|
leftover_potato (OP)
|
 |
May 27, 2018, 03:34:58 PM |
|
Hi guys, I'm currently running a very small crypto exchange platform for about 3 mths. So, what i want to ask is: There is an user who deposited 0.1 BTC. He deposited that 0.1 BTC into an address which is controlled by me. Let's say the address is 3bb2cSo that user did request a withdrawal and given me the address. Apparently, it's a withdrawal to of 0.1 BTC to the address 3bb2c, which is the same address that he deposited into the first place. Do you guys have any idea if this guy is just making a newbie mistake or is he trying something funny? hmmmmm Appreciate your opinions.  |
|
|
|
|
|
|
|
|
|
I HATE TABLES I HATE TABLES I HA(╯°□°)╯︵ ┻━┻ TABLES I HATE TABLES I HATE TABLES
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
OmegaStarScream
Staff
Legendary
 Offline
Activity: 3458
Merit: 6099
|
|
May 27, 2018, 06:49:48 PM |
|
I don't think I understand your question at all. He deposited 0.1 BTC to an address that you control in an exchange? how did he get it in the first place? If the address is yours in the exchange, him being able to withdraw it make no sense.
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
May 27, 2018, 06:58:53 PM |
|
I don't think I understand your question at all.
I think OP meaned the following: - User A deposits 0.1 BTC to Address X given from OP's exchange as deposit address to user A
- A then tries to withdraw these 0.1 BTC to the deposit address (address X)
@OP: I don't think this user tried to be 'funny'. He probably wanted to check how your system works and if you have implemented some bugs which might allow him to double deposit/withdraw. It is basically a form of finding/exploiting vulnerabilities in less-known crypto services. Chances are high an exchange without a proper security-/developer- team does have a few critical vulnerabilities which could be exploited. |
|
|
|
joebrook
Sr. Member
Offline
Activity: 644
Merit: 259
CryptoTalk.Org - Get Paid for every Post!
|
|
May 27, 2018, 08:02:58 PM |
|
I don't think I understand your question at all. He deposited 0.1 BTC to an address that you control in an exchange? how did he get it in the first place? If the address is yours in the exchange, him being able to withdraw it make no sense.
I don't thnk the user is making any mistakes here at all, he knows exactly what he is doing. There must be an ulterior motives at play here though. |
|
|
|
ralle14
Legendary
Offline
Activity: 3164
Merit: 1875
Metawin.com
|
|
May 27, 2018, 08:34:15 PM |
|
The user that tried to withdraw to the address might've tried copying his withdraw address but unfortunately it wasn't copied when highlighting the address then ended up pasting his deposit address that dude probably rushed the withdrawal request and didn't looked twice to check if it was the correct address or not. Long time ago I did the same mistake on a gambling site and only lost some miner fees.
|
|
|
|
aoluain
Legendary
Offline
Activity: 2240
Merit: 1255
|
|
May 27, 2018, 08:38:19 PM |
|
I also think it smells a bit fishy! but it could be a very basic copy/paste
mistake. Everyone knows if you want to withdraw funds from an address
you are not going to provide that same address.
Its either that of checking out your platform, Can you not ask him to provide another address?
|
|
|
|
|
|
| R |
▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀ | LLBIT | | | 4,000+ GAMES███████████████████
██████████▀▄▀▀▀████
████████▀▄▀██░░░███
██████▀▄███▄▀█▄▄▄██
███▀▀▀▀▀▀█▀▀▀▀▀▀███
██░░░░░░░░█░░░░░░██
██▄░░░░░░░█░░░░░▄██
███▄░░░░▄█▄▄▄▄▄████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | █████████
▀████████
░░▀██████
░░░░▀████
░░░░░░███
▄░░░░░███
▀█▄▄▄████
░░▀▀█████
▀▀▀▀▀▀▀▀▀ | █████████
░░░▀▀████
██▄▄▀░███
█░░█▄░░██
░████▀▀██
█░░█▀░░██
██▀▀▄░███
░░░▄▄████
▀▀▀▀▀▀▀▀▀ |
| | | ██░░░░░░░░░░░░░░░░░░░░░░██
▀█▄░▄▄░░░░░░░░░░░░▄▄░▄█▀
▄▄███░░░░░░░░░░░░░░███▄▄
▀░▀▄▀▄░░░░░▄▄░░░░░▄▀▄▀░▀
▄▄▄▄▄▀▀▄▄▀▀▄▄▄▄▄
█░▄▄▄██████▄▄▄░█
█░▀▀████████▀▀░█
█░█▀▄▄▄▄▄▄▄▄██░█
█░█▀████████░█
█░█░██████░█
▀▄▀▄███▀▄▀
▄▀▄▀▄▄▄▄▀▄▀▄
██▀░░░░░░░░▀██ | | | | | | | .
