adamstgBit
Legendary
Offline
Activity: 1904
Merit: 1037
Trusted Bitcoiner
|
|
September 04, 2012, 06:54:20 PM |
|
New withdrawals are currently on hold while I work through the future of the exchange.
That is unacceptable. Regardless of the future of the exchange you have an obligation to disburse funds to the ACH account on record. You previously handled requests by email. USD funds by depositors are the property of the depositor and not an investment. You have no legal standing to hold those funds pending "anything". Since it seems shtylman missed it. Let me make it more clear. You wanting to continue bitfloor is admirable but it has absolutely nothing to do with client funds. The only purpose of those funds is for CLIENT to purchase bitcoins. Since that is no longer possible the funds should be returned immediately. Not in week, not in a month, not after you get "hacked" again and the attacker makes a bank wire withdraw of all the USD funds to some foreign bank. ya sending everyone's money back seems like a good first step. then rebuild a better system, and start making money again.
|
|
|
|
greyhawk
|
|
September 04, 2012, 06:56:04 PM |
|
Bitfloor is a helluva lot cheaper and more convenient than the clip joints being called exchanges out there.
I wonder why...
|
|
|
|
Dansker
|
|
September 04, 2012, 06:56:59 PM |
|
How about this:
You repay any USD-deposits, since they are all in tact.
You then re-pay what you can of the remaining BTC deposits.
You will then re-do your security, and publicly post how it will be done right from now on.
You will then re-pay the users who have deposited BTC which you can no longer repay with the incoming transaction fees, untill you have repaid everyone.
Then you will (after a year or two) start making money again. Running the operation untill then will have to be based on your hard work, and possibly investors investing into the company.
Disclosure: I am not invested in any way with any parties to this.
|
|
|
|
Severian
|
|
September 04, 2012, 07:01:10 PM |
|
Bitfloor is a helluva lot cheaper and more convenient than the clip joints being called exchanges out there.
I wonder why... Are you saying that paying a 5% fee will ensure security?
|
|
|
|
DigitalHermit
Full Member
Offline
Activity: 150
Merit: 100
Thank you! Thank you! ...
|
|
September 04, 2012, 07:03:22 PM |
|
Bitfloor is a helluva lot cheaper and more convenient than the clip joints being called exchanges out there.
I wonder why... Are you saying that paying a 5% fee will ensure security? ... as in pay 5% now or 100% later?
|
|
|
|
vampire
|
|
September 04, 2012, 07:04:53 PM |
|
How about this:
You repay any USD-deposits, since they are all in tact.
You then re-pay what you can of the remaining BTC deposits.
You will then re-do your security, and publicly post how it will be done right from now on.
You will then re-pay the users who have deposited BTC which you can no longer repay with the incoming transaction fees, untill you have repaid everyone.
Then you will (after a year or two) start making money again. Running the operation untill then will have to be based on your hard work, and possibly investors investing into the company.
Disclosure: I am not invested in any way with any parties to this.
25k BTC is a lot of money. With the current valuation it will take 10 years to repay. And certainly this incident won't increase volume for bitfloor. Sad.
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
September 04, 2012, 07:05:33 PM |
|
You repay any USD-deposits, since they are all in tact.
You then re-pay what you can of the remaining BTC deposits.
Customer assets are customer assets. It doesn't matter if they are dollars, bitcoins or bananas. If BitFloor does not have reserves (and that was reported in OP) or any other way to make customers whole, then this is a bankruptcy case. This exchange is operating in the U.S., there are very specific laws as to how to proceed. Disbursing funds to some customers and not others would be a criminal act under those. I believe a court order (injunction) should be filed to help ensure the exchange operator proceeds as prescribed by law. [Edited, s/funds/assets/. and added.]
|
|
|
|
greyhawk
|
|
September 04, 2012, 07:07:59 PM |
|
Bitfloor is a helluva lot cheaper and more convenient than the clip joints being called exchanges out there.
I wonder why... Are you saying that paying a 5% fee will ensure security? You can't "ensure" security. You can strive to maximize security however. Like taking that 5% fee and paying someone who knows something about security to have a look at your stuff and point out obvious weaknesses like "unencrypted copy of the wallet keys" lying around on "supposedly non-public-facing" servers with open connections to public facing servers.
|
|
|
|
Tuxavant
|
|
September 04, 2012, 07:11:55 PM |
|
Disbursing funds to some customers and not others would be a criminal act under those.
I believe a court order (injunction) should be filed to help ensure the exchange operator proceeds as prescribed by law.
Bitcoins were stolen, not cash. That cash is not Bitfloors to distribute to other customers. It's mine.
|
|
|
|
Severian
|
|
September 04, 2012, 07:13:27 PM |
|
Like taking that 5% fee and paying someone who knows something about security to have a look at your stuff and point out obvious weaknesses like "unencrypted copy of the wallet keys" lying around on "supposedly non-public-facing" servers with open connections to public facing servers.
