Bitcoin7 a new exchange

[jkminkov]

started today, see some new deposit/withdrawal options

https://www.bitcoin7.com/?ref=5936

[1715543566]

1715543566

[Jered Kenna (TradeHill)]

Honestly, if this isn't a scam I'll be surprised.

The funniest part is I wrote most the text.
It's a complete rip off from TradeHill.com
They didn't even change the part about being incorporated in Chile....

Maybe a scam, maybe a rip off. Either way ripping someones code and text isn't the way to gain respect in this market.

If you trade on their exchange I'm sorry.

[Littleshop]

Honestly, if this isn't a scam I'll be surprised.

The funniest part is I wrote most the text.
It's a complete rip off from TradeHill.com
They didn't even change the part about being incorporated in Chile....

Maybe a scam, maybe a rip off. Either way ripping someones code and text isn't the way to gain respect in this market.

If you trade on their exchange I'm sorry.

I was noticing the copying of the text.  "navigating the international...."

A few things...  Where are the rates?  Do they really charge .25 % on Dwolla or 25 cents like most others?

I dove into tradehill right away due to the rep of the creator.  I am not so confident here but will wait and see before sending money. 

[davout]

No, we do not process any type of government backed fiat currency exchanges, nor do we provide money transmittal services. Bitcoin7 allows you to buy and sell digital commodities, and we use licensed and reputable currency exchangers and money transmittal services such as PayPal, Western Union, Moneygram, major banks and financial institutions, etc., to faciliate our transfers.

[jkminkov]

I was digging in Bulgarian registry agency, and saw that the owner of that LTD is a chief executive of a big software company with nearly 485K euro capital

probably you are right for the text, what I know* is that the site was coded in less than a week

* - sold them some coins

[davout]

I was digging in Bulgarian registry agency, and saw that the owner of that LTD is a chief executive of a big software company with nearly 485K euro capital

link ?

[jkminkov]

10 btc?

[Bitcoin7.com]

Hello,

I wanted to reply faster, we have just been whitelisted.

First of all thanks for posting about the site, it was a really hard first day. We are still working out the delays in withdraw/add funds, but everything is going
good and great and we think we will stabilize normal speed of operation within a day or two.

However, I have to admit that after reading Jered's post I am really ashamed. We contracted external copywriters for most of the texts on the side. Indeed there are 100% exact extracts from Tradehill (at least in English). It seems they have really misunderstood what "copywriter" means ... We certainly didn't want that to happen, originality and imagination is one of the most important thing when building up a web business.
After dealing with all the organizational problems we will work out all texts and compliment Jered.

We want to present another alternative and we are sure we will offer the best service to customers, you can even see that we allow transfers from MTGOX (if Tradehill agrees we can do that with them too). We see a great opportunity in Bitcoin7 and we really believe it is very important to diversify the markets on such early stage. For a decentralized currency we can't allow to have 90% of all transactions to go through 1 market...

We have the experience to do it. JKMinkov, your check is correct. The management of Bitcoin7 is the management of XS-Software.com, an international mio company in the gaming industry. We know virtual currency for quit a long time and we recognized the potential of Bitcoin. I hope we will be able to push Bitcoin7 to be a leading trading platform in the area of Bitcoins.

I hope even after the not so good start you will hear good words about us the following days.

Come and try us, some people made already AWESOME deals, taking advantage of the early start

[davout]

10 btc?

meh ?

[Sukrim]

Lowest Ask: 16.40, Highest Bid: 17.00

Also please write higher numbers in the instant buy/sell boxes (something like 999.99)!

Why does it cost 2-12 EUR to withdraw USD/EUR to an EU bank? I guess your books and accounts will be in EUR or BGN anyways?

By the way: "How it works?" sounds very Bulgarian! "How does it work?" might be better.

[foo]

What do you get for signing up with a referral code? I couldn't find any mention of that on the site.

[Sukrim]

A warm fuzzy feeling of helping someone else than the exchange operator as well when trading.

[jkminkov]

10 btc?

meh ?

don't you think that that kind of information is an insurance and those cost some $$ to acquire?

[ZEB-DEMON]

What do you get for signing up with a referral code? I couldn't find any mention of that on the site.

u just gift the referrer with double BTC u earn.. ponzi system

[davout]

10 btc?

meh ?

don't you think that that kind of information is an insurance and those cost some $$ to acquire?

ctrl+c, ctrl+v, that's not worth 10 btc, that's just stupid

[Bitcoin7.com]

1. Lowest Ask/Bid amounts are fixed. The translation strings were wrong. Please address such issues to info@bitcoin7.com, so we can respond immediately and fix the bug.

2. REFERRAL PROGRAM AT Bitcoin7: User A invites User B to register with his link
* User A:
  - will receive 20% of Bitcoin7's commission on each trade User B does. Lifetime

* User B:
  - registers regularly. There is currently no bonus. We are discussing options for adding bonus for the invited player as well.

3. Ponzi Scheme acquisation and explanation of the promo.
We suspected this might happen, that's why we created this page: https://bitcoin7.com/index.php?show=promo

The idea is that Bitcoin7 will not take commission in fiat currency (e.g. USD), but will give the commission (0.30%) to the person who buys the Bitcoins. This will be valid through 21. June as start promo. After that Bitcoin7's promo commission will be 0.30%

We do that as an incentive for the people who wish to invest in BTC. To get more buyers in the site.

At the moment we are working without profit, so the users can get the commission as bonus - for trusting us and starting to trade with us.

[jkminkov]

Why does it cost 2-12 EUR to withdraw USD/EUR to an EU bank? I guess your books and accounts will be in EUR or BGN anyways?

bulgarian bank taxes are ludicous, I think those taxes are somewhat wrong unless it is another bank they use for sending

it is 2 euro for under 500 transfer and 0,11% tax for larger transfer, minimum 12 euro/maximum 150 euro

[Sukrim]

What's worrying me FAR more than all these "scam" shouters:

Bitcoins in your account:
0.0022000000000002

ARE YOU USING FREAKIN' FLOATS TO STORE MY COINS?! 

Also only having 2 decimal places displayed is a little weird, considering that 1 BTC is still above 10 EUR currently. A Value of 19.9998 is displayed as "20.00" and I have no idea if this is now 20.00 or just 19.9998 rounded up to display only 2 digits after the decimal seperator.

[wizzard0]

What's worrying me FAR more than all these "scam" shouters:

Bitcoins in your account:
0.0022000000000002

ARE YOU USING FREAKIN' FLOATS TO STORE MY COINS?! 

Also only having 2 decimal places displayed is a little weird, considering that 1 BTC is still above 10 EUR currently. A Value of 19.9998 is displayed as "20.00" and I have no idea if this is now 20.00 or just 19.9998 rounded up to display only 2 digits after the decimal seperator.

Oh. That's rough.

I'd steer clear of any "currency processor" that is using floating point numbers, of whatever precision, and rounding. This is just laughable.

