ginko-B
Member
Offline
Activity: 82
Merit: 10
|
|
February 22, 2014, 06:48:11 PM Last edit: February 22, 2014, 07:15:43 PM by ginko-B |
|
All Poloniex earnings from XCP trading should so go into the donation pot.
I wouldn’t encourage the exchange to open for XCP again for a few weeks to give the bug bounty time.
Also Poloniex should put some of this own funds to the donation pot, due to the lack security behind the withdrawal, that allowed all BTC to be removed.
+1 Jayso043 some very clever and practical ideas. Please keep posting! The idea of leaving the exchange offline until the Bug Bounty program starts to kick-in is an excellent one, so that Busoni doesn't end up bearing all of the costs. Busoni, would it make sense from your standpoint to openly publish a target of, say [2,500] XCP in the Bug Bounty account, before you bring the exchange back online? Devs does this make sense? Then, once the exchange does go back on, from a "good hygiene" perspective yes maybe cleanest, fairest, most transparent way for Busoni to aggregate the 2.5% trading fees is by sending these surpluses to the Bug Bounty address, say, each [week], so that as a community we can follow the progress. Also, while Busoni has endured enormous personal opportunity cost, I also agree that it would be a positive and meaningful display of his long-term commitment and good faith if he could donate a symbolic amount to the Bug Bounty address as soon as possible. Busoni, do you think that would be doable?
|
|
|
|
delulo
|
|
February 22, 2014, 06:58:49 PM |
|
...the quicker we can move on the less it leaves a neagtive impression... I would donate too. I could only donate xcp though. If that is possible as well. Can someone tell me what the easiest way is to be able to send xcp / install a wallet that has the bug fixed? And I asked this before: with the GUI client from JahBit... (the one from xnova just opens a terminal window and closes right after that) is the bug fix built in? I assume so... but just to make sure.
|
|
|
|
ginko-B
Member
Offline
Activity: 82
Merit: 10
|
|
February 22, 2014, 07:03:29 PM |
|
...the quicker we can move on the less it leaves a neagtive impression... I would donate too. I could only donate xcp though. If that is possible as well. Can someone tell me what the easiest way is to be able to send xcp / install a wallet that has the bug fixed? And I asked this before: with the GUI client from JahBit... (the one from xnova just opens a terminal window and closes right after that) is the bug fix built in? I assume so... but just to make sure.
Thanks for chipping in delulo! Way to go mate! Easiest way is to search this list for Jimhsu. You can send him your private keys and he will help you deposit XCP into the Bug Bounty Program, and he will send the balance back to a 2nd wallet for which you only give him the public keys. He will also post to this list verifying that you have completed the donation which is good for community spirit!
|
|
|
|
delulo
|
|
February 22, 2014, 07:11:22 PM |
|
thx for your reply. I would do that but I would prefer to have the option to send amounts to exchanges / forum buyers for trading as well... which would be the way to go here? I installed the client from xnova from his github but that doesnt work (see above). I would go with the client from Jahbit but dont know if this is safe in terms of the bug... that probably are stupid questions. I just dont have the time to go through the whole thread...
|
|
|
|
chong ching
Newbie
Offline
Activity: 48
Merit: 0
|
|
February 22, 2014, 07:17:16 PM |
|
hello xcp community, firstly, i would like to thank the developers for the excellent work that they are doing. i think that this project is the most advanced of all present crypto related initiatives. furthermore, i think that the way the developers are functioning, both professionally and in their fairness is admirable. i am happy to hear that funds are being raised for the security of the system and this is why i contribute 0.1 BTC - a sum that i believe is supplementary to the 2 BTC i burned initially. i believe that in the future a further investment will be required from the community and i will be there to do my part. I have donated some BTC today. All member in Counterparty community should act now. Donate! Donate!
+1
|
|
|
|
ginko-B
Member
Offline
Activity: 82
Merit: 10
|
|
February 22, 2014, 07:19:41 PM |
|
thx for your reply. I would do that but I would prefer to have the option to send amounts to exchanges / forum buyers for trading as well... which would be the way to go here? I installed the client from xnova from his github but that doesnt work (see above). I would go with the client from Jahbit but dont know if this is safe in terms of the bug... that probably are stupid questions. I just dont have the time to go through the whole thread...
