Bitcoin Forum
November 17, 2024, 01:20:29 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: « 1 2 3 4 5 6 [7] 8 9 10 »  All
  Print  
Author Topic: OpenEx to be shut down[Hacked]  (Read 14906 times)
smeagol
Legendary
*
Offline Offline

Activity: 1008
Merit: 1005



View Profile
March 19, 2014, 07:48:11 PM
 #121


Yes, we sent you a portion of what you are owed. this means you are still owed .42

in case you aren't aware, we were hacked, so its impossible for us to payout everyones withdrawals at this time, but we make an effort not to cheat anyone
Has anyone heard from the OP lately? Thanks Smiley

Yes, i'm still here. if you need to contact me directly, send me an email at admin@openex.pw for a way to contact me directly via Skype.

This is really sad, there seems to have been alot of work put into OpenEX. It's like every day there is an exchange hacked.

So far only these 3 seem to be secure enough to not be hacked:

-Bistamp
-Cryptsy
-MCxNow

yeah there was. the accusations being thrown about me in this thread are ridiculous, and not rooted in fact at all.

@r3wt, may I see the source code?  PM me please

What are your intentions for the source code?

i would like to see the engine so i can write my own exchange software
r3wt (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 504


always the student, never the master.


View Profile
March 19, 2014, 07:55:53 PM
 #122


Yes, we sent you a portion of what you are owed. this means you are still owed .42

in case you aren't aware, we were hacked, so its impossible for us to payout everyones withdrawals at this time, but we make an effort not to cheat anyone
Has anyone heard from the OP lately? Thanks Smiley

Yes, i'm still here. if you need to contact me directly, send me an email at admin@openex.pw for a way to contact me directly via Skype.

This is really sad, there seems to have been alot of work put into OpenEX. It's like every day there is an exchange hacked.

So far only these 3 seem to be secure enough to not be hacked:

-Bistamp
-Cryptsy
-MCxNow

yeah there was. the accusations being thrown about me in this thread are ridiculous, and not rooted in fact at all.

@r3wt, may I see the source code?  PM me please

What are your intentions for the source code?

i would like to see the engine so i can write my own exchange software

its nothing special about 12 lines of code really. here' ill get it for you.


Code:
/**(c)2013-14 Justin Gillett, OpenEx.pw -- All Rights Reserved.**/
require_once("../models/config.php");
include("../models/class.trade.php");
$sell = mysql_query("SELECT * FROM trades WHERE `From`<>`Type` LIMIT 1000000000000");
$num = mysql_num_rows($sell);
echo $num;
for ($i = 0; $i < $num; $i++) {
   $id = mysql_result($sell,$i,"Id");
   if($id != 0)
   {
                //the actual trade execution
$trade = new Trade($id);
$trade->GetEquivalentTrade();
$trade->ExecuteTrade();
   }
}

to run it, simply use a shell script(this example runs on 1 second intervals @ roughly 280 mb/s):

Code:
#!/bin/bash
while :

do
sleep 1
 wget http://127.0.0.1/path/to/system/cronjob1.php -O Temp --delete-after

done

My negative trust rating is reflective of a personal vendetta by someone on default trust.
hoju2k
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
March 20, 2014, 01:57:23 AM
 #123

r3wt: Could you help me please? I withdrew 128486.197386680 EBT couple of days ago, never appeared on my wallet. Filled a ticket but got no response. User hoju2k2.
Thank you.

yes i will look into it



Any news on this? Now I can't even access the website "ip address is banned. You can appeal this decision by contacting an administrator at admin@openex.pw"

as i said i will look into it. i'm in the process of removing that ban since it only seems to catch legitimate users anyway.

Hi, did you have the time to look at it? Thanks.
r3wt (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 504


always the student, never the master.


View Profile
March 20, 2014, 02:52:14 AM
 #124

r3wt: Could you help me please? I withdrew 128486.197386680 EBT couple of days ago, never appeared on my wallet. Filled a ticket but got no response. User hoju2k2.
Thank you.

yes i will look into it



Any news on this? Now I can't even access the website "ip address is banned. You can appeal this decision by contacting an administrator at admin@openex.pw"

as i said i will look into it. i'm in the process of removing that ban since it only seems to catch legitimate users anyway.

Hi, did you have the time to look at it? Thanks.

Damnit, no i forgot again. have you tried to login again? you've been unbanned a long time

My negative trust rating is reflective of a personal vendetta by someone on default trust.
hoju2k
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
March 20, 2014, 06:57:30 AM
 #125

Yes, I can login now, but the ETB are still missing.
r3wt (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 504


always the student, never the master.


