[Agora] announcement 2014-03-07

The maintenance is now complete, services are back to operational mode. In the purposes of full transparency we can confirm that the service could indeed at rare occasions send out multiple payments when under unanticipated heavy load. This bug could not be purposefully exploited by any adversaries. The losses from this are basically negligible and partly because of that went undetected. Nevertheless, we deem this bug as severe and immediate measures were taken to remake the system to handle this properly.

Sorry for the scare, if anything good should come of this, please take this as another reminder: do not keep your coins on a market unless you absolutely have to! We strongly encourage you to actively withdraw your coins as soon as possible as a vendor, and as a buyer, only deposit what you are going to use. We are going to do our part and in very short will implement auto-withdrawal feature.

As for the server outages due to extended DoS attacks, this is possible even in the future. It is a real problem and far bigger sites than ours have been down due to these attacks. However no other damages than the actual denial of service are expected.

At this time we don't see any evidence of any other successful "hacks" on us, unless you count the DoS as a "hack".

2014-03-07 Agora team.

Signature: http://pastebin.com/0Ps6aXiG


Comments


[5 Points] None:

I wanted to share a comment about whyusheep's claims.

https://www.reddit.com/r/DarkNetMarkets/comments/1zs55t/since_when_is_leaking_databases_and_black_mailing/

When is pushing a person to the point where they feel like killing themselves considered a moral tactic? This is against any real ethics and hackers do have ethics.

I want to reassure everyone that if whyusheep does have a database, the information does not have to be leaked to prove the claims.

We have multiple accounts on several markets and have provided whyusheep with an account to provide us with the cleartext or at least hashed password.

This will provide whyusheep with a method to prove the claims without endangering anyone.

As whyusheep has never once replied, we know that the claims were simply FUD to defame Agora.


[5 Points] None:

[deleted]


[1 Points] statefulwallftw:

Can't you guys just get a Palo Alto wall and call it a day?


[-3 Points] None:

Why wouldn't you just tell us about the scheduled maintenance first instead of just doing it and being sketchy (if i understand what happened correctly)?


[-1 Points] fractalscattering:

Remember SR1 had DDoS attacks for a couple months before it got seized. Hmm...

Just an highdea.


[-9 Points] None:

They are very certain that bug is not exploitable, or that they understand how heavy load magically fucks their wallet. Pretty hilarious.

Guess if they didn't see evidence of a hack it must not have happened. ;)