[ANN - NEW EXCHANGE] | www.CoinMarket.io | OFFICIAL THREAD

[Sparkzor]

Here are the trades the hacker made in my account. He cleared out 90% of my coins in the space of a few minutes, these trades are very quick, looks automated to me. It is certainly not a pool password because I use a different password for pools and a unique password for each exchange.

Coinmarket.io, I have a friend who is a infosec specialist, can you contact me please with some info regarding site security so I can get him to audit it for me please? I REALLY don't think the vulnerability was my password here and that you may have a bigger problem.


I'm a sad trader today, all the coins I was holding nearly doubled and I am left with nothing

Donations very welcome

Yeah the exact same happened with me ^^

[ibukovec]

It looks like I have either been hacked or the wrong account has been given to me.
Please contact me about this ASAP, thanks.
From looking at trade history it seems that someone has used my account to buy 50k doges at 900 satoshie each.
This wasn;t me, is there any way trade can be rolled back here? I have lost a lot of money here...

Unfortunately there is nothing we can do, your account (usename and password) are your responsibility.
We will attempt to reverse the trades with users that we are 100% sure are connected to that person.
Many people have got burnt by using the same user/password combination here and on some pools.
Pools get hacked, passwords leak. Semi-strong passwords get cracked by dictionary attacks.

There is no vulnerability server-side. Even it it were, we are not liable for any damages.

I used a strong, unique password with capital, lowercase and non-alphanumeric figures. I do not think it was brute forced of hacked from a pool.
I would seriously audit things server side if I were you.

Do you need any info from me regarding trade reversals?

Maybe the server is safe and maybe ppl use same username/psw for pool and market. But if your market worked the right way such trade should be possible at all. If you put in a rediculus high price the market should buy from best offers upwards and not right away with the wrong price. There lies your responsibility

The trade the hacker made for me:

Type   Timestamp   Amount   Price   Fee   Total
Buy   Sat Jan 25 13:14:10   3574.2394775 DOGE   0.00000689   0%   0.02462651 BTC

[Giggety]

When are you guys going to fix this:

Type   Timestamp   Amount   Price   Total
N/A   Sat Jan 25 19:52:37   1898.3 KDC   0.00020100   0.38155830 BTC


Type is always N/A

[DarknessYY]

I recharge the 50Wdgb, but has not arrived, the wallet has been unrecognized state, Please tell me how to solve  THAKNS

[coinmarket.io]

Go ahead and try to make an order with ridiculous price, see what happens.

[DarknessYY]

Go ahead and try to make an order with ridiculous price, see what happens.

I recharge the 50Wdgb, but has not arrived, the wallet has been unrecognized state, Please tell me how to solve  thanks

[coinmarket.io]

Go ahead and try to make an order with ridiculous price, see what happens.

I recharge the 50Wdgb, but has not arrived, the wallet has been unrecognized state, Please tell me how to solve  thanks

Provide username and transaction ID.

[BlueTunic]

Hey, I signed up with you guys a while back and used a test e-mail on my account; it never actually asked me for e-mail confirmation, so when I went to actually do some trading, and withdraw coins, it sent the confirmation email to... you guessed it, the test account, which I don't have access to.

Is there any way I can get the withdrawl that I did reverted or get the confirmation e-mail sent to my actual e-mail address?

Give me your username, i'll confirm your withdrawal manually and you will crate an another account with the right details after that.

BlueTunic

[incorrect]

Could you do the same for me with the email? I can't get a verification either.

[mrbildo]

It looks very obvious to me that the exchange was hacked last night, what is the explanation for the downtime all night last night? How come your dev lost SSH access all night?
I do not think that this occurrence and the fact that users are finding their accounts hacked during the night is a complete coincidence.

Again, I request information on the security measures present on the exchange so that I can have them independently audit. I am 90% sure the vulnerability was not my password, it was non-dictionary, unique and had caps, lower case and non alphanumerics, not the type of password is is easy to crack in that small a time window.

The high order filling was a bug, and combined with possible breach to site security constitutes a working vulnerability. There was a 0.25btc bounty for this advertised a while back.

[DarknessYY]

Go ahead and try to make an order with ridiculous price, see what happens.

I recharge the 50Wdgb, but has not arrived, the wallet has been unrecognized state, Please tell me how to solve  thanks

Provide username and transaction ID.

   username:yysqsd   transaction ID:5022decc8836924e94a7371c249d7dbaaee53c94455a92f08fd6abfdedb29dd4
 thanks

[Nullu]

FFS. Coinmarket just went down as I requested a BTC withdrawal.

I'm going to throw a fit if that vanishes.

[podyx]

Site is down?

[BlueTunic]

Just want to say, Coinmarket handled my issue with no problems and the btc that I was transferring is now sitting pretty in my wallet. Thank you for your support, Coinmarket

[mrbildo]

Site is down for me too. Maybe someone's password is being hacked again...

[AdamT]

Could you do the same for me with the email? I can't get a verification either.

Me as well, user: deep

Withdrew 50k NOBL yesterday morning, no conf email. Please push through manually, much appreciated!

[incorrect]

Me as well, user: deep

Withdrew 50k NOBL yesterday morning, no conf email. Please push through manually, much appreciated!

Username: Near

I really hope we can sort this out soon I want to sleep knowing my coins are safe. 

[podyx]

My 80 KDC that I sent when site went down was duplicated lol

not alot of money but just letting you know, if you want them back or something

[Nullu]

My 80 KDC that I sent when site went down was duplicated lol

not alot of money but just letting you know, if you want them back or something

If it was a glitch I doubt those coins actually exist. I wouldn't risk trying to sell them or you may end up with a negative balance.

FYI, my BTC withdrawal never went through when the site went down. Once it was back up I made the withdrawal and recieved the BTC instantly. Love how fast this site is. Hope they continue developing it.

[ibukovec]

Go ahead and try to make an order with ridiculous price, see what happens.

If it works right now it dosnt mean it did today when the hacker made the orders. If it worked then right then the thief is one of you or your server was hacked.