BTC Stolen from Poloniex

[sarg1960]

An absolute fine example of how these matters should be dealt with. Thats what i call customer care.

[what happened] - [why it happened] - [what the resolution is]

Thankyoumuch.

I agree completely. I tend to just watch and not comment, but thought this needed to be pointed out. All exchanges are really a battle ground between the site's devs and the hackers. This is a very young technology and as such everyone needs to realize that not only is the price of coins a gamble but so is the safety. If you can't or don't want to take any risk, then you really shouldn't be in crypto at all. Alt coins are the hackers new game and it is a game where they can make serious money.
Busoni seems to be a good guy who is doing his best and at least he is not gox.

[adhitthana]

Can the exchange utilize any of these measures?
Statement on Mt.Gox Andreas M. Antonopoulos

http://antonopoulos.com/2014/02/25/statement-on-mt-gox/

Gox represents a the failure of a poorly managed exchange that had full centralized control of customer funds, in custodial accounts, off the bitcoin blockchain. By keeping the funds off the blockchain, Gox removed the protections of transparency and end-user control and replicated the model of a centralized bank without any of the controls and oversight such institutions require.

There is a better way: bitcoin companies can maintain customer funds on the bitcoin blockchain with full transparency and accountability. We can offer client-side key-management solutions that put full control in the hands of the customers and remove them from the control of custodians, be they exchanges, markets or web-wallets. If a bitcoin company keeps custodial access to customer funds (holds their keys), then they can and must offer cryptographic-proof of solvency through the blockchain.

[deuteragenie]

I think just keep original fee and deduce 12.3% btc balance from all accounts until stolen BTC is covered (in 2-3 months). So the exchange will self-recover with the help of all users and no one lost BTC.

+1

A fee increase to 1.5% would likely be self-defeating in that volume would fall drastically. Keen to hear dev's estimate on pay back schedule, based on current earnings. I think he owes us that much...once he's had some sleep

Yes, we realize fully that it will take a % of future profits.  This is the price to pay for this type of things...
=> This should be made "standard" by the BCF and people should only go to exchanges that adopt this guideline.

[papamoi]

why not doing any critical thing like withdrawal manually?

people can wait sometime to get the withdrawal done

but at least we are sure that if there is any mistake it ll be human errors and not some hacks or else

[lonely_mountain]

busoni:

I respect your decision to charge the 12% to us, keep the site alive and pay us back!

Good guy busoni!

When I heard about the hack I went into mourning thinking that the site would close and I'd lose all my coins.

To only lose 12% AND to have it paid back over time is freaking amazing!

THANK YOU!!!

[GordonSSS]

Thank you. I am ok, with that. Does that mean ALL bitcoins are stored online at the site?

It certainly sounds that way, and no mention of cold/offline storage was mentioned in the OP. I would also like to know the answer to this, as storing all funds online is extremely irresponsible.

[DavidT]

This is a very good post ! Thanks.

That being said, I think that the mechanism for 'reparation' should be as such:

Distribute 12.5 % shares of your company to all customers, pro-rata their BTC.
Pay dividends on a frequent basis.
Offer to buy back shares if users so desire.

It would be excellent to have such mechanisms described and agreed for all exchanges...

+1
+2
+3
+xxxxxx

And that is how it should be done, couldn't have said it better.

I appreciate your active approach, but raising the fees? BAD idea, and I doubt "it was suggested by users" - if you do that, you are benefiting from the situation and that does make you look very... So don't go that way.

I didn't check the numbers posted earlier, but if you are cashing in almost 2 grand a day on fees, why are we even discussing this? (serious question)

[sixteendigits]

Well, it is commendable that you are being open and honest and communicating well with the community.  You are handling this situation 1000x better than c-cex did with their hack (which I am still owed 3 BTC from and was just told up to 3 months to replace it).

I think upping the trade fees is a bad idea and will defeat the purpose as trade volume will fall dramatically.  I hold XCP and was perfectly fine with the temporary fee hike in that market, as it was Counterparty's fault it happened and not yours.  It only hurt XCP and those who made the choice to trade in that market.  Upping trade fees on all markets discourages new influx of BTC and new users.

