BTC-E.COM NICE RECOVERY FROM THE HACK! =)

[adamstgBit]

dev: we got some fake LR deposits so they just bought btc and withdraw

dev: karl1982, exchange not hacked, we just receive fake LR USD

I'm kind of having a hard time seeing what the difference is. If you can get fake USD into an exchange, you've hacked it.

Maybe he means that the hack was LR side?

LR can be hacked into sending fake LR USD!
Quickly everyone the USD has been hacked
Move your money to Bitcoin now, before your USD is worthless.

[kano]

dev: we got some fake LR deposits so they just bought btc and withdraw

dev: karl1982, exchange not hacked, we just receive fake LR USD

I'm kind of having a hard time seeing what the difference is. If you can get fake USD into an exchange, you've hacked it.

Maybe he means that the hack was LR side?

That would be good - that would mean that LR is up to cover the money and all the BTC-e transactions should all be unchanged ...

[smoothie]

dev: we got some fake LR deposits so they just bought btc and withdraw

dev: karl1982, exchange not hacked, we just receive fake LR USD

I'm kind of having a hard time seeing what the difference is. If you can get fake USD into an exchange, you've hacked it.

Maybe he means that the hack was LR side?

That would be good - that would mean that LR is up to cover the money and all the BTC-e transactions should all be unchanged ...

+1 Did not think of that...

[BkkCoins]

What is far more likely is that there is a payment notification interface that was replay attacked due to poor design. I'm not up on how LR notifies of received funds but it may be like Paypal and I know how that one works.

BTC-E receives a http POST saying funds arrived into account. It updates it's exchange accounts locally to reflect that. But if the POST isn't properly qualified/authenticated then someone who knows the protocol can mimic funds deposit and make it appear like they have sent funds. It is critical that a POST back to origin to verify funds happens and perhaps that didn't happen or was MITM somehow.

The result is no funds on account at LR. And free to spend money at BTC-E.

They can reverse all the trades and restore balance to pre-hack time. But they will not be able to give back BTC that have been withdrawn. So either they make good and buy it in the market, or they say tough luck and customers lose. I expect they'll reverse everything and then see how much BTC they would need to buy. And at that point they'll decide who loses.

[Gabi]

dev: we do rollback right now

Nice

That's why you make backup, so in case of problems you do a rollback and problem solved. Not like the scammers of bitcoinica that "we have no backups lol"

[Transisto]

...

They can reverse all the trades and restore balance to pre-hack time. But they will not be able to give back BTC that have been withdrawn. So either they make good and buy it in the market, or they say tough luck and customers lose. I expect they'll reverse everything and then see how much BTC they would need to buy. And at that point they'll decide who loses.

What was BTC withdraw limit ?

[ailikun]

No limit(

[smoothie]

No limit(

Not true. there is a 2000BTC limit. Asshole doesnt know what the fuck he is talking about.

[JoelKatz]

That's why you make backup, so in case of problems you do a rollback and problem solved. Not like the scammers of bitcoinica that "we have no backups lol"

Unfortunately, it's not problem solved for at least two reasons. First, you can't rollback coin withdrawals. (They may have a similar problem with LR withdrawals, but I doubt it.) Second, you will have customers who will, in many cases justifiably, feel that rolling back legitimate trades rips them off. (You'll also have a bunch of jerks demanding to keep their ill-gotten gains, such as people who deposited BTC, sold them for $50 each, and then tried to withdraw USD. But screw them.)

For example, consider someone who saw the price rise at BTC-e and then bought a Mt. Gox code and then bought bitcoins at Mt. Gox, withdrew them from Gox and deposited them at BTC-e. A rollback would give them their bitcoins back. That still leaves them out the commission they paid for the Gox code plus  two Mt. Gox commissions (buying the bitcoins and then having to sell them). They also may take exchange losses depending on the timing and are left having to withdraw USD from Mt. Gox.

[ailikun]

No limit(

Not true. there is a 2000BTC limit. Asshole doesnt know what the fuck he is talking about.

well, theres no meneaning in being rude.

"Our advantages:

 •Trading in automatic mode.
•Addition USD deposits within 24 hour
•Instant deposit/withdrawal all coin
•USD Withdrawal within 24 hours

i havent tried withdrowing more than 2000 btc.
so if im wrong, than its good.

[smoothie]

No limit(

Not true. there is a 2000BTC limit. Asshole doesnt know what the fuck he is talking about.

well, theres no meneaning in being rude.

