|
EuroTrash
|
 |
March 04, 2014, 10:10:43 PM |
|
Busoni, can you answer this one single question please:
Did you implement transaction atomicity on withdrawals or not?
|
<=== INSERT SMART SIGNATURE HERE ===>
|
|
|
Pete_Time4Meat
Newbie
 Offline
Activity: 12
Merit: 0
|
|
March 04, 2014, 10:18:36 PM |
|
Nice job mate!
+1
|
|
|
|
|
adhitthana
Legendary
Offline
Activity: 1190
Merit: 1000
|
|
March 04, 2014, 10:25:57 PM |
|
Busoni, can you answer this one single question please:
Did you implement transaction atomicity on withdrawals or not?
Eurotrash, can you explain transaction atomicity, or link to somewhere that does? |
|
|
|
|
|
timmmers
|
|
March 04, 2014, 10:30:36 PM |
|
Busoni, can you answer this one single question please:
Did you implement transaction atomicity on withdrawals or not?
Eurotrash, can you explain transaction atomicity, or link to somewhere that does? About 10 pages back in this thread |
|
|
|
|
vlight
|
|
March 04, 2014, 10:30:54 PM |
|
I was able to withraw muh altcoin. Thanks  |
|
|
|
|
MysticalPotato
Member
Offline
Activity: 91
Merit: 10
Stop the potato genocide!
|
|
March 04, 2014, 10:39:55 PM |
|
I agree that there are several unanswered questions such as:[/b]
1. Why has a warning not yet been prominently placed on the site to deter further deposits?
2. What is the confirmed address that the funds were sent to, and how much was stolen?
3. Why has no warning email been sent to all registered users informing them of the security breach?
I think the first point is an extremely valid question. People who are unaware of recent developments should be made aware of what they are walking into, instead of suddenly being surprised with the inability to trade or withdraw after making a deposit. Edit: An advisory just went up on the balance page. Nice. |
"Politeness induces morality. Serenity of manners requires serenity of mind.” - Julia Ward Howe
Signature space available for a worthy cause
|
|
|
prisma
Newbie
Offline
Activity: 52
Merit: 0
|
|
March 04, 2014, 10:47:17 PM |
|
Trading is back on!
|
|
|
|
|
tlr
Member
Offline
Activity: 86
Merit: 10
|
|
March 04, 2014, 10:53:20 PM |
|
busoni, you need to shut down Poloniex now and try to make your users whole from your own funds and debt. Do not continue trying to run an exchange. Your post mortem indicates that you do not have sufficient programming ability to handle other peoples money - no mention was even made of database transactions, which are a basic "database programming 101" topic. Your proposed fix of checking for negative balances is wrong and indicates that your code is almost certainly riddled with other exploitable bugs.
Please do the right thing and refund everyones outstanding balances, then wind up your operation.
I agree with Mike. Attempting to patch this issue with something called a "negative balance watcher" is a huge red flag. |
|
|
|
|
|
timmmers
|
|
March 04, 2014, 10:58:41 PM |
|
Trading is back on!
I get "this account is frozen" /scrap that...busoni is on chat now helping people. |
|
|
|
|
D05GTO
|
|
March 04, 2014, 11:04:46 PM |
|
Just use Atomic-Trade if want an actual secure trading platform. Why trust money to these amateur sites? I just don't get it.
|
▄████▄
▄████████▄
▄████████████▄
▄████████████████▄
████████████████████ ▄█▄ ▄███▄ ▄███▄ ▄████████████████▀ ▄██████████
▄▄▄▀█████▀▄▄▄▄▀█████▀▄▄▄ ▀██▄ ▄██▀ ▀██▄ ▄██▀ ▀██▄ ▄██▀ ██
▄█████▄▀▀▀▄██████▄▀▀▀▄█████▄ ▀██▄ ▄██▀ ▀██▄ ▄██▀ ▀██▄ ▄██▀ ▄█▄ ▀██████████████▄
████████████████████████████ ▀██▄ ▄██▀ ▀██▄ ▄██▀ ▀██▄ ▄██▀ ▀█▀ ██
▀████████████████████████▀ ▀██▄ ▄██▀ ▀██▄ ▄██▀ ▄█▄ ▀██▄ ▄██▀ ██
▀████████████████████▀ ▀███▀ ▀███▀ ▀█▀ ▀███▀ ▄███████████████████████████████████▀
▀████████████████▀
▀████████████▀
▀████████▀
▀████▀
| ║║
║█
║█
║║ | .
| .
║║
██
║║
| .
| .
