We will not allow, nor tollerate these types of events to occur. We should have never listed this coin. We are doing right by our customers. We are implementing new security and review measures for all currencies. We will be reviewing all currencies to ensure this does not happen again. We apologize and hope you will continue to trade with us because we value you - our customers.
Again, I love Bittex, and I do most of my trading there. This is very unfortunate that this happened, for us and them.
But I think what I wrote in bold above is what everyone wants and needs to hear - whether or not they were invested in SPATA or not.
If not, I think Bittrex will lose an enormous amount of trust by it's users. Which would be unfortunate.
Strato
If anyone wants to have a further discussion on security, I'm more than happy to do it on IRC... You can always find us in freenode at #bittrex.
That said, I do want to address Strato because your post was extremely thoughtful, and I agree with you 100%. However, I don't think you understand the technical complexities of what you are describing.
1) It is not practical to review all source code looking for premines or other malicious activity. Pen test companies take months to review this many lines of code. Additionally, this would make us liable if we missed something. This is not a position Bittrex wants to be in. We are an escrow company. We make sure that you get x coin for y coin.
2) The service we provide for our fee is this safe transaction. We protect you from people running off with your coin without receiving theirs. We do not charge a fee to make sure everything we list is safe.
3) It is impossible to programmatically protect against source code. Adding balance checks here wouldn't have saved everyone. It might have stopped one or two transactions from going through, but it's not complete. Additionally, once we have that in, there are other things developers can do to hide coins. It becomes a cat and mouse game.
There was almost 3 days of source access and 10+ pools running the code. There was ample time for multiple people to catch this activity. It is unfortunate that it slipped by everyone.
With all that said, we postmortem every event like this to try to provide holistic security controls to protect our customers and ourselves from these situations.
Thanks,
richie@bittrex
Richie,
I appreciate you responding - and for providing detailed insight on why what I had suggested is simply impractical.
Forgive me, as I have a very limited background in actual coding - and I tried in my post to be as unbiased as possible, because I meant what I said, in that I really like using the Bittrex platform. I tweet about my trades, hashtagging your platform regularly. I just want to make sure nothing of what I said came off as suggestive in a negative way.
I think in the end this is a good lesson for all of us. Altcoins are not stocks. Buying them, trading them, mining them - we accept certain risks.
Moving forward we need to be careful what we mine. What we decide to invest in, and promote on the threads and twitter. We need to be more responsible as a community.
I understand what Richie is saying. It's simply not practical to review every line of code for every new coin that emerges in the marketplace. Perhaps impractical is even the wrong word - it's very likely impossible.
That said lets move on. Let this thread die. Lets move the ball forward.
Thanks again Richie for the response.
Best,
Strato
