Hey guys,
Just thought I would post an announcement about the status of BlackCoin at Crypto Rush. As you all know there was an unannounced fork earlier today that caused many people to upgrade without proper notice. We at Crypto Rush didn't find out until 7 hours later. For this we apologise about our slow updating to the new version causing many traders potential losses. This is where we announce that BlackCoin was stolen from us by users, caused by a bug in the BlackCoin daemon.
This bug came from the way stake coins work and how they respond to RPC calls and getbalance [accountname] queries, something which we rely on to operate our exchange. Up until this upgrade we had no issues with using BlackCoin and it was trading perfectly well. The bug with the stake caused everyones user balance to inflate to an extra 22 million coins. This is similar to the Zeitcoin issue in the sense that peoples balances were wrong and therefore withdrew more than they had. It's really getting old news for us, and this time the loss was even bigger than Zeitcoin.
Here's a generated report showing some figures.
Total withdrawn: 20,381,892.41143484
Total deposited: 20,448,517.07003221
Total stake generated: 1,640.08575003
Supposed current site balance: 66,624.65859738
Consolidated reported current site balance (user daemon accounts): 22,052,756.46576266
Actual daemon balance: 68,025.87273473
As you can see, the report showed that every combined users reported balance is over 22 million when our wallet balance is only 68k. At the time we pulled BC offline after the update we had only 53.xx coins on the balance. This is a clear sign of a stake bug, and as you can see by this daemon call it confirms the origins of the bug.
./blackcoind getbalance ''
This is because, as told to us by the developer, a bug where the state generation takes away the amount from the main account while still generating the amounts under the specific daemon accounts. We were working with the developer for a while to resolve the issue, and he did fix the bug in the daemon, making our statistics report correct again.
Total withdrawn: 20,381,892.41143484
Total deposited: 20,448,517.07003221
Total stake generated: 1,640.08575003
Supposed current site balance: 66,624.65859738
Consolidated reported current site balance (user daemon accounts): 66,624.39639811
Actual daemon balance: 68,025.87273473
After we confirmed this data and had the developer confirm with us that this was indeed a bug, he responded with the following: "i see these numbers, what do you expect from me?". He is refusing to help us in solving the issue. For future reference here is a complete pastebin log of the chat since I joined the channel #bcdevmeeting and my conversation with the developer
http://pastebin.com/qW3xRmcL. The log clearly shows him helping us solve the problem and admitting to a bug, but refusing to have any care about how to resolve the situation.
Obviously we knew as soon as we took off the BC markets for a second time it was a serious issue. It took us long to generate the data and reports to confirm the exact amount of loss, which is
1554503.10052230, 121.xx Bitcoins at the time of writing. It was taken by users who withdrew coins they
knew did not belong to them. We had one user come to us and report that he had more balance than he should have and wanted to give them back. A very warm thanks to this user, we need more people like them in crypto. A couple of other users notified that balances just "popped up" for them after the update.
To top it off, as soon as we launched BlackCoin's update we underwent a 8 hour constant DDoS attack which we've now since patched and blocked. This just adds to the mess and situation that everyone had to go through.
Guys, all I can say is, we're totally pissed off that this happened for both us and for everyone affected. Me and the team work very very hard to keep up with everyone's messages, tickets and IRC chats while continuing to develop the site and fix any bugs that arise. My personal opinion is if this fork was realised sooner it could have been better planned. There was absolutely no prior warning to it happening. I can't believe that we are the only ones that were negatively affected. I'm sure there are tons of users who lost out on great trading opportunities due to this fork and downtime on other sites.
Once again we apologise for our own issues with both downtime and late upgrades of the client. We'll post more when we know how we can pay back affected users or get some compensation for this massive massive loss. 100 BTC doesn't just come out of thin air, so please be patient while we make this right. I'll answer as many questions as I can here publicly about this issue, any off-topic questions will be ignored unless relevant. If anyone has any suggestions for how we can solve the issue, please do let us know.
Until further notice BlackCoin trading is suspended on Crypto Rush.Regards,
Crypto Rush
You are blaming the devs? What do you want, another fork to refund? How did you code allow negative balance and withdrawals to continue? Did you test the code?
I don't have sympathy for good reason - not one exchange employs security white hat help it seems. Happy to take 2% fee in profit, but security holes in
? That's just ridiculous.