Honestly easiest right now is to send the donation via Jimhsu, and then you can figure out the web wallet / GUI once you have more time. These products are both brand new in last few days and so I might suggest you wait a few weeks until they are bug tested and hardened before you hold your XCP in them.
|
|
|
|
bano.pait
Newbie
Offline
Activity: 37
Merit: 0
|
|
February 22, 2014, 07:22:01 PM |
|
Update.
First of all, one reason resuming XCP has been further delayed is that there was another required update that initiated a block chain resync. Resyncing takes about a day, and worse than that, the developers still haven't fixed the "busy error" issue, and I forgot to install my little patch for it after upgrading, so counterpartyd crashed last night. Right now, it is about 3,000 blocks behind. Once it finishes syncing, I will put XCP back up.
Next. The developers brought to my attention that people are still under the impression that the number of missing BTC is 80. This is entirely my fault, as that is the preliminary estimate I gave, and I never updated people after I did the calculations and rolled back the trades. The actual number of missing BTC is 115 -- 150 minus the 35 the hacker left in his account. I can provide the data on this if people want -- the list of trades and withdrawals made by the hacker.
The hacker has not responded for about two days. He still hasn't moved the BTC he took and may still have good intentions, but for now, we're going to have to assume it is lost so we can move on. The amount of BTC owed to people is recorded, and I will pay it off gradually, starting with the 35 BTC left behind by the hacker.
Once the block chain is done syncing, the BTC/XCP market will be resumed, as will deposits and withdrawals.
whats the btc address of the hacker to which 115 btcs went?
|
|
|
|
InsanityDev
|
|
February 22, 2014, 07:27:09 PM |
|
Can somebody from XCP please confirm which of the following statements is true (sparing technical details):
a) Poloniex's server or system was compromised by a malicious attacker who withdrew a large amount of bitcoin b) Poloniex was running on an XCP chain which was incorrect, and somebody has (legitimately or maliciously) moved XCP to poloniex to sell for BTC, which they have then withdrawn.
Thanks.
sorry to repeat, but as the dev of another currency who is partially responsible for 50-100 btc of coin on poloniex, and 50+ btc there too, I would appreciate an answer. Poloniex / Tristan seems very decent to me so far, but clarification on the above would really help me move forwards with full confidence.
|
|
|
|
delulo
|
|
February 22, 2014, 07:35:15 PM |
|
thx for your reply. I would do that but I would prefer to have the option to send amounts to exchanges / forum buyers for trading as well... which would be the way to go here? I installed the client from xnova from his github but that doesnt work (see above). I would go with the client from Jahbit but dont know if this is safe in terms of the bug... that probably are stupid questions. I just dont have the time to go through the whole thread...
Honestly easiest right now is to send the donation via Jimhsu, and then you can figure out the web wallet / GUI once you have more time. These products are both brand new in last few days and so I might suggest you wait a few weeks until they are bug tested and hardened before you hold your XCP in them. being able to trade and donating are equally important to me right now. So would be nice if someone could help to answer the questions I put up (is the Jahbit client safe in terms of the bug and is this the easiest way to send xcp?). thx!
|
|
|
|
IamNotSure
|
|
February 22, 2014, 07:41:06 PM |
|
Can somebody from XCP please confirm which of the following statements is true (sparing technical details):
a) Poloniex's server or system was compromised by a malicious attacker who withdrew a large amount of bitcoin b) Poloniex was running on an XCP chain which was incorrect, and somebody has (legitimately or maliciously) moved XCP to poloniex to sell for BTC, which they have then withdrawn.
