CCEDK withdrawals impaired

ronny 2015-02-27 00:35:47 UTC #18

Why do you think we would want to keep Nubits as a traded currency on our exchange after this attack on our integrity and the exchange as a whole? CCEDK was the only exchange after months of searching for one, willing to accept adding a currency without an open source code and yes we did it also because we believed it was of interest obviously, but the breach our developer experienced directly caused due to the source code not being open clearly showed us why none of the bigger exchanges had any interest at this early stage. So if you feel like this by all means, make another of your so many votes, so you can all feel you have gotten rid of the reason for all of this mess.

ronny 2015-02-27 00:41:18 UTC #19

I am not an expert in legal matters, but presenting a letter clearly stating confidential, comes to my mind as a criminal act in most countries, and accusations as you so well present them comes under another term under criminal act as well, so why not present your real name and adress here and we can take the battle all the way to court, and see who has the most to say about all of this?

tomjoad 2015-02-27 00:48:55 UTC #20

No, Ronny. Hiding a loss of customer funds is unethical. Jordan Lee has made the correct judgement call in sharing that email. We have a responsibility to warn all Nu users if their deposits might be used to secretly try and recoup losses. The lessons of Mt. Gox should be ingrained in all of our minds by this point. CCEDK has failed in this regard, and I don’t expect much sympathy from those users who have been impacted. It’s surprising you don’t feel the same way.

The rest of your reply is an emotional attack on NuBits filled with vague threats and references. It’s understandable you are frustrated, given that we are well aware that NuBits and NuShares have comprised 99% of CCEDK’s volume the past few months. At this point in time we are simply interested in how you plan on repaying the stolen funds. The future viability of CCEDK likely depends on your ability to make shareholders whole.

creon 2015-02-27 00:49:44 UTC #21

@ronny please calm down a bit. Confidentiality of course can only legally be ensured by signing an NDA, that’s basic stuff and everyone knows that who worked for a larger company.

Can you elaborate on that? Was it a wallet bug that lead to the breach or a misunderstanding of the wallet RPC functionality? In what way was the Nu source related to the breach?

Yes I agree that you did nothing wrong with it, but from the data it is clear that you were aware of what was happening by adding multiple motions. You knew this motion would have passed without that, so why not just report this error and establish additional trust? In fact, it was those votes that encouraged @JordanLee to remove the funds from your exchange.

I still don’t have my 0.1 BTC on your exchange I sent 8 hour ago, showing at 1 confirmation, so that’s what I reported here.

willy 2015-02-27 00:52:40 UTC #22

Where did I accuse you exactly?
I voiced my opinion, that I thought about a certain felony reading your text. I never claimed you fulfilled it.

JordanLee 2015-02-27 02:06:52 UTC #23

Thank you. That is important to shareholders and depositors.

That is a good idea I’m sure shareholders really appreciate. We can value it at the current market rate of 0.004568 NBT per NuShare. The value returned to shareholders in NSR will be deducted from what is owed to shareholders in NBT. You can send the NSR to this address:

ScGeCL2Hp4hoBqzKH1DRQe68JG4cUV9eCG

I’m open whether shareholders would like me to keep this and treat it as undistributed NSR, to be sold or burned later in accordance with the motion that just passed. Alternatively, I could pass it to @KTm, who would also burn it in accordance the just passed motion.

@Ronny will you be sending 11 million NSR to ScGeCL2Hp4hoBqzKH1DRQe68JG4cUV9eCG?

This doesn’t make sense considering you also had 300 BTC stolen. Bitcoin is open source. Can you provide details of how the breach occurred?

ronny 2015-02-27 08:10:45 UTC #24

Pls ask @KTm to send e-mail to have amounts sent for each of the open amounts open, cancel these rq’s in NBT, and ask to have equvalent sent in NSR as per abaove rate. She can then write here the adresses she is asking to be sent to in order for all here to know what has been sent, but the request of having this NSR sent and how much it covers in comparison to each outstanding will have to come from @KTM email to tie the open amounts with her account to this amount of NSR sent, I hope that is clear an understandable why it needs be done like this, and we will do immediately after.

Sentinelrv 2015-02-27 08:20:56 UTC #25

Ronny, as others have already asked, can you please expand on this statement here.

ronny 2015-02-27 08:34:38 UTC #26

You need to get full details from @Ben as he was helpful to get this matter solved in a way for us to be using the wallet in a secure way.

mhps 2015-02-27 09:23:08 UTC #27

I am quite disturbed as how this issue is handled. I wish Jordan had given ronny a chance to reach an agreement before unilaterally publishing private communications. This won’t come down well from the point of view of many future business partners. In order to florish Nu needs a lot of business partners in the future because Nu is like a bank. Ronny may not run the most sleek and technically competent exchange, but my impression of him is that has common sense and is respectable. The open source vote issue is blown out of proportion.

