CCEDK withdrawals impaired

JordanLee · February 27, 2015, 2:06am

Thank you. That is important to shareholders and depositors.

That is a good idea I’m sure shareholders really appreciate. We can value it at the current market rate of 0.004568 NBT per NuShare. The value returned to shareholders in NSR will be deducted from what is owed to shareholders in NBT. You can send the NSR to this address:

ScGeCL2Hp4hoBqzKH1DRQe68JG4cUV9eCG

I’m open whether shareholders would like me to keep this and treat it as undistributed NSR, to be sold or burned later in accordance with the motion that just passed. Alternatively, I could pass it to @KTm, who would also burn it in accordance the just passed motion.

@Ronny will you be sending 11 million NSR to ScGeCL2Hp4hoBqzKH1DRQe68JG4cUV9eCG?

This doesn’t make sense considering you also had 300 BTC stolen. Bitcoin is open source. Can you provide details of how the breach occurred?

ronny · February 27, 2015, 8:10am

Pls ask @KTm to send e-mail to have amounts sent for each of the open amounts open, cancel these rq’s in NBT, and ask to have equvalent sent in NSR as per abaove rate. She can then write here the adresses she is asking to be sent to in order for all here to know what has been sent, but the request of having this NSR sent and how much it covers in comparison to each outstanding will have to come from @KTM email to tie the open amounts with her account to this amount of NSR sent, I hope that is clear an understandable why it needs be done like this, and we will do immediately after.

Sentinelrv · February 27, 2015, 8:20am

Ronny, as others have already asked, can you please expand on this statement here.

ronny · February 27, 2015, 8:34am

You need to get full details from @Ben as he was helpful to get this matter solved in a way for us to be using the wallet in a secure way.

mhps · February 27, 2015, 9:23am

I am quite disturbed as how this issue is handled. I wish Jordan had given ronny a chance to reach an agreement before unilaterally publishing private communications. This won’t come down well from the point of view of many future business partners. In order to florish Nu needs a lot of business partners in the future because Nu is like a bank. Ronny may not run the most sleek and technically competent exchange, but my impression of him is that has common sense and is respectable. The open source vote issue is blown out of proportion.

Yes there are many unanswered questions. If this post doesn’t come down well with some community members, well, better to have different opinions heard than to let the silent majority vote with their feet. I make my own judgement.

nikolaso · February 27, 2015, 10:54am

i got my funds deposited on CCEDK, i am withdrawing to see if deposit/withdraw works both ways

masterOfDisaster · February 27, 2015, 12:53pm

I tried to withdraw recently and it worked smoothly.
I know that the situation is a bit awkward at the moment.
With the communication policy CCEDK has chosen they didn’t do themselves a favour.
I’m glad that the info is out and everybody is warned.

But I will continue to use CCEDK anyway, because it conflicts with my inner conviction to continue what crackers have started - to bring down CCEDK.
And that would be what I do by stopping to use CCEDK.
CCEDK has been a reliable partner exchange for some time.
This might be about business, but it’s about relationship as well.

Goye · February 27, 2015, 2:59pm

Agree. Since the date pointed in Ronny’s letter, I hadn’t any problems, related with withdraws or deposits. Sometimes there are delays, but my funds still under my control and always were, unlike BTER, for example, and I do not know destiny of them there. I started trading with nu mostly because of nice community and very prospective currency, as I thought. But it’s sadly to see, how community works with each other in troubleshooting.
As I can see from email, which Jordan published, Ronny maked worthy suggestion. Confidential way of this protects users from anxiety.
I see, that Ronny really try to find solution and do actions, instead of saying words and i sure, that he’s opened for any counter offer. But publishment of his email isn’t nice action, both from business side and from relationship side.
Hope, you guys, @ronny and @JordanLee, will find pretty good solution in this hard situation.

tehter · February 27, 2015, 4:07pm

Ronny lied over and over, and continues to lie. He was not protecting users from anxiety, he was protecting himself.

masterOfDisaster · February 27, 2015, 4:20pm

I agree that there have been many lies.
And I agree that it was to protect him and his exchange.
But it was - in my opinion - done to be able to continue trading, earn money and pay the debt.
So it was also to protect the customers as well.

