BTC Stolen from Poloniex

[IamNotSure]

busoni, you need to shut down Poloniex now and try to make your users whole from your own funds and debt. Do not continue trying to run an exchange. Your post mortem indicates that you do not have sufficient programming ability to handle other peoples money - no mention was even made of database transactions, which are a basic "database programming 101" topic. Your proposed fix of checking for negative balances is wrong and indicates that your code is almost certainly riddled with other exploitable bugs.

Please do the right thing and refund everyones outstanding balances, then wind up your operation.

This comment was from Mike Hearn, senior developer at google.

And yes mike is right.  The developer of Poloniex have no knowledge about database transactions and handle code in multithreaded environment.

 

Indeed. Poloniex is probably a disaster waiting to happen. All the honesty and hard work of busoni won't change that fact.

He was already warned with the XCP bug exploit and didn't learned the lesson, although he had his get out of jail free card by being was reimbursed of the stolen BTC.

The only question here is : Will the confiscated BTC be repaid before the next disaster ?

[ionux]

busoni, you need to shut down Poloniex now and try to make your users whole from your own funds and debt. Do not continue trying to run an exchange. Your post mortem indicates that you do not have sufficient programming ability to handle other peoples money - no mention was even made of database transactions, which are a basic "database programming 101" topic. Your proposed fix of checking for negative balances is wrong and indicates that your code is almost certainly riddled with other exploitable bugs.

Please do the right thing and refund everyones outstanding balances, then wind up your operation.

This comment was from Mike Hearn, senior developer at google.

And yes mike is right.  The developer of Poloniex have no knowledge about database transactions and handle code in multithreaded environment.

 

Indeed. Poloniex is probably a disaster waiting to happen. All the honesty and hard work of busoni won't change that fact.

He was already warned with the XCP bug exploit and didn't learned the lesson, although he had his get out of jail free card by being was reimbursed of the stolen BTC.

The only question here is : Will the confiscated BTC be repaid before the next disaster ?

Guys this was not a Mark K/Mt Gox type of situation.  Busoni was sharp enough to discover the hack and take measures to ensure more wasn't stolen.  Mike Hearn's comments were more "talking-down" than helpful, quite honestly.  I've read his comments on the Mt Gox situation and they were nowhere as harsh as the comment above even though the Mt Gox fiasco was several orders of magnitude larger.  The point that I'm trying to make is, everyone seems to be an armchair quarterback with the code running these exchanges.  However, the people that seem to know best aren't actually helping these exchanges get better. 

The industry average is ~ 10 to 20 bugs per 1k LOC and it's probably fair to state that bitcoind has more lines of code than a small web-based exchange, like Poloniex...    All of the finger pointing needs to stop and the community needs to help these exchanges get better.

[InsanityDev]

busoni, you need to shut down Poloniex now and try to make your users whole from your own funds and debt. Do not continue trying to run an exchange. Your post mortem indicates that you do not have sufficient programming ability to handle other peoples money - no mention was even made of database transactions, which are a basic "database programming 101" topic. Your proposed fix of checking for negative balances is wrong and indicates that your code is almost certainly riddled with other exploitable bugs.

Please do the right thing and refund everyones outstanding balances, then wind up your operation.

This comment was from Mike Hearn, senior developer at google.

And yes mike is right.  The developer of Poloniex have no knowledge about database transactions and handle code in multithreaded environment.

I do have sufficient programming ability to secure the exchange, and will be doing this with Tristan next week.

[billotronic]

busoni, you need to shut down Poloniex now and try to make your users whole from your own funds and debt. Do not continue trying to run an exchange. Your post mortem indicates that you do not have sufficient programming ability to handle other peoples money - no mention was even made of database transactions, which are a basic "database programming 101" topic. Your proposed fix of checking for negative balances is wrong and indicates that your code is almost certainly riddled with other exploitable bugs.

Please do the right thing and refund everyones outstanding balances, then wind up your operation.

This comment was from Mike Hearn, senior developer at google.

And yes mike is right.  The developer of Poloniex have no knowledge about database transactions and handle code in multithreaded environment.

  

holy fuck get out of town! some lackey for the great satan of our age says shit is fucked? I have to go change my diaper cause I am shitting my pants. Hows about the cunts at google stick to war profiteering from the internets and our privacy and leave the cryptos to us delusional asses.

Next lets get some zombie Rocefeller's to give financial advice. What the fuck are you dumb shits thinking?

[bitfromit]

It is understandable. People are on a very fine trigger since mtg. Keep cool guys.