"Our advantages:

 •Trading in automatic mode.
•Addition USD deposits within 24 hour
•Instant deposit/withdrawal all coin
•USD Withdrawal within 24 hours

i havent tried withdrowing more than 2000 btc.
so if im wrong, than its good.

There is plenty of reason to be rude to you. You claimed something you did not even know anything about.

[ailikun]

I didn't claimed it.
And I didn't argue with anybody
I believed that, there is no limit.

Edit: Yes theres is a limit, its 2000btc.
sorry for misleading

[Maged]

That's why you make backup, so in case of problems you do a rollback and problem solved. Not like the scammers of bitcoinica that "we have no backups lol"

Unfortunately, it's not problem solved for at least two reasons. First, you can't rollback coin withdrawals. (They may have a similar problem with LR withdrawals, but I doubt it.) Second, you will have customers who will, in many cases justifiably, feel that rolling back legitimate trades rips them off. (You'll also have a bunch of jerks demanding to keep their ill-gotten gains, such as people who deposited BTC, sold them for $50 each, and then tried to withdraw USD. But screw them.)

For example, consider someone who saw the price rise at BTC-e and then bought a Mt. Gox code and then bought bitcoins at Mt. Gox, withdrew them from Gox and deposited them at BTC-e. A rollback would give them their bitcoins back. That still leaves them out the commission they paid for the Gox code plus  two Mt. Gox commissions (buying the bitcoins and then having to sell them). They also may take exchange losses depending on the timing and are left having to withdraw USD from Mt. Gox.

After the price rose above $12, it was extremely obvious that this was a hack. Anyone who traded elsewhere with the assumption that the btc-e trade was legit deserves to have the trade rolled-back.

[tiberiandusk]

That's why you make backup, so in case of problems you do a rollback and problem solved. Not like the scammers of bitcoinica that "we have no backups lol"

Unfortunately, it's not problem solved for at least two reasons. First, you can't rollback coin withdrawals. (They may have a similar problem with LR withdrawals, but I doubt it.) Second, you will have customers who will, in many cases justifiably, feel that rolling back legitimate trades rips them off. (You'll also have a bunch of jerks demanding to keep their ill-gotten gains, such as people who deposited BTC, sold them for $50 each, and then tried to withdraw USD. But screw them.)

For example, consider someone who saw the price rise at BTC-e and then bought a Mt. Gox code and then bought bitcoins at Mt. Gox, withdrew them from Gox and deposited them at BTC-e. A rollback would give them their bitcoins back. That still leaves them out the commission they paid for the Gox code plus  two Mt. Gox commissions (buying the bitcoins and then having to sell them). They also may take exchange losses depending on the timing and are left having to withdraw USD from Mt. Gox.

After the price rose above $12, it was extremely obvious that this was a hack. Anyone who traded elsewhere with the assumption that the btc-e trade was legit deserves to have the trade rolled-back.

I think you meant to say, "Anyone who traded elsewhere with the assumption that the btc-e trade was legit was a freaking idiot."

[JoelKatz]

After the price rose above $12, it was extremely obvious that this was a hack. Anyone who traded elsewhere with the assumption that the btc-e trade was legit deserves to have the trade rolled-back.

I agree, but it's very hard for a business to say to its customers, "you were stupid to trust us, so you deserve to lose". I'm sure they can find lots of places btc-e talks about how secure and reliable they are and how customers can and should trust them. It's hard to turn around and blame people for doing what you've asked them to do.

Also, watching it happen, it wasn't obvious to me that it was an exchange hack until much later. In fact, until very late I considered it still a possibility that someone was using a large amount of real LR.

[Maged]

Also, watching it happen, it wasn't obvious to me that it was an exchange hack until much later. In fact, until very late I considered it still a possibility that someone was using a large amount of real LR.

Seriously? I understand believing it up to about $12 (a 33% increase over MtGox), but after that not even an insane buyer would keep buying with their own funds. They'd let the price settle.

[R-]

Equilibrium restored

[Come-from-Beyond]

Equilibrium restored

Not yet. They can draw USD and BTC balances as they were before the hack, but what will happen if everyone try to withdraw all their money? Does BTC-e have enough funds to cover every claim?

[Maged]

Equilibrium restored

Not yet. They can draw USD and BTC balances as they were before the hack, but what will happen if everyone try to withdraw all their money? Does BTC-e have enough funds to cover every claim?

If we've learned anything from past hacks, it's that that won't happen.

[cryptoanarchist]

Whew...well, my BTC withdrawal went through, so I got my coins out of there. I was late to the party so I still have USD and LTC stuck there though.