[Bitcoin7.com]

Sukrim,

We keep all data actually in different formats to ensure security + redundancy.

How data is kept and how it is displayed is a different thing. I agree with you that seeing such thing doesn't make any sense.
We will format the numbers better. For BTC we will use max 8 decimals to show and we will keep even more exact decimals on our records.

The 2 decimal places you talk about are probably in the tables with the current offers for Buy/Sell ? We think that 2 places for the fiat currency is more than enough. If we receive more feedback on that case changes are possible too.


@ EU bank transfer:
Bulgarian banks are indeed overcharging for SEPA transfers. We are now working out banking solutions in other EU countries to ensure the lowest fee for the end user.

[Bitcoin7.com]

Tolsi,

We are experiencing some problems with the LR integration at the moment.
Funds are not lost, but a bit delayed.
I am sure they should be in your account by the time you will be reading this.

We hope next LR transactions will occur much faster.

[Tolsi]

Tolsi,

We are experiencing some problems with the LR integration at the moment.
Funds are not lost, but a bit delayed.
I am sure they should be in your account by the time you will be reading this.

We hope next LR transactions will occur much faster.

The money came, sorry, a little scared Good luck in your business

[davout]

we will keep even more exact decimals on our records

You do not understand the difference between float and decimal do you ?

[Bitcoin7.com]

Davout, I think we understand it pretty good, but I will gladly hear what you mean over PM. Also if your feedback is valuable I can assure you it will
come live on the site within hours. I don't want to spam the topic about our new exchange with such information.

Just FYI, we keep the records according to the IEEE 754 decimal32 format - I am sure you are familiar with it if you are asking us about it

[wizzard0]

Davout, I think we understand it pretty good, but I will gladly hear what you mean over PM. Also if your feedback is valuable I can assure you it will
come live on the site within hours. I don't want to spam the topic about our new exchange with such information.

Just FYI, we keep the records according to the IEEE 754 decimal32 format - I am sure you are familiar with it if you are asking us about it

IEEE 754 decimal32 is a single-precision floating-point number occupying 32 bits. Tell me I am wrong. Because if I'm not - this is horrible.

Do you know that adding 0.00000001 BTC to 1 BTC will result in 1 BTC, and adding 0.00000021 will result in 1.00000024 BTC with this precision?

[davout]

Just FYI, we keep the records according to the IEEE 754 decimal32 format - I am sure you are familiar with it if you are asking us about it

So that's what I thought, you don't have the slightest clue about how to properly handle currency amounts in professionnal applications.
Go check the source-code of bitcoin-central.net, that's how the real pros do it baby

[Sukrim]

I would strongly advise you as #1 priority to take 2 developers to independently go through the whole backend code and remove ANY floating point number that occurs there. It's nice and fine if you want to have more than 8 decimal places, but for the love of god or whatever you believe in, don't ever use floats in financial software again!

Sorry to be so harsh, but this is something nearly every programmer should learn in their first semester.

[FooDSt4mP]

I would strongly advise you as #1 priority to take 2 developers to independently go through the whole backend code and remove ANY floating point number that occurs there. It's nice and fine if you want to have more than 8 decimal places, but for the love of god or whatever you believe in, don't ever use floats in financial software again!

Sorry to be so harsh, but this is something nearly every programmer should learn in their first semester.

+1

You will definitely not be seeing any of my funds until this is fixed.

[Bitcoin7.com]

Bitcoin7 keep the records with extreme accuracy, there is really nothing to be fixed.
We are now working on something we can show the forum, hoping to close this discussion and continue to further
improvements of the site or trade options.

[davout]

Bitcoin7 keep the records with extreme accuracy, there is really nothing to be fixed.

you are an amateur.

We are now working on something we can show the forum,

some professionalism maybe ?

[sturle]

Bitcoin7 keep the records with extreme accuracy, there is really nothing to be fixed.

Isn't it incredible how much a simple sentence can reveal?

It is impossible to represent integers accurately in floating point, no matter what precision one use.  Any mediocre programmer will know that.  And if one doesn't know that Bitcoins are integers, one should probably not operate an exchange in the first place.  This simple sentence tells us that the exchange is written by an incompetent programmer who hasn't got much clue about Bitcoin either.

Even if it looks like it works on first sight, it is probably insecure.  I wouldn't trust it with a bitcent, or 0.009999999776482582092285156250 BTC at Bitcoin7, probably rounded in the user interface.  Would I be able to withdraw the bitcent again, or would I have insufficient funds?  I'll let someone else find out, and have fun profiting from rounding errors.

[shakaru]

You cant even send bitcoins. This thing either is a giant theft opt or a money laundering ring out of Sophia. My money on the later

[Sukrim]

You cant even send bitcoins. This thing either is a giant theft opt or a money laundering ring out of Sophia. My money on the later

I haven't yet tried sending any (I just transferred some USD from MtGox to buy the cheap 18 USD Bitcoins, that were unfortunately gone until my USD got credited) - but generally you should just mouse over the bitcoin amount in the top right corner and click "Add Bitcoins"... does this not work?!

Edit:
"You have successfully withdrawn x.xxxxxxxx42 BTC to your Bitcoin wallet"
I wonder if the .42 Satoshis show up! 

So far every trade went fine though and once (if...) the floats are fixed, I might even use the exchange. Sofia is a nice city anyways and I won't have to go to a bank/exchange to get BGN this way.

[cuddlefish]

Bitcoin7.com...
you have a GIANT CSRF vulnerability on the Withdrawals page.

Fix it.

[Bitcoin7.com]

@ Cuddlefish, I PMed you for more details.

[davout]

@ Cuddlefish, I PMed you for more details.

That's ridiculous, the CSRF exploit is trivial, someone logged into your site, visiting a malicious site can have all his funds withdrawn at a whim.

something along the lines of this :

Code:

<form id="maliciousForm" method="post" action="theWithdrawPage">
  <input name="amount" value="42" />
  <!-- other fields in your form -->
</form>

<script type="text/javascript">
  $('maliciousForm').submit();
</script>

And that's only the first thing that has been spotted.

Advice : shut down your site, get some professionnals, open it back up when it's finished and secure.

[cuddlefish]

In the interests of getting to to SHUT DOWN EVERYTHING... you need to.

http://pastehtml.com/!!!!view/axb1k7j2w.html

remove the !!!! if you really want to attack yourself.
Ta-da. Your coins are now in instawallet.org/w/foo.

Security is no joke.

[Bitcoin7.com]

Security is no joke indeed, thanks for reporting.
The glitch has been fixed. We review any single transaction manually at the moment anyway.
Our commitment is to ensure maximum stability, even if we have to restore damage.

[cuddlefish]

http://pastehtml.com/!!!!view/axb1k7j2w.html

sells 1 coin at $0.5.

At this point, I'd have to say, kill your webserver until you can get a professional auditor in. This site shouldn't be handling money.