[sumantso]

Can I deposit BTC and trade? If I do, will a part of those BTCs be eaten too?

[booovean]

Can I deposit BTC and trade? If I do, will a part of those BTCs be eaten too?

I wouldn't if I were you.

Mostly because I sent a deposit of Coino coins over an hour ago... they are yet to appear in my balance...

[smoothie]

busoni, you need to shut down Poloniex now and try to make your users whole from your own funds and debt. Do not continue trying to run an exchange. Your post mortem indicates that you do not have sufficient programming ability to handle other peoples money - no mention was even made of database transactions, which are a basic "database programming 101" topic. Your proposed fix of checking for negative balances is wrong and indicates that your code is almost certainly riddled with other exploitable bugs.

Please do the right thing and refund everyones outstanding balances, then wind up your operation.

This comment was from Mike Hearn, senior developer at google.

And yes mike is right.  The developer of Poloniex have no knowledge about database transactions and handle code in multithreaded environment.

 

Indeed. Poloniex is probably a disaster waiting to happen. All the honesty and hard work of busoni won't change that fact.

He was already warned with the XCP bug exploit and didn't learned the lesson, although he had his get out of jail free card by being was reimbursed of the stolen BTC.

The only question here is : Will the confiscated BTC be repaid before the next disaster ?

Guys this was not a Mark K/Mt Gox type of situation.  Busoni was sharp enough to discover the hack and take measures to ensure more wasn't stolen.  Mike Hearn's comments were more "talking-down" than helpful, quite honestly.  I've read his comments on the Mt Gox situation and they were nowhere as harsh as the comment above even though the Mt Gox fiasco was several orders of magnitude larger.  The point that I'm trying to make is, everyone seems to be an armchair quarterback with the code running these exchanges.  However, the people that seem to know best aren't actually helping these exchanges get better. 

The industry average is ~ 10 to 20 bugs per 1k LOC and it's probably fair to state that bitcoind has more lines of code than a small web-based exchange, like Poloniex...    All of the finger pointing needs to stop and the community needs to help these exchanges get better.

Finger pointing is justified by his fuck up. No one needs to help him get his broken exchange working better. It isn't anyone's responsibility but his to get it working properly.

Taking the victim mentality on Mike's comments rather than taking wisdom from it is foolish.

[y3804]

Can I deposit BTC and trade? If I do, will a part of those BTCs be eaten too?

Bump. I want to know this too.

If I deposit 1BTC, will I get 1BTC in my Poloniex account or will Poloniex deduct 12% from the 1BTC?

[smoothie]

Can I deposit BTC and trade? If I do, will a part of those BTCs be eaten too?

Bump. I want to know this too.

If I deposit 1BTC, will I get 1BTC in my Poloniex account or will Poloniex deduct 12% from the 1BTC?

If you have to ask that question why are you even considering sending funds to that exchange?

For me, if I had to question the outcome of my deposit on to an exchange I would not be using them. Period.

[manav1112]

I want to deposit about 0.5 btc so that I can invest in Myriad Coin. However would it be safe to deposit in this exchange?

[sumantso]

Can I deposit BTC and trade? If I do, will a part of those BTCs be eaten too?

Bump. I want to know this too.

If I deposit 1BTC, will I get 1BTC in my Poloniex account or will Poloniex deduct 12% from the 1BTC?

If you have to ask that question why are you even considering sending funds to that exchange?

For me, if I had to question the outcome of my deposit on to an exchange I would not be using them. Period.

Because they are the only exchange which lists the coin I want to buy?

People are not stupid. If they want to put in money after being aware of the risk, there must be some big potential gain.

[JakeThePanda]

Can I deposit BTC and trade? If I do, will a part of those BTCs be eaten too?

Bump. I want to know this too.

If I deposit 1BTC, will I get 1BTC in my Poloniex account or will Poloniex deduct 12% from the 1BTC?

I just made a deposit.  i will let you know the outcome.

[Lohoris]

People are not stupid.

I beg to differ.

This so-called exchange accepts deposits but often withdrawals are blocked, is still unclear about who's gonna review the code, and the likely answer is "nobody", and still people are sending money there.

Furthermore, just look at the dozens of posts from stupid users "hey were's my money, hey there, hey that", like they just either didn't bother to read anything and just wrote their stupid post, or they did read and somehow their so-called brain is letting them believe that writing their post will actually serve any purpose.

[tageeboy]

Which coin would you like to buy. I either have it or can get it. Save your money, putting money into something like this is like giving money to the guy holding a sign "will work for food" and expecting him to cut your grass. Message me if you are looking for coins, can use escrow to protect your funds. Much safer than this.

