|
SyRenity
|
 |
February 19, 2014, 09:14:43 PM |
|
Those 35K coins, were the XCP deposits in Poloniex central account. The white hat hacker, withdrew these coins from the central address and deposited it back to Poloniex and sold then on the exchange for a low price.
The order depth in Poloniex was around 100 BTC. So, the hacker took these BTC, but left some of them in the exchange.
And what happens from here? The white hat will return both XCP and BTC back to Poloniex? |
|
|
|
|
|
|
|
"With e-currency based on cryptographic proof, without the need to
trust a third party middleman, money can be secure and transactions
effortless." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
kdrop22
|
|
February 19, 2014, 09:17:46 PM |
|
Those 35K coins, were the XCP deposits in Poloniex central account. The white hat hacker, withdrew these coins from the central address and deposited it back to Poloniex and sold then on the exchange for a low price.
The order depth in Poloniex was around 100 BTC. So, the hacker took these BTC, but left some of them in the exchange.
And what happens from here? The white hat will return both XCP and BTC back to Poloniex? The white hat return the XCP to Poloniex. The BTC is still under discussion. It depends on the benevolence of the hacker. Also, the protocol has been patched, re-indexing the database and resetting the XCP from the transactions. The same cannot be done for BTC. |
|
|
|
|
trilli0n
Newbie
 Offline
Activity: 48
Merit: 0
|
|
February 19, 2014, 09:22:34 PM |
|
The rules just changed, and troll orders shouldn't be a problem any more.
How? Is there a changelog? |
|
|
|
|
Spekulatius
Legendary
Offline
Activity: 1022
Merit: 1000
|
|
February 19, 2014, 09:31:19 PM |
|
Those 35K coins, were the XCP deposits in Poloniex central account. The white hat hacker, withdrew these coins from the central address and deposited it back to Poloniex and sold then on the exchange for a low price.
The order depth in Poloniex was around 100 BTC. So, the hacker took these BTC, but left some of them in the exchange.
And what happens from here? The white hat will return both XCP and BTC back to Poloniex? The white hat return the XCP to Poloniex. The BTC is still under discussion. It depends on the benevolence of the hacker. Also, the protocol has been patched, re-indexing the database and resetting the XCP from the transactions. The same cannot be done for BTC. In order for this to be successful the mayority of clients has to update the patch correct? |
|
|
|
|
PhantomPhreak (OP)
Sr. Member
Offline
Activity: 476
Merit: 300
Counterparty Chief Scientist and Co-Founder
|
|
February 19, 2014, 09:33:05 PM |
|
Just wanted to bump this post again for any newcomers. UPGRADE YOUR CLIENT BEFORE SENDING XCP ANYWHERE!It's worth repeating that counterpartyd, since v5.0, will force you to upgrade. (Of course this check can be disabled.) I just wanted to ask whether you HAVE to upgrade as this would be very concerning in case a malicious upgrade ever gets pushed. All upgrades are manual, if that's what you mean. I mean: Do I HAVE to upgrade in order to keep using the client? Lets just assume some malicious actor manages to push a fake update unto the clients, or you guys make a mistake that opens the latest version of the client up to some vulnerability, then every client would have to update to stay functional and thus put everybodies XCP in limbo. I hope thats not how this works. You don't always have to use the latest version, but there will be, from time to time, backwards-incompatible client and protocol changes, and all clients need to be notified of them upon release. That's how Bitcoind works, and that's how such software has to work. |
|
|
|
|
Patel
Legendary
Offline
Activity: 1321
Merit: 1007
|
|
February 19, 2014, 09:33:54 PM |
|
Any plans on implementing a faster way to rebuild the database?
|
|
|
|
|
PhantomPhreak (OP)
Sr. Member
Offline
Activity: 476
Merit: 300
Counterparty Chief Scientist and Co-Founder
|
|
February 19, 2014, 09:34:39 PM |
|
Those 35K coins, were the XCP deposits in Poloniex central account. The white hat hacker, withdrew these coins from the central address and deposited it back to Poloniex and sold then on the exchange for a low price.
The order depth in Poloniex was around 100 BTC. So, the hacker took these BTC, but left some of them in the exchange.
And what happens from here? The white hat will return both XCP and BTC back to Poloniex? The white hat return the XCP to Poloniex. The BTC is still under discussion. It depends on the benevolence of the hacker. Also, the protocol has been patched, re-indexing the database and resetting the XCP from the transactions. The same cannot be done for BTC. In order for this to be successful the mayority of clients has to update the patch correct? No. All clients have to update, and if one doesn't then it'll see a false transaction history. |
|
|
|
|
PhantomPhreak (OP)
Sr. Member
Offline
Activity: 476
Merit: 300
Counterparty Chief Scientist and Co-Founder
|
|
February 19, 2014, 09:37:20 PM |
|
The rules just changed, and troll orders shouldn't be a problem any more.
