Bitcoin Forum
June 17, 2024, 07:33:46 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Poll
Question: Preferred Method of Recovering Funds
Pay back over time with exchange fees - 112 (33%)
Sell shares of Poloniex, dividends paid from exchange fees - 205 (60.5%)
#1, Plus Return all balances and tax BTC withdrawals by percentage of funds still missing - 22 (6.5%)
Total Voters: 339

Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: POLL: How to Deal with Stolen BTC on Poloniex  (Read 8860 times)
Zangelbert Bingledack
Legendary
*
Offline Offline

Activity: 1036
Merit: 1000


View Profile
March 05, 2014, 01:34:08 PM
 #41

#2, and use Counterparty to issue the shares and dividends. No more centralization than necessary.

Also, consider going to a 2-of-3 signing model where customers must cryptographically sign every movement of their coins, which results in much slower trading but prevents theft. If Poloniex could be the first exchange to do this it could actually be a boon and turn this theft into a positive thing for your company. Imagine if Poloniex became the only exchange where users would have cryptographic proof that their coins could never be stolen, except the actual amount involved in the current trade, which could of course be small-chunked to minimize risk.

I'd trade there myself, because then even with this history of being hacked it wouldn't matter in the slightest - Poloniex would be as secure as Bitcoin itself - and there is a large contingent of people who really don't care about day trading, they just want to make a few trades every couple of days or weeks as new developments arise. This is an unexplored niche and why not have it be Poloniex that pioneers it? A no-trust exchange. I'm sure many people would be happy to provide help with the coding and cryptography side of things as well.
anonuser777
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
March 05, 2014, 04:41:39 PM
 #42

As much as I'd like to get shares of poloniex so we can all share in its rapid growth, you could just make it easy for yourself and consider the money taken from customers as a loan. Pay it back with a good interest rate and timely manner. First priority is to let everyone know how much was taken from their account, and then a clear accounting of how (and when) it will be paid back.
kdrop22
Full Member
***
Offline Offline

Activity: 238
Merit: 100


View Profile
March 05, 2014, 06:10:12 PM
 #43

#2, and use Counterparty to issue the shares and dividends. No more centralization than necessary.

Also, consider going to a 2-of-3 signing model where customers must cryptographically sign every movement of their coins, which results in much slower trading but prevents theft. If Poloniex could be the first exchange to do this it could actually be a boon and turn this theft into a positive thing for your company. Imagine if Poloniex became the only exchange where users would have cryptographic proof that their coins could never be stolen, except the actual amount involved in the current trade, which could of course be small-chunked to minimize risk.

I'd trade there myself, because then even with this history of being hacked it wouldn't matter in the slightest - Poloniex would be as secure as Bitcoin itself - and there is a large contingent of people who really don't care about day trading, they just want to make a few trades every couple of days or weeks as new developments arise. This is an unexplored niche and why not have it be Poloniex that pioneers it? A no-trust exchange. I'm sure many people would be happy to provide help with the coding and cryptography side of things as well.
+1
Spekulatius
Legendary
*
Offline Offline

Activity: 1022
Merit: 1000



View Profile
March 05, 2014, 06:48:03 PM
 #44

#2, and use Counterparty to issue the shares and dividends. No more centralization than necessary.

Also, consider going to a 2-of-3 signing model where customers must cryptographically sign every movement of their coins, which results in much slower trading but prevents theft. If Poloniex could be the first exchange to do this it could actually be a boon and turn this theft into a positive thing for your company. Imagine if Poloniex became the only exchange where users would have cryptographic proof that their coins could never be stolen, except the actual amount involved in the current trade, which could of course be small-chunked to minimize risk.

I'd trade there myself, because then even with this history of being hacked it wouldn't matter in the slightest - Poloniex would be as secure as Bitcoin itself - and there is a large contingent of people who really don't care about day trading, they just want to make a few trades every couple of days or weeks as new developments arise. This is an unexplored niche and why not have it be Poloniex that pioneers it? A no-trust exchange. I'm sure many people would be happy to provide help with the coding and cryptography side of things as well.
+1
+2
Spekulatius
Legendary
*
Offline Offline

Activity: 1022
Merit: 1000



View Profile
March 05, 2014, 07:18:15 PM
 #45

I like Poloniex and want to see it succeed. Busoni is a rare find in this wild west of cryptos. I'm confident he will find a way to make his customers whole.
I think option #2 is the most friendly way to deal with the shortfall. 