[davout]

Security is no joke indeed, thanks for reporting.
The glitch has been fixed. We review any single transaction manually at the moment anyway.
Our commitment is to ensure maximum stability, even if we have to restore damage.

Still easy to exploit.

Malicious page has an 1px * 1px iframe displaying the withdraw page, populates and posts form through javascript with the added bonus that it can parse the DOM to figure out your exact (well floating point exact XD) BTC balance before withdrawing it.

* davout heads to bitcoin-central.net to add a PIN code

[cuddlefish]

Security is no joke indeed, thanks for reporting.
The glitch has been fixed. We review any single transaction manually at the moment anyway.
Our commitment is to ensure maximum stability, even if we have to restore damage.

Still easy to exploit.

Malicious page has an 1px * 1px iframe displaying the withdraw page, populates and posts form through javascript with the added bonus that it can parse the DOM to figure out your exact (well floating point exact XD) BTC balance before withdrawing it.

* davout heads to bitcoin-central.net to add a PIN code

Yup. I'm adding a framebreaker to Ubitex.org (although since I don't handle money, not nearly as bad.)

[rb2k]

Ok, so:

• Text was copied
• Coins are stored as floats and apparently this won't change
• Site is exploitable

Yeah... thanks but no thanks

[cuddlefish]

Ok, so:

• Site is exploitable

Oh, not just exploitable. Exploitable as in Sony.

[jav]

Security is no joke indeed, thanks for reporting.
The glitch has been fixed. We review any single transaction manually at the moment anyway.
Our commitment is to ensure maximum stability, even if we have to restore damage.

Still easy to exploit.

Malicious page has an 1px * 1px iframe displaying the withdraw page, populates and posts form through javascript with the added bonus that it can parse the DOM to figure out your exact (well floating point exact XD) BTC balance before withdrawing it.

* davout heads to bitcoin-central.net to add a PIN code

This is not true - stuff like this is prevented by the same origin policy. (Think about it: if that was possible, you could also load Facebook.com in an iframe and then - provided the user is logged in - call all sorts of functions with javascript). You can only access the iframe from code, that comes from the same domain.

This might just get dangerous when combined with cross-site scripting: If you manage to feed the webserver some data that it will display back to you unescaped, you can then get your code to come from the same domain and can do these sort of things.

[davout]

This is not true - stuff like this is prevented by the same origin policy. (Think about it: if that was possible, you could also load Facebook.com in an iframe and then - provided the user is logged in - call all sorts of functions with javascript). You can only access the iframe from code, that comes from the same domain.

I stand corrected on this one

[jakemates]

From this topic:

we don't store in floats. We keep the accuracy up to floats, but store numbers in a more "integer" way. I can't share more on the technical side of this matter

You should, because "we store numbers in a more integer way" is hardly reassuring.

bittersweet, digging further on this will help neither the users nor Bitcoin7.

[darkwon]

Wow, you guys are hyper-critical. Why so much hate in your reaction? I mean some posters on this forum outright said that just because they're from Bulgaria it must mean they are scammers.

I don't think bitcoin7 did a perfect start either and there's still obviously a lot to be done on their site, but at least they are very proactive about it, fixing things within minutes of reports coming in, communicating a lot in emails and on forum, trying to be helpful, etc..

They have a total of 400 Bitcoins traded as of now, this exchange just opened, but you all expect perfection right from the start?!

Yes they made some mistakes, like copying that text from Tradehill and having security holes, but they're also very quick in acknowledging and fixing mistakes; which shows, at least to me, that they're honestly trying their best to provide a good service to us.

[davout]

they're also very quick in acknowledging and fixing mistakes

Well, actually no, they could have said something like "hey yeah that's right, we should store amounts in decimal, not in floats", but instead, the answer was pretty much just marketing talk. please read the whole thread

[darkwon]

You are right, the floating point issue is the only one where they didn't immediately respond with "it's being fixed right now", for reasons i could only speculate about. Still, that doesn't change the other points i made in my posting. Please don't single out one issue like this, it's a bad habit in debating.

[davout]

It's not that they didn't fix it that's disturbing, it's the fact they don't even acknowledge it is an issue that is.

Bitcoin7 keep the records with extreme accuracy, there is really nothing to be fixed.

[grondilu]

Registered today.  Transfered a few euros via SEPA.

I'll let you guys know if everything went smooth.

[lemonginger]

Wow, you guys are hyper-critical. Why so much hate in your reaction? I mean some posters on this forum outright said that just because they're from Bulgaria it must mean they are scammers.

YOU CAN'T RUN A LIVE MONEY EXCHANGE SITE WITH LARGE SECURITY HOLES.

Seriously, "fixing on the fly" is not an okay way to run a site that is moving money. It doesn't matter whether they are scammers or very well-meaning but incompetent programmers trying to cash in off the lack of exchanges currently out there.

If you are making mistakes at the most basic levels, it is likely that your site is going to be riddled with possible security holes. No one wants to hear "Oh, sorry, we are fixing it now" after their money goes flying out the window. Not to mention any exchange handling any large amounts of money is going to be a target for thieves, hackers, governments, DDOS attacks, etc etc etc. If you are going to paint a target on your back with other people's money, you best be in a position to handle it.

For all I know these folks are the nicest people on earth and I'd be happy to have a beer with them. That doesn't mean they should be programming a currency exchange.

[jkminkov]

if there're holes, EXPLOIT THE GODDAMN THING, JUST FOR THE LULZ!

[davout]

if there're holes, EXPLOIT THE GODDAMN THING, JUST FOR THE LULZ!

it's yours that i'm going to exploit for the lulz

[joan]

Wow, you guys are hyper-critical. Why so much hate in your reaction?

I agree the reaction has been harsh, but I think it's a good thing.
The influx of users have been overwhelming. Many people have seen quick dollars and business opportunities. We need to make sure these new businesses are sound and safe for the users.

If that means aggressively auditing every new project for security holes and taking a "scam until proven otherwise" stance, so be it. Better safe than sorry.
Every project handling people coins needs to have very high security standards. Lotteries need to be provably honest. Exchanges and escrows need to be transparent.
We need to raise the bar.

[gene]

Exchanges are crucial. If this exchange is shit (smells like it), it damages bitcoin.

So yes, it is time to get vicious.

[Bitcoin7.com]

Just to mention that we are monitoring the topic closely, without taking part of it as it seems whatever we write there will always be people like davout who will speculate and turn the exchange to be a fraud. Luckily there are more and more successful trades and people with positive reaction.
We had flaws, we still have, we were not ready for the start yesterday, but we are working 24/7 on all requests.

Again thanks for all who are trusting us and also starting to defend us -> it really helps and motivates us people!

[jakemates]

Just to mention that we are monitoring the topic closely, without taking part of it as it seems whatever we write there will always be people like davout who will speculate and turn the exchange to be a fraud. Luckily there are more and more successful trades and people with positive reaction.
We had flaws, we still have, we were not ready for the start yesterday, but we are working 24/7 on all requests.

