Seems like the guy may be trying to return the c-cex funds as we speak....maybe.
It sounds like the same guy that hacked XCP. He claimed he was a white hat, but after days never returned anything. Probably was just buying time to better cover his tracks. That hack was protocol level on XCP he extracted 35,000 XCP and deposited on Poloniex. Then sold it for BTC, then withdrew it leaving things in a big mess. Maybe he used some of that BTC for the market manipulations, but somehow got c-cex wallet?
Very scary stuff.
On a separate note, does anybody know if DRK supports multisig? If is is based on bitcoind fork, it should, but with all the wonderful changes, I am not sure if that still works with DRK.
If it does, I am working on a project you might all be interested in. It is an automated multisig gateway into NXT Asset Exchange. I am close to getting a proof of concept release done with DOGE. I know, I know. It was just cheap enough that I didnt mind if I lost it during testing. So I am using real DOGE on the NXT testnet.
Every exchange is part gateway and part centralized exchange. We know what can happen with centralization. One breach and ** poof ** all gone.
I have designed the automated gateway to do an atomic exchange when DOGE is deposited and NXT Asset is transferred. There is small risk that one of the gateways disappears with a pending deposit, but you can always just deposit in small increments, I handle multiple simultaneous deposits. Once it is inside the NXT Asset Exchange, you can trade DRK for NXT and also NXT for whatever other coins we support. All of the NXT Asset Exchange trades are done using decentralized network, so there is no single point of failure. The same protection that cryptos get applies to the NXT assets.
So, automated deposit, atomic conversion to NXT asset, decentralized trading of assets with NXT. What about withdrawal?
That is the best part! I read up on all the various cross chain transaction proposals, but I couldnt really understand them well enough to be confident that I was implementing it correctly. So, I chose to use multisig accounts for the gateways to store the deposits. Unlike with c-cex and all other centralized exchanges where you might not even know where they are storing the coins on deposit. Cold storage they say. Uh huh, how convenient. I wanted there to be a 100% verifiable account where the deposits are kept. Now, even if you know that the exchange's deposit account fully backs what you put in, what is to stop an exchange from simply taking off with a big balance? Or getting hacked? Same difference as far as customers are concerned.
Since bitcoind network supports 3 way multisig and I need to handle the case of one of the signers going missing, the first version uses 2 of 3 multisig. This means that there are three independent gateways, maybe fiercely independent competitors! No single gateway can touch the funds in the multisig deposit acct. It needs to get a co-signer for each and every withdrawal. So, as long as two independent gateway servers arent hacked at the same time, the multisig deposits are safe.
I want to add DRK to the multisig gateway, but I wanted to make sure it supports it.
NXT Asset Exchange is not released on mainnet yet, but it should be pretty soon, so I am scrambling to have the multisig gateway running by then. I think it would be great if two of the gateways was managed by the DRK community. I am envisioning operating the automated gateways as a non-profit. It really doesnt take much server resources, especially if you are already running darkcoind. I am writing all the code from scratch in C and it will be open source.
Once this is live, you will be able to trade DRK inside of NXT knowing that you will always be able to withdraw it to your private wallet. I will be making automated account balance monitoring bots so as soon as anything goes wrong, all withdrawals get suspended until it gets sorted out. I can also make it automatically cancel all the pending offers in the Asset exchange, so there is not much a thief can do. In the worst case, we can simply use a snapshot of everyone's balances (peer reviewed) just prior to the hack and simply recreate the exact balances for everyone with a newly issued asset. Whatever NXT asset was stolen wont be worth anything after the gateways switch to the new asset.
James
