Bitcoin Forum
December 13, 2024, 03:22:57 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 [75] 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 ... 144 »
  Print  
Author Topic: [ANN][BETA][EXCHANGE][REALTIME] CoinEX realtime exchange  (Read 283834 times)
ccx
Newbie
*
Offline Offline

Activity: 43
Merit: 0


View Profile
March 19, 2014, 03:30:00 AM
 #1481

withdrawed my last ltc 3 days ago,

had the same luck with freshmarket.co.in , withdrawed all my  coins before they got hacked,
ByronP
Hero Member
*****
Offline Offline

Activity: 599
Merit: 510



View Profile WWW
March 19, 2014, 03:30:37 AM
 #1482

TheSecObserver you make all very good points.

I agree no system is 100% hack proof! I think the point being made is that I have gone above and beyond everyone out there to ensure the system is secure including daily automated and manual testing provided by 3rd parties. Only access to the private internal network is through a multitude of protection layers and at most someone may be able to reach the frontend servers which will net them nothing other than being able to deface the site (which would be tough since there is a bunch of front end servers and you never know which one you are on or will be switched to). There is no administrative interface to hack, xss, sql inject, or other exploits.

A tiered system is nothing new however many of these exchanges that pop up seem to forget to take a security first standpoint where there tiers are accessible via the internet. In the AT (current version Mjolnir) system only the front end servers can and will respond to the internet and only to certain other protection devices including a system of traffic managers, reverse proxies, and Cloudflair servers. All of which will reject a connection if a threat is detected, ssl cert is wrong, the ip address is not white listed at the transport layer, etc.

And again hashing and salting secure information is nothing new yet a ton of places simply don't do it. What’s more is that in our system usernames are meaningless. They are for display purposes only and the internal network uses a totally different system to identify accounts. This is another security measure that ensures if the frontend servers somehow get hacked they do not have access to make any account changes since they are dummy machines that do not know the actual account id information required to do this nor is this information on any users browser (no I will not disclose the magic on how exactly that works sorry).

But what if someone hacks the frontends and then they can talk to the other machines... Nope the other tiers will not talk to other machines without a special security key pair being handed over with every request. In order for someone to get this key they would have to have a lot of time to decompile code and decrypt the keys which would probably take years which is useless since the keys are changed regularly.

Add to all that the fact that the system monitors itself for any unusual activity. This is why I call the system the overprotective mother since it shuts down withdrawals when it sees even the slightest anomaly. Thus protecting the system from many types of threats on its own.

Anyway this is getting long winded but i hope it gives you (and everyone) a better understanding of how thinking in a security first mindset is the key to creating not only a secure but reliable site.

PS. Not that is a matter of site security but one of user trust, it was pointed out to me today that Atomic Trade is the only site that has gone through the hassle of obtaining an ev business ssl cert. Which as you probably know requires us to establish trust by having our lawyers complete a verification of both myself and the business.

Any more questions please feel free to email me at info@atomic-trade.com

PPS. I am simply responding to answer questions asked and am in no way downplaying the seriousness of this thread. Many people have lost because of poor systems lately and I simply want people to know what to look for when trading. Be safe everyone and good luck.

ccx
Newbie
*
Offline Offline

Activity: 43
Merit: 0


View Profile
March 19, 2014, 03:37:31 AM
 #1483

TheSecObserver you make all very good points.

I agree no system is 100% hack proof! I think the point being made is that I have gone above and beyond everyone out there to ensure the system is secure including daily automated and manual testing provided by 3rd parties. Only access to the private internal network is through a multitude of protection layers and at most someone may be able to reach the frontend servers which will net them nothing other than being able to deface the site (which would be tough since there is a bunch of front end servers and you never know which one you are on or will be switched to). There is no administrative interface to hack, xss, sql inject, or other exploits.

A tiered system is nothing new however many of these exchanges that pop up seem to forget to take a security first standpoint where there tiers are accessible via the internet. In the AT (current version Mjolnir) system only the front end servers can and will respond to the internet and only to certain other protection devices including a system of traffic managers, reverse proxies, and Cloudflair servers. All of which will reject a connection if a threat is detected, ssl cert is wrong, the ip address is not white listed at the transport layer, etc.

And again hashing and salting secure information is nothing new yet a ton of places simply don't do it. What’s more is that in our system usernames are meaningless. They are for display purposes only and the internal network uses a totally different system to identify accounts. This is another security measure that ensures if the frontend servers somehow get hacked they do not have access to make any account changes since they are dummy machines that do not know the actual account id information required to do this nor is this information on any users browser (no I will not disclose the magic on how exactly that works sorry).

But what if someone hacks the frontends and then they can talk to the other machines... Nope the other tiers will not talk to other machines without a special security key pair being handed over with every request. In order for someone to get this key they would have to have a lot of time to decompile code and decrypt the keys which would probably take years which is useless since the keys are changed regularly.

