly advanced. I mean, not via the sort of vulnerabilities that go for $100k on the black market and take months to discover. It would really help to know if it's SQL injection or an Apache/nginx vulnerability or something else.

My address: 1runeksijzfVxyrpiyCY2LCBvYsSiFsCm
ASICMiner solo hashrate: http://runeks.me/bitcoin/
Otoh
Donator
Hero Member
*
Offline Offline

Activity: 1022



View Profile

Ignore
September 04, 2012, 07:57:17 PM
 #104

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.

wow, sounds like he's found an angel backer, maybe it's the hacker, at least that would help sort out basic security issues as he wouldn't want anyone else running off with his new golden goose

BTC = $c²     LTC = $c³     BTC = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc     LTC = LQMHQ6haTzVa2uKkxFAaujEqmzkbHBzt7i     NXT = 9862336831998627827     

BITCOIN: ♦  Just-Dice.com  ♦   ♦  1% House Edge Dice Game  ♦   ♦  Play or Invest  ♦     LITECOIN: INTRO | CLIENT | EXCHANGE | CHARTS | MINING | FORUM | ASTRO | A REPORT ON LTC | NEWS | PRIZES | CHARITY | MY REP | DICE
Stephen Gornick
Hero Member
*****
Offline Offline

Activity: 1232



View Profile WWW

Ignore
September 04, 2012, 07:57:38 PM
 #105

shtylman, where physically are you for service of process?
https://bitfloor.com/about

Quote
Mailing Address
Bitfloor Inc.
27-29 W 60th St. #21053
New York, NY 10023

Roman recently had traveled or moved possibly out of the country (London ?). 

The address is USPS PO Box. Roman went for the conference to london?

He's been there since July at least:

 - http://bitcointalk.org/index.php?topic=94975.0

Related thread:

 - http://bitcointalk.org/index.php?topic=93655.0

EnergyVampire
Full Member
***
Offline Offline

Activity: 210



View Profile

Ignore
September 04, 2012, 07:57:49 PM
 #106

There is no single solution which meets the needs of every single service provider.  That being said having a hotwallet with 100% of the funds is simply inexcusable.   More than anything else it is sad.   Bitfloor was growing rapidly and was a great source of liquidity outside of MtGox (which is important IMHO).  It is destroyed now and honestly shtylman is better than that.

Agreed.  If Roman really learns as much as possible from this, let others review his security procedures, he can build the most secure exchange out there.  Large withdrawals may not be instant, who cares, at least they are safe.  If I deposit 1000 BTC with him, I want to trade it, not withdraw it back out immediately.

+1 I agree with BitPay(Tony?)

On another note, it might be possible to raise funds with a bond or equity (preferred shares, maybe?) issue. Not sure about the legality, regardless BitFloor will absorb the lost coins but at least your customers will be satisfied imo.

DeathAndTaxes
Donator
Hero Member
*
Offline Offline

Activity: 966



View Profile WWW

Ignore
September 04, 2012, 07:58:15 PM
 #107

Dammit! I'm sorry to hear this shtylman. I really had high hopes for bitfloor as well. The user interface is by far the best of any exchange I've seen.

I really hope you will release more information about how the attack was carried out. At least tell us what you know. Exchange security will never improve if we don't know how these hackers get in. Based on the number of exchanges that have been compromised, I assume that the attacks aren't terribly advanced. I mean, not via the sort of vulnerabilities that go for $100k on the black market and take months to discover. It would really help to know if it's SQL injection or an Apache/nginx vulnerability or something else.

This I would be willing to donate towards a fund for the victims if detailed information on the attack as well as post-attack analysis and mitigating steps were provided.   I hope I am not the only one.  It could improve the security of other exchanges and service providers.

Gerald Davis  CEO, Tangible Cryptography Inc.
BitSimple. A simpler way to buy and sell bitcoins
gllen
Donator
Newbie
*
Offline Offline

Activity: 21


View Profile

Ignore
September 04, 2012, 07:58:22 PM
 #108

Man, that's really too bad.

I've been nothing but impressed by bitfloor; from the video interview, to the github code, to the API and testnet, BF seems like one of the best implemented exchanges out there.

63k BTC (30 day volume) = 3.15k fees (converted to BTC)?

