This is an archived post. You won't be able to vote or comment.

all 41 comments

[–][deleted] 16 points17 points  (16 children)

all coins are kept on paper wallets. That's right, any coin to go through our systems are kept on cold storage paper wallets. This is to prevent the on going hacks and attacks everyone else seems to be suffering from. Your coins are completely safe with us since the coins are not stored on the server or even accessible by the server.

Sounds both like a wonderful pile of evidence sitting around for the cops, and a super convenient way for you to run off with the coins.

We are based on the bitwasp framework

Dont care how much work you put in. Deal breaker. There teams of devs trying to perfect bitwasp that havent yet, what makes you think you did it right?

There is a java script in place that is just used for encrypting password

It doesnt matter what javascript you use, just having it enabled opens you up to code injection.

Wont be using this disaster waiting to happen.

[–]IGetDankShit 7 points8 points  (7 children)

We are based on the bitwasp framework

This is a definitely an issue to consider.

There is a java script in place

Also very worrying.

[–]the_avid 2 points3 points  (6 children)

This is a definitely an issue to consider.

Understatement of the century.

BitWasp is insecure. No ifs, no buts. I haven't reported my 3 issues yet, so all BitWasp markets as they stand are currently vulnerable to exploits that are rather simple to execute.

I'll eventually get around to reporting them, in the interim I should probably do a post warning users not to go anywhere near BitWasp markets.

The developers themselves said in their interview with DeepDotWeb that nobody should be running a live market on BitWasp at the moment.

[–][deleted] 1 point2 points  (1 child)

how do you know I didn't fix the exploits? I did a lot of work to secure the bitwasp code.

[–]MindSquid 0 points1 point  (0 children)

So lets here what you patched, List some holes you found and what you did to fix them to backup that claim.

[–]Vespco 0 points1 point  (3 children)

Feel free to report them whenever you'd like to the developers. http://bit-wasp.org/the_avid.html

[–]the_avid 1 point2 points  (2 children)

sent an email yesterday to the person who emailed me from the bitwasp email address

[–]Vespco 0 points1 point  (1 child)

Great! :) Thanks

[–]the_avid 1 point2 points  (0 children)

if you want to send me an email on theavid at safe-mail.net i'll copy you on what I sent. key ID is EFDCB2A7

http://keys.gnupg.net/pks/lookup?op=vindex&search=theavid%40safe-mail.net&fingerprint=on

[–]MindSquid 2 points3 points  (6 children)

What advantage would paper wallets provide over normal code storage except paper cant be encrypted

[–][deleted] 4 points5 points  (5 children)

A horribly coded wallet on the same harddrive as the site can be hacked and emptied.

Which shouldnt be a problem unless youre an absolutely horrible programmer.

And i've got to ask, how exactly are these guys accomplishing the paper wallet thing anyways? Like, a smart phone connected to the computer to scan the QR code and automated printing? Im honestly fucking confused.

[–][deleted] -1 points0 points  (4 children)

they are not actually paper we just say that to get the point across. They are on a tiny netbook with no internet capabilities. We have to manually export them from the hard drive to a usb to a computer with internet access every night to make out the payments. Basically there is no way to hack in to the db with the private keys. so even if are server did get hacked they would not have any ones money and we could be up in running again in 24 hours on a new server.

[–]MindSquid 0 points1 point  (1 child)

We all know hackers cant infect USB sticks if they rooted your server...

[–][deleted] 0 points1 point  (0 children)

the usb never hits the server it goes to another computer with a bitcoin program running to execute the transactions

[–][deleted] 0 points1 point  (1 child)

All seems very susceptible to human error. One guy goes to sleep early and no one gets their payments until he wakes up? You only do payments at the end of the night or what? So like what if I make a withdrawal in the meantime? I've got to wait for you to physically plug I a USB to authorize my withdrawal?