Add to all that the fact that the system monitors itself for any unusual activity. This is why I call the system the overprotective mother since it shuts down withdrawals when it sees even the slightest anomaly. Thus protecting the system from many types of threats on its own.

Anyway this is getting long winded but i hope it gives you (and everyone) a better understanding of how thinking in a security first mindset is the key to creating not only a secure but reliable site.

PS. Not that is a matter of site security but one of user trust, it was pointed out to me today that Atomic Trade is the only site that has gone through the hassle of obtaining an ev business ssl cert. Which as you probably know requires us to establish trust by having our lawyers complete a verification of both myself and the business.

Any more questions please feel free to email me at info@atomic-trade.com

PPS. I am simply responding to answer questions asked and am in no way downplaying the seriousness of this thread. Many people have lost because of poor systems lately and I simply want people to know what to look for when trading. Be safe everyone and good luck.



if you add some coins i am willing to trade on your exchange cause i really dont like cryptorush, they are so unprofessional im wondering that they are still around, but thats only my personal opinion
nyktalgia
Sr. Member
****
Offline Offline

Activity: 294
Merit: 250


View Profile
March 19, 2014, 03:40:01 AM
 #1484

Sh*t..all my 30mil CTM gone?


LOL 30 mil CTM is chump change... you kids are funnie

r3wt
Hero Member
*****
Offline Offline

Activity: 686
Merit: 504


always the student, never the master.


View Profile
March 19, 2014, 03:44:34 AM
 #1485

And again hashing and salting secure information is nothing new yet a ton of places simply don't do it.

i was with you until you dropped this gem. where on earth are they not salting and hashing passwords. inquiring minds would like to know.

My negative trust rating is reflective of a personal vendetta by someone on default trust.
ByronP
Hero Member
*****
Offline Offline

Activity: 599
Merit: 510



View Profile WWW
March 19, 2014, 03:47:58 AM
 #1486

And again hashing and salting secure information is nothing new yet a ton of places simply don't do it.

i was with you until you dropped this gem. where on earth are they not salting and hashing passwords. inquiring minds would like to know.


U know I wont publicly disclose any security flaws in anyone's system, so knock it off :-)
r3wt
Hero Member
*****
Offline Offline

Activity: 686
Merit: 504


always the student, never the master.


View Profile
March 19, 2014, 03:49:47 AM
 #1487

And again hashing and salting secure information is nothing new yet a ton of places simply don't do it.

i was with you until you dropped this gem. where on earth are they not salting and hashing passwords. inquiring minds would like to know.


U know I wont publicly disclose any security flaws in anyone's system, so knock it off :-)

just admit you misspoke. people love honesty.

My negative trust rating is reflective of a personal vendetta by someone on default trust.
ByronP
Hero Member
*****
Offline Offline

Activity: 599
Merit: 510



View Profile WWW
March 19, 2014, 03:52:58 AM
 #1488

And again hashing and salting secure information is nothing new yet a ton of places simply don't do it.

i was with you until you dropped this gem. where on earth are they not salting and hashing passwords. inquiring minds would like to know.


U know I wont publicly disclose any security flaws in anyone's system, so knock it off :-)

just admit you misspoke. people love honesty.

If I had I would be more than happy to say so... Now please lets just help these people who have lost what may seem like nothing to us but may be the world to them!!!
r3wt
Hero Member
*****
Offline Offline

Activity: 686
Merit: 504


always the student, never the master.


View Profile
March 19, 2014, 03:54:15 AM
 #1489

And again hashing and salting secure information is nothing new yet a ton of places simply don't do it.

i was with you until you dropped this gem. where on earth are they not salting and hashing passwords. inquiring minds would like to know.


U know I wont publicly disclose any security flaws in anyone's system, so knock it off :-)

just admit you misspoke. people love honesty.

If i had I would be more than happy to say so... Now please lets just help these people who have lost what may seem like nothing to us but may be the world to them!!!

my exchange lost 34 btc. no one feels worse for captainfuture and erundook, and their customers than i do. its a shitty position to be in.

My negative trust rating is reflective of a personal vendetta by someone on default trust.
hozer
Sr. Member
****
Offline Offline

Activity: 271
Merit: 254


View Profile WWW
March 19, 2014, 04:13:26 AM
 #1490

Please can you stop advertising other exchanges here. This is not the place.

Coinex was very good until it has gone bad. It was better than craptsy.

 All these advertising looks like vultures that try to feed on our fear. But please go to other place, we are not stupid sheep and we would not use your atomic (or whatever super duper)  exchange.

I started using coinex because they actually showed up on catcoin-dev, and paid attention, and I appreciated that.