While the way was bad I think that at least the intention was not that bad.
I’d have liked an open communication better.
But what would have happened with an open communication?
Those who would have recognized it before others would have withdrawn and the last ones wouldn’t have anything left to withdraw.
That wouldn’t have limited the damage, but shifted it to different people, the “slower” ones…
With continuing the exchange there’s at least the chance to earn fees and pay the debts in full.

Maybe I’m just a little bit naive.
But I sincerely think that this might not be over despite the last few days.
I consider being very open about the situation from now on a requirement for CCEDK to continue.

tehter · February 27, 2015, 5:01pm

So continuing operating an exchange that has known (but not to us the severity) security vulnerabilities and hope this time they are not incompetent? That is very naive.

mhps · February 28, 2015, 2:07am

After all the exchange troubles I belive it’s a matter of time (on the order of a few month to a year) that any exchange is hacked. To mitigate the risk one should minimize time leaving funds on exchanges, and if one has to leave some fund on exchanges, spread to several exchanges.

Cybnate · February 28, 2015, 3:01am

So true. Like any bank in this world have been robbed more than once, any exchange will likely have been hacked or will be hacked. When it is a large robbery and the bank is insolvent you would expect that this is communicated to the customers. Most of the times this would be obvious anyway. When the bank has large reserves and/or theft is relatively small they would be able to reimburse their customers immediately, takes the loss and continue to do business. In that case there is no immediate need to inform the customers or future customers, but could still be a good courtesy and could even work as an advantage showing that things are under control (as rumors are always floating around).

We should have our exchanges in the same position as banks, they are not that different and the weakest link in the crypto-currency chain as long as we need exchanges to fiat. Security is a trade-off between ease of doing business (work process, cold wallets, etc.) and level of accepted risk. The level of accepted risk should be as high as the exchange reserves. When something occurs the exchange would still be solvent and can continue to do business assuming they could fix the root cause of the theft preventing it would happen again.

It is very unfortunate that CCEDK has been hacked, it is even more unfortunate that they tried to keep it quiet while they knew they won’t be able to return customer funds when requested. Knowingly allowing people to put their funds at risk (there were a few new custodian ready to enter a CCEDK market) didn’t leave JL much time to discuss solutions with Ronny.

From a distance and in hindsight it is always easy to say that things could have been done better. Don’t forget that keeping silence longer could also have worked out far worse (not knowing how bad situation is at CCEDK) and taking others into it which were blissfully unaware.

I hope that we can all benefit from the lessons learned here and will act a little bit wiser in the future. As @mhps already said it is also very clear that spreading the risk across exchanges, but also across tiers as JL advocates is more important than ever going forward. Hope the exchanges will also find a better balance between their exposed risks and reserves.

JordanLee · February 28, 2015, 3:43am

I would love to see a report from @KTm as to how this is progressing.

ronny · February 28, 2015, 8:34am

I was expecting to hear from @KTm but so far no information for me to send the mentioned NSR.

KTm · March 3, 2015, 3:13pm

Shareholders:

@Ronny and I have spent time this afternoon reviewing the state of my accounts and have agreed to a NSR for NBT settlement plan including two of my three affected accounts that have pending NBT withdrawals affected by the breaches (totaling 53397.55 NBT).

I will post the details of that agreement once the terms have been met (in the next two or three hours). The third trading account’s outstanding 33989.07 NBT obligation will be negotiated separately.

//KTm

KTm · March 3, 2015, 4:45pm

Shareholders:

I have taken possession of 10,987,151.20 NSR in exchange for the 53,397.55 NBT obligation from CCEDK. The details of the negotiated settlement, from the email that I sent to @ronny:

Ronny,

Here is the formal summary of our recent discussion on HipChat concerning the settlement of part of the funds that I have requested for withdrawal.