There is also option #4. Launch BusoniCoin! Use BusoniCoin as a ProtoShares style asset to issue shares of Poloniex!
If you launch it, I will mine it.
I kinda like the idea of shares as well as BusoniCoin, interesting. and yes I would mine it for a while maybe longer! Smiley

I agree with this. Smiley

Launching a coin with an underlying asset of value is something I am currently working on and if you could pull this off it would be awesome, but there are quite a few technical challenges involved with creating a coin like that. It "should" be possible now or soon with either NXT, Counterparty, Mastercoin or Etherum, but I don't think it has been done successfully yet in the real world?

If it's just another Altcoin clone with no underlying value and no dividends attached to it I think there will be less interest.

One benefit of getting external investors as shareholders in your business is that there will be a lot more people rooting for your success.

You will likely get help from people with a vested in interest in your success in all sorts of ways, apart from the fact that the shareholders will help drive new customers to the exchange.

Check out the Asset table of the Counterparty decentralized exchange (DEX), a lot of user assets have already been created and are being traded:
http://blockscan.com/asset.aspx
xxmalakitexx
Newbie
*
Offline Offline

Activity: 27
Merit: 0


View Profile
March 06, 2014, 03:01:16 AM
 #46

Like that we were informed and security is being fixed. I don't mind the loan as long as users get paid back what was used at the time, with possible interest. I would prefer the shares myself though.
bungholio
Full Member
***
Offline Offline

Activity: 130
Merit: 100


View Profile
March 06, 2014, 03:40:20 AM
 #47

The transparency on this issue is impressive! (mtGox!!).

Tristan, I support the method that keeps the exchange running.  Remember everyone, we're here specifically because these folks are NOT FDIC insured.  Cryptos only survive because of the communities behind them.  

Edit...name spelling...

PMC - 15HQy3xkmZacctxXZp2hrAj6YxKYqNbU9D  PMP - PR6KSyvmRP8GkvopsCbqrzQ68FCv3yEC9L
PreMineCoin # 100% Distribution # 0% Inflation  --  PMP # The next step!
mystix
Member
**
Offline Offline

Activity: 66
Merit: 10


View Profile
March 06, 2014, 03:43:16 AM
Last edit: March 06, 2014, 04:04:42 AM by mystix
 #48

Be careful if you decide to go with the majority rules concept and implement shares. By offering shares you are explcitly doing several things you may not have thought out fully.
1. Giving up some amount of control of your company. To do this at, and because of, the first major crisis is not advisable.
2. You're opening yourself up to a --huge-- new regulatory system. Especially with the amounts of money that are flowing through your company, you could easily be looked at by the FTC, SEC. You better make sure all your paperwork is in order, and that the proper corporate setup is in place. The SEC even gives large companies, with significant resources a good hard time when they mess up the paperwork.
3. This is a process that is known in legal circles, to quote a Harvard paper I'm looking at, as "complex and expensive". You have to know that if you mess this up, and try to 'just offer shares' that you're opening yourself up to some pretty decent lawsuits for mishandling things. This doesn't go away either, since you are in essence offering part ownership of your company, all your decisions from then on are open to scrutiny by shareholders.
4. What are the terms of these shares? What percentage of the company are you offering? What if any shareholder board details are there. etc etc etc.

Ok someone stole some money from your baby. ..from reading the threads on this, many people are ok with your basic repayment plan and leaving it at that. There better be a pretty solid reasoning behind making the solution more complex then that.

Also note that its almost a forgone conclusion that shares would win. Thats like offering to pay back whats owed, or pay back whats owed plus give me part ownership of something that will bring me a lot more profit in the future. ..of course any reasonable profit seeking person is going to take the 2nd option.
RenegadeMind
Copper Member
Hero Member
*****
Offline Offline

Activity: 1380
Merit: 504


THINK IT, BUILD IT, PLAY IT! --- XAYA


View Profile WWW
March 06, 2014, 03:51:09 AM
 #49

Some very good ideas above.

I'm with #2 there - shares.

The mcxNOW model seems to be pretty good.

I also like the Counterparty proposal above. But whether it's done using XCP or Ethereum or whatever makes little difference to me.

The BusoniCoin idea has some merit, but I think the XCP idea is much better. Perhaps a blend of the 2?

Regarding regulatory requirements by the FTC/SEC/alphabet soup kleptocrats, perhaps consider re-incorporating overseas in a friendlier jurisdiction if possible.

Billyboy402
Hero Member
*****
Offline Offline

Activity: 599
Merit: 500


View Profile
March 06, 2014, 04:42:21 AM
 #50

sorry . but your business was hack , so it should be Ur business that take the lost . Image if paypal lost money from a bad employee. We wouldn't stand for our account to be lock or our balance to be touch. Surly Poloniex has made 10% in profit.