Again thanks for all who are trusting us and also starting to defend us -> it really helps and motivates us people!

Do you still use floats to store values and are you still vulnerable to CSRF exploits?

[finnthecelt]

So for what it's worth.

I have successfully transferred BTC to B7.

I have sold some BTC.

I transferred it to my Dwolla account and it's showing up there....

[Bitcoin7.com]

We had a CSRF which could not be used at all anyway. Of course the spot was fixed in a minute after reporting.

Part of the data is still stored in floats, we are upgrading at the moment and we aim to release the new version live this night.

On both points I can say honestly that neither the found CSRF could have harmed a user, nor the floats (on the datatypes we still use them) could cause crucial loss of data.

[cuddlefish]

We had a CSRF which could not be used at all anyway. Of course the spot was fixed in a minute after reporting.

Part of the data is still stored in floats, we are upgrading at the moment and we aim to release the new version live this night.

On both points I can say honestly that neither the found CSRF could have harmed a user, nor the floats (on the datatypes we still use them) could cause crucial loss of data.

Soo. if it couldn't be used, what was there to FIX?

[ryepdx]

You're salting and hashing your user's passwords before storing them in your database, right?

[davout]

Just to mention that we are monitoring the topic closely, without taking part of it as it seems whatever we write there will always be people like davout who will speculate and turn the exchange to be a fraud. Luckily there are more and more successful trades and people with positive reaction.
We had flaws, we still have, we were not ready for the start yesterday, but we are working 24/7 on all requests.

Again thanks for all who are trusting us and also starting to defend us -> it really helps and motivates us people!

I don't speculate, I point at hard facts.
You were vulnerable to one identified CSRF exploit, you fixed it, good.

You still didn't make any statement regarding the amounts storage, the options are :
 - "We use floats because we don't have a clue about handling money in a database"
 - "We now use decimals instead of floats because we understand the exact implications"

"we store amounts very precisely", "we're monitoring the site closely", "trust us!", "we don't want to communicate about it", "davout is mean", "<insert random marketing talk here>" are not acceptable answers.

I'm not making any assumption regarding your honesty, I'm making statements about technical matters and I have no problem being corrected if I happen to be wrong (see previous posts).

Now I suggest you get your code straight and be open about it.

We had a CSRF which could not be used at all anyway. Of course the spot was fixed in a minute after reporting.

This is an outright lie. It was trivially exploitable.

On both points I can say honestly that neither the found CSRF could have harmed a user, nor the floats (on the datatypes we still use them) could cause crucial loss of data.

more marketing talk...

You're salting and hashing your user's passwords before storing them in your database, right?

Check his source, of, wait a minute, only bitcoin-central.net is open source and correctly stores passwords using bcrypt (yes, hashes and salts are good but bcrypt is much better )

[ryepdx]

Check his source, of, wait a minute, only bitcoin-central.net is open source and correctly stores passwords using bcrypt (yes, hashes and salts are good but bcrypt is much better )

Hrm. Bcrypt, eh?

<plug>Oh, and BitcoinPouch.com is also open-source. I just haven't been plugging it much because I want to make sure it's well-tested and hardened before I expose it to the general public.</plug> Open source is good for that very reason. Plus it's nice to be able to fix, with your own hands, any security holes you notice instead of having to wait on someone else to do it.

[Bitcoin7.com]

davout did you see a real result of the "exploit"? Yes or No?

[davout]

davout did you see a real result of the "exploit"? Yes or No?

No. I saw code that was trivially exploitable.

This code got fixed because some honest people pointed it out previously in this very thread. (Did you thank them at all ? )

[Sukrim]

I was just looking for a way to delete my account and couldn't find any obvious was to do so... could you please give me specifics? (I don't care about the 1 US-cent that's left, keep it as a tip)

Also something strange:
Added funds 1xx.xx USD 1.xx USD <-- the second number = commissions.
WTF?! Why did I get charged commissions for sending money on MtGox suddenly?

Commission % is displayed as 0% by the way... and was at 0% (now it's been changed to 1%!) back then.

[Littleshop]

davout did you see a real result of the "exploit"? Yes or No?

I will say that while this may revolt you.......

You should pay DAVOUT for the work he has done even though you did not contract with him.  You might want to hire him for FURTHER work checking out your site (if he is interested/willing to do so). 

I love the idea of an additional exchange, the more the better.  But we need them to be secure.  It is not just about the fees.

[cuddlefish]

davout did you see a real result of the "exploit"? Yes or No?

I will say that while this may revolt you.......

You should pay DAVOUT for the work he has done even though you did not contract with him.  You might want to hire him for FURTHER work checking out your site (if he is interested/willing to do so). 

I love the idea of an additional exchange, the more the better.  But we need them to be secure.  It is not just about the fees.

I reported the exploit and posted the POC.

No, I won't work for them. I don't need that on my rep. If they want to give me BTC, that'd be great.

[davout]

You should pay DAVOUT for the work he has done

I just posted code to exploit the vulnerability to show how simple it was.

[Bitcoin7.com]

How simple is what? The exploit should bring result, right? We tested it and there was no result. (we saw you tested it too, selling 1 BTC for 1$ -> if it was you, you made someone very happy )

Did you have any result? Yes or no?


P.S. We offered cuddlefish to test additionally for us, but he preferred to spam the forum with his first discovery. Pity this was more important to him.

[cuddlefish]

How simple is what? The exploit should bring result, right? We tested it and there was no result. (we saw you tested it too, selling 1 BTC for 1$ -> if it was you, you made someone very happy )

Did you have any result? Yes or no?


P.S. We offered cuddlefish to test additionally for us, but he preferred to spam the forum with his first discovery. Pity this was more important to him.

Okay, the next time I see an error that lets you steal all your Bitcoins, I won't tell you, wait a day, then tell #bitcoin-cabal and PM you, then wait a few hours and post it on the forums. I'll just let the black-hats handle /that/.

Security > Usability > Good graphics.

You're great at #2 and #3. #1.... not so much.

[jerfelix]

How simple is what? The exploit should bring result, right? We tested it and there was no result. (we saw you tested it too, selling 1 BTC for 1$ -> if it was you, you made someone very happy )

Did you have any result? Yes or no?


P.S. We offered cuddlefish to test additionally for us, but he preferred to spam the forum with his first discovery. Pity this was more important to him.

I appreciate that cuddlefish and davout point out publicly that there are issues.   Other users need to know that.  

I also think that their quick examples were pretty clear to experts, but can be confusing for novices.  So let me try to explain.  Maybe this will help you fix the issues.

Picture this scenario:  Someone logs into your site, and leaves it logged in, while they are, say um, reading bitcoin forums for example.  That doesn't seem too far fetched, does it?  And then they read a forum post that has an interesting link in it.  And they click on that link.  Maybe the post reads "Here's what you REALLY need to know about Bitcoin7's security" and then has a tiny url.  The user clicks on the link, and they are taken to a page on some remote server that POSTS to your site an instruction to sell bitcoins for a dollar.