Thanks.
sorry to repeat, but as the dev of another currency who is partially responsible for 50-100 btc of coin on poloniex, and 50+ btc there too, I would appreciate an answer. Poloniex / Tristan seems very decent to me so far, but clarification on the above would really help me move forwards with full confidence. Here is the chronology of the events as I remember. This might be inaccurate. A dev or busoni might correct any inaccuracy. a) a bug in the XCP protocol alllowed a hacker to maliciously withdraw 35k XCP from Poloniex hot wallet to one of his address b) he desposited those 35k XCP immediately after on his Poloniex trading account c) he sold those 35k XCP on the market for approx X BTC (150?) d) he withdrew X-35 BTC to one of his address, leaving 35 BTC behind e) he stole again 35k XCP (that he had just sold) to one of his address with a malicious transaction f) Poloniex XCP/BTC pair was shut down, and the bug was corrected in a matter of hours. Both malicious transactions were invalidated (and not reversed) by the fixed protocol g) Later, busoni reverted the transactions of the dump (leaving a 0 XCP balance for the buyers) Dev or busoni / PM me if something is wrong so I can edit/ delete some parts
|
|
|
|
InsanityDev
|
|
February 22, 2014, 07:44:35 PM |
|
Can somebody from XCP please confirm which of the following statements is true (sparing technical details):
a) Poloniex's server or system was compromised by a malicious attacker who withdrew a large amount of bitcoin b) Poloniex was running on an XCP chain which was incorrect, and somebody has (legitimately or maliciously) moved XCP to poloniex to sell for BTC, which they have then withdrawn.
Thanks.
sorry to repeat, but as the dev of another currency who is partially responsible for 50-100 btc of coin on poloniex, and 50+ btc there too, I would appreciate an answer. Poloniex / Tristan seems very decent to me so far, but clarification on the above would really help me move forwards with full confidence. Here is the chronology of the events as I remember. This might be inaccurate. A dev or busoni might correct any inaccuracy. a) a bug in the XCP protocol alllowed a hacker to maliciously withdraw 35k XCP from Poloniex hot wallet to one of his address b) he desposited those 35k XCP immediately after on his Poloniex trading account c) he sold those 35k XCP on the market for approx X BTC (150?) d) he withdrew X-35 BTC to one of his address, leaving 35 BTC behind e) he stole again 35k XCP (that he had just sold) to one of his address with a malicious transaction f) Poloniex XCP/BTC pair was shut down, and the bug was corrected in a matter of hours. Both malicious transactions were invalidated (and not reversed) by the fixed protocol g) Later, busoni reverted the transactions of the dump (leaving a 0 XCP balance for the buyers) Dev or busoni / PM me if something is wrong so I can edit/ delete some parts Thank you, that's more than enough to warrant my confidence personally and professionally in Tristan / Poloniex. Much appreciated.
|
|
|
|
ddink7
Legendary
Offline
Activity: 1120
Merit: 1000
|
|
February 22, 2014, 07:58:36 PM |
|
I see some people are still under the mistaken impression that Poloniex was hacked, and that the recent problems were the result of our presence on a centralized exchange. This is not true. The critical flaw was in the PROTOCOL itself. The attacker simply used the exchange as a convenient vector through which to execute his attack.
|
|
|
|
cityglut
|
|
February 22, 2014, 08:01:13 PM |
|
The Counterparty team would like to show its appreciation for how professionally busoni has handled everything in the past few days. Accordingly, we’ll be donating the 12 BTC that we set aside to give to the attacker instead to Poloniex, to help busoni recoup the funds that users have lost because of this vulnerability in the code, which he was indeed the first to report to us. We encourage the rest of the Counterparty community to help support this exchange---the first centralised exchange to support trading XCP and BTC. Again, all donations should be directed to <15buRLRW47AY9Md3mpFj17Yp6w4BtfMRjc>.
|
|
|
|
freedomfighter
|
|
February 22, 2014, 09:15:55 PM |
|
The Counterparty team would like to show its appreciation for how professionally busoni has handled everything in the past few days. Accordingly, we’ll be donating the 12 BTC that we set aside to give to the attacker instead to Poloniex, to help busoni recoup the funds that users have lost because of this vulnerability in the code, which he was indeed the first to report to us. We encourage the rest of the Counterparty community to help support this exchange---the first centralised exchange to support trading XCP and BTC. Again, all donations should be directed to <15buRLRW47AY9Md3mpFj17Yp6w4BtfMRjc>.