Poloniex should declare bankrupt of they cant afford the lost , It time for competent people to start running these type of business.


Your happy when your making huge profits with fees , Making us trust you with our money , then cry when you cant manage your affair.

THIS ACCOUNT WAS HACK > SORRY FOR ANY ONE THAT HAS DEALT WITH THIS ACCOUNT.
happygeorge
Full Member
***
Offline Offline

Activity: 146
Merit: 100


In da Jungle!


View Profile
March 06, 2014, 05:52:38 AM
 #51

+1 for Shares...I'll buy some!  Smiley

PS: I didn't loose anything, I NEVER LEAVE ANYTHING ON EXCHANGES!!!  Trade and REMOVE!!!

Come on dudes! DO IT EVERYTIME!!!
happygeorge
Full Member
***
Offline Offline

Activity: 146
Merit: 100


In da Jungle!


View Profile
March 06, 2014, 05:53:54 AM
 #52

I love the shares with reduced fees idea!

The more shares you own, the lower your trading fees!  Of course, 100% owners MUST have 0% trading fees!!!  Duuuhhhh!!!
hilgi
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250


View Profile
March 06, 2014, 06:05:38 AM
 #53

If you do sell shares, hopefully you will go the blockchain route as opposed to a traditional government issued corporate charter. Also, those of us who lost btc should be given the option to just convert our loss to shares, especially if discounted.
diwangxing
Member
**
Offline Offline

Activity: 60
Merit: 10



View Profile
March 06, 2014, 06:13:15 AM
 #54

IPO Smiley

sherlock421
Newbie
*
Offline Offline

Activity: 38
Merit: 0


View Profile
March 06, 2014, 06:20:55 AM
 #55

I like Poloniex and want to see it succeed. Busoni is a rare find in this wild west of cryptos. I'm confident he will find a way to make his customers whole.
I think option #2 is the most friendly way to deal with the shortfall. 

There is also option #4. Launch BusoniCoin! Use BusoniCoin as a ProtoShares style asset to issue shares of Poloniex!
If you launch it, I will mine it.
I kinda like the idea of shares as well as BusoniCoin, interesting. and yes I would mine it for a while maybe longer! Smiley

I agree with this. Smiley

Launching a coin with an underlying asset of value is something I am currently working on and if you could pull this off it would be awesome, but there are quite a few technical challenges involved with creating a coin like that. It "should" be possible now or soon with either NXT, Counterparty, Mastercoin or Etherum, but I don't think it has been done successfully yet in the real world?

If it's just another Altcoin clone with no underlying value and no dividends attached to it I think there will be less interest.

One benefit of getting external investors as shareholders in your business is that there will be a lot more people rooting for your success.

You will likely get help from people with a vested in interest in your success in all sorts of ways, apart from the fact that the shareholders will help drive new customers to the exchange.

Check out the Asset table of the Counterparty decentralized exchange (DEX), a lot of user assets have already been created and are being traded:
http://blockscan.com/asset.aspx
+1
分布式交易
更牛叉闪闪
and you will Create a new Miracle
because new time you will need new weapon like XCP
xiaoma9hao
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
March 06, 2014, 06:23:51 AM
 #56

Sell shares is a good idea Cheesy
Warren
Member
**
Offline Offline

Activity: 112
Merit: 10


View Profile
March 06, 2014, 06:37:22 AM
 #57

Since there are two threads running but you asked for proposals on how to deal with the issues at hand in this thread I thought I should post my suggestions from the other thread https://bitcointalk.org/index.php?topic=499580.msg5534025#msg5534025 here as well.

From my personal experience and 25 years of business experience, if I was the owner of Poloniex this is what I would do now:

1. Post the stolen balance on each users account so they know what is owed to them. (He has already said he will do this, before it was even suggested)

2. Post a new document on the website detailing all events regarding the hacking of the site and the resulting theft.

I mean things like:

a) The exact time the attack happened.
b) The IP address of the hacker.
c) The exact amount of BTC stolen and the address it was sent to. I know this information is floating around, but I would like to see it posted on the site from Tristan himself.
d) Any other information pertinent to the attack and outlining his proposals for how he plans to deal with the situation.
e) Link this document from the home page so that all users understand what is going on and what is being proposed and/or done.
f) Keep this document updated with new information as it is decided, rather than relying on all his users to have to go through pages and pages with posts on an external forum...