View Profile
March 20, 2014, 09:02:08 AM
 #126

ATTENTION:

my cellphone quit working, and i cannot login to my normal email account(the one used for support) which is protected by 2fa. so in the meantime,if you need to contact with me about anything support related, please use the following email address


admin @ openex.pw


My negative trust rating is reflective of a personal vendetta by someone on default trust.
dbt1033
Legendary
*
Offline Offline

Activity: 1274
Merit: 1000



View Profile
March 20, 2014, 09:43:15 AM
 #127



And



I know firsthand how horrible it can be to lose your coins.  You guys can put 2 and 2 together on your own.  r3wt said himself that he was once a bottomfeeder and "knows" a scam when he sees one. 

I wish the best to all of you.

I've been trading at Atomic-Trade recently.  They have an extended SSL certificate.  Coinbase doesn't even have one.

The owner is actually a nice/honest guy too, and he has regular security audits done to ensure his customer's safety.  Here is the most recent one:



It's time for exchanges to take a security-first approach to ensure this doesn't keep happening.
dbt1033
Legendary
*
Offline Offline

Activity: 1274
Merit: 1000



View Profile
March 20, 2014, 09:47:01 AM
 #128

And by the way, r3wt has plenty of btc to pay you all out of his own pocket. 

He's just not that kind of guy.
coiner8
Member
**
Offline Offline

Activity: 65
Merit: 10


View Profile
March 20, 2014, 12:38:38 PM
 #129

r3wt has yet to show ANY proof whatsoever that there was a theft.  He claims 34 BTC were taken.  So, where are the transactions in the blockchain?  Not some internal accounting, not a copy+paste on pastebin, actual verifiable transactions.  If there was a theft, there are transactions.  Period.
r3wt (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 504


always the student, never the master.


View Profile
March 20, 2014, 12:40:29 PM
 #130

r3wt has yet to show ANY proof whatsoever that there was a theft.  He claims 34 BTC were taken.  So, where are the transactions in the blockchain?  Not some internal accounting, not a copy+paste on pastebin, actual verifiable transactions.  If there was a theft, there are transactions.  Period.

there wasn't a theft of 34 btc, nor did i ever claim it. just a 34 btc discrepancy. fuck off.

My negative trust rating is reflective of a personal vendetta by someone on default trust.
milly6
Legendary
*
Offline Offline

Activity: 1632
Merit: 1010



View Profile WWW
March 20, 2014, 11:35:54 PM
 #131

r3wt has yet to show ANY proof whatsoever that there was a theft.  He claims 34 BTC were taken.  So, where are the transactions in the blockchain?  Not some internal accounting, not a copy+paste on pastebin, actual verifiable transactions.  If there was a theft, there are transactions.  Period.

there wasn't a theft of 34 btc, nor did i ever claim it. just a 34 btc discrepancy. fuck off.

r3wt... theft is theft  Huh

Eyes open, No Fear. Be Safe! Trinity: Currency Without Bias
hoju2k
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
March 21, 2014, 12:05:09 AM
 #132

r3wt: Could you help me please? I withdrew 128486.197386680 EBT couple of days ago, never appeared on my wallet. Filled a ticket but got no response. User hoju2k2.
Thank you.

yes i will look into it



Any news on this? Now I can't even access the website "ip address is banned. You can appeal this decision by contacting an administrator at admin@openex.pw"

as i said i will look into it. i'm in the process of removing that ban since it only seems to catch legitimate users anyway.

Hi, did you have the time to look at it? Thanks.

Damnit, no i forgot again. have you tried to login again? you've been unbanned a long time

EBT received, thank you.
triplef
Full Member
***
Offline Offline

Activity: 338
Merit: 100


https://eloncity.io/


View Profile
March 21, 2014, 01:20:46 AM
 #133

WTF did you run an exchange on open source you got from github ?

FUCK SAKES......

anyone / everyone could of hacked you, they had all the keys.


dbt1033
Legendary
*
Offline Offline

Activity: 1274
Merit: 1000



View Profile
March 21, 2014, 02:11:46 AM
 #134

Here's what really bugs me.  r3wt said that whoever stole the btc basically just added 0's to the txid's, allowing for multiple withdrawals.  His system apparently strips the zeros.

Why did it not check for duplicate txid's AFTER the 0's were stripped?  This wouldn't take much.

Also, the withdrawal portion is missing from the pastbin r3wt has provided.

Here is a link http://pastebin.com/vzZN6eQu

Looks like an inside job to me.
dbt1033
Legendary
*
Offline Offline

Activity: 1274
Merit: 1000



View Profile
March 21, 2014, 02:19:51 AM
 #135

Here's what really bugs me.  Hydroponica said that whoever stole the btc basically just added 0's to the txid's, allowing for multiple withdrawals.  His system apparently strips the zeros.

