bitwhizz
Legendary
 Offline
Activity: 910
Merit: 1000
|
 |
February 19, 2014, 06:08:45 PM |
|
Phantom Phreak , you the man Busoni, your cool too XCP Version 6.0 I like it |
|
|
|
|
|
|
|
|
|
|
|
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, but full nodes are more resource-heavy, and they must do a lengthy initial syncing process. As a result, lightweight clients with somewhat less security are commonly used.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
Tirapon
|
|
February 19, 2014, 06:10:16 PM |
|
Hey look, they fixed it. Well done devs  |
|
|
|
|
PhantomPhreak (OP)
Sr. Member
Offline
Activity: 476
Merit: 300
Counterparty Chief Scientist and Co-Founder
|
|
February 19, 2014, 06:11:30 PM |
|
As someone said before--do NOT buy XCP from anyone until this is fixed. Not on the DEX, not privately, not anywhere.
It sounds like the hacker is being cooperative, so probably a good guy and aligned with the success of the project and helping us to harden the code. To resolve the situation, maybe devs could offer to pay the hacker a 'security bounty' to reward him for isolating this vulnerability and because he's been cooperative / good guy, and also create a standing "security bounty" for anyone else in the wider community who finds exploits in the future. Yes. Setting up a formal bug bounty system is definitely on our 'to do' list. |
|
|
|
|
|
davidpbrown
|
|
February 19, 2014, 06:11:47 PM |
|
> rolled XCP balances back Is that unclear about when it's rolled back to or perhaps which block?.. Can we trust http://www.blockscan.com to confirm current balances?? |
฿://12vxXHdmurFP3tpPk7bt6YrM3XPiftA82s
|
|
|
|
flayway
|
|
February 19, 2014, 06:12:44 PM |
|
Nice work.
|
XCP: 19zzpgk3oakH2b7zd63mw3DadtNkvefVfo BTC: 1ASSkiRsqRUUp5Y8YQYnuc41fBbYR3iRD2
|
|
|
|
kdrop22
|
|
February 19, 2014, 06:13:55 PM |
|
> rolled XCP balances back Is that unclear about when it's rolled back to or perhaps which block?.. Can we trust http://www.blockscan.com to confirm current balances?? Blockscan is being reindexing the database as we speak. |
|
|
|
|
Patel
Legendary
Offline
Activity: 1321
Merit: 1007
|
|
February 19, 2014, 06:14:00 PM |
|
> rolled XCP balances back Is that unclear about when it's rolled back to or perhaps which block?.. Can we trust http://www.blockscan.com to confirm current balances?? I think after they update, get up to date on blocks, then do a purge, it will be accurate |
|
|
|
|
mtbitcoin
Legendary
Offline
Activity: 876
Merit: 1000
Etherscan.io
|
|
February 19, 2014, 06:14:08 PM |
|
> rolled XCP balances back Is that unclear about when it's rolled back to or perhaps which block?.. Can we trust http://www.blockscan.com to confirm current balances?? Looks like we are .7 counterparty DB .... this will take awhile to rebuild all the blocks. I will revert to the latest DB once the rebuild has been completed |
|
|
|
savithau68
Newbie
Offline
Activity: 28
Merit: 0
|
|
February 19, 2014, 06:17:38 PM |
|
Very much SORRY Busoni.
You did a great job. Thanks very much
|
|
|
|
|
|
kdrop22
|
|
February 19, 2014, 06:21:35 PM |
|
Everyone capable of reading the code, please assist the developers with code review and security review.
|
|
|
|
|
peled1986
Legendary
Offline
Activity: 882
Merit: 1002
|
|
February 19, 2014, 06:23:37 PM
Last edit: February 19, 2014, 06:40:36 PM by peled1986 |
|
It would be nice if the next person that discoveres a vulnerability reports it straight to the DEVs insteading of proving it by selling 35K xcp  |
|
|
|
|
|
Chang Hum
|
|
February 19, 2014, 06:25:00 PM |
|
I don't understand where the 35k XCP sold came from?
|
|
|
|
|
|
kdrop22
|
|
February 19, 2014, 06:32:05 PM |
|
Just a reminder to people, who haven't seen the previous posts. Please, upgrade. |
|
|
|
|
supervine
Member
Offline
Activity: 93
Merit: 10
|
|
February 19, 2014, 06:32:27 PM |
|
busoni +1
PhantomPhreak +1
|
Best android app for crypto: Crypto Coins Manager
All coins, prices, tendencies, price change alerts, favorite coins, mining profitability &much more
|
|
|
Geenstijl
Legendary
Offline
Activity: 1232
Merit: 1000
|
|
February 19, 2014, 06:32:43 PM |
|
Absolutely fabulous. Will the massive sell-off be rolled back now?
|
|
|
|
|
ddink7
Legendary
Offline
Activity: 1120
Merit: 1000
|
|
February 19, 2014, 06:32:48 PM |
|
Great work devs and Busoni!
Any ETA when Poloniex will be back up?
|
|
|
|
|
riceberry
|
|
February 19, 2014, 06:34:14 PM |
|
Did the attacker actually own the initial 35000 ?
|
|
|
|
|
|
freedomfighter
|
|
February 19, 2014, 06:36:12 PM |
|
Busoni-- I didnt trade with your exchange yet but now you just demonstrated that you are trustworthy and dependable so it is all for the best. you made a good name for yourself- will not hesitate using your exchange in the future
|
|
|
|
|
ginko-B
Member
Offline
Activity: 82
Merit: 10
|
|
February 19, 2014, 06:39:32 PM |
|
As someone said before--do NOT buy XCP from anyone until this is fixed. Not on the DEX, not privately, not anywhere.
It sounds like the hacker is being cooperative, so probably a good guy and aligned with the success of the project and helping us to harden the code. To resolve the situation, maybe devs could offer to pay the hacker a 'security bounty' to reward him for isolating this vulnerability and because he's been cooperative / good guy, and also create a standing "security bounty" for anyone else in the wider community who finds exploits in the future. Yes. Setting up a formal bug bounty system is definitely on our 'to do' list. Cityglut, I know you have a lot on your plate, but when you have some time perhaps you can send out a wallet address for a security bounty fund? If it turns out the "roll back" is 100% retroactive (and I get all of my XCP back on Poloniex), I will happily contribute 100 XCP to the bounty fund to get it started. As a proposal for the community, perhaps we could send the first, say, [1000] XCP raised to the whitehat who exposed this exploit? Will anyone else make a pledge to contribute alongside me? |
|
|
|
|
peled1986
Legendary
Offline
Activity: 882
Merit: 1002
|
|
February 19, 2014, 06:42:32 PM |
|
Will anyone else make a pledge to contribute alongside me?
I will pledge -security is a top priority |
|
|
|
|
|
