|
InsanityDev
|
 |
March 04, 2014, 06:18:29 PM |
|
Very okay with all of this. Tristan has already capably handled one big error see: https://bitcointalk.org/index.php?topic=395761.msg5305316#msg5305316 (not his fault) which resulted in a large loss. He's gained the respect of multiple people, and is doing the same again. I've personally offered help to cover the security side of things via code review, to help him get a plan for scaling together, I have taken a 12.3% hit on 10+BTC of my own, and have offered a further 1-2 BTC to help him through this. I'd rather support him than risk my personal holdings elsewhere, lost way too much already the last year. Count that as a constructive vote of confidence. Calm down, let Tristan face this on a fresh day, ensure everything is okay, and then get his service running again properly. We can all see his intentions are good, he has taken full responsibility (even though somebody else exploited him), and that past evidence shows he will work through this with us. |
|
|
|
|
|
|
|
|
|
|
|
|
Transactions must be included in a block to be properly completed. When you send a transaction, it is broadcast to miners. Miners can then optionally include it in their next blocks. Miners will be more inclined to include your transaction if it has a higher transaction fee.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
ryback
Newbie
 Offline
Activity: 6
Merit: 0
|
|
March 04, 2014, 06:18:49 PM |
|
12 hours has passed and what now?  ? i deposit my 5 btc after hacking site nobody write dont deposit coins website is hacking so i want back my btc !!!!! |
|
|
|
|
crypto era
Newbie
Offline
Activity: 44
Merit: 0
|
|
March 04, 2014, 06:20:14 PM |
|
OP.. you said this just a couple of days ago: "One more thing--about security. Very few Poloniex accounts have been hacked--less than five, I think--but I still think reminders like this don't hurt. ... This is money we're talking about, which means people will always be trying to steal it. " When someone asked you about security you avoided it https://bitcointalk.org/index.php?topic=420836.msg5471836#msg5471836- There's nothing visible about security on your website or FAQ
- It does not appear that you have anyone to secure the website and will be looking to hire someone 'later'
- when asked about site security you appear to have avoided the question. Isn't this important to discuss?
Further, per your own Terms you are legally liable for the loss that has occurred. You have a very short Terms page. Big mistake. It says only, "You agree not to hold Poloniex liable for any loss of funds resulting from incorrect information provided by you. " which means you are liable for other losses. Though you say, "These terms and conditions may be changed at any time without notice. By continuing to use the services provided by Poloniex.com, you agree to any and all such changes." it would not apply to previous agreements. I'm guessing you were an easy target for hackers because you did not have much security. You did not therefore do your best to secure the deposits of clients. And you are liable for the loss. I'm sure the good folks here would not think of suing you (and neither would I) but you may want to CYA. dude. "You also agree not to hold any persons or party liable for loss of funds resulting from third party actions". The hacking is a third party action. It's like that south park episode where they don't read the terms and conditions. human centipede. |
|
|
|
|
jtpeters
Newbie
Offline
Activity: 56
Merit: 0
|
|
March 04, 2014, 06:20:35 PM |
|
Personally, I think the owner of Poloniex did the right thing by saying what happened. We have to acknowledge that hackers and exploiters will steal funds time to time and when it does happen, its best to not to go the path of Mt. Gox. When someone does manage to steal funds, we as a community should get together and do our best to track exactly where the stolen money goes and hopefully the money eventually goes to some sort of money exchange service where we can alert the site.
Do you believe they're doing the right thing by: - Continuing to allow deposits but not withdrawls
- not having any notice on their main page OR deposit page
- not immediately sending out a notice to all customers by email
- deducting 12% of coins deposited after the "theft"
Again.. it has been 12+ hours after the incident |
|
|
|
|
|
chiznitz
|
|
March 04, 2014, 06:21:03 PM |
|
The next thing that will be done--before markets are unfrozen--is a daemon will be created that continually monitors for negative balances and freezes any account with a negative balance
facepalm. Php or the frontend interface only for receiving requests from users not executing them. When user makes order, the server replies, "yes we got it", and come up with a script on the backend to process user requests atomically -- trader order, deposit, withdraw... once it's done on the backend, send ajax / websocket responds back to the front end that it's done, etc, or have user refresh it manually if such lazy. This is what I. Described above, not sure why this guy thinks this has anything to do with bitcoin vulnerabilities oh well  |
|
|
|
jtpeters
Newbie
Offline
Activity: 56
Merit: 0
|
|
March 04, 2014, 06:21:49 PM |
|
12 hours has passed and what now? ? i deposit my 5 btc after hacking site nobody write dont deposit coins website is hacking so i want back my btc !!!!! The consensus here is to send them more BTC to solve the problem. Must be the fluoride |
|
|
|
|
ginko-B
Member
Offline
Activity: 82
Merit: 10
|
|
March 04, 2014, 06:23:08 PM |
|
I would like to thank everyone for their support and understanding. It really means a lot. Having other people's money taken under my watch has made me feel just about as awful as I've ever felt in my life.