Bam.  They have been exploited.  All because you have a vulnerability in your site.  
Or worse, it could post to a page that transfers Bitcoins to a particular Bitcoin Address.


See how serious that is?

Davout and cuddlefish, please correct me if I didn't describe that correctly.

Now, cuddlefish gave a WORKING demonstration, but he put "!!!" in the URL so that someone didn't click it by accident.  But if you were signed into your Bitcoin7 account in one tab, while you clicked on his link in another, you would have transmitted funds to instawallet.   Pretty scary.

Got it?
Don't minimize the advice that you are getting here.  This is a sharp group. They may not be explaining things at novice level, but do NOT assume you have nothing to learn from others!  Very risky!

[Nescio]

if there're holes, EXPLOIT THE GODDAMN THING, JUST FOR THE LULZ!

it's yours that i'm going to exploit for the lulz

That's a disturbing image

We had flaws, we still have, we were not ready for the start yesterday, but we are working 24/7 on all requests.

Let me reshuffle that sentence for you: "We had flaws, we were not ready for the start yesterday. We still have, we are still not ready for the start today."

(good thing about that: it's reusable)

[FooDSt4mP]

Your constantly dismissive attitude is not reasonable when there are serious concerns being raised.  Security is crucial when dealing with other people's money.  Especially when transactions are irreversible.  Instead of "it's not a problem", try "thanks for the report, I'll have my engineers look at it".  Davout, cuddlefish, and others are donating their time to help you get your issues straightened out.  Please be more respectful of their knowledge.  To me, dismissive hand waving is worse than no response.

[finnthecelt]

Your constantly dismissive attitude is not reasonable when there are serious concerns being raised.  Security is crucial when dealing with other people's money.  Especially when transactions are irreversible.  Instead of "it's not a problem", try "thanks for the report, I'll have my engineers look at it".  Davout, cuddlefish, and others are donating their time to help you get your issues straightened out.  Please be more respectful of their knowledge.  To me, dismissive hand waving is worse than no response.

I'm quite certain they respect the security issues being brought about but try and be understanding. B7 is getting attacked on all fronts and trying to cooperate when dealing with many personality types from different cultures.

They are being accused of many things and being called names so of course there will be some defensiveness.

Professionalism is also in the delivery of a message not in the receipt solely. Let's tone down the rhetoric, offer advice and hold them accountable. More progress will be made and we will have another respectable exchange.

[jakemates]

Caught them using sockpuppets.

[cuddlefish]

Caught them using sockpuppets.

They also CSRF'd Witcoin. Bit ironic, really.

[Littleshop]

You should pay DAVOUT for the work he has done

I just posted code to exploit the vulnerability to show how simple it was.

ok 

[cronopio]

Check his source, of, wait a minute, only bitcoin-central.net is open source and correctly stores passwords using bcrypt (yes, hashes and salts are good but bcrypt is much better )

Yeah!. I love bitcoin-central.com its a really good RoR App.

[Bind]

Thanks for the information in this thread, especially cuddlefish and davout.

I was going to add this to my bokmarks of good exchanges.

Now I won't.


The guy obviously knows nothing about the technology his site is using, doesnt care to educate himself, minimises serious flaws, then attempts to belittle and alienate those trying to help him, bascially lying to everyone else that there were/are no problems.

Basically a BS artist PR guy grasping at straws trying to add some fake legitimacy.

I refuse to do business with people like that, let alone trust them with my money.

Avoid this exchange at all costs in my opinion.

PS - plus i seen where he tried to bribe a bitcoin developer to say that bitcoin7 was better than mtgox.

[sonba]

Funny story? Bitcoin 7 cancelled some of my trades. This exchange is supposed to be an instant trade market like MtGox or Britcoin. So, one advantage is that you cannot reverse a trade. But that's exactly what they did. Somebody bought from me well above market, trade got through and got revorded (you can still see it in Bitcoinchart history for instance) they credited me with the money and took my BTC. I lock in today again - I got my BTC back but the money got refunded. WTF?
I'm writing them a mail - but for the time being I can only say - stay away from Bitcoin7!

[jkminkov]

I saw some 1btc for 100 euro transactions yesterday, probably it was a testing of some kind...

[sonba]

yeah, that one wasn't mine. I sold at 17 EUR, which was still high but not completely unreasonable (kind of risk premium for not knowing the exchange).

[finnthecelt]

yeah, that one wasn't mine. I sold at 17 EUR, which was still high but not completely unreasonable (kind of risk premium for not knowing the exchange).

It's possible they posted it as Eur and it was actually USD. They didn't want to eat the difference so canceled the trade. One hell of an error but nonetheless. Let us know their response to you.

[sonba]

I got the money in EUR so it should have been right (at least from my side). It was not mixed with USD trades, they were at different prices. Hope I'm getting a reply tomorrow. Will post the answer here.

[Bitcoin7.com]

Hello,

Please accept this as an official reply from Bitcoin7.com

We admit we had to reverse 4 transactions on the Euro market. The cause of the problem was a bigger delayed transaction through the German payment method Micropayment.de. As we couldn't identify on time if the payment was correct or not we had to reverse these transactions in order to defend the seller of the BTC. All BTC have been returned to the sellers.

We don't expect such problem with the following method to occur again as we removed the methods from their base, which would allow delay or even reversal/chargeback.

Our goal is to defend both the buyers and sellers on the bitcoin7 platform. Reversing the BTC to the seller's wallet was the only 100% defensive method we could have done. Otherwise if the money transaction wouldn't prove to be correct and we haven't responded quickly, we would have needed to reimburse the sellers.

[finnthecelt]

Hello,

Please accept this as an official reply from Bitcoin7.com

We admit we had to reverse 4 transactions on the Euro market. The cause of the problem was a bigger delayed transaction through the German payment method Micropayment.de. As we couldn't identify on time if the payment was correct or not we had to reverse these transactions in order to defend the seller of the BTC. All BTC have been returned to the sellers.

We don't expect such problem with the following method to occur again as we removed the methods from their base, which would allow delay or even reversal/chargeback.

Our goal is to defend both the buyers and sellers on the bitcoin7 platform. Reversing the BTC to the seller's wallet was the only 100% defensive method we could have done. Otherwise if the money transaction wouldn't prove to be correct and we haven't responded quickly, we would have needed to reimburse the sellers.

Reasonable. Thx for the explanation.

[davout]

Hello,

[...]

Otherwise if the money transaction wouldn't prove to be correct and we haven't responded quickly, we would have needed to reimburse the sellers.

If I get you correctly, you credited a user account based on the micropayment.de information before it was fully confirmed ?
This credit was then used to buy coins before you decided to reverse the trades because the payment finally appeared as being fraudulent ?

Is this correct or am I missing something ?

[Bitcoin7.com]

The system is automatic and upon receiving on funds they appear in the recipient's account.

