arepo
Sr. Member
 Offline
Activity: 448
Merit: 250
this statement is false
|
 |
April 08, 2014, 07:21:26 AM |
|
without going into too much detail, my account at Bitfinex was compromised just a few hours ago. my funds are safe due to quick response time on my part, but i am concerned. details of the attack suggest that my password was not known to the attacker, so i'm wondering how they managed to initiate a withdrawal. could this be related? |
this sentence has fifteen words, seventy-four letters, four commas, one hyphen, and a period.
18N9md2G1oA89kdBuiyJFrtJShuL5iDWDz
|
|
|
|
|
|
|
|
|
|
Even in the event that an attacker gains more than 50% of the network's
computational power, only transactions sent by the attacker could be
reversed or double-spent. The network would not be destroyed.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
ampere9765
|
|
April 08, 2014, 07:36:21 AM |
|
There was a report on tradingview about an hour ago about a BFX account compromised with 2FA. The user asserted that it may have to do with this exploit.
Please update us ASAP, Bitfinex. There is a lot of money on the line here.
Poloniex applied the fix 6 hours ago. It seems the Cloudflare-linked sites may be unaffected.
|
|
|
|
|
Sukrim
Legendary
Offline
Activity: 2618
Merit: 1006
|
|
April 08, 2014, 07:51:15 AM |
|
Hey everyone.. I'm new to bitcoin trading. I have a lot to learn before I actively start trading. So in the meantime, I wanted to use BitFinex to make some minimal gains via interest while I learn the ropes. I just spent the last few days getting my accoutn verified but still waiting on some money I deposited to clear.
Looks like the current return rates for swap lending is around 0.12-0.13%... I will test this out with about $100 to see what the whole deal is. But if it works out, I'm looking to deposit around $125,000
My question is, does all your money in your account get used up for lending immediately? Or does the system only use part of your money depending on the demand? Still trying to wrap my head around the whole process.
Thanks for any insight.
Cheers.
-senor
Lending aka. "providing USD swap contracts" is entirely market based - you put up offers for time, rate and amount and people who need money can then choose to take your offer or not (if it is too short or too expensive for them for example). As already said I'd recommend to look at the bfxdata chart site to see how high you can price your interest, if you have no idea at all and just want to lend out as fast and much as possible "flash return rate" is also an option, it is just the global average interest rate, so if interest rates go up, you'll profit too and if there is little demand and they go down, you'll automatically offer your money a bit cheaper as well. If you plan on setting rates yourself ask yourself if it might make more sense to wait a few hours and lend out money at 0.2% instead of always trying to be the cheapest offer in the market to get taken immediately. If you get similar rates as I do, you'd make ~175USD/day with 125k USD. If you lend out at 0.12% fixed, you'd get ~135 USD/day and lending rates have been below that. If more lenders enter with such crazy amounts (I hope you are prepared/able to loose all of it with little to no recourse, Bitfinex is not a bank!), it likely will go down. I personally make my own prices (and do quite well compared to FRR as a minimum base line) but it can get boring and is a bit luck based too. Please just don't set it to 0.1% for example and forget about it - it hurts the average, you are loosing ~50% of potential interest at current market conditions and it is still not guaranteed that this will always be the lowest price. TL;DR: Autorenew at FRR = fire and forget, if you want more than that, you need to manage manually (might be worth it). |
|
|
|
whatthesith
Copper Member
Member
Offline
Activity: 301
Merit: 10
simply getting the job done
|
|
April 08, 2014, 07:59:28 AM |
|
There was a report on tradingview about an hour ago about a BFX account compromised with 2FA. The user asserted that it may have to do with this exploit.
Please update us ASAP, Bitfinex. There is a lot of money on the line here.
Poloniex applied the fix 6 hours ago. It seems the Cloudflare-linked sites may be unaffected.
Cloudflare has its own WAF protection. https://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilitiesBitfinex should stop BTC/LTC withdrawal until this vulnerability is fixed. http://filippo.io/Heartbleed/#www.bitfinex.com |
|
|
|
Ente
Legendary
Offline
Activity: 2126
Merit: 1001
|
|
April 08, 2014, 08:42:55 AM |
|
My question is, does all your money in your account get used up for lending immediately? Or does the system only use part of your money depending on the demand? Still trying to wrap my head around the whole process.
