trilli0n
Newbie
Offline
Activity: 48
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 19, 2014, 10:18:36 PM |
|
Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?
If they don't return that BTC, Poloniex would be out of pocket in a huge way.
I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.
He said he would, but I haven't heard from him since he explained the vulnerability. My guess is he is waiting on the block chain rebuild to see where he stands with XCP. If all the XCP gets returned to the Poloniex account, then the dump will stand, and he can keep the BTC. If not... then let's hope he returns it, and I'm going to have to roll back some trades. Isn't this the Poloniex balance? Balance as seen v6.0: c:\>counterpartyd balances 15vA2MJ4ESG3Rt1PVQ79D1LFMBBNtcSz1f
c:\>echo off Balances +-------+----------------+ | Asset | Amount | +-------+----------------+ | BTC | 0.0 | | XCP | 48154.78725249 | +-------+----------------+
|
|
|
|
ginko-B
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 82
Merit: 10
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 19, 2014, 10:21:12 PM |
|
Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?
If they don't return that BTC, Poloniex would be out of pocket in a huge way.
I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.
Does anyone know, what is market-rate for identifying a critical exploit these days? What are Google and some of the big tech companies paying, for example? Maybe if we can offer the white hat a fair market rate or a little bit higher, then he she will feel fairly compensated and ultimately quite satisfied with the outcome, and as a community we will have a specific amount to target for our community fundraiser.
|
|
|
|
trilli0n
Newbie
Offline
Activity: 48
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 19, 2014, 10:29:24 PM |
|
Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?
If they don't return that BTC, Poloniex would be out of pocket in a huge way.
I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.
Does anyone know, what is market-rate for identifying a critical exploit these days? What are Google and some of the big tech companies paying, for example? Maybe if we can offer the white hat a fair market rate or a little bit higher, then he she will feel fairly compensated and ultimately quite satisfied with the outcome, and as a community we will have a specific amount to target for our community fundraiser. And how to establish this fair market rate? Put it on the DEx?
|
|
|
|
venomouskid
Newbie
Offline
Activity: 19
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 19, 2014, 10:44:41 PM |
|
can some one please fill me in here, I deposited some btc on polonex after seeing that ridiculous dump earlier. I was too late to pick up any cheap xcp so set a buy order up and now my btc is no longer in my account, what the fuck has happened am I gunna get it back?
|
|
|
|
ginko-B
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 82
Merit: 10
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 19, 2014, 10:59:41 PM Last edit: February 20, 2014, 12:05:49 AM by ginko-B |
|
Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?
If they don't return that BTC, Poloniex would be out of pocket in a huge way.
I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.
He said he would, but I haven't heard from him since he explained the vulnerability. My guess is he is waiting on the block chain rebuild to see where he stands with XCP. If all the XCP gets returned to the Poloniex account, then the dump will stand, and he can keep the BTC. If not... then let's hope he returns it, and I'm going to have to roll back some trades. Hmmm...its still feeling like the fair and reasonable thing to do under the circumstances is to offer the hacker a fair-market rate bounty for identifying the exploit... Then the onus would be on the hacker to choose how s/he will be remembered in history. Either s/he chooses to become a whitehat, a hero. And can live with fame, personal pride, and good karma ... not to mention much respect, trust, and future opportunity from within this community! Or s/he chooses to be a blackhat, a thief. And inevitably experience some guilty conscience, maybe loss of sleep, bad karma in this life ... possibly the next life too =( Lets get this bounty sorted out, and then hopefully our hacker will make the right decision!
|
|
|
|
flayway
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 19, 2014, 11:11:05 PM |
|
Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?
If they don't return that BTC, Poloniex would be out of pocket in a huge way.
I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.
Does anyone know, what is market-rate for identifying a critical exploit these days? What are Google and some of the big tech companies paying, for example? If we make bigger critical exploit bounty than some big company pay, maybe we can get then some mainstream news about that also. But then all hackers coming try kill us coin same time. ![Cheesy](https://bitcointalk.org/Smileys/default/cheesy.gif)
|
XCP: 19zzpgk3oakH2b7zd63mw3DadtNkvefVfo BTC: 1ASSkiRsqRUUp5Y8YQYnuc41fBbYR3iRD2
|
|
|
ginko-B
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 82
Merit: 10
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 19, 2014, 11:12:22 PM Last edit: February 19, 2014, 11:41:23 PM by ginko-B |
|
Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?
If they don't return that BTC, Poloniex would be out of pocket in a huge way.
I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.
Does anyone know, what is market-rate for identifying a critical exploit these days? What are Google and some of the big tech companies paying, for example? Maybe if we make bigger critical exploit bounty than google pay we can get some mainstream news also about that, but then all hackers coming try kill us coin same time. ![Cheesy](https://bitcointalk.org/Smileys/default/cheesy.gif) Flayway, it is a most interesting observation that you make! You are right, it could be expensive if we attract a bunch of top hackers before we are out of the alpha phase and code is still rapidly changing. Nevertheless, offering some market-rate bounties may be the price we have to pay to ensure safety and security of our code base... would love to hear perspectives of the devs and other community members on this question...
|
|
|
|
DaFockBro
Newbie
Offline
Activity: 126
Merit: 0
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 19, 2014, 11:15:05 PM |
|
I approve this coin.