Not dinging the site dev but we all can't be engineers. Remember each time an exchange or other crypto currency related site is damaged, hacked, or robbed it impacts the overall legitimacy of the CC markets. When someone much more skilled than you says sorry buddy, your PM makes it obvious you are in over your head, get out now. It is a warning that more pain is coming. The sad thing is the users on the site are the ones who will feel the pain, not him. Perfect example. The recent btc loss did not come out of his pocket, it came out of every user on the site paying for his mistakes. Until that money is refuneded to each person and the slate is clean this site deserves to be on the "dirty dining' list of exchanges. Hey, now that is a site to make! The rate site of scam pools and exchanges. Sort of like a chamber of commerce (without the political ties) for our currency markets.

Can I deposit BTC and trade? If I do, will a part of those BTCs be eaten too?

Bump. I want to know this too.

If I deposit 1BTC, will I get 1BTC in my Poloniex account or will Poloniex deduct 12% from the 1BTC?

If you have to ask that question why are you even considering sending funds to that exchange?

For me, if I had to question the outcome of my deposit on to an exchange I would not be using them. Period.

Because they are the only exchange which lists the coin I want to buy?

People are not stupid. If they want to put in money after being aware of the risk, there must be some big potential gain.

[grifferz]

So many people in this topic dying to resume sending coins here despite the shockingly poor level of understanding displayed by the operator.

I wonder if these same people will be crying, "don't be mean, how were we meant to know Poloniex was bad, it was mostly okay for ages!" at some point in the near future.

Anyone planning to use this service needs to list off the unique selling features—things that no other exchange can offer today—and weigh those up against the incredibly high risk of placing your funds in the care of someone that demonstrably does not know what they are doing.

I personally cannot imagine what it is that Poloniex offers that could make it worth the risk but I'll assume all those clamouring to throw their money at it do and have done their own risk assessment.

Because there will be no saying that they weren't warned, later on.

[bookbuster]

I do my business at Poloniex because I like it.

UNIQUE to Poloniex is that he trades XCP which no other exchange can do because they are stupider than Poloniex and content to just keep adding shill coins because it makes money.

Poloniex makes the effort to be the first exchange in the world to offer something.  And nobody gives him credit.

Its not coming to an exchange near you because your exchange of choice is stupid and slow so eveybody trades alt coins, and pretends its not a bubble.

OK man, I'll stick to Poloniex

How flustered are you btw?   

[Biomech]

Can I deposit BTC and trade? If I do, will a part of those BTCs be eaten too?

I am not currently a customer, so take it for what it's worth. However, Busoni said it would only affect the balances at the time the bug was discovered, nothing later. I have no idea how many people that affected, but it's not supposed to carry forward. Also, I'm nearly certain that he had said it ONLY affected BTC, not any other coin. Though there were some issues with alt-coin functionality for a few days.

[DeathAndTaxes]

The industry average is ~ 10 to 20 bugs per 1k LOC and it's probably fair to state that bitcoind has more lines of code than a small web-based exchange, like Poloniex...    All of the finger pointing needs to stop and the community needs to help these exchanges get better.

This isn't a "bug", it is a fundamental flaw in how financial data should be processed.  Mike was being truthful when he said it is "database 101".  It wasn't that the site used transactions to ensure that withdraws were ACID compliant and there was bug on an edge case which resulted in them not being so.  There was no transactions used at all.   The proposed solution was more broken design (as opposed to just broken code) to check existing broken design.

The exchange WILL be robbed again.  It is merely a matter of when not if.

[Biomech]

The industry average is ~ 10 to 20 bugs per 1k LOC and it's probably fair to state that bitcoind has more lines of code than a small web-based exchange, like Poloniex...    All of the finger pointing needs to stop and the community needs to help these exchanges get better.

This isn't a "bug", it is a fundamental flaw in how financial data should be processed.  Mike was being truthful when he said it is "database 101".  It wasn't that the site used transactions to ensure that withdraws were ACID compliant and there was bug on an edge case which resulted in them not being so.  There was no transactions used at all.   The proposed solution was more broken design (as opposed to just broken code) to check existing broken design.

The exchange WILL be robbed again.  It is merely a matter of when not if.

What would you suggest? That's not snark, you seem to have your head on in a lot of areas. I'm not a programmer, so I got nothing to offer. But Poloniex is often the first exchange for a new coin, and they do have a good reputation overall. I was in fact about to register there when this came down. I can't risk it till this is resolved, but I would like to see it resolved.