deodecagone
|
|
May 03, 2014, 08:46:32 AM |
|
Since the beginning poloniex is gaining trust. At several points, the owner remained very fair and professionnal. I am convinced this is way more important than any fancy html5 flat design.
Congratz.
|
|
|
|
RhodaGila
|
|
May 03, 2014, 09:00:15 AM |
|
Poloniex was great!
|
|
|
|
eastwind_ja
|
|
May 03, 2014, 09:04:34 AM |
|
Is there anyone who lost coins after server comeback?
|
|
|
|
maccaspacca
Sr. Member
Offline
Activity: 278
Merit: 258
Twitter: @maccaspacca1
|
|
May 03, 2014, 09:14:02 AM |
|
Great job Busoni and team. You have all acted responsibly and professionally..... as usual That's why I love Poloniex so much
|
|
|
|
ibfragalot
Member
Offline
Activity: 98
Merit: 10
|
|
May 03, 2014, 09:27:15 AM |
|
Great job Busoni and team. You have all acted responsibly and professionally..... as usual That's why I love Poloniex so much +1
|
|
|
|
ParkExcite
Member
Offline
Activity: 89
Merit: 10
|
|
May 03, 2014, 09:28:54 AM |
|
Me too, very great support. I will always trust poloniex.
|
|
|
|
lordzskull
Member
Offline
Activity: 70
Merit: 10
|
|
May 03, 2014, 09:47:07 AM |
|
All funds are safe. Poloniex does use cold wallets.
What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.
Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.
I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.
Dam impressive +2
|
|
|
|
ShiThing
Member
Offline
Activity: 60
Merit: 10
|
|
May 03, 2014, 10:00:39 AM |
|
Always trust polo. Good job.
|
|
|
|
altcoinherald
|
|
May 03, 2014, 10:06:57 AM |
|
Nobody else is concerned that this person was able to ssh to the server without firewall rules blocking him?
Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.
Unfortunately Busoni will probably not be able to give the exact details except that he "caught" it and it never went down as the attacker hoped. You cannot show all your cards as of course hackers read all this that we write. Usually in a security situation the site owner cannot say anything at all. Way to skirt the question. The explanation given does not make any sense if they are really using proper firewall rules for server access. All I can read from this as a security expert is that the SSH port of the wallet server has been open to the entire world this whole time. Frankly, using SSH keys and disabling PermitRootLogin with password seem like very important steps anyone would use. Then locking down the one machine with the keys IP address and making sure there's no physical access to the machine, is how I might do it. But that's just me.
|
|
|
|
BigBoy89
Legendary
Offline
Activity: 1512
Merit: 1011
|
|
May 03, 2014, 10:39:59 AM |
|
nice work, we can use poloniex now hope i can withdraw FLT as soon as possible withdrawal still frozen, need some time good job busoni
|
| .AMEPAY. | | | | | | ▄▄█████████▄▄ ▄█████████████████▄ ▄█████████████████████▄ ▄█████████▀▀▄▀▀█████████▄ ▄████████▄▄█▀ ▀█▄▄████████▄ ████████ ▀▀█▄██▀▀▄████████ ████████ █ ▄ █ ▄▀▀▄████████ ████████ █ █ █ ▄▀▀▄████████ ▀█████████▄█ █ ▄██████████▀ ▀████████ ▀▀▀ ████████▀ ▀█████████████████████▀ ▀█████████████████▀ ▀▀█████████▀▀ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | │▌ | | AMEPAY IEO
▄██████▄ ▀██████▄ █████████ ▀█████ ███████▀ ▀███ ██████▀ ▄█▄ ▀██ ██████▄ ▀█▀ ▄██ ███████▄ ▄███ █████████ ▄█████ ▀██████▀ ▄██████▀ | |
| AMEPAY LISTING
▐███▄ ████▌ ▐██████████▄ █████████████ ████▌ █████ ▐████ ▄████ ██████████▀ ▀█████▀▀ | |
| ▐│ | ▄▄█████████▄▄ ▄█████████████████▄ ▄█████████████████████▄ ▄█████████▀▀▄▀▀█████████▄ ▄████████▄▄█▀ ▀█▄▄████████▄ ████████ ▀▀█▄██▀▀▄████████ ████████ █ ▄ █ ▄▀▀▄████████ ████████ █ █ █ ▄▀▀▄████████ ▀█████████▄█ █ ▄██████████▀ ▀████████ ▀▀▀ ████████▀ ▀█████████████████████▀ ▀█████████████████▀ ▀▀█████████▀▀ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ |
|
|
|
dcgirl
|
|
May 03, 2014, 10:51:11 AM |
|
great job polo, clearing this up so quickly. isnt the crypto world fun?