I think I should have a poll to determine how to pay the funds back. Here are the options I'm thinking:
1. Pay back over time with exchange fees.
2. Same as #1, but raise fees to expedite.
3. Sell shares of Poloniex to cover the debt; dividends paid regularly.
4. Award such shares to everyone immediately and consider that repayment.
Let me know if I'm forgetting an option here.
About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.
I will be hiring a security programmer after this is dealt with.
My vote: #2 |
|
|
|
|
bato323
Member
Offline
Activity: 157
Merit: 10
|
|
March 04, 2014, 06:23:17 PM |
|
Personally, I think the owner of Poloniex did the right thing by saying what happened. We have to acknowledge that hackers and exploiters will steal funds time to time and when it does happen, its best to not to go the path of Mt. Gox. When someone does manage to steal funds, we as a community should get together and do our best to track exactly where the stolen money goes and hopefully the money eventually goes to some sort of money exchange service where we can alert the site.
Do you believe they're doing the right thing by: - Continuing to allow deposits but not withdrawls
- not having any notice on their main page OR deposit page
- not immediately sending out a notice to all customers by email
- deducting 12% of coins deposited after the "theft"
Again.. it has been 12+ hours after the incident By Busoni on page 11: About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits. |
|
|
|
|
|
D05GTO
|
|
March 04, 2014, 06:23:43 PM |
|
12 hours has passed and what now? ? i deposit my 5 btc after hacking site nobody write dont deposit coins website is hacking so i want back my btc !!!!! The consensus here is to send them more BTC to solve the problem. Must be the fluoride Or some killer coolaide |
▄████▄
▄████████▄
▄████████████▄
▄████████████████▄
████████████████████ ▄█▄ ▄███▄ ▄███▄ ▄████████████████▀ ▄██████████
▄▄▄▀█████▀▄▄▄▄▀█████▀▄▄▄ ▀██▄ ▄██▀ ▀██▄ ▄██▀ ▀██▄ ▄██▀ ██
▄█████▄▀▀▀▄██████▄▀▀▀▄█████▄ ▀██▄ ▄██▀ ▀██▄ ▄██▀ ▀██▄ ▄██▀ ▄█▄ ▀██████████████▄
████████████████████████████ ▀██▄ ▄██▀ ▀██▄ ▄██▀ ▀██▄ ▄██▀ ▀█▀ ██
▀████████████████████████▀ ▀██▄ ▄██▀ ▀██▄ ▄██▀ ▄█▄ ▀██▄ ▄██▀ ██
▀████████████████████▀ ▀███▀ ▀███▀ ▀█▀ ▀███▀ ▄███████████████████████████████████▀
▀████████████████▀
▀████████████▀
▀████████▀
▀████▀
| ║║
║█
║█
║║ | .
| .
║║
██
║║
| .
| .
║║
██
║║
| .
| ║║
█║
█║
║║ | |
|
|
|
|
|
jtpeters
Newbie
Offline
Activity: 56
Merit: 0
|
|
March 04, 2014, 06:24:04 PM |
|
Very okay with all of this. Tristan has already capably handled one big error see: https://bitcointalk.org/index.php?topic=395761.msg5305316#msg5305316 (not his fault) which resulted in a large loss. He's gained the respect of multiple people, and is doing the same again. I've personally offered help to cover the security side of things via code review, to help him get a plan for scaling together, I have taken a 12.3% hit on 10+BTC of my own, and have offered a further 1-2 BTC to help him through this. I'd rather support him than risk my personal holdings elsewhere, lost way too much already the last year. Count that as a constructive vote of confidence. Calm down, let Tristan face this on a fresh day, ensure everything is okay, and then get his service running again properly. We can all see his intentions are good, he has taken full responsibility (even though somebody else exploited him), and that past evidence shows he will work through this with us. Pretty much the same things were said in the coinmarket threads. It means nothing. It's a reference. |
|
|
|
|
sleepless
Full Member
Offline
Activity: 462
Merit: 100
“Crypto Depository Receipts”
|
|
March 04, 2014, 06:25:41 PM |
|
I would like to thank everyone for their support and understanding. It really means a lot. Having other people's money taken under my watch has made me feel just about as awful as I've ever felt in my life.
I think I should have a poll to determine how to pay the funds back. Here are the options I'm thinking:
1. Pay back over time with exchange fees.
2. Same as #1, but raise fees to expedite.
3. Sell shares of Poloniex to cover the debt; dividends paid regularly.
4. Award such shares to everyone immediately and consider that repayment.
Let me know if I'm forgetting an option here.
About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.
I will be hiring a security programmer after this is dealt with.