However, as I said, we missed a payment method which appeared as instant to our system, but was marked as pending in the payment provider's system. This also triggered the manual check and led to the taken actions.

[davout]

The system is automatic and upon receiving on funds they appear in the recipient's account.

However, as I said, we missed a payment method which appeared as instant to our system, but was marked as pending in the payment provider's system. This also triggered the manual check and led to the taken actions.

Maybe you should add payment methods progressively and take enough time to thoroughly test them instead of rolling trades back after the fact. Just saying.

I'll give you a little piece of advice, I don't mean to lecture to you or stuff but your official statement missed two things : "We apologize" and "it's fixed now". Here's how I would have communicated about that : "We made a little a mistake while implementing this payment gateway, we didn't properly check that the payment was final before crediting the user account. This is now fixed. We apologize to our users for the inconvenience and will do our best to not make the same mistake again. We didn't have a choice but to rollback the trades that came after this bug because <insert bad excuse here (because there really isn't any good excuse to rollback trades)>".

Your communication so far makes it look like you threw something together pretty fast in order to get your share of the bitcoin exchange market without taking enough time to thoroughly test the software. Being generally dismissive (towards users, and security flaws reporters) doesn't really help either.

My point basically boils down to : change the way you communicate and you will reap lots of benefits in term of positive user feedback and general perception.

[sonba]

Well, in defense for Bitcoin 7, in the original mail to me they did apologize:

First of all I would like to apologize to you for this inconvenience. The problem is, that the buyer of your BTCs did not add EUROS properly to his account, so he was not able to pay for your BTCs. That is why we reversed the deal.

I'm really sorry for the inconvenience that this may have cost you, but there are many people who try to hack the systems of the BTC-exchange website. The problem is that we can catch the illegal users as soon as they use the fake fund they added. Our Dev team is hard at work trying to fix this problem.

I hope that this occurrence  will not stop you from using our website and once again - we apologize!

However, I have to admit that "The problem is that we can catch the illegal users as soon as they use the fake fund they added" sounds a bit odd to me. I would expect the other way around. Cath them before they use the fake fund.
But I assume/hope that's what they wanted to say. I don't want to be they guy who finds all the hackers :-p

[davout]

Well, in defense for Bitcoin 7, in the original mail to me they did apologize:

First of all I would like to apologize to you for this inconvenience. The problem is, that the buyer of your BTCs did not add EUROS properly to his account, so he was not able to pay for your BTCs. That is why we reversed the deal.

I'm really sorry for the inconvenience that this may have cost you, but there are many people who try to hack the systems of the BTC-exchange website. The problem is that we can catch the illegal users as soon as they use the fake fund they added. Our Dev team is hard at work trying to fix this problem.

I hope that this occurrence  will not stop you from using our website and once again - we apologize!

However, I have to admit that "The problem is that we can catch the illegal users as soon as they use the fake fund they added" sounds a bit odd to me. I would expect the other way around. Cath them before they use the fake fund.
But I assume/hope that's what they wanted to say. I don't want to be they guy who finds all the hackers :-p

[VillageChump]

Bought a few coins - no problems. Instant Dwolla transfer too.

[grondilu]

successfully transfered a few euros via SEPA.   Bought a few coins.  The guys seem totally legit to me.

[Oldminer]

I also transferred money into the account, purchased some coins, and got the promotional bonus credited to my account. No issues here.

[cryptoanarchist]

At the moment, Bitcoin7 is really working for me. They're clearly the fastest of all the exchanges when it comes to transfers. If they have security loopholes, I haven't been affected by them.

[drapetomaniac]

Bitcoin7 has been perfect.
My first transaction was of 1.8btc to test.
The second was 6.7btc.  Both were sold at <$15 and <15 minutes.

Great stuff, I will be using this site again.

[digimag]

I don't even get a clue how much it will cost to get my money back:

EURO wire transfer: 12-22 EUR (!)

Not only it is an excessive amount, but giving only a range of price seems very odd to me.

I also dislike their incompetence in computer science (as if what happened to Mt Gox wasn't enough!).

Even if it's a major problem, their lack of expertise in computer science is not blamable. They can always hire a good IT team if they want to. But what I really hate here, is their way to communicate with people and to deal with different issues. An apparent lack of transparency and authenticity. Instead of recognizing their incompetence and get their shit together, they just pretend to be smarter than they actually are. I would never trust someone who behaves this way.

[Chucksta]

I don't even get a clue how much it will cost to get my money back:

EURO wire transfer: 12-22 EUR (!)

Not only it is an excessive amount, but giving only a range of price seems very odd to me.

I also dislike their incompetence in computer science (as if what happened to Mt Gox wasn't enough!).

Even if it's a major problem, their lack of expertise in computer science is not blamable. They can always hire a good IT team if they want to. But what I really hate here, is their way to communicate with people and to deal with different issues. An apparent lack of transparency and authenticity. Instead of recognizing their incompetence and get their shit together, they just pretend to be smarter than they actually are. I would never trust someone who behaves this way.

Pot calling the kettle black ?

What exactly are you classing as "computer science" ?

I see nothing that is true computer science. Information technology, yes, but not computer science.

[digimag]

Pot calling the kettle black ?

What exactly are you classing as "computer science" ?

I see nothing that is true computer science. Information technology, yes, but not computer science.

You sir are right, it is not computer science, just information technology.

I hope, sir, you've understood my message in spite of my inadequate vocabulary.

[Chucksta]

I've just signed up... nice interface, and sensible transaction prices <gives TradeHill the evil eye>

[Calavera]

As we couldn't identify on time if the payment was correct or not we had to reverse these transactions in order to defend the seller of the BTC.

Hang on, I'm not sure that I understand this correctly.  You credited an account with a certain amount of $ based on a report from one of your payment processors.  You then cleared the $ for a purchase order of BTC on your exchange, and this order was filled.  You then reversed this transaction because you realised that the payment processor hadn't actually cleared the funds.

My problem with this is that it's your responsibility to ensure that funds you allow onto the exchange are cleared, not the end user's.  If you let the funds on to the exchange then you're responsible for them.  You should not have reversed the transactions.  You should have covered the $ yourselves if the deposit turned out to be fraudulent.  I would see this responsibility as one of the core features of an exchange, otherwise it's just a glorified bulletin board. 

Am I wrong here?

[Chucksta]

As we couldn't identify on time if the payment was correct or not we had to reverse these transactions in order to defend the seller of the BTC.

Hang on, I'm not sure that I understand this correctly.  You credited an account with a certain amount of $ based on a report from one of your payment processors.  You then cleared the $ for a purchase order of BTC on your exchange, and this order was filled.  You then reversed this transaction because you realised that the payment processor hadn't actually cleared the funds.

My problem with this is that it's your responsibility to ensure that funds you allow onto the exchange are cleared, not the end user's.  If you let the funds on to the exchange then you're responsible for them.  You should not have reversed the transactions.  You should have covered the $ yourselves if the deposit turned out to be fraudulent.  I would see this responsibility as one of the core features of an exchange, otherwise it's just a glorified bulletin board. 