Nope, no "auto-lending". You have three wallets in your account, one for one function. You can easily move funds between them. Only funds in the "deposit" wallet can be lent out. And only when you actively create an offer (and someone takes it), or you take an offer to lend out. You are doing absolutely right, learning the ins and outs with a smaller amount first. I recommend this to everyone, unless you really know what you are doing ;-) Ente |
|
|
|
|
|
Blue
|
|
April 08, 2014, 08:49:25 AM |
|
without going into too much detail, my account at Bitfinex was compromised just a few hours ago. my funds are safe due to quick response time on my part, but i am concerned. details of the attack suggest that my password was not known to the attacker, so i'm wondering how they managed to initiate a withdrawal. could this be related? my account was accessed (no 2FA then), my position was closed and hacker tried to run with the btc (3:40 UTC, today)!! Fortunately , the withdrawal verification hindered him from getting the btc out. Where can I solicit the btc wallet he tried to send my btc to ?? |
|
|
|
|
arepo
Sr. Member
Offline
Activity: 448
Merit: 250
this statement is false
|
|
April 08, 2014, 08:50:58 AM |
|
without going into too much detail, my account at Bitfinex was compromised just a few hours ago. my funds are safe due to quick response time on my part, but i am concerned. details of the attack suggest that my password was not known to the attacker, so i'm wondering how they managed to initiate a withdrawal. could this be related? still awaiting an official response from the bitfinex staff regarding this: http://filippo.io/Heartbleed/#bitfinex.comi also emailed support about the specific incident with my account. i'm missing out on profit (and took a loss!) because some hacker closed my position and tried to steal my funds  |
this sentence has fifteen words, seventy-four letters, four commas, one hyphen, and a period.
18N9md2G1oA89kdBuiyJFrtJShuL5iDWDz
|
|
|
Ente
Legendary
Offline
Activity: 2126
Merit: 1001
|
|
April 08, 2014, 08:55:02 AM |
|
without going into too much detail, my account at Bitfinex was compromised just a few hours ago. my funds are safe due to quick response time on my part, but i am concerned. details of the attack suggest that my password was not known to the attacker, so i'm wondering how they managed to initiate a withdrawal. could this be related? my account was accessed (no 2FA then), my position was closed and hacker tried to run with the btc (3:40 UTC, today)!! Fortunately , the withdrawal verification hindered him from getting the btc out. Where can I solicit the btc wallet he tried to send my btc to ?? Ouch! Thanks for posting this! You should see the destination address in "withdrawals - recently" Ente |
|
|
|
|
|
dreamspark
|
|
April 08, 2014, 09:17:17 AM |
|
still awaiting an official response from the bitfinex staff regarding this: http://filippo.io/Heartbleed/#bitfinex.comi also emailed support about the specific incident with my account. i'm missing out on profit (and took a loss!) because some hacker closed my position and tried to steal my funds According to that site Bitfinex is not affected.... |
|
|
|
|
|
|
Ente
Legendary
Offline
Activity: 2126
Merit: 1001
|
|
April 08, 2014, 09:24:54 AM |
|
Confirmed. Earlier today, http://filippo.io/Heartbleed/#bitfinex.com said "vulnerable", now says "fixed". I just got a reply from Raphael. They are finished with fixing their servers. For now, all withdrawals are on hold. They are regenerating the ssl keys at this very moment.Thank you, BitFinex team! Ente |
|
|
|
|
|
dreamspark
|
|
April 08, 2014, 09:31:44 AM |
|
Yes thanks Bitfinex team it seems from some of the replies here that they black hats jumped on this as soon as it was announced. 2FA and email withdrawals have probably saved a few peoples skin.
|
|
|
|
|
|
Bonez0r
|
|
April 08, 2014, 10:14:43 AM
Last edit: April 08, 2014, 11:19:46 AM by Bonez0r |
|
Hey everyone.. I'm new to bitcoin trading. I have a lot to learn before I actively start trading. So in the meantime, I wanted to use BitFinex to make some minimal gains via interest while I learn the ropes. I just spent the last few days getting my accoutn verified but still waiting on some money I deposited to clear.
Looks like the current return rates for swap lending is around 0.12-0.13%... I will test this out with about $100 to see what the whole deal is. But if it works out, I'm looking to deposit around $125,000
My question is, does all your money in your account get used up for lending immediately? Or does the system only use part of your money depending on the demand? Still trying to wrap my head around the whole process.
Thanks for any insight.
Cheers.