–
Withdrawals that have been requested, but are still pending:

30786.27 NBT (from account [redacted])
33989.07 NBT (from account: [redacted])
22611.28 NBT (from account: [redacted])

Total: 87386.62 NBT

–
NuShare exchange rate is established as 0.00486 NBT/NSR – the average between the price posted in the discuss.nubits.com forum topic (0.004568 NBT/NSR) and the current price listed on CoinMarketCap (0.005152 NBT/NSR).

This rate only applies to the outstanding funds detailed below, further settlements will be assessed using the prevailing NBT/NSR exchange rate at the time.

To satisfy two of the three CCEDK accounts ([redacted]), CCEDK has agreed to pay the following:

6334623.45 NSR for the 30786.27 NBT from account [redacted]
4652526.75 NSR for the 22611.28 NBT from account [redacted]

Total: 10987150.2 NSR

–
A transfer address has been set up to receive these NSR in trade for the outstanding NBT due to me. I would like to request a test deposit of 1 NSR sent to the address:

SXDsZgjSZb7ZuFQrDHSs2REGPwSFu7Eodj

Once I have confirmed receipt, please send the remainder in the form of two transactions, one for 6334623.45 NSR and the other for 4652526.75 NSR.

Understand that the NSR being transferred will be considered the fulfillment of the outstanding obligation rather than temporary collateral to hold. This means that once the transfer occurs, the NSR will be treated as part of my original grant’s operating funds and I am under no obligation to return them in exchange for NBT from CCEDK at any point in the future.

–
Once this amount has been confirmed deposited into the address in my control, I will consider these account withdrawals settled, with no further obligations due on CCEDK’s part. Remaining funds (non-NBT) in those accounts are still mine to do as I wish, and for the time being, will remain on CCEDK until I decide on the next course of action (return them to the exchange order books using NuBot, or withdraw them directly).

Details of this agreement will be presented to the Nu community and included in my holdings reporting going forward.

CCEDK’s agreement will be considered binding once the funds have been sent. If CCEDK disagrees with anything documented, please let me know before funds are sent.

Shareholders can review the payment transactions by viewing the referenced deposit address in the Nu block explorer to confirm that the NSR agreed to have been placed in my possession, and that the obligations for two of the three trading accounts that I had outstanding on CCEDK have been discharged.

These NSR will remain in my possession until the time when a decision is made for what to do with them. I will include them on any grant operations reporting going forward.

The remaining 33989.07 NBT in grant funds still needed will be addressed in a future post, once CCEDK and I have determined the timeline and method for repayment.

If Shareholders have any questions about the settlement or the terms, I will do my best to address them.

I would like to thank @Ronny and the CCEDK team for the prompt attention regarding the funds; any delay in activity between the announcement of this thread and this settlement is my responsibility.

Thank you.

//KTm

Hyena · March 4, 2015, 10:14pm

So, can anyone give the summary of what happened here?
Did I understand correctly that CCEDK was hacked and lost some coins and thus is no longer operational? As a result, the nubits held on the CCEDK accounts needed to be retrieved ASAP from the custodian. However, for some reason the custodian was only able to return the nubits if they got nushares in return. What was that some reason?

Ben · March 5, 2015, 12:33am

The summary, as I’ve been able to piece it together:

Kiara Tamm (@KTm) is one of the custodians who supports CCEDK. She has multiple accounts for different trading pairs (NBT/USD, NBT/EUR, NBT/PPC, NBT/BTC)
At some point in the past six weeks, CCEDK had a breach (or breaches) due to a hack or a bug. This/these attacks resulted in a situation where customer funds were lost (denominated in BTC, NBT, and NSR – possibly other cryptos, but I’m not sure). At least three of Kiara’s accounts were affected.
CCEDK wanted to settle with Kiara to pay back the funds that were lost. They could not (obviously) replace the ~86,000 worth of her NBT lost with NBT that they no longer had, so they worked out a deal to use their corporate (non-customer) NSR holdings instead.
This settlement only covered two of the three accounts that Kiara had funds stolen from. There are approximately 34,000 NBT worth of funds that need to still be paid back.

Did I get that right?

Hyena · March 5, 2015, 10:56am

I’ve always wondered that in the case of nubits the nushareholders actually have the power to reverse a transaction of stolen coins by voting for it. has anyone else considered this as a possibility?