Why did it not check for duplicate txid's AFTER the 0's were stripped?  This wouldn't take much.

Also, the withdrawal portion is missing from the pastbin Hydroponica has provided.

Here is a link http://pastebin.com/vzZN6eQu

Looks like an inside job to me.


Hey, Hey, watch it....

Hydroponica is an honest scammer.


~BCX~



I agree.  As honest as scammers get!
r3wt (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 504


always the student, never the master.


View Profile
March 21, 2014, 02:59:43 AM
 #136

Here's what really bugs me.  r3wt said that whoever stole the btc basically just added 0's to the txid's, allowing for multiple withdrawals.  His system apparently strips the zeros.

Why did it not check for duplicate txid's AFTER the 0's were stripped?  This wouldn't take much.

Also, the withdrawal portion is missing from the pastbin r3wt has provided.

Here is a link http://pastebin.com/vzZN6eQu

Looks like an inside job to me.

justin gillet wrote that particular part. why don't you ask him.

here's the code in question:

Code:
if(isset($_POST["fchk"])) {
if(isUserAdmin($id00)) {
if($_POST["Transaction_Id"] != NULL && $_POST["Coin"] != NULL) {
$tid = mysql_real_escape_string(trim($_POST["Transaction_Id"]));
$coin = mysql_real_escape_string(trim($_POST["Coin"]));
$sql = mysql_query("SELECT * FROM Wallets WHERE `Acronymn`='$coin'");
$id = @mysql_result($sql,0,"Id");

$sql2 = @mysql_query("SELECT * FROM deposits WHERE `Transaction_Id`='$tid' AND `Coin`='$coin'");
$id2 = @mysql_result($sql2,0,"id");
$paid = @mysql_result($sql2,0,"Paid");
$wallet = new Wallet($id);
$trans = @$wallet->gettransaction($tid);
echo '<pre>';
print_r($trans);
echo '</pre>';
if($trans != null) {
if(is_array($trans)) {
if(in_array("Invalid or non-wallet transaction id", $trans,true)) {

echo "non wallet transaction id or invalid tx";
}else{
$account = $trans["details"][0]["account"];
$category = $trans["details"][0]["category"];
$confirms = $trans["confirmations"];
$amount = $trans["amount"];
if($id2 != NULL) {
if($paid == 0) {
if($category == "receive" && $confirms > 3 && $account != "")
{
mysql_query("UPDATE deposits SET `Paid`='1' WHERE `id`='$id2'");
AddMoney($amount, $account, $coin);
echo $amount." ".$coin." was credited to your account";
}
}else{
echo $amount." ".$coin." was already credited to the account.";
}
}else{
if($category == "receive" && $account != "") {
if($confirms > 5) {
mysql_query("INSERT INTO  deposits (`Transaction_Id`,`Amount`,`Coin`,`Paid`,`Account`) VALUES ('$tid','$amount','$coin','1','$account');");
AddMoney($amount, $account, $coin);
echo $amount." ".$coin." was successfully credited to the account";
}else{
mysql_query("INSERT INTO  deposits (`Transaction_Id`,`Amount`,`Coin`,`Paid`,`Account`) VALUES ('$tid','$amount','$coin','0','$account');");
echo "This Deposit is unconfirmed. Current confirmations:" . $confirms .". Required : 6.";
}
}else{
echo "transaction is not a deposit or account is invalid.";
}
}
}
}else{
echo "Contact the admin. Error Code: 35-1a";
/* ERROR CODE INFORMATION

Error Code 35-la
the result wasn't an array. so its probably invalid. inform customer to disregard.
*/
}
}
}
}
}
}


Any idea why it wouldn't strip the zeros(since they are obviously in the database?)

My negative trust rating is reflective of a personal vendetta by someone on default trust.
dbt1033
Legendary
*
Offline Offline

Activity: 1274
Merit: 1000



View Profile
March 21, 2014, 03:25:20 AM
 #137

Here's what really bugs me.  r3wt said that whoever stole the btc basically just added 0's to the txid's, allowing for multiple withdrawals.  His system apparently strips the zeros.

Why did it not check for duplicate txid's AFTER the 0's were stripped?  This wouldn't take much.

Also, the withdrawal portion is missing from the pastbin r3wt has provided.

