YoyodyneSystems
Legendary
Offline
Activity: 1386
Merit: 1023
|
|
May 02, 2014, 11:52:56 PM |
|
Is there an ETA on server migration? Is this a 24 hour deal or is this more like 8 hours?
Thanks and keep up the good work.
|
|
|
|
busoni (OP)
Sr. Member
Offline
Activity: 364
Merit: 250
Owner of Poloniex
|
|
May 03, 2014, 12:00:22 AM |
|
I'm not sure how long it will be. A new server is being set up right now, but it might not be ready until tomorrow. It shouldn't take more than a few hours after that to get the site running. I'll update you all when I have a better idea of the timing.
It is likely that when the site does come back up, several alt markets will remain frozen until all wallets are moved.
Thank you all for your support and patience!
|
Poloniex.com - Fast crypto exchange with margin trading, advanced charts, and stop-limit orders
|
|
|
Lethn
Legendary
Offline
Activity: 1540
Merit: 1000
|
|
May 03, 2014, 12:02:22 AM |
|
All funds are safe. Poloniex does use cold wallets.
What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.
Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.
I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.
Once you get everything switched over, would you, please name the hosting provider so many of us here can also protect ourselves by making sure not to use them in the future and/or cease using them currently. Thank you. If he did I imagine they would have one hell of a hissy fit over it. Imagine a hosting company just giving out root access so easily? That's a pretty severe breach, especially if they knew their client was in the exchange business. Many more details are needed, though. Another major breach like this so quickly after the last one is a very real issue. Considering I've been on the receiving end of an incompetent and argumentative webhost that caused problems and dragged things on for weeks ( I can say what I like now since I'm free of them *cough* SYNWEBHOST *cough* ) I don't see why we should spare the feelings of a webhost who refuse to get their fucking act together since it's an annoyingly common thing in the webhost industry these days, I know their pain if this is the case. We can only hope this kind of thing doesn't just become a recurring problem. Good luck, nice to see you're still talking and haven't fucked off with our money.
|
|
|
|
poochpocket
|
|
May 03, 2014, 12:02:36 AM |
|
Does this accident affect other, not-BTC deposit addresses? My rigs send regulary small amounts of coins directly to my poloniex deposits, do I need to stop sending now?
Yes you should absolutely stop sending small deposits from mining. If every one of those deposits needs to be manually recovered for you then you will only be wasting time. I can't recall if Poloniex specifically has a statement listed in the balance page, but many exchanges have something along the lines of "Please don't send small auto-payouts from mining." So basically you should never be doing it to begin with. +1
|
|
|
|
dan_and_shan
|
|
May 03, 2014, 12:03:51 AM |
|
Well done Again, Mr B, My confidence in you and Poloniex grows each time, You have to overcome a disaster. Love your work and your exchance
|
Don't take life too serious, No one gets out alive
|
|
|
HeadsOrTails
|
|
May 03, 2014, 12:04:35 AM |
|
What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.
Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.
I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.
Busconi. There's 3 zero day hacks going around. All require sure diligence. I'm amazed YOU need to catch this in time. Perhaps you'll have white hats assess your systems. Check pm for third 0 day hack
|
|
|
|
organizer
|
|
May 03, 2014, 12:05:14 AM |
|
If he did I imagine they would have one hell of a hissy fit over it. Imagine a hosting company just giving out root access so easily?
You'd be surprised... (not related to crypto), but i've "talked my way" into reclaiming servers for some companies in the past (i'd say even within the past few years).... None was for nefarious reasons, just getting them ownership of their sites... I bet this still happens, even on some of the larger hosting providers... the verification they ask for is not that strict (or at least it wasn't) in many cases.
|
|
|
|
bitmaster222
Newbie
Offline
Activity: 30
Merit: 0
|
|
May 03, 2014, 12:15:14 AM |
|
Yea i freaked out for a min xbc payout on [Suspicious link removed] went nutz with out fair market value. Thanks a bunch to Mr B. And whoevr els is working on issues you guys are the best!
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
May 03, 2014, 12:17:50 AM |
|
Why did your hosting provider have root access to a server with wallets? If your hosting provider has super admin you have no security. An attacker or employee you rob you at will.
|
|
|
|
crimealone
|
|
May 03, 2014, 12:19:55 AM |
|
All funds are safe. Poloniex does use cold wallets.
What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.
Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.
I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.
I send some sourcecoin just before you shut down the server. Will these coins be safe too?
|
|
|
|
noegzit
Member
Offline
Activity: 104
Merit: 10
|
|
May 03, 2014, 12:22:49 AM |
|
I'm not sure how long it will be. A new server is being set up right now, but it might not be ready until tomorrow. It shouldn't take more than a few hours after that to get the site running. I'll update you all when I have a better idea of the timing.
It is likely that when the site does come back up, several alt markets will remain frozen until all wallets are moved.
Thank you all for your support and patience!
And thanks for keeping us posted. I hope your exchange will be soon back.
|
|
|
|
rikkejohn
|
|
May 03, 2014, 12:34:11 AM |
|
Why did your hosting provider have root access to a server with wallets? If your hosting provider has super admin you have no security. An attacker or employee you rob you at will.
|
1PkwpyTLo5TfagzCPgjdvQFNVzuEyHViGt
|
|
|
dan_and_shan
|
|
May 03, 2014, 12:38:17 AM |
|
Another breach happening so soon from the last one... this is fucked up.
What makes it worse is all the bitches who keep thanking them, can you morons at least wait until their statements are backed up by actions, such as the site coming back with your funds in tact.
You are obliviously new to poloniex, Relax, go for a walk, bang the missus, and come back refreshed ready to trade again later
|
Don't take life too serious, No one gets out alive
|
|
|
triplef
Full Member
Offline
Activity: 338
Merit: 100
https://eloncity.io/
|
|
May 03, 2014, 12:38:36 AM |
|
site down
|
|
|
|
seaantel
Newbie
Offline
Activity: 12
Merit: 0
|
|
May 03, 2014, 12:40:30 AM |
|
Keep on your work . I am patient to wait.
|
|
|
|
tjypp
|
|
May 03, 2014, 12:43:14 AM |
|
Unable to login web site? why? poloniex
|
1Hqmaz19L1hiWagnAqf1AhKHZRM6j215Ch
|
|
|
DARKANGEL6415
|
|
May 03, 2014, 12:54:58 AM |
|
thanks you for letting us know i was just asking elsewhere what was wrong with the site. Hope all is ok with the service and funds
|
|
|
|
eastwind_ja
|
|
May 03, 2014, 12:58:23 AM |
|
Yes , I am worry about this , My coins are all in poloniex , afraid of missing the chance to catch a higer price!
|
|
|
|
codmaster
|
|
May 03, 2014, 01:10:23 AM |
|
SO ARE ALL BALLANCES safe?? how long to find out, when yor in the aldives??
|
|
|
|
dan_and_shan
|
|
May 03, 2014, 01:12:05 AM |
|
All funds are safe. Poloniex does use cold wallets.
What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.
Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.
I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.
|
Don't take life too serious, No one gets out alive
|
|
|
|