I find a bug with allcoin.com. Because of the bug users can obtain nushares that do not belong to them. I have filed a bug report using the exchange’s ticket system with details of how to reproduce the problem, and gave them a day before informing Nu community. I have also sent an email to the address given here. No answer specifically made to the report has been received.
I am not revealing the details of the bug for now, hoping that the exchange can plug the hole before many people start to exploit the exchange and possibly cause serious damage. Eventually (in a few days I guess) I will discuss the bug in the forum. In principle an attacker could get hold of basically the amount in NSR hotwallet. However it takes some luck, resource, and effort to get hold of a lot of coins, so allcoin is not highly likely to go under in a flash.
I am not sure if the problem is only related to nushares. I suggest users withdraw funds from allcoin.com, especially if it’s NSR, before the situation is clear. I have sent a PM to @jmiller, the LPC on allcoins earlier today.
Now someone please find a way to ask allcoin to check the ticket filed 22 hours ago.