busoni (OP)
Sr. Member
Offline
Activity: 364
Merit: 250
Owner of Poloniex
|
|
February 27, 2014, 07:14:50 AM Last edit: February 28, 2014, 07:01:11 AM by busoni |
|
As many of you know, about a week ago, a hacker found a major security hole in the Counterparty protocol that enabled him to send XCP from anyone's address. He used this to send 35,000 XCP from the Poloniex wallet to himself, which he then deposited into his own Poloniex account. He then sold the XCP for 150 BTC and withdrew 115 BTC. Following that, he explained the security hole and offered to return the BTC. He has still not returned the BTC, but my correspondence with him is ongoing. Users have asked to see the correspondence and the Counterparty developers have all given the OK on publishing it, so here it is: https://poloniex.com/correspondence.pdfThere was more to his message from today, which I have not included because it arrived after the developers gave the OK.
|
Poloniex.com - Fast crypto exchange with margin trading, advanced charts, and stop-limit orders
|
|
|
sadface
|
|
February 27, 2014, 07:55:56 AM |
|
i wonder what takes him so long to return those btc
|
|
|
|
Chuck
Member
Offline
Activity: 92
Merit: 10
|
|
February 27, 2014, 08:04:49 AM |
|
Thanks for posting,
So - Anyone live in Brazil? How hard is it to send this guy some Reais so he can have a day's worth of time on the Internet!
(It's so strange I think I believe him)
|
BTC: 1CKytBzLeA1QcFM33qgi9YWPq1ax3XEJ84
|
|
|
metraX
Newbie
Offline
Activity: 29
Merit: 0
|
|
February 27, 2014, 08:15:58 AM |
|
You write him, "by Tristan D'Agosta on Wed, Feb 19 at 11:22 AM ... You asked for an address to send the BTC to before, this is the address: 1My4UPJ1tGDEGxck3W94BSZwTcEAE7Pfj8" Looks like he sent you 50 back ?? On the 22nd ?? https://blockchain.info/address/1My4UPJ1tGDEGxck3W94BSZwTcEAE7Pfj8
|
|
|
|
yashin
Newbie
Offline
Activity: 35
Merit: 0
|
|
February 27, 2014, 08:18:52 AM |
|
If he truly wanted to steal those BTC, I dont see why he would be contacting them?
|
|
|
|
CoinHoarder
Legendary
Offline
Activity: 1484
Merit: 1026
In Cryptocoins I Trust
|
|
February 27, 2014, 09:04:20 AM |
|
I am pretty familiar with Brazil.. I dated a girl that was from there for a couple years and even visited there for a month once. There is a lot of poverty in Brazil, and if he is a custodian at a hostel, I can guarantee he doesn't make more than $80 a month. At current prices that 120 BTC is equal to 71 years of work... I'm sorry, but you're never going to get this BTC back.
|
|
|
|
PyroClasTix
Newbie
Offline
Activity: 56
Merit: 0
|
|
February 27, 2014, 09:30:57 AM |
|
This is interesting. Hmmm...will stay tuned.
|
|
|
|
JakeThePanda
|
|
February 27, 2014, 01:07:44 PM |
|
I think there are only 24 Starbucks locations in Brazil and we know what time he was there. He already left too much information for even a crappy detective. I guess getting the video surveillance from Starbucks would be a problem.
|
|
|
|
qznc
Newbie
Offline
Activity: 14
Merit: 0
|
|
February 27, 2014, 01:30:05 PM |
|
I think there are only 24 Starbucks locations in Brazil and we know what time he was there. He already left too much information for even a crappy detective. I guess getting the video surveillance from Starbucks would be a problem.
Assuming that he did not lie about Starbucks or Brazil or everything.
|
|
|
|
iampingu
|
|
February 27, 2014, 01:39:33 PM |
|
I think there are only 24 Starbucks locations in Brazil and we know what time he was there. He already left too much information for even a crappy detective. I guess getting the video surveillance from Starbucks would be a problem.
Assuming that he did not lie about Starbucks or Brazil or everything. Lies? On the Internet?
|
|
|
|
JakeThePanda
|
|
February 27, 2014, 02:43:54 PM |
|
I think there are only 24 Starbucks locations in Brazil and we know what time he was there. He already left too much information for even a crappy detective. I guess getting the video surveillance from Starbucks would be a problem.
