科技回声

13 条评论

Reminds me of coinbase using mongodb with silent fail and no ACID transactions a few years back. And of course the mtgox fiasco. The amount of amateurishness in the cryptocurrency ecosystem is disappointing.

评论 #16355347 未加载

评论 #16355185 未加载

评论 #16355329 未加载

评论 #16365653 未加载

评论 #16355677 未加载

kaivi超过 7 年前

There is a chat group in Telegram, called "BitGrail Trollbox". It doesn't have a direct link, but one can join when searching the group name through client application. The Bomber dude is there, and it seemed like there is a discussion about what car to buy with all that money. I was removed from it the instant I joined, maybe someone can join and quickly dump the chat log?

评论 #16355396 未加载

评论 #16357818 未加载

评论 #16356030 未加载

评论 #16356133 未加载

fabian2k超过 7 年前

This seems to be based entirely on an anonymous post, at least as far as the linked tweet goes. It wouldn't really surprise me anymore if anything like this happened, but there doesn't seem to be any evidence here. Or did I miss something here and there is more than just the anonymous post here?

评论 #16354895 未加载

ukulele超过 7 年前

The referenced post [0] came to the same conclusion as my first thought: this was very possibly an intentional security hole to allow someone on the team to get away with something.[0] <a href="https://amp.reddit.com/r/CryptoCurrency/comments/7wonkf/the_stolen_xrb_has_already_been_redistributedsold" rel="nofollow">https://amp.reddit.com/r/CryptoCurrency/comments/7wonkf/the_...</a>

评论 #16354559 未加载

评论 #16354403 未加载

评论 #16354396 未加载

philfrasty超过 7 年前

They had multiple other „problems“, too. See for example <a href="https://www.reddit.com/r/RaiTrade/comments/7n0ou8/an_explanation_of_how_the_shitshow_that_youve/" rel="nofollow">https://www.reddit.com/r/RaiTrade/comments/7n0ou8/an_explana...</a>The chat log from Exchange-Owner + Nano-team also speaks volumes <a href="https://www.dropbox.com/s/3g38y67luolfvqs/Colin_ZS_Bitgrail_chat_log.pdf?dl=0" rel="nofollow">https://www.dropbox.com/s/3g38y67luolfvqs/Colin_ZS_Bitgrail_...</a>

评论 #16355841 未加载

redm超过 7 年前

I'm not so sure this was intentional, as some people have speculated, nor do I see any evidence that a check was not previously in place. Remember when Dropbox allowed anyone to login to an account without a password? [0] That doesn't mean Dropbox never checked passwords, or intentionally dropped the check. Especially in the crypto space, iteration happens fast and bugs like this can come up. It seems pretty obvious that they not only had a defect, but did not have the appropriate monitoring, or alternating in place to identify the issue either. I try not to leave coin on exchanges due to hacking, bankruptcy, fraud, etc.[0] <a href="https://www.cnet.com/news/dropbox-confirms-security-glitch-no-password-required/" rel="nofollow">https://www.cnet.com/news/dropbox-confirms-security-glitch-n...</a>

评论 #16354679 未加载

评论 #16354711 未加载

almostApatriot1超过 7 年前

I don't buy this claim. Negative numeric values would break the backend in 99% of scenarios.I also don't really buy the claims he personally was involved in stealing the xrb. Bitgrail has existed for a while, and presumably the owner would have some interest in XRB, probably owning a substantial amount since it was worth nothing. Considering its meteoric rise, he probably became rich himself.So why try to steal 170 million dollars in a scam where you're bound to be accused of being suspect number 1?

评论 #16356216 未加载

latchkey超过 7 年前

Another interesting link that puts together a timeline of events: <a href="https://www.reddit.com/r/CryptoCurrency/comments/7wp334/the_bitgrail_hack_what_we_know_and_what_we_dont/" rel="nofollow">https://www.reddit.com/r/CryptoCurrency/comments/7wp334/the_...</a>

justherefortart超过 7 年前

If this is legitimate, it's hilarious.

bb88超过 7 年前

That's one way to short a cryptocurrency.

jimjimjim超过 7 年前

remember, just ship it. doesn't work? ship it and let the users tell us what's wrong. maintenance nightmare? ship it and then ship it's replacement later. not designed for security? just get bob's cousin, who says he's a hacker to try it, then ship it.

lsmod超过 7 年前

php has nothing to do with it. Can't say the same for the second part though.

LyalinDotCom超过 7 年前

Hire great people with a passion for the trade and most employers won’t have to suffer through crap like this.

评论 #16354932 未加载

13 条评论

PricelessValue超过 7 年前

评论 #16355347 未加载

评论 #16355185 未加载

评论 #16355329 未加载

评论 #16365653 未加载

评论 #16355677 未加载

kaivi超过 7 年前

评论 #16355396 未加载

评论 #16357818 未加载

评论 #16356030 未加载

评论 #16356133 未加载

fabian2k超过 7 年前

评论 #16354895 未加载

ukulele超过 7 年前

评论 #16354559 未加载

评论 #16354403 未加载

评论 #16354396 未加载

philfrasty超过 7 年前

评论 #16355841 未加载

redm超过 7 年前

评论 #16354679 未加载

评论 #16354711 未加载

almostApatriot1超过 7 年前

评论 #16356216 未加载

latchkey超过 7 年前

justherefortart超过 7 年前

If this is legitimate, it's hilarious.

bb88超过 7 年前

That's one way to short a cryptocurrency.

jimjimjim超过 7 年前

lsmod超过 7 年前

php has nothing to do with it. Can't say the same for the second part though.

LyalinDotCom超过 7 年前

Hire great people with a passion for the trade and most employers won’t have to suffer through crap like this.

评论 #16354932 未加载

BitGrail lost $170M because only client-side validation was used

13 条评论

BitGrail lost $170M because only client-side validation was used

13 条评论