Chuck Norris approves, thank God. Everything is going to be alright.
|
|
|
|
xnova
Sr. Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif) ![*](https://bitcointalk.org/Themes/custom1/images/star.gif) ![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 390
Merit: 254
Counterparty Developer
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 19, 2014, 11:22:58 PM |
|
|
|
|
|
nakaone
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 19, 2014, 11:35:36 PM |
|
I imagine there will be a drop in price ones trades begin functioning again. In the long term, I don't see any problems. Devs are clear that this is alpha level code and problems may arise. Personally, I think we've seen that a) the devs had a fix within hours (very, very impressive), b) we have a good and responsive community, including Busoni and the white hat. So I think there is some positive takeaway here. nxt had a similar critical bug just a week ago, but without the pumping (also white hat), nothing happened to the development or even short term price
|
|
|
|
freedomfighter
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 19, 2014, 11:50:15 PM |
|
Hi Busoni- what'up with the site? cant get on it for the past 20 minutes also- just before it went dead - I made a withdrawal of 2BTC received an email confirmation request that also cant connect the the site- so obviously cant confirm Oops! Google Chrome could not find www.poloniex.comGoogle Search
|
|
|
|
ginko-B
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 82
Merit: 10
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 19, 2014, 11:51:44 PM |
|
Hi Busoni- what'up with the site? cant get on it for the past 20 minutes also- just before it went dead - I made a withdrawal of 2BTC received an email confirmation request that also cant connect the the site- so obviously cant confirm Oops! Google Chrome could not find www.poloniex.comGoogle Search weird... its working for me
|
|
|
|
Spekulatius
Legendary
Offline
Activity: 1022
Merit: 1000
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 19, 2014, 11:56:59 PM |
|
Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?
If they don't return that BTC, Poloniex would be out of pocket in a huge way.
I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.
He said he would, but I haven't heard from him since he explained the vulnerability. My guess is he is waiting on the block chain rebuild to see where he stands with XCP. If all the XCP gets returned to the Poloniex account, then the dump will stand, and he can keep the BTC. If not... then let's hope he returns it, and I'm going to have to roll back some trades. Hooray for that!
|
|
|
|
freedomfighter
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 19, 2014, 11:57:29 PM |
|
Hi Busoni- what'up with the site? cant get on it for the past 20 minutes also- just before it went dead - I made a withdrawal of 2BTC received an email confirmation request that also cant connect the the site- so obviously cant confirm Oops! Google Chrome could not find www.poloniex.comGoogle Search weird... its working for me here it is still dead.... maybe accessing different servers? all other sites work well at 100mgps
|
|
|
|
freedomfighter
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 19, 2014, 11:59:52 PM |
|
Hi Busoni- what'up with the site? cant get on it for the past 20 minutes also- just before it went dead - I made a withdrawal of 2BTC received an email confirmation request that also cant connect the the site- so obviously cant confirm Oops! Google Chrome could not find www.poloniex.comGoogle Search weird... its working for me here it is still dead.... maybe accessing different servers? all other sites work well at 100mgps Just came back after 30 minutes and confirmed withdrawal. I guess a server issue. back to normal !
|
|
|
|
Spekulatius
Legendary
Offline
Activity: 1022
Merit: 1000
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 20, 2014, 12:08:37 AM |
|
Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?
If they don't return that BTC, Poloniex would be out of pocket in a huge way.
I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.
He said he would, but I haven't heard from him since he explained the vulnerability. My guess is he is waiting on the block chain rebuild to see where he stands with XCP. If all the XCP gets returned to the Poloniex account, then the dump will stand, and he can keep the BTC. If not... then let's hope he returns it, and I'm going to have to roll back some trades. Hmmm...its still feeling like the fair and reasonable thing to do under the circumstances is to offer the hacker a provably fair-market rate bounty for identifying the exploit... Then the onus would be on the hacker to choose how s/he will be remembered in history. Either s/he chooses to become a whitehat, a hero. And can live with personal pride, satisfaction, and good karma ... not to mention much respect, trust, and future opportunity from within this community! Or s/he chooses to be a blackhat, a thief. And inevitably experience some guilty conscience, maybe loss of sleep, bad karma in this life ... possibly the next life too =( Hopefully this community can rally together to propose a fair-market rate bounty, and our hacker makes the right decision! As far as I understand it, all the XCP the white hat withdrew from Poloniex will be returned via the current Patch 0.61, only the BTC he withdrew remain in his honest (?) hands. Lets make that bounty worth his while. Also holding on to the XCP wouldnt make too much sense right now because the price will probably dive in the short-medium term.
|
|
|
|
halfcab123
Full Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif) ![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 224
Merit: 100
CabTrader v2 | crypto-folio.com
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 20, 2014, 12:20:40 AM |
|
That's the one thing thats kinda cool about not having mining pools to generate coins, is that when something like this happens, its actually possible for the developers to referee.. I am not quite sure that this is what Satoshi wanted. I believe he would have stood by the decision to let the negative consequences of the bug stand and allow the hacker to keep or give back at his discretion.