Assuming that he did not lie about Starbucks or Brazil or everything. Of course, but I don't think so. Why would he go though any of this if his initial intention was to run off with the dough. I think he started off being genuine and that's when he mentioned where he was and what he does for a living. It doesn't matter. It's not like anyone is going to investigate.
|
|
|
|
busoni (OP)
Sr. Member
Offline
Activity: 364
Merit: 250
Owner of Poloniex
|
|
February 27, 2014, 04:24:10 PM |
|
He did, he just told me. For some reason, the deposits never credited to the account, so I missed them. The 50 BTC is being returned to users as we speak. He also said he plans to return the other 65, pending my agreement not to hold him responsible for anything.
|
Poloniex.com - Fast crypto exchange with margin trading, advanced charts, and stop-limit orders
|
|
|
MysticalPotato
Member
Offline
Activity: 91
Merit: 10
Stop the potato genocide!
|
|
February 27, 2014, 05:03:11 PM |
|
As many of you know, about a week ago, a hacker found a major security hole in the Counterparty protocol that enabled him to send XCP from anyone's address. He used this to send 35,000 XCP from the Poloniex wallet to himself, which he then deposited into his own Poloniex account. He then sold the XCP for 150 BTC and withdrew 115 BTC. Following that, he explained the security hole and offered to return the BTC. He has still not returned the BTC, but my correspondence with him is ongoing. Users have asked to see the correspondence and the Counterparty developers have all given the OK on publishing it, so here it is: https://poloniex.com/correspondence.pdfThere was more to his message from today, which I have not included because it arrived after the developers gave the OK. What an incredibly weird episode. A lone cleaner living in near poverty in South America hacking a reputable exchange located 4,000 miles away in N.J. If this guy returns the entire 115BTC, my faith in humanity would be greatly strengthened.
|
"Politeness induces morality. Serenity of manners requires serenity of mind.” - Julia Ward Howe
Signature space available for a worthy cause
|
|
|
pgbit
Sr. Member
Offline
Activity: 771
Merit: 258
Trident Protocol | Simple «buy-hold-earn» system!
|
|
February 27, 2014, 05:55:35 PM |
|
As many of you know, about a week ago, a hacker found a major security hole in the Counterparty protocol that enabled him to send XCP from anyone's address. He used this to send 35,000 XCP from the Poloniex wallet to himself, which he then deposited into his own Poloniex account. He then sold the XCP for 150 BTC and withdrew 115 BTC. Following that, he explained the security hole and offered to return the BTC. He has still not returned the BTC, but my correspondence with him is ongoing. Users have asked to see the correspondence and the Counterparty developers have all given the OK on publishing it, so here it is: https://poloniex.com/correspondence.pdfThere was more to his message from today, which I have not included because it arrived after the developers gave the OK. What an incredibly weird episode. A lone cleaner living in near poverty in South America hacking a reputable exchange located 4,000 miles away in N.J. If this guy returns the entire 115BTC, my faith in humanity would be greatly strengthened. How to make the story any more unbelievable?
|
| . SECONDLIVE | | | │ | | | | | | │ | | | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ S T A K E L I T T L E W I N B I G ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▄▄███████▄▄▄ ▄▄████████████████▄▄ ██████████████████████▄ ████████▀▀▀██████████████ ███████▌ ▀█████████████ ████████▀ ▀▀▄▄██▀▀▀██████████ ███████ ▀████████ ███████▄ ████████ ████████▄▄ ▄████████ ███████████▄▄▄▄██████████ ▀█████████████████████▀ ▀████████████████▀▀ ██████████████████████ |
|
|
|
kelsey
Legendary
Offline
Activity: 1876
Merit: 1000
|
|
February 28, 2014, 12:56:04 AM |
|
If this guy returns the entire 115BTC, my faith in humanity would be greatly strengthened.
If anyone actually believes this bs story my faith in the IQ of people on this forum is greatly weakened
|
|
|
|
cubicdissection
|
|
February 28, 2014, 01:34:40 AM |
|
At any rate, this is the death of Counterparty.
And why is that?
|
|
|
|
cryptohunter
Legendary
Offline
Activity: 2100
Merit: 1167
MY RED TRUST LEFT BY SCUMBAGS - READ MY SIG
|
|
February 28, 2014, 03:05:44 AM |
|
At any rate, this is the death of Counterparty.
And why is that? Well, it was just hacked apparently by an $80 month cleaner. I'm asking my maid to look the code over......she's nearly done with the dusting so i'd get your BTC out whilst you can.
|
|
|
|
|
metraX
Newbie
Offline
Activity: 29
Merit: 0
|
|
February 28, 2014, 03:21:43 AM |
|
The whole story is complete bullshit.
Inside job, plain as day.
At any rate, this is the death of Counterparty.
~BCX~
Why would they put an exploit in their code, let it sit for months, then exploit it, then give it all back, making prices drop in meantime? hurting themselves, I dont see anything they gain by it?
|
|
|
|
CoinHoarder
Legendary
Offline
Activity: 1484
Merit: 1026
In Cryptocoins I Trust
|
|
February 28, 2014, 03:33:40 AM |
|
The whole story is complete bullshit.
Inside job, plain as day.
At any rate, this is the death of Counterparty.
~BCX~
Why would they put an exploit in their code, let it sit for months, then exploit it, then give it all back, making prices drop in meantime? hurting themselves, I dont see anything they gain by it? /puts tinfoil hat on If it was indeed an inside job, possibly he realized that the story was somewhat unbelievable and it was going to ruin the exchange's reputation, so he decided to return the BTC to save face and keep the exchange business.
|
|
|
|
|