As many of you know, about a week ago, a hacker found a major security hole in the Counterparty protocol that enabled him to send XCP from anyone's address. He used this to send 35,000 XCP from the Poloniex wallet to himself, which he then deposited into his own Poloniex account. He then sold the XCP for 150 BTC and withdrew 115 BTC. Following that, he explained the security hole and offered to return the BTC. He has still not returned the BTC, but my correspondence with him is ongoing.
Users have asked to see the correspondence and the Counterparty developers have all given the OK on publishing it, so here it is:
https://poloniex.com/correspondence.pdfThere was more to his message from today, which I have not included because it arrived after the developers gave the OK.
Wow! Reading through the correspondence all I can say is that this guy is awesome! We SO need him to become part of the Counterparty development team!
