DeathAndTaxes
Donator
Legendary
 Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
 |
March 09, 2014, 07:16:06 PM
Last edit: March 09, 2014, 07:26:35 PM by DeathAndTaxes |
|
What would you suggest? That's not snark, you seem to have your head on in a lot of areas. I'm not a programmer, so I got nothing to offer. But Poloniex is often the first exchange for a new coin, and they do have a good reputation overall. I was in fact about to register there when this came down. I can't risk it till this is resolved, but I would like to see it resolved.
If the operator was interested in truly doing the right thing, he would take the whole thing offline and spend a couple months learning what he should have known before he started. The spend a couple months building it right from the ground up. Before the launch he could launch a test site with dummy accounts and data and offer a security challenge ( https://www.crowdcurity.com/ )*. As for where to start, based on the responses given by the operator himself he lacks even the basic knowledge on proper database design and operation. Sorry if that is "harsh" but it is the reality. This isn't a "one wrong line of code" issue. He should start with a book which teaches fundamental concepts about how relational databases work. Normally I would recommend a freshman computer science book on database design and operation but honestly they are way overpriced (as all academic books are) and excessively wordy. Something like the following would be a good proxy: http://www.amazon.com/Database-Design-Mere-Mortals-Relational/dp/0321884493/The idea that an experienced developer should either "shut up and stop being mean" or help the guy build it right for free is a false dichotomy. Top developers generally make $150K to $200K a year. If the site operator is willing to offer $80 a hour I am sure someone qualified would be willing to mentor him. However based on his responses to the problem that money would likely be wasted at this point. You can't just slap some additional code on a flawed design and expect it to be secure. The entire transaction processing engine probably needs to be rebuilt from the ground up to be ACID compliant. Due to the scope of the problem we don't know what other problems exist but I doubt the code in other critical areas (authentication and authorization) is better. For the record I am not saying "don't use the site" or "you are an idiot for using the site". I am a libertarian, I don't really feel it is my business what you do with your money. However please don't be surprised when it happens again. * Before I get accused of "do as I say not as I do, BitSimple will be launching a challenge soon. |
|
|
|
|
|
grifferz
|
|
March 09, 2014, 07:29:19 PM |
|
What would you suggest?
I'm in agreement with DeathAndTaxes and Mike Hearn that this exchange needs to return everyone's money and shut down. If the operator wants to continue running it as soon as possible then I think at minimum: - They need to hire someone to do an audit of existing code, and have the exchange shut down while that is happening.
- A report of the code audit should be publicly released, any deficiencies found should be fixed or mitigated until there is time for a proper fix.
- An experienced developer should be hired to do the bulk of the work in future.
This is not a project for which the operator should be learning on the job. The difficulty with the above will be reassuring the customer base that it's actually happening and that properly competent auditors and coders have been hired. If there's not enough profit in Poloniex to support this then I don't see that there is any way forward but to shut it down. Unfortunately there are so many unconditionally trusting people in this thread that the temptation will be huge for the operator to do none of this, or just pay lip service to it, because it looks like very few customers will be lost in the short term. |
|
|
|
|
|
schiavonxv
|
|
March 09, 2014, 09:58:27 PM |
|
I didn't know about the stolen and yesterday I deposited 100000USDE.
So far not confirmed anything.
It's right?
|
|
|
|
arielbit
Legendary
Offline
Activity: 3416
Merit: 1059
|
|
March 10, 2014, 01:15:17 AM |
|
i think we are getting paid little by little..check your balances
|
|
|
|
|
smoothie
Legendary
Offline
Activity: 2492
Merit: 1473
LEALANA Bitcoin Grim Reaper
|
|
March 10, 2014, 01:50:01 AM |
|
Can I deposit BTC and trade? If I do, will a part of those BTCs be eaten too?