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀
███▀▄▀█████████████████▀▄▀
█████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀
███████▀▄▀██████░█▄▄▄▄▄▄▄▄
█████████▀▄▄░███▄▄▄▄▄▄░▄▀
████████████░███████▀▄▀
████████████░██▀▄▄▄▄▀
████████████░▀▄▀
████████████▄▀
███████████▀ | ▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
▄███▀▄▄███████▄▄▀███▄
▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄
▄██▀▄██████▀████░███▄▀██▄
███░█████████▀██░████░███
███░████░█▄████▀░████░███
███░████░███▄████████░███
▀██▄▀███░█████▄█████▀▄██▀
▀██▄▀█▄▄▄██████▄██▀▄██▀
▀███▄▀▀███████▀▀▄███▀
▀████▄▄▄▄▄▄▄████▀
▀▀███████▀▀ | | OFFICIAL PARTNERSHIP
FAZE CLAN
SSC NAPOLI | | |
|
|
|
eduvacation.net
Jr. Member
Offline
Activity: 96
Merit: 1
Nice Trip With Us
|
|
May 27, 2018, 08:40:40 PM |
|
Hi guys, I'm currently running a very small crypto exchange platform for about 3 mths. So, what i want to ask is: There is an user who deposited 0.1 BTC. He deposited that 0.1 BTC into an address which is controlled by me. Let's say the address is 3bb2cSo that user did request a withdrawal and given me the address. Apparently, it's a withdrawal to of 0.1 BTC to the address 3bb2c, which is the same address that he deposited into the first place. Do you guys have any idea if this guy is just making a newbie mistake or is he trying something funny? hmmmmm Appreciate your opinions. So it is with me who does not understand what all that means, but if you look closely maybe the person wants to get back the amount of BTC he sends to the address you manage so he asks you to send back the number of BTC. |
❍ Treon ❍
▐ Utilities payments made simple ▌
███ Telecom, Electricity, Gas and Water ████ |
|
|
|
Reid
|
|
May 27, 2018, 08:41:47 PM |
|
Its blurry with the sentences he make.
Try to enumerate it for further assisstance here.
It is kind of confusing when you read it at a whole sentence. Do numbers.
1.
2.
3.
4.
Something like that. Then we might be able to help.
You are running an exchange so I am thinking that sample is a deposit address of your exchange?
|
|
|
|
|
|
AlisaWhishie
|
|
May 27, 2018, 08:55:26 PM |
|
I don't think that he knows something that we don't, so it's probably just a mistake of him. You should have some mistake pop-up saying "you can't send funds to the address you're already using" or something like this that could be easy to understand. I wonder, what will happen if we do this on other exchanges, whether they have some warning or just take a transaction fee but don't transact anything actually.
|
|
|
|
franky1
Legendary
Offline
Activity: 4200
Merit: 4447
|
|
May 27, 2018, 09:12:29 PM |
|
as someone else said, it sounds like a user is testing your security.
things they can find out about your system such as
do funds cycle through certain cold wallets inbetween a deposit/withdrawal.
do you even have a cold wallet.
what other addresses are linked to you
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
rizkypurwati
Newbie
Offline
Activity: 78
Merit: 0
|
|
May 27, 2018, 09:17:59 PM |
|
I think he is trying to do some experimental transaction to convince himself that what he is doing is something safe for him, but there is no definite reference of the intent of the person doing the activity because he knows the reason he did it is he alone.
|
|
|
|
|
odolvlobo
Legendary
Offline
Activity: 4298
Merit: 3209
|
|
May 27, 2018, 09:19:40 PM |
|
The account could belong to a blockchain analysis company trying to determine which addresses you control.