[–][deleted] 0 points1 point  (0 children)

there is no withdraws. as soon as a buyer marks the order as finalized the "paper" wallet is marked to be swept and in the next round of sweeps the funds get paid out to your cashout address you have on file. We might no sweeps every 4 hours or every 24 hours just depends on number of orders that need sweeps. The longest is once every 24 hours though. The more random the better.

[–]InfinitelyOutThere 4 points5 points  (0 children)

Great summary of why this market is doomed to fail.

[–]hugsfordrugs 2 points3 points  (3 children)

Paging /u/the_avid! We have a new market here!

[–]IGetDankShit 1 point2 points  (2 children)

I have a feeling he's already familiar with this one.

[–]the_avid 2 points3 points  (0 children)

indeed I am.

ahhh, BitWasp.

[–]hugsfordrugs 0 points1 point  (0 children)

He always knows these things before we do.

[–]InfinitelyOutThere 5 points6 points  (3 children)

Not holding my breath but this could be good. That is, if it doesn't crash and burned in a huge fireball within the next week like these markets tend to do.

[–]Alphax86 1 point2 points  (1 child)

Any cannabis vendors on here yet?

[–]MrNiceGuySamson[S] 1 point2 points  (0 children)

Today is our opening day. We have had quite a few vendors sign up so we are hoping that in the next day or so a lot of listings will go live.

[–]pinkprincess1 1 point2 points  (0 children)

Your reputation preceeds you...thanks but I'll pass.

[–]obsidianchao 0 points1 point  (3 children)

Again?

Didn't you just do this a week or two ago and your site was shit? Jesus Christ.

Not to mention the last guy with a name from Half Baked was Thurgood Jenkins and he ran off with mad money...

[–]MrNiceGuySamson[S] 0 points1 point  (2 children)

Sorry but you have us confused.

[–]obsidianchao 1 point2 points  (1 child)

I remember "Mr. Nice Guy market" opening a week or two ago, and on that day it was discovered that you, Red Sun, AND some other joke ass marketplace had huge, glaring security holes.

I'm not gonna shit on your market - I have no basis to - but I'll tell you right now that if you don't have the very best programmers in the game, you're going to be fucked. And it'll be ugly.

[–]MrNiceGuySamson[S] -1 points0 points  (0 children)

No, we did not open last week, those others did and sadly for them didnt make it an hour. Its tough to make it a simple hour with this crowd. Since we posted this our servers have been hit from just about every direction. Last week we were asking for testers who might want to test us for any security issues. Nothing server damaging was found with our system so far. Yes, we seen the other markets and seen where they had issues and yes we know its going to be trial by fire, but we honestly feel we have what it takes to make it.

At the end of the day, we would like to think we have given it our best efforts.

Thanks for the heads up of course.

[–]deepdot 0 points1 point  (2 children)

Not saying anything about your market specifically, just quoting the Bitwasp developers:

http://www.deepdotweb.com/2014/03/25/interview-with-bitwasp-founder-developer/

  • Any Bitwasp implementation running a live wallet is taking unnecessary risks with user funds.

  • "We clearly say that it is not finished, is still being developed and to use on testnet only. Unfortunately some have falsely claimed to have fixed issues which lead to people losing their money or privacy. "

[–][deleted] 0 points1 point  (1 child)

we are not running a live wallet

[–]deepdot 0 points1 point  (0 children)

That was just an example as you can read there.

Also the second point is a lot to think about before making these claims.

[–]BabyYayo 0 points1 point  (8 children)

Waiting to see how good. I dunt like pandora nemore :S

reddit gold

In Summation

Want to say thanks to %(recipient)s for this comment? Give them a month of reddit gold.

By purchasing Reddit Gold, you agree to the Reddit User Agreement.

  • make my gift anonymous
  • include a message

Please select a payment method.

Give gold often? Consider buying creddits to use, they're 40% cheaper if purchased in a set of 12.

Would you like to learn more about giving gold?