I like the idea of selling fee shares though, and would consider purchasing some because although poloniex may be new and rough around the edges, you continue to prove you are an honest and dedicated guy who is quick to respond to any problems, which gives me confidence in the long term viability of this exchange.

[iampingu]

I don't think I've ever seen so many new accounts hype a hack to be the best thing ever.

It really is mindblowing that you are all commending him for not having the basics right in the first place.

But alas, you'll get paid over time right?

[Buratino]

Dear Busoni!
I am sorry about incident.
Thanks for transparent interpretation of stolen BTC there.
You can start to collect donations for covering exchange losses.
Hope it will be good.

[elrapido80]

I don't think I've ever seen so many new accounts hype a hack to be the best thing ever.

It really is mindblowing that you are all commending him for not having the basics right in the first place.

But alas, you'll get paid over time right?

Finally a response I can agree with is. All this praise for an exchange with such fundamental flaws is incredible. This is why a good exchange needs funding, so you can have this stuff tested, certified and possibly even insured. Just because the way other exchanges deal with hacks is even worse doesn't make this solution a good one.

Hiking up fees: bad idea, it's not the users fault, you're going to lose enough users over this without punishing them through higher fees.
Locking up 12.3% of (the remaining) BTC: bad idea as well as mathematically incorrect. 12.3% of 100 is not the same as 12.3% of 87.7. You fucked up, you never asked people if they would be willing to put up their BTC to cover your mistakes. Take it from all these fanboys who are willing to, not those who aren't.

[turboblade]

I have made a btc deposit that has not yet been credited. Is this related

Where is my btc deposit. 8 confirms on the block chain

[barryzand]

busoni... respect bro... 

[stevenb]

I have made a btc deposit that has not yet been credited. Is this related

Where is my btc deposit. 8 confirms on the block chain

Same problem, over 10 confirms but no pending deposit. Busoni please explain too.

[super3]

Race attack again? Looks like we need a basic hacking an exchange guidebook. This has happened to quite a few exchanges.

[relm9]

Thank you. I am ok, with that. Does that mean ALL bitcoins are stored online at the site?

It certainly sounds that way, and no mention of cold/offline storage was mentioned in the OP. I would also like to know the answer to this, as storing all funds online is extremely irresponsible.

 I would hope only a small % of funds are stored in a hot wallet, otherwise this hack could have been a lot more disastrous than 12.3% had he not caught on soon enough. Would be good if busoni can provide clarification on this.

Anyway, I'm a fan of the exchange and will continue to use it. It seems like Poloniex has went through some insane growth lately which I imagine is all a bit overwhelming. The hack is unfortunate, but he's handling this better than most.

[jaideep1000]

My deposit hasn't appeared either

[HeadsOrTails]

I don't think I've ever seen so many new accounts hype a hack to be the best thing ever.

It really is mindblowing that you are all commending him for not having the basics right in the first place.

But alas, you'll get paid over time right?

Honesty is fantastic.
Competence is even better because some asshole made $50k from a flaw where your system could be overloaded with negatives balances? Why would a negative balance ever be OK?
The new system you describe for future security still needs to notify the admin of unusual activity. How long does it take to steal $50k? Less than the time you're sleeping I'm sure.

I'm sorry, but I was a big Poloniex fan and appreciate the honesty, but for Christs' Sake hire some fucking white hat hackers for $25k and you're already ahead.

[heskey]

Address of the thief https://blockchain.info/address/1Ktq7TE3J5vZ3c99M5weqKfFcNkHQdqPrq
Total loss is around $50,000

If that's indeed him, Googling the address brings up a russian forum with his address... If the site cooperates we can find the guy:
http://2ch-b.ru/2014/03/03/privet-anon-hochu-besplatno-gb-na-drpbx-libo-posovetuj-drugoj-63603242.html

More on this?

[GordonSSS]

Serious mistakes have certainly been made, but I do think it's correct to applaud Poloniex from the perspective of swift, good and effective communication. Being transparent, letting everyone know exactly what happened, and how, is something I would like to see more of.

I don't think I've ever seen so many new accounts hype a hack to be the best thing ever.

It really is mindblowing that you are all commending him for not having the basics right in the first place.

But alas, you'll get paid over time right?