Am I wrong here?

+1

[sonba]

As we couldn't identify on time if the payment was correct or not we had to reverse these transactions in order to defend the seller of the BTC.

Hang on, I'm not sure that I understand this correctly.  You credited an account with a certain amount of $ based on a report from one of your payment processors.  You then cleared the $ for a purchase order of BTC on your exchange, and this order was filled.  You then reversed this transaction because you realised that the payment processor hadn't actually cleared the funds.

My problem with this is that it's your responsibility to ensure that funds you allow onto the exchange are cleared, not the end user's.  If you let the funds on to the exchange then you're responsible for them.  You should not have reversed the transactions.  You should have covered the $ yourselves if the deposit turned out to be fraudulent.  I would see this responsibility as one of the core features of an exchange, otherwise it's just a glorified bulletin board. 

Am I wrong here?

+1

+1

[Folax]

As far as I can tell, the EU cashouts are free of charge, and this makes B7 more interesting than the other exchanges, where a cashout to SEPA zone is insanely pricey.

[jdebunt]

made a transaction on this site yesterday, deposited 25 eur with direct bank transfer & it showed up instant, 3% fee is a bit high but acceptable.

Very pleased with this exchanger so far.

[sceptre]

As far as I can tell, the EU cashouts are free of charge, and this makes B7 more interesting than the other exchanges, where a cashout to SEPA zone is insanely pricey.

Where do you see that?
This page: https://bitcoin7.com/index.php?show=withdraw_funds
states: EU Bank Transfer   FIBank (EU)   EUR bank transfer to EU bank   12-22 EUR

Which is insane for an EU2EU transfer and means that I am not trading there.
Or did I miss something?

[iBug]

EU Bank Transfer   FIBank (EU)   EUR bank transfer to EU bank   12-22 EUR

Which is insane for an EU2EU transfer and means that I am not trading there.
Or did I miss something?

Indeed, that seems really overpriced.
And that's why I contacted them, together with some other question.
Here's their explanation to the high EU bank transfer fee:

"The fees are so big because there is a 10 EUR SWIFT tax. Other than that the taxes are - to 500 EUR - 2 EUR tax, from 500 up - 0.12% from the sum (minimum 12 EUR)"

Can anybody confirm that there's such a tax in Bulgaria ?

If it's the case, then it's not Bitcoin7's fault. Then they should consider cooperating with a different bank ... EU <-> EU bank transfers in € are mostly free (if the provided IBAN & BIC/SWIFT codes of the destination account are correct).

[Calavera]

http://news.guide-bulgaria.com/News.aspx?9269=10%_tax_on_all_bank_transactions_to_offshore_zones

Regardless of whether it's their "fault", from our perspective it's still a fee they charge that another exchange won't.

[sonba]

On a seperate note - every EU country/EU bank has to offer SEPA for the same price as transfers within the country. Hence, I kind of doubt that Bulgaria takes a tax on that? Might be the case, of course, but that this should not only be for SEPA but also for Bulgarian internal transfers.

[dr.bitcoin]

Bitcoin is nice, but Dwolla and Liberty Reserve withdrawals don't work ("delayed"  ) for a while now...

[ananas5]

I was about to buy some cheap coins from here so I transferred money from my LR account. Almost 3 hours later all the cheap coins are sold and I still can't see my funds. Great.  

...and as usual, no response from customer service even though I sent an email over an hour ago. How this reminds me of MtGox. Yeah, maybe I'm being unpatient but it still pisses me off that estimates are always incorrect in a negative way.

[jkminkov]

EU Bank Transfer   FIBank (EU)   EUR bank transfer to EU bank   12-22 EUR

Which is insane for an EU2EU transfer and means that I am not trading there.
Or did I miss something?

Indeed, that seems really overpriced.
And that's why I contacted them, together with some other question.
Here's their explanation to the high EU bank transfer fee:

"The fees are so big because there is a 10 EUR SWIFT tax. Other than that the taxes are - to 500 EUR - 2 EUR tax, from 500 up - 0.12% from the sum (minimum 12 EUR)"

Can anybody confirm that there's such a tax in Bulgaria ?

If it's the case, then it's not Bitcoin7's fault. Then they should consider cooperating with a different bank ... EU <-> EU bank transfers in € are mostly free (if the provided IBAN & BIC/SWIFT codes of the destination account are correct).

http://fibank.bg/uploads/Docs_download/Tariff.pdf

on page 60

[iBug]

http://fibank.bg/uploads/Docs_download/Tariff.pdf

on page 60

Ok, thanks.
But there's no way I can read this, and I don't want to copy the text over to translate it. So there actually is a 10 € SWIFT fee (+ additional fee depending on the amount) for bank transfers out of Bulgaria ?

A European Bitcoin exchange with a EU bank account is a great alternative to TradeHill and Mt. Gox for the European traders ... but that fee makes the smaller trades and withdraws really expensive 

[elements]

They simply need to open an account in one of the Euro participating countries.
For example in Greece - it's only about 300 km south of Sofia.
Then the problem should be solved. They really should know that (high fee) is a complete no-go within the EU!

[jkminkov]

They simply need to open an account in one of the Euro participating countries.
For example in Greece - it's only about 300 km south of Sofia.
Then the problem should be solved. They really should know that (high fee) is a complete no-go within the EU!

I don't think opening an account in a bankrupt country is a good idea in this very moment...

[PandaMiner]

I can't seem to find a place to input my btc address. I deposited money with Dwolla, I made a buy, now I wanna remove the BTC but I can't. There's no place for me to put my address.  (unless I'm blind to it)

How did you do it duffy?

[jkminkov]

https://bitcoin7.com/index.php?show=withdraw_bitcoins

[PandaMiner]

Thanks.

I'm a dummy.  Well, mostly a dummy. I blame firefox.

You see, the "label" for the receive address is called "address" and firefox pre-populates all fields labeled "address" with my email address associated with a domain root name.  Sigh.

I didn't think anything of it. It says Address. In my humble opinion, to avoid other dummies like me from getting confuzzled, the html should be changed to call it "Your Bitcoin Address" (like the software does), and the label too.

I see they don't have the for="" filled out. Tsk tsk.

Code:

<div class="row">
  <div class="text"><label for="">Address:</label></div>
  <div class="field"><input type="text" name="address" value="" size="25" /></div>
</div>

valid html should be the following....

Code:

<div class="row">
  <div class="text"><label for="btc_address">Your Bitcoin Address:</label></div>
  <div class="field"><input type="text" name="btc_address" value="" size="25" /></div>
</div>

[davout]

valid html should be the following....
<div class="row">
  <div class="text"><label for="btc_address">Your Bitcoin Address:</label></div>
  <div class="field"><input type="text" name="btc_address" id="btc_address" value="" size="25" /></div>
</div>

Fixed that for you

[robbie]

I am on the 7th pages ,bitcoin7.com .Already registered ,when for the feedback of other users.