How? Is there a changelog? It's documented in this thread. See also the commit history. |
|
|
|
|
|
porqupine
|
|
February 19, 2014, 09:37:57 PM |
|
Integrating CounterpartyD with a wallet other than QT - is this possible? How hard would it be to code?
|
|
|
|
|
PhantomPhreak (OP)
Sr. Member
Offline
Activity: 476
Merit: 300
Counterparty Chief Scientist and Co-Founder
|
|
February 19, 2014, 09:38:45 PM |
|
Any plans on implementing a faster way to rebuild the database?
The bottleneck is Bitcoind, so there probably isn't much to be done until we move away from using that. |
|
|
|
|
|
|
|
jimhsu
|
|
February 19, 2014, 09:43:57 PM
Last edit: February 20, 2014, 12:08:35 AM by jimhsu |
|
Those 35K coins, were the XCP deposits in Poloniex central account. The white hat hacker, withdrew these coins from the central address and deposited it back to Poloniex and sold then on the exchange for a low price.
The order depth in Poloniex was around 100 BTC. So, the hacker took these BTC, but left some of them in the exchange.
And what happens from here? The white hat will return both XCP and BTC back to Poloniex? The white hat return the XCP to Poloniex. The BTC is still under discussion. It depends on the benevolence of the hacker. Also, the protocol has been patched, re-indexing the database and resetting the XCP from the transactions. The same cannot be done for BTC. Final word is still from busoni, but most likely what will happen is that all trades after the 35000 deposit will be cancelled and reversed. I'm guessing XCP/BTC withdrawals will be handled separately.Busoni: "The dump will stand". |
Dans les champs de l'observation le hasard ne favorise que les esprits préparé
|
|
|
|
kdrop22
|
|
February 19, 2014, 09:52:36 PM |
|
No, just go ahead and "Build and run from source". |
|
|
|
|
|
fudge
|
|
February 19, 2014, 09:55:33 PM |
|
@devs,
could you please update winx64 compiled binaries?
|
Haшa гpyшa нaйpoзкopчyмaкyвaтiшa!
|
|
|
|
led_lcd
|
|
February 19, 2014, 09:56:47 PM |
|
Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?
If they don't return that BTC, Poloniex would be out of pocket in a huge way.
I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.
|
|
|
|
|
PhantomPhreak (OP)
Sr. Member
Offline
Activity: 476
Merit: 300
Counterparty Chief Scientist and Co-Founder
|
|
February 19, 2014, 09:57:05 PM |
|
Attention: There's a typo in a recent commit to develop, so if you just pulled from that branch, pull again and get at least version 6.1. (It's not a protocol-level issue, so no reparsing or rebuilding is required.)
|
|
|
|
|
dhanumitra
Newbie
Offline
Activity: 30
Merit: 0
|
|
February 19, 2014, 10:08:07 PM |
|
|
|
|
|
|
trilli0n
Newbie
Offline
Activity: 48
Merit: 0
|
|
February 19, 2014, 10:08:21 PM |
|
Attention: There's a typo in a recent commit to develop, so if you just pulled from that branch, pull again and get at least version 6.1. (It's not a protocol-level issue, so no reparsing or rebuilding is required.)
Did a pull but don't see the update (-V reports v6.0). EDIT: removed comment on code (github is for that). |
|
|
|
|
busoni
Sr. Member
Offline
Activity: 364
Merit: 250
Owner of Poloniex
|
|
February 19, 2014, 10:11:38 PM |
|
Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?
If they don't return that BTC, Poloniex would be out of pocket in a huge way.
I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.
He said he would, but I haven't heard from him since he explained the vulnerability. My guess is he is waiting on the block chain rebuild to see where he stands with XCP. If all the XCP gets returned to the Poloniex account, then the dump will stand, and he can keep the BTC. If not... then let's hope he returns it, and I'm going to have to roll back some trades. |
Poloniex.com - Fast crypto exchange with margin trading, advanced charts, and stop-limit orders
|
|
|
ddink7
Legendary
Offline
Activity: 1120
Merit: 1000
|
|
February 19, 2014, 10:14:02 PM |
|
I imagine there will be a drop in price ones trades begin functioning again. In the long term, I don't see any problems. Devs are clear that this is alpha level code and problems may arise. Personally, I think we've seen that a) the devs had a fix within hours (very, very impressive), b) we have a good and responsive community, including Busoni and the white hat. So I think there is some positive takeaway here. |
|
|
|
|
