Bitcoin Forum
March 19, 2024, 03:57:59 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 »
  Print  
Author Topic: bitfloor needs your help!  (Read 177364 times)
shtylman (OP)
Sr. Member
****
Offline Offline

Activity: 243
Merit: 250



View Profile
September 04, 2012, 07:54:02 PM
 #101

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.
So basically, BTC withdrawals will be delayed until you have the funds to pay for them?  Or both BTC and USD withdrawals (after you allow whoever wants to withdraw via ACH to do so)?  What if I trade for USD (once you re-enable trading), then request an ACH withdrawal?

The BTC are gone but I have records of how much each person had at the time of the theft. Once trading resumes you will be free to deposit new BTC and trade those for USD.
1710820679
Hero Member
*
Offline Offline

Posts: 1710820679

View Profile Personal Message (Offline)

Ignore
1710820679
Reply with quote  #2

1710820679
Report to moderator
Remember that Bitcoin is still beta software. Don't put all of your money into BTC!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
vampire
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500



View Profile
September 04, 2012, 07:54:51 PM
 #102

shtylman, where physically are you for service of process?
https://bitfloor.com/about

Quote
Mailing Address
Bitfloor Inc.
27-29 W 60th St. #21053
New York, NY 10023

Roman recently had traveled or moved possibly out of the country (London ?). 

The address is USPS PO Box. Roman went for the conference to london?
runeks
Legendary
*
Offline Offline

Activity: 980
Merit: 1008



View Profile WWW
September 04, 2012, 07:56:25 PM
 #103

Dammit! I'm sorry to hear this shtylman. I really had high hopes for bitfloor as well. The user interface is by far the best of any exchange I've seen.

I really hope you will release more information about how the attack was carried out. At least tell us what you know. Exchange security will never improve if we don't know how these hackers get in. Based on the number of exchanges that have been compromised, I assume that the attacks aren't terribly advanced. I mean, not via the sort of vulnerabilities that go for $100k on the black market and take months to discover. It would really help to know if it's SQL injection or an Apache/nginx vulnerability or something else.
Otoh
Donator
Legendary
*
Offline Offline

Activity: 3024
Merit: 1104



View Profile
September 04, 2012, 07:57:17 PM
 #104

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.

wow, sounds like he's found an angel backer, maybe it's the hacker, at least that would help sort out basic security issues as he wouldn't want anyone else running off with his new golden goose

BTC = $c²     My BTC addie = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc 
Bitstamp Exchange: Referal Code
CHARITY | MY REP | PREDICTION 1 | PREDICTION 2 | PREDICTION 3
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
September 04, 2012, 07:57:38 PM
 #105

shtylman, where physically are you for service of process?
https://bitfloor.com/about

Quote
Mailing Address
Bitfloor Inc.
27-29 W 60th St. #21053
New York, NY 10023

Roman recently had traveled or moved possibly out of the country (London ?). 

The address is USPS PO Box. Roman went for the conference to london?

He's been there since July at least:

 - http://bitcointalk.org/index.php?topic=94975.0

Related thread:

 - http://bitcointalk.org/index.php?topic=93655.0

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


EnergyVampire
Full Member
***
Offline Offline

Activity: 210
Merit: 100



View Profile
September 04, 2012, 07:57:49 PM
 #106

There is no single solution which meets the needs of every single service provider.  That being said having a hotwallet with 100% of the funds is simply inexcusable.   More than anything else it is sad.   Bitfloor was growing rapidly and was a great source of liquidity outside of MtGox (which is important IMHO).  It is destroyed now and honestly shtylman is better than that.

Agreed.  If Roman really learns as much as possible from this, let others review his security procedures, he can build the most secure exchange out there.  Large withdrawals may not be instant, who cares, at least they are safe.  If I deposit 1000 BTC with him, I want to trade it, not withdraw it back out immediately.

+1 I agree with BitPay(Tony?)

On another note, it might be possible to raise funds with a bond or equity (preferred shares, maybe?) issue. Not sure about the legality, regardless BitFloor will absorb the lost coins but at least your customers will be satisfied imo.

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1063


Gerald Davis


View Profile
September 04, 2012, 07:58:15 PM
 #107

Dammit! I'm sorry to hear this shtylman. I really had high hopes for bitfloor as well. The user interface is by far the best of any exchange I've seen.