[iBug]

I am on the 7th pages ,bitcoin7.com .Already registered ,when for the feedback of other users.

Sorry, but is this sentence encrypted ?

[Chucksta]

I am on the 7th pages ,bitcoin7.com .Already registered ,when for the feedback of other users.

Sorry, but is this sentence encrypted ?

Translation attempt...

I am on the 7th pages ,Bitcoin7 - This is the 7th page of this Bitcoin7.com thread

Already registered - people who have already registered

when for the feedback of other users - only interested in the feedback of other users

Hmm.... could it be... fekk off anyone who isn't actually using Bitcoin7 ??

Okay, I'll fekk off

[Jered Kenna (TradeHill)]

Honestly, if this isn't a scam I'll be surprised.

The funniest part is I wrote most the text.
It's a complete rip off from TradeHill.com
They didn't even change the part about being incorporated in Chile....

Maybe a scam, maybe a rip off. Either way ripping someones code and text isn't the way to gain respect in this market.

If you trade on their exchange I'm sorry.

Dear Bitcion7,

As many people have already noticed, your firm has admittedly plagiarized the text (and more) from Tradehill's website.

We pointed this out in the above posts and asked you to change the text several times. You have been apologetic and explanatory but have not remedied the situation. It has been two weeks since we've made multiple requests and less then 1% of the text has been changed. We understand it takes time to change a site but you have not taken any steps yet. Additionally, you've made plenty of time for marketing your company via lengthy forum posts and updates.   

It is also very coincidental that your site came on-line 4 days after ours, with the exact same text, same layout, same features (like instant buy/sell), offering referral codes.  We have spent time and resources on developing our own website and ideas – please respect our intellectual property and remove the text immediately.

The text on Tradehill's website under “Introduction”, “Add Funds”, “Withdraw Funds”, “Support”, “Deposit Funds” and more, has been directly plagiarized by Bitcoin7 under – coincidentally – the exact same titles of “Introduction”, “Add Funds”, “Withdraw Funds”, “Support”, “Deposit Funds”.

See below - just some - of the exact plagiarisms which currently remain (at least up until the dating of this post).



TRADEHILL:

Under “Legal” and “Terms of Use”

Proprietary Rights
All contents of the TradeHill website, including, but not limited to, text, names, data, logos, buttons, icons, code, methods, techniques, models, graphics and the underlying software (the “Components”), are proprietary of TradeHill and are protected by the patent, copyright, trademark and trade laws of Chile and/or other countries. Nothing contained in this website shall be used in any form unless expressly stated by TradeHill.

https://www.tradehill.com/Support/Legal

BITCOIN7:

Proprietary Rights
All contents of the Bitcoin7 website, including, but not limited to, text, names, data, logos, buttons, icons, code, methods, techniques, models, graphics and the underlying software (the "Components"), are proprietary of Bitcoin7 and are protected by the patent, copyright, trademark and trade laws of Bulgaria and/or other countries. Nothing contained in this website shall be used in any form unless expressly stated by Bitcoin7.




TRADEHILL:

Under “Legal” and “Terms of Use”

Changes to Website
TradeHill will always attempt to keep its users informed of any changes to the website. However, TradeHill may terminate, change, suspend or discontinue any aspect of this website, including the availability of features of the site, at any time. TradeHill may also impose limits on certain features and services or restrict your access to part or the entire website without prior notice or liability.

https://www.tradehill.com/Support/Legal

BITCOIN7:

Under “Legal” and “Terms of Use”


Changes to Website
Bitcoin7 will always attempt to keep its users informed of any changes to the website. However, Bitcoin7 may terminate, change, suspend or discontinue any aspect of this website, including the availability of features of the site, at any time. Bitcoin7 may also impose limits on certain features and services or restrict your access to part or the entire website without prior notice or liability.

[elements]

Dear Jared,

I completely understand that you're pissed that B7 has copied your texts!
I also understand that you want the situation remedied BUT you are complaining that B7 is using their time to promote themselves rather than to fix this problem AND you are doing the exact same thing at the same time:

Bruce is advocating your services for nearly two weeks know, 3 times a day on the Bitcoin show and how easy it is to get money in and out of Trade Hill and that you're offering you services for oh so many currencies when in fact you're only handling USD, CLP and PEN. Sorry, but weak! While this is not being fixed you guys had several interviews on the show for promotion.

Don't get me wrong I am not really satisfied with any of the exchanges because all have their weaknesses and cons but I find it a too bad that instead of exchanges battling each other in the forum they don't use their time and energy to improve their own sites so the market will shift to best competitor (or split regarding to the particular needs of groups of customers).

Just a thought...


PS: EUR-Transactions: To tell Europeans they should convert their funds into USD and then bank wire them to you means effectively that you DO NOT accept EUR! BTW this costs horrendous bank fees in the EU.

[jkminkov]

dear Jered Spammer, stop posting your crap numerous times in numerous threads

after that http://forum.bitcoin.org/index.php?topic=17829.msg229909#msg229909

all your copywrite claims look pathetic

[iBug]

Last week I transfered about $1,000 to Bitcoin7 account but was surprised that after 3-4 days, a smaller amount was added to my Bitcoin7 account. I contacted them a few times, and at the end they said that there was a fee of $11,00 that I had to pay, so that amount was deducted from the amount I transfered.
The Bitcoin7 website states that the transfer from "USD bank transfer to EU bank" and "EUR bank transfer to EU bank" is free.

I know that Bulgaria has a rather big SWIFT fee for transfers to outside of the country (when withdrawing money from Bitcoin7).

But since their website says that adding money (via bank transfer to their EU bank account) is free, I wasn't expecting a fee.
But in my case, they added a $11,00 fee. 

Has anybody else had this problem (or noticed this) before ?

[elements]

How did you transfer?

In Europe there a three methods of transfering money via bank wire:

- BEN (recipient pays all fees)
- OUR (sender pays all fees)
- SHARE (sender pays fees with his bank; recipient pays fees with his bank)

Maybe you should check on this.

AND B7 should make clear what type of bank wire you have to do (possibly an OUR wire) so that they don't apply fees AND post it on their site!

[iBug]

How did you transfer?

In Europe there a three methods of transferring money via bank wire:

I know, I just went with the default of the shared fees. I've made lots of payments from my Luxembourgish bank account to other accounts in Germany, France and Austria and I've never had to pay any fees.

I had to pay a currency transaction fee on my side (which is min. 7 € with my bank) and I made sure to enter all details correctly (as I would have to pay an additional fee for missing or wrong IBAN/BIC).

But since the Bitcoin7 website states that a "USD bank transfer to EU bank" is free, I was believing them.
Of course, if select the option of the OUR (all fees on my side), the beneficiary Bitcoin7 has no fees. But that option is an additional 20 € (minimum !) if I'm right.

In the mean time, Bitcoin7 did apologize for the extra fees, but it's still something I had to pay for ...