3. Calculate exactly how much BTC he will need to do all of the following (and then add an extra 15% for safety):

a) Reimburse all the stolen BTC from his customers.

b) Hire 2-3 excellent programmers/security experts to help him do an extensive review of his code and operating procedures and come up with solutions to improve the security of the site. (I would suggest trying to get people like Mike Hearn: https://bitcointalk.org/index.php?action=profile;u%3D2700 involved). Judging from some of the comments in this thread it appears as if Poloniex is making some serious mistakes when it comes to security, even in regards to the patches that are currently being implemented.

c) Setup an initial "insurance fund" of let's say 100 BTC (to start with, this will grow, see below) that is kept in cold storage and requires multignatures to release any money from cold storage (Tristan and one more person out of two trusted individuals from the Bitcoin community).

d) Hire a security expert on an ongoing part time basis who will constantly monitor the site and look for any unusual behaviour, as well as keep himself informed of all other hacks and security breaches on other exchanges. This person will setup SMS and email alerts for him and Tristan to immeditaly get informed of anything suspect happening on the site, and constantly monitor and try to improve the security on the site so that Tristan can focus mainly on the building the business.

4. Once he has calculated the funds required to do all of the above, (which I am guessing could be in the 200-300 BTC range), calculate what would be a reasonable percentage of the exchange for Tristan to sell in an IPO, in order for investors to get a decent ROI on their investment.

I don't think this has to be overly generous in order to be successful, assuming that Tristan can show that he is willing to build this business into something big...

Here is a sample calculation of what I mean:

a) Let's say that the average daily turnover on the exchange is currently around 500 BTC and the fees are only bringing in 30 BTC per month. The IPO document may very well state that in order for them to get a good return the exchange has to grow to 2000 BTC turnover and 120 BTC monthly income.

Let's see how an IPO where 40% of the Poloniex is sold in order to raise 200 BTC could look, (assuming that investors believe the exchange can grow to 2000 BTC per month turnover, which I do):

Monthly income: 120 BTC
Monthly operational costs (with new security measures in place, Cloudflare, part time security expert, secure hosting etc.): 60 BTC/month
Monthly return to owners (including Tristan): 60 BTC, of which 40% or 24 BTC/month in this scenario goes to the investors as dividend.
Monthly dividend on a 1 BTC investment (assuming the site can grow to 2000 BTC/month turnover) would be: 0.12 BTC

It would take less than 9 months for an investor to get the entire investment back in the above scenario. If you also assume that Poloniex is still standing and successfully operating in 9 months the value of the shares might also have increased to 1,5 BTC (or more) by that time.

5. In regards to the "insurance fund" mentioned above I suggest that this is something volountary and only for those users who want to take part in it, since it is not a standard feature on any of the current Crypto exchanges as far as I know.

Each user of the site would have the possibility to opt-in to take part of insurance feature anytime they want to, but there would be certain conditions.

Your entire funds may not be insured for example. The total of the fund kept in cold storage will be shown on the "insurance page" and also the amount of BTC that is currently being insured with a percentage shown. So it may very well be that only 55% of your funds are currently insured, but at least then you know that even in a worst-case-scenario where Poloniex is hacked that is the maximum you could lose, quite different from MtGox for example...

There would be conditions imposed on the insured accounts and every insured user would have to follow certain security procedures in order to take part in the insurance scheme.

I mean things like the following:

a) Insured users would have to pay a 50%-100% premium on all trading fees, (0,3% instead of 0,2%).

b) Or perhaps an average of their BTC holdings would be calculated each night and a small percentage of that would be deducted as an insurance fee? This would help reduce the number of people who hold large balances on their accounts for long periods of time without trading it, which would also reduce liability for the site in case of an attack.

b) Every insured user would be required to use 2-factor authentication and a minimum 12 character password.

c) Perhaps insured users would be required to submit the IPs (or at least the IP ranges) that they wish to use to login to their accounts.

d) Whatever other security measures can be implemented to make it as secure as possible.

It is clear that after two successful attacks against Poloniex it will continue to be a prime target for hackers and thieves. Tristan needs to have security as the #1 concern for Poloniex from here on, because regardless of how honest he is and how much integrity he has Polniex may not survive another attack...user confidence will disappear eventually.  Sad

The fact that he has been transparent and forthcoming about the mistakes and what happened, as well as pragmatic in his way of solving it, tells me that there is a good chance this could turn into a great business, but only if he takes the right steps from here and puts security at the forefront of everything from here on...

Tristan, bring in the right people to help you secure the site. You have our confidence that you are honest and trustworthy. Now show that you are also capable of admitting your own weaknesses and bring in the right people to help you.