|
|
|
|
juve4v
|
|
May 03, 2014, 10:59:41 AM |
|
I made 2 EBT deposits -one of my wallet+one of pool- that don't show up in my balance nor on last 25 deposit history on poloniex.They're both confirmed .Anyone experience same problems?
|
|
|
|
rmoraos
|
|
May 03, 2014, 11:47:25 AM |
|
Nobody else is concerned that this person was able to ssh to the server without firewall rules blocking him?
Sounds like the only reason anyone even knew what was going on was due to the entire server being down and a bunch of wallets being offline.
Unfortunately Busoni will probably not be able to give the exact details except that he "caught" it and it never went down as the attacker hoped. You cannot show all your cards as of course hackers read all this that we write. Usually in a security situation the site owner cannot say anything at all. Way to skirt the question. The explanation given does not make any sense if they are really using proper firewall rules for server access. All I can read from this as a security expert is that the SSH port of the wallet server has been open to the entire world this whole time. Frankly, using SSH keys and disabling PermitRootLogin with password seem like very important steps anyone would use. Then locking down the one machine with the keys IP address and making sure there's no physical access to the machine, is how I might do it. But that's just me. Yeah, only login by ssh key (.pem or .ppk) and allow only login from 1 IP, all the others deny (the service denyhosts works great in this). But good work by not losing the coins. Best Regards.
|
|
|
|
kache
Full Member
Offline
Activity: 140
Merit: 100
Bored
|
|
May 03, 2014, 11:52:26 AM |
|
All funds are safe. Poloniex does use cold wallets.
What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.
Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.
I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.
What about BadgerCoin addresses? My pool has been automatically depositing on the old (frozen) address for more than a day already. Are those funds lost?
|
|
|
|
Hotodamoon
Newbie
Offline
Activity: 31
Merit: 0
|
|
May 03, 2014, 11:56:23 AM |
|
All funds are safe. Poloniex does use cold wallets.
What happened was an attacker used social engineering to gain root access to a wallet server. This was made possible by absolutely jaw-dropping negligence on the part of the hosting provider. Fortunately, I caught the attempt in time and was able to shut down the server before anything was taken. All BTC has been moved into cold storage, and then next step is to set up a new server with a different provider.
Please stop sending BTC to your old BTC deposit addresses. The funds will not be lost, but all new addresses must be generated, as I must assume the old wallet is compromised. It is very unlikely that it was, but "unlikely" is not good enough.
I appreciate everyone's patience while I take proper security measures before bringing the exchange back online.
What about BadgerCoin addresses? My pool has been automatically depositing on the old (frozen) address for more than a day already. Are those funds lost? OMG. Really? your BadgerCoin lost?
|
|
|
|
Nthused
Legendary
Offline
Activity: 1554
Merit: 1001
|
|
May 03, 2014, 12:02:17 PM |
|
That's why your meant to Deposit to your wallet first, it even states it on pools, don't use your Exchange address to deposit your Pool coins...
|
|
|
|
mayun1
Newbie
Offline
Activity: 56
Merit: 0
|
|
May 03, 2014, 12:22:19 PM |
|
Great job Busoni and team.
You have all acted responsibly and professionally..... as usual
|
|
|
|
ZarkMark
Newbie
Offline
Activity: 29
Merit: 0
|
|
May 03, 2014, 01:11:13 PM |
|
Great job Busoni and team.
You have all acted responsibly and professionally..... as usual
Ppl said polo will be the next nxt-e, but they are wrong. good job.
|
|
|
|
maardein
|
|
May 03, 2014, 01:15:16 PM |
|
I would seriously file a claim with your old hosting provider. You are at about 1/3 of the volume you used to have. It is costing you a lot of money and time to have the site down and move servers.
|
BTC: 1788UegKXGXXicfPcbZ1bmSUJ99ZWRCF7p LTC: LZ2rCcoxK4X8wRRynqdxoimd4d3TDNk7Lk PMP: PApSSdorQds5tQysymwDXPAN3viJLFTUs8
|
|
|
zhaohui
|
|
May 03, 2014, 01:38:07 PM |
|
when can we exchange ITC and comm coin??? waiting so long....suggest host get a better computer service
|
|
|
|
|