This is great. I also came out of this highly respectful to the dev team, busoni and community members. we have a great thing to be part of. I will donate 100XCP to the above address (in BTC) once centralized trading is resumed.
|
|
|
|
jimhsu
|
|
February 22, 2014, 09:19:57 PM |
|
thx for your reply. I would do that but I would prefer to have the option to send amounts to exchanges / forum buyers for trading as well... which would be the way to go here? I installed the client from xnova from his github but that doesnt work (see above). I would go with the client from Jahbit but dont know if this is safe in terms of the bug... that probably are stupid questions. I just dont have the time to go through the whole thread...
Honestly easiest right now is to send the donation via Jimhsu, and then you can figure out the web wallet / GUI once you have more time. These products are both brand new in last few days and so I might suggest you wait a few weeks until they are bug tested and hardened before you hold your XCP in them. being able to trade and donating are equally important to me right now. So would be nice if someone could help to answer the questions I put up (is the Jahbit client safe in terms of the bug and is this the easiest way to send xcp?). thx! Yes, the JahPowerBit client is perfectly functional. In fact, I use it to do the sends due to ease of use compared to CLI. However I'm still open to handling any send requests to whatever addresses you want, free of charge. Donations appreciated of course.
|
Dans les champs de l'observation le hasard ne favorise que les esprits préparé
|
|
|
delulo
|
|
February 22, 2014, 09:21:27 PM |
|
Can someone answer these two questions (i keep on asking it aver the last days and there is no answer. Is it that difficult?): Is the JahPowerBit client safe in terms of the bug and is this the easiest way to send xcp? I will donate 200 xcp if I get this going. Also the option of recovering funds via a high trading fee on poloniex should be considered as it is the fastest and free rider least solution.
Two more: At which price (above 0.02?) did the attack occur and people lost their funds? And is there a description (technical details) of the bug?
|
|
|
|
SyRenity
|
|
February 22, 2014, 09:26:20 PM |
|
The Counterparty team would like to show its appreciation for how professionally busoni has handled everything in the past few days. Accordingly, we’ll be donating the 12 BTC that we set aside to give to the attacker instead to Poloniex, to help busoni recoup the funds that users have lost because of this vulnerability in the code, which he was indeed the first to report to us. We encourage the rest of the Counterparty community to help support this exchange---the first centralised exchange to support trading XCP and BTC. Again, all donations should be directed to <15buRLRW47AY9Md3mpFj17Yp6w4BtfMRjc>.
Great news. Can anyone tl;dr; about Poloniex situation - how the community agreed to compensate Busoni?
|
|
|
|
supervine
Member
Offline
Activity: 93
Merit: 10
|
|
February 22, 2014, 09:28:04 PM |
|
Yes, the JahPowerBit client is perfectly functional. In fact, I use it to do the sends due to ease of use compared to CLI.
However I'm still open to handling any send requests to whatever addresses you want, free of charge. Donations appreciated of course.
How did you get it to work? I tried on different PCs, but got just errors. Didn't find any support thread to ask questions about...
|
Best android app for crypto: Crypto Coins Manager All coins, prices, tendencies, price change alerts, favorite coins, mining profitability &much more
|
|
|
kdrop22
|
|
February 22, 2014, 09:51:52 PM |
|
Yes, the JahPowerBit client is perfectly functional. In fact, I use it to do the sends due to ease of use compared to CLI.
However I'm still open to handling any send requests to whatever addresses you want, free of charge. Donations appreciated of course.
How did you get it to work? I tried on different PCs, but got just errors. Didn't find any support thread to ask questions about... a) I got an error about mscrv100.dll, that required me to install the latest runtime version of Visual Studio 2010 http://www.microsoft.com/en-us/download/details.aspx?id=13523http://www.microsoft.com/en-us/download/details.aspx?id=5555b) I had to set the GUI user name and password (to the same as RPC username and password), saved it. Then restarted the client a couple of times to get it to work.
|
|
|
|
Anotheranonlol
|
|
February 22, 2014, 09:58:47 PM Last edit: February 23, 2014, 05:15:11 AM by Anotheranonlol |
|
Is the JahPowerBit client safe in terms of the bug and is this the easiest way to send xcp?
yes, bug *was in protocol, not GUI - currently this is the easiest way to send. although a web-wallet is due
|
|
|
|
|