Also, since you control both ends of the transaction, there is no need to make an on-chain transaction.
|
Join an anti-signature campaign: Click ignore on the members of signature campaigns.
PGP Fingerprint: 6B6BC26599EC24EF7E29A405EAF050539D0B2925 Signing address: 13GAVJo8YaAuenj6keiEykwxWUZ7jMoSLt
|
|
|
|
bamboylee
|
|
May 27, 2018, 09:32:34 PM |
|
There should be checks on your exchange so that it would not happen. Your users will be wasting withdrawal fees if they do that, right? But since you allowed it, he may now be convinced that it is sloppyly done and there might be more vulnerabilities he can exploit.
|
|
|
|
|
Chaelbrin
Newbie
Offline
Activity: 140
Merit: 0
|
|
May 27, 2018, 09:55:15 PM |
|
The client that endeavored to pull back to the address might've had a go at duplicating his pull back address yet lamentably it wasn't replicated when featuring the address at that point wound up sticking his store address that buddy most likely surged the withdrawal ask for and didn't took a second look to check on the off chance that it was the right address or not. Long time prior I did likewise botch on a betting site and just lost some mineworker charges.
|
|
|
|
|
|
leftover_potato (OP)
|
|
May 28, 2018, 02:32:03 AM |
|
I don't think I understand your question at all.
I think OP meaned the following: - User A deposits 0.1 BTC to Address X given from OP's exchange as deposit address to user A
- A then tries to withdraw these 0.1 BTC to the deposit address (address X)
@OP: I don't think this user tried to be 'funny'. He probably wanted to check how your system works and if you have implemented some bugs which might allow him to double deposit/withdraw. It is basically a form of finding/exploiting vulnerabilities in less-known crypto services. Chances are high an exchange without a proper security-/developer- team does have a few critical vulnerabilities which could be exploited. Hi everyone, I think this is the most accurate explanation of the scenario. Thanks for the clear up and sorry to everyone who had to read my sophisticated explanation. Okay so based on everyone's feedback, seems like more towards exploring/testing for vulnerability on site? Perhaps I will implement the address detection where my users would not be able to transfer to their own same address. I hope this solves the issue... My exchange is small. Don't wanna get into issues.  |
|
|
|
|
budismile
Jr. Member
Offline
Activity: 293
Merit: 1
|
|
May 28, 2018, 02:41:54 AM |
|
Hi guys, I'm currently running a very small crypto exchange platform for about 3 mths. So, what i want to ask is: There is an user who deposited 0.1 BTC. He deposited that 0.1 BTC into an address which is controlled by me. Let's say the address is 3bb2cSo that user did request a withdrawal and given me the address. Apparently, it's a withdrawal to of 0.1 BTC to the address 3bb2c, which is the same address that he deposited into the first place. Do you guys have any idea if this guy is just making a newbie mistake or is he trying something funny? hmmmmm Appreciate your opinions. This story makes fun for me, because I remember the first time I was going to attract bitcoin. which I do almost the same as the one above. chances are there are two, maybe he forgot and the second he might not know how to withdraw bitcoin. |
|
|
|
|
Christian_k
Newbie
Offline
Activity: 70
Merit: 0
|
|
May 28, 2018, 08:18:56 AM |
|
Your users will be wasting withdrawal fees if they do that, right? But since you allowed it, he may now be convinced that it is sloppyly done and there might be more vulnerabilities he can exploit.
|
|
|
|
|
|
AlisaWhishie
|
|
May 31, 2018, 07:10:36 PM |
|
Come on, guys, I don't think he's testing someone. I just remember my first time when I used BTC, and I also couldn't get what these long cominations of random letters and numbers are and where to insert each of them.
By the way, you probably have his email, so you may send him a mail asking whether he needs any help.
|
|
|
|
|