Bump. I want to know this too. If I deposit 1BTC, will I get 1BTC in my Poloniex account or will Poloniex deduct 12% from the 1BTC? If you have to ask that question why are you even considering sending funds to that exchange? For me, if I had to question the outcome of my deposit on to an exchange I would not be using them. Period. Because they are the only exchange which lists the coin I want to buy? People are not stupid. If they want to put in money after being aware of the risk, there must be some big potential gain. They? You mean you? Weren't you the one asking? Like I said, if I had to ask I wouldn't use them despite them being the only one trading a particular coin. |
███████████████████████████████████████
,╓p@@███████@╗╖,
,p████████████████████N,
d█████████████████████████b
d██████████████████████████████æ
,████²█████████████████████████████,
,█████ ╙████████████████████╨ █████y
██████ `████████████████` ██████
║██████ Ñ███████████` ███████
███████ ╩██████Ñ ███████
███████ ▐▄ ²██╩ a▌ ███████
╢██████ ▐▓█▄ ▄█▓▌ ███████
██████ ▐▓▓▓▓▌, ▄█▓▓▓▌ ██████─
▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌
▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─
²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩
▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀
²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀`
²²²
███████████████████████████████████████
| . ★☆ WWW.LEALANA.COM My PGP fingerprint is A764D833. History of Monero development Visualization ★☆ .
LEALANA BITCOIN GRIM REAPER SILVER COINS.
|
|
|
|
BreakoutCoins
Newbie
Offline
Activity: 34
Merit: 0
|
|
March 10, 2014, 03:15:43 AM |
|
I wish Karpeles is just as honest & transparent as you do.
Amen |
|
|
|
|
MysticalPotato
Member
Offline
Activity: 91
Merit: 10
Stop the potato genocide!
|
|
March 10, 2014, 03:35:12 AM |
|
i think we are getting paid little by little..check your balances
Just checked - received about 5.8% of my deducted balance. Also, to anyone wondering, I placed a BTC deposit yesterday to purchase some PTS, and and a few hours later made a successful withdrawal to Cryptsy. |
"Politeness induces morality. Serenity of manners requires serenity of mind.” - Julia Ward Howe
Signature space available for a worthy cause
|
|
|
|
pinoyminer1977
|
|
March 10, 2014, 06:53:24 AM |
|
Yap, me too I have checked today and payed me a little  , can someone tell me if BTC withdrawals are going through, please....don't want to risk a small amount anymore....thank you |
|
|
|
|
|
ontopicplease
|
|
March 10, 2014, 08:26:32 AM |
|
Hi , I got 2 deposits not arrived after 24 hours can poloniex look into this. because I want to sell these coins.
USDE withdrawal to GKv8uag39gxuRpWw9eTSgwfhsX4RdfNeq7
Transaction id: 4f2941d993b4b49934b4b0ffe614705ba8a9bec7414bda755ead683f1b286a7f
RDD withdrawal to RuxubS3oPumpyH6wsQysTQA34jjaCx6ZCt
Transaction id: c29f5e383be9b440901ea1e9131f65bf361b0e3a832fd8842767e4505e9eb0ac
thanks for your time.
|
|
|
|
|
|
flipNstack
|
|
March 10, 2014, 10:18:51 AM |
|
sounds like karples reincarnated... I hate bastards that allow deposits but not withdraws, only bastards do something like that.
|
|
|
|
|
ScroogeD
Member
Offline
Activity: 70
Merit: 10
█ Scrooge D Silver █
|
|
March 10, 2014, 03:24:50 PM
Last edit: March 10, 2014, 04:14:15 PM by ScroogeD |
|
Damn, I just deposited some BTC to Poloniex and read about this.  Will it be added to my balance?? edit: It was added. Thank god... |
BTC & LTC #DOGE #DRK #HUC #VTC
Blacklist #Maxcoin - Amateur Devs with ignorant JP Morgan Keiser
|
|
|
bbeagle
Member
Offline
Activity: 63
Merit: 10
|
|
March 10, 2014, 05:20:56 PM |
|
Someday one of these exchanges will be strong-armed by someone who is not used to dealing with someone taking/losing their money.