I really hope you will release more information about how the attack was carried out. At least tell us what you know. Exchange security will never improve if we don't know how these hackers get in. Based on the number of exchanges that have been compromised, I assume that the attacks aren't terribly advanced. I mean, not via the sort of vulnerabilities that go for $100k on the black market and take months to discover. It would really help to know if it's SQL injection or an Apache/nginx vulnerability or something else.

This I would be willing to donate towards a fund for the victims if detailed information on the attack as well as post-attack analysis and mitigating steps were provided.   I hope I am not the only one.  It could improve the security of other exchanges and service providers.
gllen
Donator
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile
September 04, 2012, 07:58:22 PM
Last edit: September 04, 2012, 09:10:17 PM by gllen
 #108

Man, that's really too bad.

I've been nothing but impressed by bitfloor; from the video interview, to the github code, to the API and testnet, BF seems like one of the best implemented exchanges out there.

63k BTC (30 day volume) = 3.15k fees (converted to BTC)?

Maybe a dumb idea, but you could offer trade-able bonds to the current BTC balance holders, with a 12-24 month term, and a generous (but achievable) rate.


Edit: 0.3% fees = 189 BTC gross. My math above is way off  Undecided
ErnestoJuarell
Member
**
Offline Offline

Activity: 113
Merit: 10


¿Sabe lo que quiero decir?


View Profile
September 04, 2012, 08:00:41 PM
 #109

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.
So basically, BTC withdrawals will be delayed until you have the funds to pay for them?  Or both BTC and USD withdrawals (after you allow whoever wants to withdraw via ACH to do so)?  What if I trade for USD (once you re-enable trading), then request an ACH withdrawal?

The BTC are gone but I have records of how much each person had at the time of the theft. Once trading resumes you will be free to deposit new BTC and trade those for USD.
Was the box holding the records compromised? How can you be sure the hacker didn't mess with the figures. Do you have offline backups to compare to to look for something fishy?

LoweryCBS
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


firstbits 1LoCBS


View Profile
September 04, 2012, 08:00:48 PM
 #110

I'd buy Bitfloor-issued bonds. Or even Bitfloor stock.

Man, that's really too bad.

I've been nothing but impressed by bitfloor; from the video interview, to the github code, to the API and testnet, BF seems like one of the best implemented exchanges out there.

63k BTC (30 day volume) = 3.15k fees (converted to BTC)?

Maybe a dumb idea, but you could offer trade-able bonds to the current BTC balance holders, with a 12-24 month term, and a generous (but achievable) rate.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1063


Gerald Davis


View Profile
September 04, 2012, 08:02:58 PM
 #111

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.

wow, sounds like he's found an angel backer, maybe it's the hacker, at least that would help sort out basic security issues as he wouldn't want anyone else running off with his new golden goose

What makes you think that.

"repaying BTC losses using the proceeds from fees".
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500

I am the one who knocks


View Profile
September 04, 2012, 08:07:31 PM
 #112

Replace word "bitcoins" by "potatoes" and any judge will figure out on the spot what to do.

Potatoes aren't a digital construct thinly traded only on unregulated exchanges.  I do agree that Bitcoin will need to be regulated eventually.  It simply can't co-exist with fiat currencies without definition.  However that day isn't today.

Of course. However, potatoes have value, they can be stolen too. Imagine a commodity exchange where you can deposit bags of potatoes that you and other customers have "farmed". Those potatoes can be sent to the exchange as well as fiat money (legal tender btw). Someone have stolen all the potatoes, exchange goes BK... Effectively a judge has only two choices:

1. Distribute all fiat back to depositors and leave potato sellers to hold the bag (an empty potato bag no less).
2. Value all the lost potato deposits in fiat, distribute whatever fiat left proportionally.

I bet it will be 2.
* ErebusBat steals the idea and runs off to create Potatoe-ville for facebook.

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
BitPay Business Solutions
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


View Profile WWW
September 04, 2012, 08:07:55 PM
 #113


+1 I agree with BitPay(Tony?)

On another note, it might be possible to raise funds with a bond or equity (preferred shares, maybe?) issue. Not sure about the legality, regardless BitFloor will absorb the lost coins but at least your customers will be satisfied imo.

Yes that's me.

Multiple options are being considered.  First and foremost, Roman needs a written security plan.  This is just processes and procedures, not passwords.

