Poloniex customer sold the exchange's vulnerability

Poloniex customer sold the information about the exchange's bug for support's ignoring
17 August 2017   2056

The Poloniex crypto-exchange trader under the nickname Poloniex2FASucks detected a bug in the platform security system and then sold the information about it, as he was ignored by the support's team. He shares his history on Reddit.

As the user reports, he managed to easily bypass the two-factor authentication when withdrawing funds from the exchange account:

I managed to withdraw cryptocurrencies from an account without having access to the 2FA device, both for login and for withdrawal confirmation. I withdrew from an account that I picked, having access to the password from a leaked database. ... You open your emails in a client that provides those "preview" images, you've confirmed your outgoing transaction by opening the email. 

Poloniex2FASucks on reddit.com

According to the post, the customer wrote a letter to the Poloniex support service about the vulnerability found, but even after 60 days he did not receive a response.

I'm guessing they have no interest in fixing it, and that it is intentional. 

Poloniex2FASucks on reddit.com

A bit later, it has been reported that the information about the vulnerability was sold.

Finally, Poloniex2FASucks notes that other customers should not trust the company their funds as it can not even implement two-factor authentication on the platform and correctly configure the robots.txt file. He also advises all Poloniex users to withdraw their funds from the stock exchange as soon as possible.

Ethereum Scaling Solution Raiden to Launch Last Testnet

As noted by the developers, after implementing the new solution, the Ethereum network will be able to provide more than a million transactions per second
20 July 2018   132

On Thursday, July 19, at the Dappcon developer conference in Berlin, the last test network of Raiden for the Ethereum blockchain was launched, CoinDesk reports.

The release includes a minimal implementation of the scaling solution, which will allow the transfer of Ethereum tokens outside of the main blockchain. This is the last test phase before the introduction of technology into the core network of Ethereum.

It's the first step towards going to the mainnet. We really want people to really test this so we have a user interface, we have an API and we've created an open Github for everything they could find, so if we go hopefully bug-free on the mainnet.

Lefteris Karapetsas

Core Developer, Raiden

According to him, the new release represents an early implementation for the core network and contains a new rewritten code of smart contracts and payment channels that can be restored in case of unintended closure.

Also, Karapetsas urged developers to join the test network to help detect possible bugs, adding that a bounty program will be launched to encourage this activity.

The release date for the main network has not yet been assigned, but the developers intend to follow this earlier promise and launch Raiden this summer.

Karapetsas also promised to publish regular updates and code optimizations after the full release, adding that Raiden will complement other Ethereum scaling solutions that are currently being developed.

Raiden is essentially the payment channel network for ethereum, it's supposed to help us scale token transfers. The long term goal would be to have people use Raiden from a mobile device and be able to make off-chain token transfers just from their phone. That would be the long term vision, it would probably work in combination with various scaling solutions, sharding, plasma, a sort of hybrid.

Lefteris Karapetsas

Core Developer, Raiden

Raiden is developing from the 2015 and is written mostly on Python. The project is much like the Lightning Network. As noted by the developers, after implementing the new solution, the Ethereum network will be able to provide more than a million transactions per second.