Just imagine how good we would feel if people like Mike Hearn who said this upthread:

Quote
busoni, you need to shut down Poloniex now and try to make your users whole from your own funds and debt. Do not continue trying to run an exchange. Your post mortem indicates that you do not have sufficient programming ability to handle other peoples money - no mention was even made of database transactions, which are a basic "database programming 101" topic. Your proposed fix of checking for negative balances is wrong and indicates that your code is almost certainly riddled with other exploitable bugs.

Please do the right thing and refund everyones outstanding balances, then wind up your operation.

Imagine if he would come back after your have done the improvements to security and reviews the site and says something along the lines of:

Quote
"Yes, there have been some good improvements, and the site actually looks pretty secure now."


Mike is a security specialist at Google so obviously his demands for what is secure and what is not are going to be fairly high... These are the type of people you need to ask for help in securing Poloniex and making it into one of the top Cryptoexchanges.

I believe in you and I think you can do it!

Good luck! Smiley
coingifts
Full Member
***
Offline Offline

Activity: 198
Merit: 100



View Profile WWW
March 06, 2014, 07:04:43 AM
 #58

Hi Busoni,

Can you reply my question?

Where is my missing XCP?


i bought 6xcp at 2014-02-18 04:25:28, 
 i bought another 1xcp at 2014-02-28 05:46:40

Market   Type   Price   Amount   Total   Date
BTC/XCP   Buy   0.0086   1   0.0086 BTC   2014-02-28 05:46:40
BTC/XCP   Buy   0.00822   6   0.04932 BTC   2014-02-18 04:25:28

i withdraw 5.85XCP  at XCP   
5.825   1HgDX48ypZo5sFncGyCrwT4pp1BBDA8unZ   2014-02-28 06:50:49   COMPLETE: 8719daeafcee00e80f7bc37a518ac7882e2bd89fedb9dd566c778a56d661fa9b

now my balance is 0 XCP. 

where is the missing 1.1xcp? 

yslyung
Legendary
*
Offline Offline

Activity: 1500
Merit: 1002


Mine Mine Mine


View Profile
March 06, 2014, 07:09:21 AM
 #59

just joined your exchange . like the honesty. although i'm not affected. i do support honesty ! i'll be interested if there are shares available.
outolumo
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
March 06, 2014, 09:44:23 AM
 #60

Financial tip: Instead of shares, sell bonds.

In effect you already are selling, but you could easily offer terms that are better for all parties.

Current terms:
- Buying bonds is mandatory, and everyone has to pay for equal amount.
- No interest rate.
- You pay back as soon as possible.

New terms:
- Users will have a choice whether to get more money later or get an immediate access to all their funds.
- You promise to pay back on the account with interest (say 5%) within a time (say 1 year), with a schedule. Given the current interest rates that's a generous offer and should invite some investments.
- When there are enough bonds to cover the the stolen 97 (or so) bitcoins, every account is restored to 100 %. The accounts that sold bonds to the exchange, will be duely reduced. If you think you will need to sell even more bonds (to invest in, say security audit) you may do so, now or at some later time.
- The business runs as usual, but you keep paying the debt by moving bitcoins from the company account to the lenders accounts according to the agreed schedule. No need to make sudden temporary raises to any fees.

This should give:
1) Users, who want to get immediate access to their money just that.
2) Users, who want to simply wait to get more money just that.
3) You a reasonable time to cover your losses.


This is simpler than selling shares because:
1) Selling bonds is faster. You simply need to make a form for the user accounts, where they agree to lend you the money with the given terms (and an apportunity to print a reciept, of course.)
2) Selling bonds is easier. Little paperwork. A simple contract - little legal issues. No bitcoins actually need to be traded make the exchange solvent. It's all in the accounting system of Polonex.
3) Selling shares means a change of ownership, which easily becomes a legal mess. In any case it will take some time and is likely to have overhead expenses. There are also some long term risks for the shareholders. Unless some users are really interested in taking the responsibilities of an owner, like discussing with every other owner on every important decision, and being prepared to making additional investments to secure their assets, this should probably be avoided.

Benefits:
1) Users will soon get what they want and be happy. Polonex will keep a good reputation and stays in business.
2) Users who have bought bonds will actually have an interest to promote the use of the exchange, to increase it's volume and thus make it possible for it to repay the debt.

N.B. Given that the profit of the exchange comes from transaction fees, the interest will be covered by people actually making transactions. This means that people who have bought bonds will not use that money to make any transactions, which in turn means that they will pay relatively less for the total use of the exchange.

How about?
Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!