BTC Stolen from Poloniex

[EuroTrash]

Busoni, can you answer this one single question please:

Did you implement transaction atomicity on withdrawals or not?

[Pete_Time4Meat]

Nice job mate!

+1

[adhitthana]

Busoni, can you answer this one single question please:
Did you implement transaction atomicity on withdrawals or not?

Eurotrash, can you explain transaction atomicity, or link to somewhere that does?

[timmmers]

Busoni, can you answer this one single question please:
Did you implement transaction atomicity on withdrawals or not?

Eurotrash, can you explain transaction atomicity, or link to somewhere that does?

About 10 pages back in this thread

[vlight]

I was able to withraw muh altcoin. Thanks  

[MysticalPotato]

I agree that there are several unanswered questions such as:[/b]

1. Why has a warning not yet been prominently placed on the site to deter further deposits?

2. What is the confirmed address that the funds were sent to, and how much was stolen?

3. Why has no warning email been sent to all registered users informing them of the security breach?

I think the first point is an extremely valid question. People who are unaware of recent developments should be made aware of what they are walking into, instead of suddenly being surprised with the inability to trade or withdraw after making a deposit.

Edit: An advisory just went up on the balance page. Nice.

[prisma]

Trading is back on!

[tlr]

busoni, you need to shut down Poloniex now and try to make your users whole from your own funds and debt. Do not continue trying to run an exchange. Your post mortem indicates that you do not have sufficient programming ability to handle other peoples money - no mention was even made of database transactions, which are a basic "database programming 101" topic. Your proposed fix of checking for negative balances is wrong and indicates that your code is almost certainly riddled with other exploitable bugs.

Please do the right thing and refund everyones outstanding balances, then wind up your operation.

I agree with Mike. Attempting to patch this issue with something called a "negative balance watcher" is a huge red flag.

[timmmers]

Trading is back on!

I get "this account is frozen" /scrap that...busoni is on chat now helping people.

[D05GTO]

Just use Atomic-Trade if want an actual secure trading platform.   Why trust money to these amateur sites?  I just don't get it.

[whoracle]

when xcp whitdrawal working busoni?

[CoinCollectr]

 This is why we are building a #Bitcoin #Startup, help give us a chance at #SXSW http://game.startupbus.com/teams/15

[shdwoflyte]

Busoni, thank you again. You really are a man of your word. I'm sure the stress of going through something like this was overwhelming, and you are handling it great. I wish there are more business owners like you. While the act of getting into debt (for us really) may seem now like a huge liability, I know it will definitely pay off tenfold for you as things progress.

jtpeters, I wish you are nowhere around me (or anyone for that matter) if there's ever an accident or catastrophe. Your ability to control your sense of panic is extremely lacking.

[Lohoris]

The strategy of any magician is misdirection.

All of you are so busy thinking of the 4 "options". Shares? 12%? Raise fees?

All the while, you ignore the pink elephant in the room. The red flags that tell you something is wrong. But your subconscious doesn't want to hear it because we inherently believe in the good of our fellow human being.

The more minutes that pass while 1) there is no notice on the website; and 2) deposits are still being accepted; and 3) no email has gone out to everyone the more likely this is to be a trick in which we have all (willingly, by now) been aparty to.

At first I was too fooled by the apparent transparency and apparent good intentions, but now I admit jtpeters is fully right: this is really unexcusable and a huge sign for obvious scam or incredibly gross incompetence/foolishness.

To the people claiming "he's still here" I'll remind them that every scammer to buy himself some time will "hang around" a little while before actually disappearing.

[EuroTrash]

Busoni, can you answer this one single question please:
Did you implement transaction atomicity on withdrawals or not?

Eurotrash, can you explain transaction atomicity, or link to somewhere that does?

I leave it to this excellent comment on reddit.

[merkin]

Thanks Poloniex,

I have enjoyed using your site

[odotan]

Thank you!!! I was able to withdraw my 10BTC! Thank you so much! I wish Gox were this easy.

https://blockchain.info/tx/c08b81abc8196cec6bf3e41399755567b230e71be089833315fb846427832d88

Thanks for being clear about the recent deposits, and that they should not be deducted. Nothing less than that would be reasonable. Thanks for being reasonable.

However, I would like to make sure that I not only do not lose any of my 10BTC, but also, that they would be withdrawable immediately, or sent back to me immediately. There is no reason to keep them locked up anymore, and there is no reason to delay their refund. I would like to be able to withdraw them immediately, or have them sent back to me immediately on the address I sent them from.

Please send them back and confirm. Thank you.

About recent deposits--it really wouldn't be fair to deduct deposits made after the BTC was taken. Obviously I should have posted a notice on the Balances page, but it is not difficult to make an exception for recent deposits.

I was not aware of this theft, and I stupidly sent in 10 BTC about 7 hours after your twitter announcement

https://blockchain.info/address/16CBhYouzdB4xgxeZ76RjF8wBRimtvMB2k

https://twitter.com/Poloniex/status/440734781689446400

I expect to get the entire 10BTC balance back, and NOT 12.3% less, as I would've expected you to block deposits as well, or at least put up a sign on the front page of the site waring about the hack.

Please confirm that you agree and will do so. Thank you.

[turboblade]

i'm out, thank you

[bobbybobberson]

I was also able to make a trade from ALT coin to Bitcoin and then withdrawal my money.  I was a little worried earlier but, waited it out to see what would happen.  I have to say I'm pretty happy with the way things turned out.  He even knew that a bunch of people would withdrawal their money and let that happen so that to me says he is honest.  I won't trade with him until he says he has gotten the holes completely patched and has hired a security programmer but, after that with this experience I would definitely trade with him again.  I know it is my first post but, you should soon start hearing more and more people saying the same thing.

[mr_random]

The hacker discovered that if you place several withdrawals all in practically the same instant, they will get processed at more or less the same time. This will result in a negative balance, but valid insertions into the database, which then get picked up by the withdrawal daemon.

Are you kidding me? Did you do any research on past Bitcoin exchanges hacks before auditing your code?

That exact same "hack" has been done on multiple exchanges in the past.

Another guy who's created an exchange but yet somehow doesn't know what a database transaction is... unreal.