Yes there are many unanswered questions. If this post doesn’t come down well with some community members, well, better to have different opinions heard than to let the silent majority vote with their feet. I make my own judgement.

nikolaso 2015-02-27 10:54:06 UTC #28

i got my funds deposited on CCEDK, i am withdrawing to see if deposit/withdraw works both ways

masterOfDisaster 2015-02-27 12:53:20 UTC #29

I tried to withdraw recently and it worked smoothly.
I know that the situation is a bit awkward at the moment.
With the communication policy CCEDK has chosen they didn’t do themselves a favour.
I’m glad that the info is out and everybody is warned.

But I will continue to use CCEDK anyway, because it conflicts with my inner conviction to continue what crackers have started - to bring down CCEDK.
And that would be what I do by stopping to use CCEDK.
CCEDK has been a reliable partner exchange for some time.
This might be about business, but it’s about relationship as well.

Goye 2015-02-27 14:59:45 UTC #30

Agree. Since the date pointed in Ronny’s letter, I hadn’t any problems, related with withdraws or deposits. Sometimes there are delays, but my funds still under my control and always were, unlike BTER, for example, and I do not know destiny of them there. I started trading with nu mostly because of nice community and very prospective currency, as I thought. But it’s sadly to see, how community works with each other in troubleshooting.
As I can see from email, which Jordan published, Ronny maked worthy suggestion. Confidential way of this protects users from anxiety.
I see, that Ronny really try to find solution and do actions, instead of saying words and i sure, that he’s opened for any counter offer. But publishment of his email isn’t nice action, both from business side and from relationship side.
Hope, you guys, @ronny and @JordanLee, will find pretty good solution in this hard situation.

tehter 2015-02-27 16:07:15 UTC #31

Ronny lied over and over, and continues to lie. He was not protecting users from anxiety, he was protecting himself.

masterOfDisaster 2015-02-27 16:20:07 UTC #32

I agree that there have been many lies.
And I agree that it was to protect him and his exchange.
But it was - in my opinion - done to be able to continue trading, earn money and pay the debt.
So it was also to protect the customers as well.

While the way was bad I think that at least the intention was not that bad.
I’d have liked an open communication better.
But what would have happened with an open communication?
Those who would have recognized it before others would have withdrawn and the last ones wouldn’t have anything left to withdraw.
That wouldn’t have limited the damage, but shifted it to different people, the “slower” ones…
With continuing the exchange there’s at least the chance to earn fees and pay the debts in full.

Maybe I’m just a little bit naive.
But I sincerely think that this might not be over despite the last few days.
I consider being very open about the situation from now on a requirement for CCEDK to continue.

tehter 2015-02-27 17:01:51 UTC #33

So continuing operating an exchange that has known (but not to us the severity) security vulnerabilities and hope this time they are not incompetent? That is very naive.

mhps 2015-02-28 02:07:13 UTC #34

After all the exchange troubles I belive it’s a matter of time (on the order of a few month to a year) that any exchange is hacked. To mitigate the risk one should minimize time leaving funds on exchanges, and if one has to leave some fund on exchanges, spread to several exchanges.

Cybnate 2015-02-28 03:01:32 UTC #35

So true. Like any bank in this world have been robbed more than once, any exchange will likely have been hacked or will be hacked. When it is a large robbery and the bank is insolvent you would expect that this is communicated to the customers. Most of the times this would be obvious anyway. When the bank has large reserves and/or theft is relatively small they would be able to reimburse their customers immediately, takes the loss and continue to do business. In that case there is no immediate need to inform the customers or future customers, but could still be a good courtesy and could even work as an advantage showing that things are under control (as rumors are always floating around).

We should have our exchanges in the same position as banks, they are not that different and the weakest link in the crypto-currency chain as long as we need exchanges to fiat. Security is a trade-off between ease of doing business (work process, cold wallets, etc.) and level of accepted risk. The level of accepted risk should be as high as the exchange reserves. When something occurs the exchange would still be solvent and can continue to do business assuming they could fix the root cause of the theft preventing it would happen again.

It is very unfortunate that CCEDK has been hacked, it is even more unfortunate that they tried to keep it quiet while they knew they won’t be able to return customer funds when requested. Knowingly allowing people to put their funds at risk (there were a few new custodian ready to enter a CCEDK market) didn’t leave JL much time to discuss solutions with Ronny.

From a distance and in hindsight it is always easy to say that things could have been done better. Don’t forget that keeping silence longer could also have worked out far worse (not knowing how bad situation is at CCEDK) and taking others into it which were blissfully unaware.

I hope that we can all benefit from the lessons learned here and will act a little bit wiser in the future. As @mhps already said it is also very clear that spreading the risk across exchanges, but also across tiers as JL advocates is more important than ever going forward. Hope the exchanges will also find a better balance between their exposed risks and reserves.

JordanLee 2015-02-28 03:43:40 UTC #36

I would love to see a report from @KTm as to how this is progressing.

ronny 2015-02-28 08:34:47 UTC #37

I was expecting to hear from @KTm but so far no information for me to send the mentioned NSR.