Maybe a dumb idea, but you could offer trade-able bonds to the current BTC balance holders, with a 12-24 month term, and a generous (but achievable) rate.


Edit: 0.3% fees = 189 BTC gross. My math above is way off  Undecided
ErnestoJuarell
Member
**
Offline Offline

Activity: 114


¿Sabe lo que quiero decir?


View Profile

Ignore
September 04, 2012, 08:00:41 PM
 #109

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.
So basically, BTC withdrawals will be delayed until you have the funds to pay for them?  Or both BTC and USD withdrawals (after you allow whoever wants to withdraw via ACH to do so)?  What if I trade for USD (once you re-enable trading), then request an ACH withdrawal?

The BTC are gone but I have records of how much each person had at the time of the theft. Once trading resumes you will be free to deposit new BTC and trade those for USD.
Was the box holding the records compromised? How can you be sure the hacker didn't mess with the figures. Do you have offline backups to compare to to look for something fishy?

LoweryCBS
Sr. Member
****
Offline Offline

Activity: 364


firstbits 1LoCBS


View Profile

Ignore
September 04, 2012, 08:00:48 PM
 #110

I'd buy Bitfloor-issued bonds. Or even Bitfloor stock.

Man, that's really too bad.

I've been nothing but impressed by bitfloor; from the video interview, to the github code, to the API and testnet, BF seems like one of the best implemented exchanges out there.

63k BTC (30 day volume) = 3.15k fees (converted to BTC)?

Maybe a dumb idea, but you could offer trade-able bonds to the current BTC balance holders, with a 12-24 month term, and a generous (but achievable) rate.
DeathAndTaxes
Donator
Hero Member
*
Offline Offline

Activity: 966



View Profile WWW

Ignore
September 04, 2012, 08:02:58 PM
 #111

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.

wow, sounds like he's found an angel backer, maybe it's the hacker, at least that would help sort out basic security issues as he wouldn't want anyone else running off with his new golden goose

What makes you think that.

"repaying BTC losses using the proceeds from fees".

Gerald Davis  CEO, Tangible Cryptography Inc.
BitSimple. A simpler way to buy and sell bitcoins
ErebusBat
Hero Member
*****
Offline Offline

Activity: 546

I am the one who knocks


View Profile

Ignore
September 04, 2012, 08:07:31 PM
 #112

Replace word "bitcoins" by "potatoes" and any judge will figure out on the spot what to do.

Potatoes aren't a digital construct thinly traded only on unregulated exchanges.  I do agree that Bitcoin will need to be regulated eventually.  It simply can't co-exist with fiat currencies without definition.  However that day isn't today.

Of course. However, potatoes have value, they can be stolen too. Imagine a commodity exchange where you can deposit bags of potatoes that you and other customers have "farmed". Those potatoes can be sent to the exchange as well as fiat money (legal tender btw). Someone have stolen all the potatoes, exchange goes BK... Effectively a judge has only two choices:

1. Distribute all fiat back to depositors and leave potato sellers to hold the bag (an empty potato bag no less).
2. Value all the lost potato deposits in fiat, distribute whatever fiat left proportionally.

I bet it will be 2.
* ErebusBat steals the idea and runs off to create Potatoe-ville for facebook.

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
BitPay Business Solutions
Hero Member
*****
Offline Offline

Activity: 756



View Profile WWW

Ignore
September 04, 2012, 08:07:55 PM
 #113


+1 I agree with BitPay(Tony?)

On another note, it might be possible to raise funds with a bond or equity (preferred shares, maybe?) issue. Not sure about the legality, regardless BitFloor will absorb the lost coins but at least your customers will be satisfied imo.

Yes that's me.

Multiple options are being considered.  First and foremost, Roman needs a written security plan.  This is just processes and procedures, not passwords.

Beyond that, I have given Roman some ideas on how he can restart or rebuild Bitfloor stronger, but I will wait for him to review and circulate those ideas himself.  Taking outside investment capital is not out of the question.  He has the best technology of any exchange, and that is worth something to people looking to invest in this area.  He also needs to learn from this and have the best security of any exchange.


BitPay : The World Leader in Bitcoin Business Solutions

https://bitpay.com

Does your website accept bitcoins?
Stephen Gornick
Hero Member
*****
Offline Offline

Activity: 1232



View Profile WWW

Ignore
September 04, 2012, 08:10:53 PM
 #114

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.