Or maybe one should be responsible for one's own money and btc and not leave them sitting on other peoples' servers for extended periods? Would you leave your wallet and house keys next to someone on the subway to watch for you? You gave him five bucks. He said he'll do his best.
|
|
|
|
greyhawk
|
|
September 04, 2012, 07:15:32 PM |
|
Like taking that 5% fee and paying someone who knows something about security to have a look at your stuff and point out obvious weaknesses like "unencrypted copy of the wallet keys" lying around on "supposedly non-public-facing" servers with open connections to public facing servers.
Or maybe one should be responsible for one's own money and btc and not leave them sitting on other peoples' servers for extended periods? Would you leave your wallet and house next to someone on the subway to watch for you? You gave him five bucks. He said he'll do his best. That too of course.
|
|
|
|
kangasbros
|
|
September 04, 2012, 07:16:02 PM |
|
Wow... just wow.
I thought you were better than that.
I never store keys on a webserver for a project involving customer funds. If all monies belong to the site operator that's their business, but if there are customer accounts I refuse to write code for someone who isn't willing to put the keys on a separate, heavily locked down server (preferably with no public ip).
Hmm, do you mean that the outgoing transfers should always be done from separate server manually? So no automated transfers?
|
|
|
|
JayCoin
|
|
September 04, 2012, 07:21:36 PM |
|
Few questions:
Where your servers VPS?
Who hosted your servers?
|
Hello There!
|
|
|
vampire
|
|
September 04, 2012, 07:22:22 PM |
|
Wow... just wow.
I thought you were better than that.
I never store keys on a webserver for a project involving customer funds. If all monies belong to the site operator that's their business, but if there are customer accounts I refuse to write code for someone who isn't willing to put the keys on a separate, heavily locked down server (preferably with no public ip).
Hmm, do you mean that the outgoing transfers should always be done from separate server manually? So no automated transfers? Not really. A hot wallet server can connect to the exchange, listen for transfers, validate transfers to any issues (like requests from wrong ips, large transactions, etc) and automatically process them. The server doesn't need to be accessible from outside.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
September 04, 2012, 07:22:51 PM |
|
Wow... just wow.
I thought you were better than that.
I never store keys on a webserver for a project involving customer funds. If all monies belong to the site operator that's their business, but if there are customer accounts I refuse to write code for someone who isn't willing to put the keys on a separate, heavily locked down server (preferably with no public ip).
Hmm, do you mean that the outgoing transfers should always be done from separate server manually? So no automated transfers? Well he didn't mean that but yes a cold wallet with batch processing is another option. I would point out that even if a hot wallet is needed, if the hot wallet wallet had say 10% of total funds then 90% of the BTC would still remain right now. The attacker would have stolen ~2,500 BTC not 25,000. If using a split wallet like that occassional the hot wallet can run out of funds and clients will experience a delay. There is no single solution which meets the needs of every single service provider. That being said having a hotwallet with 100% of the funds is simply inexcusable. More than anything else it is sad. Bitfloor was growing rapidly and was a great source of liquidity outside of MtGox (which is important IMHO). It is destroyed now and honestly shtylman is better than that.
|
|
|
|
vampire
|
|
September 04, 2012, 07:23:08 PM |
|
Few questions:
Where your servers VPS?
Who hosted your servers?
from whois Name Servers: ns1.linode.com ns2.linode.com ns3.linode.com ns4.linode.com
|
|
|
|
Severian
|
|
September 04, 2012, 07:25:54 PM |
|
That too of course. Isn't it odd that personal responsibility is always down further on the list? : )
|
|
|
|
greyhawk
|
|
September 04, 2012, 07:27:26 PM |
|
That too of course. Isn't it odd that personal responsibility is always down further on the list? : ) It's very human at least.
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
September 04, 2012, 07:27:56 PM |
|
Disbursing funds to some customers and not others would be a criminal act under those.
I believe a court order (injunction) should be filed to help ensure the exchange operator proceeds as prescribed by law.
Bitcoins were stolen, not cash. That cash is not Bitfloors to distribute to other customers. It's mine. Doesn't work that way in the U.S. A quick search and I couldn't find the exact description about how customer funds are pooled (giving a net balance), regardless if the account had a balance of securities or cash, then disbursed. Here's from Canada, which is pretty much the same in the U.S. The customer pool fund includes all securities owned by a bankrupt securities firm, and all securities and cash held by or for the account of both the securities firm and every customer of the securities firm, other than customer name securities. The customer pool fund is allocated first to cover the costs of administering the bankrupt estate and then to cover customer claims in proportion to each customers net equity position. -- http://www.cipf.ca/Public/FAQ/Coverage/PartXII.aspx
|
|
|
|
SgtSpike
Legendary
Offline
Activity: 1400
Merit: 1005
|
|
September 04, 2012, 07:29:49 PM |
|
shtylman, what does "currently evaluating" mean? Do you have the ability to pay for 24k BTC out of your own pocket, or are you looking for outside investments? I appreciate you being upfront about the attack, but do I have any hope of seeing any of my deposited BTC again?
Also, to those saying that USD should be paid out - no, it should not. If Bitfloor does indeed default on its obligations, then a court ruling would have it pay out equally to remaining creditors. Not 100% to USD creditors, and 2% to BTC creditors. Therefore, shtylman should hold on to any USD he has until he has decided what course of action to take, and use it to pay out on claims on a bankruptcy liquidation, should it come to that.
|
|
|
|
|