No code, exchange, or system is EVERY crack-proof. What matters is how we as a community respond.
The exchanges you see advertising like vultures are going to be the next ones on the organized-cracker hit list... If you try to profit from crack and theft of your peer exchanges, you'll die in bankruptcy alone.

But together, with some information sharing and support of each other, PARTICULARLY between exchanges, we can shine some light on the cracks in the system, and send the thieves scurrying back to fiat and Bitcoin.

There are many things we can do. We, as a community can blacklist coins, we can blacklist addresses, we can collect logfiles from many different servers, and then track it back to the thief. We can color stolen coins, and collectively agree to refuse to accept them. We could build in a 'coin kill switch' that if your wallet gets compromised/stolen/whatever, you can broadcast to the network so that the thieves cannot use those coins anymore. There are downsides and trade-offs to all of these things.

But WE HAVE the code, and WE have the power to decide to do a better job than any other medium of exchange has ever done. We just have to start working WITH each other, instead of the the BS artificial scarcity world that Fiat and Bitcoin would like to keep us all locked in.
Galane
Newbie
*
Offline Offline

Activity: 34
Merit: 0


View Profile
March 19, 2014, 04:38:26 AM
 #1491

I'm going to wait and see what happens. I had no money into coins, just mining time and cheap 6 cent KWh power. I'd built up about 0.006 BTC on Coinex, had traded every coin I had on there with 0.01 or more into LTC or BTC and left my mining running on the switch pools.

So right now I'm mining nothing.
lihao1989311
Member
**
Offline Offline

Activity: 79
Merit: 10


View Profile
March 19, 2014, 05:19:30 AM
 #1492

When will the coinex reopen? I had a lot of coins in it
PhattyBanks
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


View Profile
March 19, 2014, 06:28:44 AM
 #1493

so there was no cold storage at all?
CoinAmmo
Full Member
***
Offline Offline

Activity: 136
Merit: 100


View Profile
March 19, 2014, 06:32:48 AM
 #1494

an update would be useful like cmon are you seriously telling me there hasnt been any proof of this "hack" and no plans of giving even like 50% of the coins back??? Wow koodos to guys over at freshmarket.co.in for being HONEST AND RETURNING like 80% of lost coins balances unlike you dickwads who arent even keeping us updated! like I am upset much like anyone else but YOU ARE NOT HELPING WITH THE FUD by being SILENCE.

SILENCE = SKECHINESS AND SHADINESS = loss of credibility = karma will get you you watch.  

MintCoin - MNT - PoW/PoS Hybrid energy Saving! - GO MINT Coins!!!
MNT - MYugcMRrY7uySY9i3LX4kUz1aGJy7FwCuC
UltrA1
Full Member
***
Offline Offline

Activity: 171
Merit: 100

In Real World Use for Crypto We Trust!!


View Profile WWW
March 19, 2014, 06:41:43 AM
 #1495

just re hack the rx and get the coins back..
i have a few friends who can help ck where this amount of moons went.. MOON 8890.50963581 or LOT 101.00930175
DOGE 1.7910284 and UNO ill find his ass UNO 0.046969 give me his ip

For security, your account has been locked. Email acctcomp15@theymos.e4ward.com
cannachris
Sr. Member
****
Offline Offline

Activity: 406
Merit: 250

cats love crypto | 911 truth @checktheevidence.com


View Profile
March 19, 2014, 07:04:57 AM
 #1496

an update would be useful like cmon are you seriously telling me there hasnt been any proof of this "hack" and no plans of giving even like 50% of the coins back??? Wow koodos to guys over at freshmarket.co.in for being HONEST AND RETURNING like 80% of lost coins balances unlike you dickwads who arent even keeping us updated! like I am upset much like anyone else but YOU ARE NOT HELPING WITH THE FUD by being SILENCE.

SILENCE = SKECHINESS AND SHADINESS = loss of credibility = karma will get you you watch.  


looks like you have a lot of anger in there son. Look, I have 2.2BTC in there too but screaming at them only proves you are immature and impatient. This is not some fly-by-night operation...

Artlover
Full Member
***
Offline Offline

Activity: 149
Merit: 100


View Profile
March 19, 2014, 07:42:59 AM
 #1497

There are many things we can do. We, as a community can blacklist coins, we can blacklist addresses, we can collect logfiles from many different servers, and then track it back to the thief. We can color stolen coins, and collectively agree to refuse to accept them. We could build in a 'coin kill switch' that if your wallet gets compromised/stolen/whatever, you can broadcast to the network so that the thieves cannot use those coins anymore. There are downsides and trade-offs to all of these things.
Care to explain how any of those things are possible?