Beyond that, I have given Roman some ideas on how he can restart or rebuild Bitfloor stronger, but I will wait for him to review and circulate those ideas himself.  Taking outside investment capital is not out of the question.  He has the best technology of any exchange, and that is worth something to people looking to invest in this area.  He also needs to learn from this and have the best security of any exchange.


BitPay : The World Leader in Bitcoin Business Solutions

https://bitpay.com

Does your website accept bitcoins?
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
September 04, 2012, 08:10:53 PM
 #114

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.

Who will cooperate in filing an injunction?

Unless an injunction is filed, there is about a quarter million USD worth of customer funds from BTC balances that are going to disappear as Roman is out of the country and he has announced plans to process USD withdrawals.  i.e., those USDs are going to be leaving the BitFloor bank accounts very soon unless action is taken.

At least with an injunction, cents on the dollar (at the same level as USD depositors get) would be returned on those BTC balances.

Personally I don't have enough bitcoins with BitFloor to warrant me pursuing this myself.  

I would be surprised that nobody else cares though.

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


Otoh
Donator
Legendary
*
Offline Offline

Activity: 3024
Merit: 1104



View Profile
September 04, 2012, 08:14:13 PM
 #115

I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.

If you had outstanding orders they have all been cancelled.

Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.

wow, sounds like he's found an angel backer, maybe it's the hacker, at least that would help sort out basic security issues as he wouldn't want anyone else running off with his new golden goose

What makes you think that.

"repaying BTC losses using the proceeds from fees".

Well I hope he has found one or at least enough interest to expect one otherwise it would take forever to pay back from fees - I just don't think that would be realistic without someone buying in to the company

BTC = $c²     My BTC addie = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc 
Bitstamp Exchange: Referal Code
CHARITY | MY REP | PREDICTION 1 | PREDICTION 2 | PREDICTION 3
BitPay Business Solutions
Hero Member
*****
Offline Offline

Activity: 742
Merit: 500


View Profile WWW
September 04, 2012, 08:14:51 PM
 #116

Personally didn't have enough bitcoins with BitFloor to warrant me pursuing this myself.  

I would be surprised that nobody else cares though.

Technically you are correct.  However I can verify that Roman is in regular contact with his largest depositors, and while I cannot speak for all of them, I do believe this will be resolved without a bankruptcy.  give the guy a chance to make some calls and look at his options to bring in capital.

BitPay : The World Leader in Bitcoin Business Solutions

https://bitpay.com

Does your website accept bitcoins?
muyuu
Donator
Legendary
*
Offline Offline

Activity: 980
Merit: 1000



View Profile
September 04, 2012, 08:28:49 PM
 #117

Knowing that they had an unencrypted wallet somewhere with ALL the funds, and ran the whole thing on a Linode VPS despite all past happenings, I find it really hard to consider a potential investment in Bitfloor other than extremely high risk.

It's sad because shtylman sounds like a really nice lad and the interface is well done, but obviously he's punching above his weight with the exchange idea.

Maybe if he hired a team of security experts *cough*  Wink or maybe not...

GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D)
forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
Joe200
Sr. Member
****
Offline Offline

Activity: 317
Merit: 250



View Profile
September 04, 2012, 08:30:01 PM
 #118

Thank you for allowing ACH withdrawals.

Could you please allow trading to resume? Then the people who really want to get out will be able to sell their bitcoins (for a fraction of their price outside of bitfloor). And people who are speculating that things will turn out will be able to buy up those bitcoins and potentially make money.

I think this will reduce the amount of customer discontent.
greyhawk
Hero Member
*****
Offline Offline

Activity: 938
Merit: 1009


View Profile
September 04, 2012, 08:31:55 PM
 #119

Knowing that they had an unencrypted wallet somewhere with ALL the funds, and ran the whole thing on a Linode VPS despite all past happenings, I find it really hard to consider a potential investment in Bitfloor other than extremely high risk.

This translates to an AA- rating in Harnettopia, so buyer beware
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560
Merit: 500

I am the one who knocks


View Profile
September 04, 2012, 08:33:48 PM
 #120

Thank you for allowing ACH withdrawals.

Could you please allow trading to resume? Then the people who really want to get out will be able to sell their bitcoins (for a fraction of their price outside of bitfloor). And people who are speculating that things will turn out will be able to buy up those bitcoins and potentially make money.

I think this will reduce the amount of customer discontent.

The problem with this is that there isn't enough coins to cover all (any?) withdrawal requests.

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!