Here is a link http://pastebin.com/vzZN6eQu

Looks like an inside job to me.

justin gillet wrote that particular part. why don't you ask him.

here's the code in question:

Code:
if(isset($_POST["fchk"])) {
if(isUserAdmin($id00)) {
if($_POST["Transaction_Id"] != NULL && $_POST["Coin"] != NULL) {
$tid = mysql_real_escape_string(trim($_POST["Transaction_Id"]));
$coin = mysql_real_escape_string(trim($_POST["Coin"]));
$sql = mysql_query("SELECT * FROM Wallets WHERE `Acronymn`='$coin'");
$id = @mysql_result($sql,0,"Id");

$sql2 = @mysql_query("SELECT * FROM deposits WHERE `Transaction_Id`='$tid' AND `Coin`='$coin'");
$id2 = @mysql_result($sql2,0,"id");
$paid = @mysql_result($sql2,0,"Paid");
$wallet = new Wallet($id);
$trans = @$wallet->gettransaction($tid);
echo '<pre>';
print_r($trans);
echo '</pre>';
if($trans != null) {
if(is_array($trans)) {
if(in_array("Invalid or non-wallet transaction id", $trans,true)) {

echo "non wallet transaction id or invalid tx";
}else{
$account = $trans["details"][0]["account"];
$category = $trans["details"][0]["category"];
$confirms = $trans["confirmations"];
$amount = $trans["amount"];
if($id2 != NULL) {
if($paid == 0) {
if($category == "receive" && $confirms > 3 && $account != "")
{
mysql_query("UPDATE deposits SET `Paid`='1' WHERE `id`='$id2'");
AddMoney($amount, $account, $coin);
echo $amount." ".$coin." was credited to your account";
}
}else{
echo $amount." ".$coin." was already credited to the account.";
}
}else{
if($category == "receive" && $account != "") {
if($confirms > 5) {
mysql_query("INSERT INTO  deposits (`Transaction_Id`,`Amount`,`Coin`,`Paid`,`Account`) VALUES ('$tid','$amount','$coin','1','$account');");
AddMoney($amount, $account, $coin);
echo $amount." ".$coin." was successfully credited to the account";
}else{
mysql_query("INSERT INTO  deposits (`Transaction_Id`,`Amount`,`Coin`,`Paid`,`Account`) VALUES ('$tid','$amount','$coin','0','$account');");
echo "This Deposit is unconfirmed. Current confirmations:" . $confirms .". Required : 6.";
}
}else{
echo "transaction is not a deposit or account is invalid.";
}
}
}
}else{
echo "Contact the admin. Error Code: 35-1a";
/* ERROR CODE INFORMATION

Error Code 35-la
the result wasn't an array. so its probably invalid. inform customer to disregard.
*/
}
}
}
}
}
}


Any idea why it wouldn't strip the zeros(since they are obviously in the database?)

That's not my problem.
MysticalPotato
Member
**
Offline Offline

Activity: 91
Merit: 10

Stop the potato genocide!


View Profile
March 21, 2014, 05:39:08 AM
 #138

r3wt has yet to show ANY proof whatsoever that there was a theft.  He claims 34 BTC were taken.  So, where are the transactions in the blockchain?  Not some internal accounting, not a copy+paste on pastebin, actual verifiable transactions.  If there was a theft, there are transactions.  Period.

there wasn't a theft of 34 btc, nor did i ever claim it. just a 34 btc discrepancy. fuck off.

I'm confused, r3wt.

Your original OP:


"Politeness induces morality. Serenity of manners requires serenity of mind.” - Julia Ward Howe

Signature space available for a worthy cause
r3wt (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 504


always the student, never the master.


View Profile
March 21, 2014, 05:52:44 AM
 #139

looks like some trolls trying really hard to discredit me.

My negative trust rating is reflective of a personal vendetta by someone on default trust.
r3wt (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 504


always the student, never the master.


View Profile
March 21, 2014, 06:20:32 AM
 #140

looks like some trolls trying really hard to discredit me.


If you made both of those post in which one claim coins were stolen and the other denies it, then which ever one you own up to, the other proves you to be a liar.  How is that being a troll? Sounds like solid and legitimate question to me.

First of all, I'm sorry for the attitude i have been giving people. this is a very stressful people for everyone involved with OpenEx, customers included. We are working on sorting out exactly how much coin left the exchange which was not supposed to. This is where the confusion lies. We are not going anywhere, and we fully plan on paying all customers which have been wronged. Once again, i apologize for this entire mess. It appears that less coin than originally we thought has been stolen, but there has been coin stolen. It just wasn't as cut and dry as a straight up server break in or RPC vulnerability.

We will post an update on 3/27/14.

My negative trust rating is reflective of a personal vendetta by someone on default trust.
Pages: « 1 2 3 4 5 6 [7] 8 9 10 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!