I'd raise the fee to 0.3% or even 0.5% and additionally sell shares. You can then cover the dividends with the extra fee and with the shares you can pay back the 12%. |
|
|
|
kneim
Legendary
Offline
Activity: 1666
Merit: 1000
|
|
March 04, 2014, 06:28:11 PM |
|
I traded my BTC down to 1 satoshi (for AuroraCoin!) so I guess you can't freeze 1/8th of that?  So far I like, and very much so, the transparent way that the Poloniex founder is dealing with this issue. Hoping for more good things from this site. Everyone has growing pains. Learn from them. The right time to hire a security programmer is when you 1) own an exchange; and 2) hear about security issues at the biggest exchange and hear the Bitcoin community talk about double-spending; and 3) hear about security issues at other exchanges OP had a few weeks++ to lock the site down and make it secure. Hiring someone after these issues are resolved (what? 1 month? 2 months? and have more BTC stolen?) is not the way to go. You are right, but nobody is perfect. If I had done parts of the program, the platform would stop rather often by checks like if ( $x < 0 ) exit $alert; But yes, then there are a lot of traders, crying about a break of their trading platform. |
|
|
|
|
Armando
|
|
March 04, 2014, 06:28:51 PM |
|
Some of bitoins are stolen, but why the other withdrawals are disabled?
|
|
|
|
|
|
drakoin
|
|
March 04, 2014, 06:28:56 PM |
|
45000 BTC!!!!!!!!!!! Ouch!!!!!!!!!!!!! Total Received 49,949.85811075 BTC So 1N2f642sbgCMbNtXFajz9XDACDFnFzdXzV has received as much as the 10th 9th richest address owns: http://bitcoinrichlist.com/top100Is it possible that 1N2f642sbgCMbNtXFajz9XDACDFnFzdXzV is an exchange? How to know? |
no sign of a signature
|
|
|
jtpeters
Newbie
Offline
Activity: 56
Merit: 0
|
|
March 04, 2014, 06:31:04 PM |
|
dude. "You also agree not to hold any persons or party liable for loss of funds resulting from third party actions". The hacking is a third party action. It's like that south park episode where they don't read the terms and conditions. human centipede.
The law does not care about South Park d00d or a non-binding Terms document reading like it was written by a 5 year-old. |
|
|
|
|
The One
Legendary
Offline
Activity: 924
Merit: 1000
|
|
March 04, 2014, 06:31:26 PM |
|
What i want to know now is how much is kept in the 'hot' and 'cold' wallet.
For every hour of the day there is BTC coming in and BTC going out. Only a small amount is needed in the 'hot' wallet. If someone were to withdraw a large amount, say 5 BTC, and there isn't enough in the 'hot' wallet, then withdrawal should be classed as pending with an email sent explaining that it is pending until physical transfer from the 'cold' wallet is done. It may require a bit more work from Poloniex but at least it will reduce the amount of BTC in the 'hot' wallet, thus improving security and reducing theft. The extra time for one who withdrew 5 BTC would be no more than 20 minutes. Surely we can live with that.
On certain days when there is a huge influx of BTC coming in, huge deposit or Insanity Sunday, there would be a need for more active physical management of BTC by transferring BTC to 'cold' wallet and back to 'hot' wallet, depending on supply and demand.
|
| .....................
........What is C?.........
.............. | ...........ICO Dec 1st – Dec 30th............
............Open Dec 1st- Dec 30th............
...................ANN thread Bounty....................
|
|
|
|
GreekBitcoin
Legendary
Offline
Activity: 1428
Merit: 1001
getmonero.org
|
|
March 04, 2014, 06:32:28 PM |
|
Some of bitoins are stolen, but why the other withdrawals are disabled?
Is it really so difficult for you to understand why? Because everyone would flee and only those that were late fleeing would pay for the loss... this way everyone shares the loss... |
|
|
|
|
|
InsanityDev
|
|
March 04, 2014, 06:32:45 PM |
|
Pretty much the same things were said in the coinmarket threads. It means nothing. It's a reference.
This thread was posted by Tristan, if there was a time to run, this was it - if he had bad intentions, why oh why is still here? and also when multiple people know his full details - he's top results on google with all his personal details going back many many years on the web. |
|
|
|
jtpeters
Newbie
Offline
Activity: 56
Merit: 0
|
|
March 04, 2014, 06:34:54 PM |
|
Personally, I think the owner of Poloniex did the right thing by saying what happened. We have to acknowledge that hackers and exploiters will steal funds time to time and when it does happen, its best to not to go the path of Mt. Gox. When someone does manage to steal funds, we as a community should get together and do our best to track exactly where the stolen money goes and hopefully the money eventually goes to some sort of money exchange service where we can alert the site.
Do you believe they're doing the right thing by: - Continuing to allow deposits but not withdrawls
- not having any notice on their main page OR deposit page
- not immediately sending out a notice to all customers by email
- deducting 12% of coins deposited after the "theft"
Again.. it has been 12+ hours after the incident By Busoni on page 11: About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits. meaningless. "Obviously I should have posted a notice on the Balances page" <--- was not done "but it is not difficult to make an exception for recent deposits." <--- promises nothing |
|
|
|
|
|