Who will cooperate in filing an injunction?

Unless an injunction is filed, there is about a quarter million USD worth of customer funds from BTC balances that are going to disappear as Roman is out of the country and he has announced plans to process USD withdrawals.  i.e., those USDs are going to be leaving the BitFloor bank accounts very soon unless action is taken.

At least with an injunction, cents on the dollar (at the same level as USD depositors get) would be returned on those BTC balances.

Personally I don't have enough bitcoins with BitFloor to warrant me pursuing this myself.  

I would be surprised that nobody else cares though.

Otoh
Donator
Hero Member
*
Offline Offline

Activity: 1022



View Profile

Ignore
September 04, 2012, 08:14:13 PM
 #115

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.

wow, sounds like he's found an angel backer, maybe it's the hacker, at least that would help sort out basic security issues as he wouldn't want anyone else running off with his new golden goose

What makes you think that.

"repaying BTC losses using the proceeds from fees".

Well I hope he has found one or at least enough interest to expect one otherwise it would take forever to pay back from fees - I just don't think that would be realistic without someone buying in to the company

BTC = $c²     LTC = $c³     BTC = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc     LTC = LQMHQ6haTzVa2uKkxFAaujEqmzkbHBzt7i     NXT = 9862336831998627827     

BITCOIN: ♦  Just-Dice.com  ♦   ♦  1% House Edge Dice Game  ♦   ♦  Play or Invest  ♦     LITECOIN: INTRO | CLIENT | EXCHANGE | CHARTS | MINING | FORUM | ASTRO | A REPORT ON LTC | NEWS | PRIZES | CHARITY | MY REP | DICE
BitPay Business Solutions
Hero Member
*****
Offline Offline

Activity: 756



View Profile WWW

Ignore
September 04, 2012, 08:14:51 PM
 #116

Personally didn't have enough bitcoins with BitFloor to warrant me pursuing this myself.  

I would be surprised that nobody else cares though.

Technically you are correct.  However I can verify that Roman is in regular contact with his largest depositors, and while I cannot speak for all of them, I do believe this will be resolved without a bankruptcy.  give the guy a chance to make some calls and look at his options to bring in capital.

BitPay : The World Leader in Bitcoin Business Solutions

https://bitpay.com

Does your website accept bitcoins?
stan.distortion
Hero Member
*****
Offline Offline

Activity: 602



View Profile

Ignore
September 04, 2012, 08:15:48 PM
 #117

Sorry to hear about that.
If security is verified by a trusted 3rd party I'd be interested in bonds should you choose to go that way.

­aminorex: "there are no good arguments for regulation, merely bad arguments in a good suit."
muyuu
Donator
Hero Member
*
Offline Offline

Activity: 770



View Profile

Ignore
September 04, 2012, 08:28:49 PM
 #118

Knowing that they had an unencrypted wallet somewhere with ALL the funds, and ran the whole thing on a Linode VPS despite all past happenings, I find it really hard to consider a potential investment in Bitfloor other than extremely high risk.

It's sad because shtylman sounds like a really nice lad and the interface is well done, but obviously he's punching above his weight with the exchange idea.

Maybe if he hired a team of security experts *cough*  Wink or maybe not...

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
Joe200
Full Member
***
Offline Offline

Activity: 122



View Profile

Ignore
September 04, 2012, 08:30:01 PM
 #119

Thank you for allowing ACH withdrawals.

Could you please allow trading to resume? Then the people who really want to get out will be able to sell their bitcoins (for a fraction of their price outside of bitfloor). And people who are speculating that things will turn out will be able to buy up those bitcoins and potentially make money.

I think this will reduce the amount of customer discontent.
greyhawk
Hero Member
*****
Offline Offline

Activity: 728


View Profile

Ignore
September 04, 2012, 08:31:55 PM
 #120

Knowing that they had an unencrypted wallet somewhere with ALL the funds, and ran the whole thing on a Linode VPS despite all past happenings, I find it really hard to consider a potential investment in Bitfloor other than extremely high risk.

This translates to an AA- rating in Harnettopia, so buyer beware

Stop sending me Bitcoins! 1HNLqLrPEwMk8woA91qwX9sRkatRfQik2T
Click here to get hacked
Pages: 1 2 3 4 5 [6] 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!