-senor
Welcome. You have complete control over how much you lend.. You can offer all you have, or nothing at all. If you want to lend, transfer the USD to your deposit wallet ("manage wallets" button), then go to the lending tab (called "total return swaps") and there you can enter your offers in USD, BTC or LTC (choose one of the currencies at the top and then click on the "offer swap" tab below. As was already mentioned http://charts-bfxdata.rhcloud.com/bitfinexLiquidityUSD.php is very useful. It helps to decide at which % to place your offer. For example, if the first chart shows a pattern like in right side of this screenshot, you could offer at 0.10% and be the lowest offer (and get taken quickly), but you'd shoot yourself in the foot. Instead it would be better to offer at 0.2%-0.22%. It may take an hour longer before your offer is taken, but your profit will be higher.  The third chart is also important for maximizing your profit. The example below is from today. There's a big offer "wall" at 0.14% here (that's all the lenders who choose the flash return rate). If a trader wants to borrow a large amount, say more than 300K, they'll have to pay at least 0.14%, so setting your offer at 0.12% here would not make much sense.  If you have time to monitor and adjust your offers regularly (once or twice a day), it would be nice if you didn't put it in flash return rate (the "set it and forget it" option for interest rate, the average of all active swaps)). The FRR unfortunately has the effect of dragging the interest rate down because there are always people who undercut it and if the amount in the FRR is huge (like today) there's no reason for traders to pay more than the FRR. So the more people use FRR, the lower the interest rates get. |
|
|
|
|
BitCoinNutJob
Legendary
Offline
Activity: 1316
Merit: 1000
|
|
April 08, 2014, 10:44:46 AM |
|
bitfinex tweeted change your credentials does this mean email & password?
should we change the 2fa to a fresh one?
|
|
|
|
|
whatthesith
Copper Member
Member
Offline
Activity: 301
Merit: 10
simply getting the job done
|
|
April 08, 2014, 10:52:06 AM |
|
Thanks for the update and quick response to the vulnerabilities.
|
|
|
|
|
Bonez0r
|
|
April 08, 2014, 11:32:31 AM |
|
I hope it's just bad timing on Bitfinex's part, but i read about an openssl vulnerability, then i'm suddenly logged out of the bfx site (this normally never happens) and the front page looks different. The combination of those things makes me a bit nervous and i hesitate to log back in. Also on the front page i don't see a link to the announcements anymore, unless i missed it. |
|
|
|
|
trilogy456
Member
Offline
Activity: 69
Merit: 10
ASICMINER shares: Havelockinvestments.com
|
|
April 08, 2014, 11:40:32 AM |
|
I hope it's just bad timing on Bitfinex's part, but i read about an ssl vulnerability, then i'm suddenly logged out of the bfx site (this normally never happens) and the front page looks different. The combination of those things makes me a bit nervous and i hesitate to log back in. Also on the front page i don't see a link to the announcements anymore, unless i missed it. Check again. https://www.bitfinex.com/pages/announcements; the link is on the bottom of the page. You were logged out so you could create a new secure session. Bitfinex sent out an email about the fix, and also suggests you change your password (which is a good practice to do regularly anyway.) Everything is normal on the site. |
|
|
|
whatthesith
Copper Member
Member
Offline
Activity: 301
Merit: 10
simply getting the job done
|
|
April 08, 2014, 11:47:36 AM |
|
I hope it's just bad timing on Bitfinex's part, but i read about an openssl vulnerability, then i'm suddenly logged out of the bfx site (this normally never happens) and the front page looks different. The combination of those things makes me a bit nervous and i hesitate to log back in. Also on the front page i don't see a link to the announcements anymore, unless i missed it. It should be normal for suddenly logged out of bfx site. Since they must restart the web server in order to use the updated version of openssl library. And all the web session should have gone after they restarted the web server. |
|
|
|
|
medicine
|
|
April 08, 2014, 01:07:32 PM |
|
Searching the site everywhere, but can't find the option to change my password. How the hell do I do this?
Thanks in advance.
Update: found the option by process of elimination. It's not intuitive or marked what so ever, and I would suggest adding a change your password heading.
Under "account settings" under "To change username or email, please contact us at ...."
there are two empty fields that you can type in a new password, then click update at the bottom and it's done.
Peace
|
|
|
|
|
CambioBTC
Member
Offline
Activity: 112
Merit: 10
|
|
April 08, 2014, 01:29:08 PM |
|
Searching the site everywhere, but can't find the option to change my password. How the hell do I do this?
Thanks in advance.
Update: found the option by process of elimination. It's not intuitive or marked what so ever, and I would suggest adding a change your password heading.
Under "account settings" under "To change username or email, please contact us at ...."
there are two empty fields that you can type in a new password, then click update at the bottom and it's done.
Peace
Maybe it's obscured like that on purpose to make it harder to find for intruders. Just Guessing. |
|
|
|
|
|