Blacklist and color coins? Coins don't have unique serial numbers. Someone steals coins, sends them to a wallet, and sends everything from that wallet to another wallet, maybe several times, maybe to 3rd party online wallets. Now go and try to pick out any specific stolen coins from their final destination. Can't. Or forgo washing between wallets, wallet to public exchange and immediately sold at whatever pending buy value offers. MAYBE, if the person who was being stolen from was online at the exact time it was happening and could hit some panic button to raise flags before those transactions completed. But that isn't going to happen most of the time. Most of the time, the coins will have already been washed/sold before the victims are even aware, and by that time, it's too late. Already buried under a pile of legitimate coins, or already in the hands of other innocent people unaware the coins they legitimately bought were sold by a hacker who stole some of them.

Black listing addresses? What good does that do? Anyone can run as many wallets and create as many different addresses as they want. Short of arbitrarily blacklisting every address any suspected address interacts with, except those other addresses won't necessarily be complicit with what was going on. Especially when you are talking about 3rd party on-line wallets.

Coin Kill switch? I'll be quite frank. That's an incredibly stupid idea that is just asking for trouble. Kill code is something that has plagued various hardware and software in the past and present, and has a tiny fundamental problem. It can and WILL activate unexpectedly for the wrong reasons. Always does. It's always Innocent people who are always negatively affected more by such tactics than guilty people such tactics are meant to stop. Look at piracy as an example. Anti piracy measures don't effect pirates at all, just the honest users.

The main failure of these ideas are that it would require a reworking of coins networking protocols, stripping away all the key features that make them desirable to begin with. IE: No central control authority, being anonymous, etc..   Once it's made that your account is going to be associated with any coin that passes through it forever for the sake of tracking, or that other people will have the power to make chunks of coins worthless on a whim of someone claiming there was a theft, no one is going to trust or want to use it.

Finally. Don't forget that not all so called theft victims are innocent. Some are scamers, lying in an attempt to get pools/exchanges to credit them for the "theft" when it was in fact they themselves who had simply logged in through a different ip or proxy, did a password reset to keep up appearances, and send their funds to their own 2nd or 3rd newly created wallet/address to wash/sell.

ATM's/Banks have cameras. POS requires signatures/id. Theft can be proven. Crypto has neither. When someone cries they were hacked and their coins stolen, you really only have their word, and that alone is not good enough to validate blacklisting/coloring/killing coins even if such functionality was available.
OkieDoke
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
March 19, 2014, 08:02:45 AM
 #1498

For those who want Erundook held accountable for various things like the loss of our coins - stop blaming other people for your own mistakes.

Erundook didn't put a gun to your head telling you to put your coins on his exchange. You did it because you wanted to turn coins in to more coins and the bottom line is that security holes can appear anywhere regardless of how much time and money is invested in it.

Look at the UK banks, in the last 2 or 3 years there have been at least 5 successful attempts and circumventing their security and they're just the ones the FSA have told us about because they affected customers directly.
We have no idea how many more of these 'hacks' have happened in the background.

Now fortunately, the FSA requires banks to reimburse customers who lose money because of something like this.

Don't expect this with Bitcoin and digital currencies.
BTC was designed to be anonymous with all transactions not required to be tied to any person.

If you're not comfortable with this and if you're not prepared to accept that all your coins are at risk at all times then digital currencies are not for you.
Artlover
Full Member
***
Offline Offline

Activity: 149
Merit: 100


View Profile
March 19, 2014, 08:04:39 AM
 #1499

This is not some fly-by-night operation...
Neither was MtGox, what's your point?

The point is valid. How erundook handled this situation was not professional. He gave his explanation, and I gave my reply. But will highlight some points.

Took 2 days before he bothered to tell anyone what happened, and promptly bitched about people spreading FUD. There would have been no FUD if it didn't take him 2 days before bothering to let everyone know what was happening.

He cries about being scared and that is why he was trying to erase his presence from the internet. Something he didn't do the last time they were hacked big time, so why this time? And why at all? What good does it do, besides make it look like you're trying to hide. And trying to hide doesn't exactly ring of "trying my best to fix everything and make things right, trust me!".

Yeah, I'm sure he was/is scared and worried. So were/are customers and stock holders. Some people are trying to diminish customers, but the fact is, they have their coins because customers had their coins there and using their service. It's not a game, you're responsible for other people's funds, and as such, "should" have some contingency plan for when things go wrong besides hide for 2 days.

That is not professional and doesn't instill trust in them.

I'm not worried about CoinEx's future or everyone's fund at this point in time, but that doesn't change the fact that they could have handled this situation a lot better and could have nipped all the FUD in the bud before it even started.
awais3344
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


View Profile
March 19, 2014, 08:09:18 AM
 #1500

so, i have lost all my zeit  Huh i only transferred in just 1 day before  Cry

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
NEOSCOIN
  +POD Developers +Active Community - V2 Coming Soon! Live In-App Trading, Live Pool Stats - IRC - Arbitrush Anonymous System soon!! NEOSCOIN
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
Pages: « 1 ... 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 [75] 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 ... 144 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!