I would say Satoshi would be more interested in the negative consequences of a trustless system than the positive benefits of a trust-based system where we can simply decide to make roll backs on the block chain. I would assume just the possibility that human intervention is possible with such ease where so many balances are at stake would not be within the vision of a trustless protocol. That being said, many will disagree just based on the fact that they would not be able to see beyond their own balances as to what would be the correct implementation. And I understand that. As I would prefer a rollback personally had I lost a serious amount of XCP.
Keep in mind though something like this would be much harder to do with a mineable coin. So the real question is where do we go from here. Do we allow the possibility for a referee ? With Bitcoin of course this isn't possible unless you could somehow convince 51% or more to rollback (noob assumption, not sure)
Anyways, my 2 1/2 cents.
|
DayTrade with less exposure to risk, by setting buy and sell spreads with CabTrader v2, buy now @ crypto-folio.com
|
|
|
Spekulatius
Legendary
Offline
Activity: 1022
Merit: 1000
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 20, 2014, 12:33:57 AM |
|
That's the one thing thats kinda cool about not having mining pools to generate coins, is that when something like this happens, its actually possible for the developers to referee.. I am not quite sure that this is what Satoshi wanted. I believe he would have stood by the decision to let the negative consequences of the bug stand and allow the hacker to keep or give back at his discretion.
I would say Satoshi would be more interested in the negative consequences of a trustless system than the positive benefits of a trust-based system where we can simply decide to make roll backs on the block chain. I would assume just the possibility that human intervention is possible with such ease where so many balances are at stake would not be within the vision of a trustless protocol. That being said, many will disagree just based on the fact that they would not be able to see beyond their own balances as to what would be the correct implementation. And I understand that. As I would prefer a rollback personally had I lost a serious amount of XCP.
Keep in mind though something like this would be much harder to do with a mineable coin. So the real question is where do we go from here. Do we allow the possibility for a referee ? With Bitcoin of course this isn't possible unless you could somehow convince 51% or more to rollback (noob assumption, not sure)
Anyways, my 2 1/2 cents.
I hope this is some kind of edge case where still in Alpha no serious money has been spent and not much damage can be done by doing something like this. Also the attack is apparently a showcase of fraudulent abuse, so no one would contradict. But I would like the devs to make a statement like this as well. If we allow further "corrections" at will on the hands of a few in power how could we ever gain the trust of the common user?
|
|
|
|
ginko-B
Member
![*](https://bitcointalk.org/Themes/custom1/images/star.gif)
Offline
Activity: 82
Merit: 10
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 20, 2014, 12:39:44 AM |
|
That's the one thing thats kinda cool about not having mining pools to generate coins, is that when something like this happens, its actually possible for the developers to referee.. I am not quite sure that this is what Satoshi wanted. I believe he would have stood by the decision to let the negative consequences of the bug stand and allow the hacker to keep or give back at his discretion.
I would say Satoshi would be more interested in the negative consequences of a trustless system than the positive benefits of a trust-based system where we can simply decide to make roll backs on the block chain. I would assume just the possibility that human intervention is possible with such ease where so many balances are at stake would not be within the vision of a trustless protocol. That being said, many will disagree just based on the fact that they would not be able to see beyond their own balances as to what would be the correct implementation. And I understand that. As I would prefer a rollback personally had I lost a serious amount of XCP.
Keep in mind though something like this would be much harder to do with a mineable coin. So the real question is where do we go from here. Do we allow the possibility for a referee ? With Bitcoin of course this isn't possible unless you could somehow convince 51% or more to rollback (noob assumption, not sure)
Anyways, my 2 1/2 cents.
Hey halfcab123, really good observation about wanting to stay pure with a trustless system, but, the reason that the situation happened is because there was a technical glitch. If a technical glitch happened with a mined coin, I am absolutely confident that the mining community would be unanimous in its vote to fix the glitch and roll-back... yah? Or do you see it differently?
|
|
|
|
BitThink
Legendary
Offline
Activity: 882
Merit: 1000
|
![](https://bitcointalk.org/Themes/custom1/images/post/xx.gif) |
February 20, 2014, 12:40:15 AM |
|
1) trolls could attack XBTC/BTC like they did to XCP/BTC. 2) x BTC needs to be put in a public address for x XBTC to circulate in counterparty.
1) They wouldn't be able to attack XBTC because a) BTC cannot be held in escrow b) XBTC can be held in escrow This means that: i) Someone cannot make an order without adequate XBTC ii) Counterparty will hold in escrow XBTC so they cannot revoke their side of the order 2) As discussed XBTC would remain as an artificially constrained asset. This has the effect of tending to return back to market value. You could think of XBTC <--> BTC as a gateway service. In your reasoning of 1), replace XBTC with XCP, you will find it's the same. Buying XBTC needs BTCPay too and could be attacked by trolls in same way.
|
|
|
|
|