Imagine a drug dealer who uses your exchange. You 'lose' 12% of their money. I imagine that it wouldn't be too pretty for an exchange owner in that case. It seems that most people here don't really mind losing 12% of their money though.
|
|
|
|
|
Majormax
Legendary
Offline
Activity: 2534
Merit: 1129
|
|
March 10, 2014, 06:03:25 PM |
|
I have been repaid the first small instalment of the 12% BTC 'lost' .
The exchange has behaved properly and openly as far as I can see.
|
|
|
|
|
|
flipNstack
|
|
March 10, 2014, 07:28:59 PM |
|
loss/theft was due to the exchanges incompetence, this is not the customers fault. If the theft was only 50k and this guy running an exchange cant pay 50k back, then he is a liar and has no business running this company.
I mean when the exchange is doing good, he is not sharing those profits with his customers. By the same token if his exchange is having problems then he shouldn't make the customers pay for it in any way.
People should show a little more anger, instead of thanking the guy for his incompetence
|
|
|
|
|
Majormax
Legendary
Offline
Activity: 2534
Merit: 1129
|
|
March 10, 2014, 08:41:49 PM
Last edit: March 10, 2014, 08:56:24 PM by Majormax |
|
loss/theft was due to the exchanges incompetence, this is not the customers fault. If the theft was only 50k and this guy running an exchange cant pay 50k back, then he is a liar and has no business running this company.
I mean when the exchange is doing good, he is not sharing those profits with his customers. By the same token if his exchange is having problems then he shouldn't make the customers pay for it in any way.
People should show a little more anger, instead of thanking the guy for his incompetence
When you have a bit of experience in this business, you might show a little humility. You are a whingeing negative force.. that is more annoying IMO. Better to pull together and trust people's motives until really proven otherwise. |
|
|
|
|
Majormax
Legendary
Offline
Activity: 2534
Merit: 1129
|
|
March 10, 2014, 08:54:22 PM |
|
What I would ask the manager of Poloniex (Tristan) in a positive way, is , Do you honestly think it might be desirable for the exchange code to be rewritten in a new framework ?
Future security is important for the confidence of everyone involved.
|
|
|
|
|
|
semajjames
|
|
March 11, 2014, 01:00:09 AM |
|
What I would ask the manager of Poloniex (Tristan) in a positive way, is , Do you honestly think it might be desirable for the exchange code to be rewritten in a new framework ?
Future security is important for the confidence of everyone involved.
this bank is broken i just withdraw BTC ,,, and the withdraw address changed ,,,, i have NO % EDIT % |
|
|
|
|
enzz0
Newbie
Offline
Activity: 15
Merit: 0
|
|
March 11, 2014, 01:11:37 AM |
|
Hi admin!
Plz check my Deposit usde issue with my user id: dattq2@gmail.com:
why i don't see my USDe in my balance?
Status: 52 confirmations
Date: 3/10/2014 22:51
To: poloniex.com GXMc7TB6cQQ1QZsfrA2Cb3Sj4hT5WBHPeV
Debit: -97490.00 USDE
Transaction fee: -1.20 USDE
Net amount: -97491.20 USDE
Transaction ID: 02e5335f9176a05367991f1217a195632b2f367c2d374b6c9f53126bbef67874
thanks you
|
|
|
|
|
Majormax
Legendary
Offline
Activity: 2534
Merit: 1129
|
|
March 11, 2014, 01:56:34 AM |
|
I really have to say I don't find any problem with functions, withdrawal and deposit working OK.
|
|
|
|
|
JohnnyDaMitch
Member
Offline
Activity: 135
Merit: 10
|
|
March 11, 2014, 02:33:11 AM |
|
I really have to say I don't find any problem with functions, withdrawal and deposit working OK.
Same here. New customer since after the theft occurred. I was hesitant, but the way this has been implemented the payback mechanism being discussed here does not at all affect business done after this all went down. Just FYI |
|
|
|
|
|