║║
██
║║
| .
| ║║
█║
█║
║║ | |
|
|
|
whoracle
Newbie
Offline
Activity: 18
Merit: 0
|
|
March 04, 2014, 11:24:15 PM |
|
when xcp whitdrawal working busoni?
|
|
|
|
|
|
|
shdwoflyte
Newbie
Offline
Activity: 7
Merit: 0
|
|
March 04, 2014, 11:58:48 PM |
|
Busoni, thank you again. You really are a man of your word. I'm sure the stress of going through something like this was overwhelming, and you are handling it great. I wish there are more business owners like you. While the act of getting into debt (for us really) may seem now like a huge liability, I know it will definitely pay off tenfold for you as things progress.
jtpeters, I wish you are nowhere around me (or anyone for that matter) if there's ever an accident or catastrophe. Your ability to control your sense of panic is extremely lacking.
|
|
|
|
|
|
Lohoris
|
|
March 05, 2014, 12:01:25 AM |
|
The strategy of any magician is misdirection.
All of you are so busy thinking of the 4 "options". Shares? 12%? Raise fees?
All the while, you ignore the pink elephant in the room. The red flags that tell you something is wrong. But your subconscious doesn't want to hear it because we inherently believe in the good of our fellow human being.
The more minutes that pass while 1) there is no notice on the website; and 2) deposits are still being accepted; and 3) no email has gone out to everyone the more likely this is to be a trick in which we have all (willingly, by now) been aparty to.
At first I was too fooled by the apparent transparency and apparent good intentions, but now I admit jtpeters is fully right: this is really unexcusable and a huge sign for obvious scam or incredibly gross incompetence/foolishness. To the people claiming "he's still here" I'll remind them that every scammer to buy himself some time will "hang around" a little while before actually disappearing. |
|
|
|
|
EuroTrash
|
|
March 05, 2014, 12:02:19 AM |
|
Busoni, can you answer this one single question please:
Did you implement transaction atomicity on withdrawals or not?
Eurotrash, can you explain transaction atomicity, or link to somewhere that does? I leave it to this excellent comment on reddit. |
<=== INSERT SMART SIGNATURE HERE ===>
|
|
|
merkin
Member
Offline
Activity: 266
Merit: 10
|
|
March 05, 2014, 12:05:46 AM |
|
Thanks Poloniex, I have enjoyed using your site  |
|
|
|
odotan
Newbie
Offline
Activity: 15
Merit: 0
|
|
March 05, 2014, 12:14:41 AM |
|
Thank you!!! I was able to withdraw my 10BTC! Thank you so much! I wish Gox were this easy. https://blockchain.info/tx/c08b81abc8196cec6bf3e41399755567b230e71be089833315fb846427832d88Thanks for being clear about the recent deposits, and that they should not be deducted. Nothing less than that would be reasonable. Thanks for being reasonable. However, I would like to make sure that I not only do not lose any of my 10BTC, but also, that they would be withdrawable immediately, or sent back to me immediately. There is no reason to keep them locked up anymore, and there is no reason to delay their refund. I would like to be able to withdraw them immediately, or have them sent back to me immediately on the address I sent them from. Please send them back and confirm. Thank you.
About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.
|
|
|
|
|
turboblade
Member
Offline
Activity: 115
Merit: 10
|
|
March 05, 2014, 12:31:39 AM |
|
i'm out, thank you
|
|
|
|
|
bobbybobberson
Newbie
Offline
Activity: 1
Merit: 0
|
|
March 05, 2014, 12:35:24 AM |
|
I was also able to make a trade from ALT coin to Bitcoin and then withdrawal my money. I was a little worried earlier but, waited it out to see what would happen. I have to say I'm pretty happy with the way things turned out. He even knew that a bunch of people would withdrawal their money and let that happen so that to me says he is honest. I won't trade with him until he says he has gotten the holes completely patched and has hired a security programmer but, after that with this experience I would definitely trade with him again. I know it is my first post but, you should soon start hearing more and more people saying the same thing.
|
|
|
|
|
mr_random
Legendary
Offline
Activity: 1344
Merit: 1001
|
|
March 05, 2014, 01:11:37 AM |
|
The hacker discovered that if you place several withdrawals all in practically the same instant, they will get processed at more or less the same time. This will result in a negative balance, but valid insertions into the database, which then get picked up by the withdrawal daemon.
Are you kidding me? Did you do any research on past Bitcoin exchanges hacks before auditing your code? That exact same "hack" has been done on multiple exchanges in the past. Another guy who's created an exchange but yet somehow doesn't know what a database transaction is... unreal. |
|
|
|
|
