Was it mentioned if the hacker/white hat was going to return the BTC that they withdrew?
If they don't return that BTC, Poloniex would be out of pocket in a huge way.
I hope we can pull together an adequate bounty for the white hat such that they will return all BTC.
He said he would, but I haven't heard from him since he explained the vulnerability. My guess is he is waiting on the block chain rebuild to see where he stands with XCP.
If all the XCP gets returned to the Poloniex account, then the dump will stand, and he can keep the BTC. If not... then let's hope he returns it, and I'm going to have to roll back some trades.
Hmmm...its still feeling like the fair and reasonable thing to do under the circumstances is to offer the hacker a fair-market rate bounty for identifying the exploit... Then the onus would be on the hacker to choose how s/he will be remembered in history.
Either s/he chooses to become a whitehat, a hero. And can live with fame, personal pride, and good karma ... not to mention much respect, trust, and future opportunity from within this community!
Or s/he chooses to be a blackhat, a thief. And inevitably experience some guilty conscience, maybe loss of sleep, bad karma in this life ... possibly the next life too =(
Lets get this bounty sorted out, and then hopefully our hacker will make the right decision!
Judging from the precedents, perhaps a bounty on the order of $10,000 - $20,000 would be appropriate. This would be 2x - 4x the highest bounty paid by GitHub, on the high end of what Google pays, and a handsome reward for our whitehat (?).
$10,000 = 16 BTC @ $625 USD / BTC
16 BTC = 1300 XCP @ 0.012 BTC / XCP
So, if we wanted to do a $10,000 bounty it would be 1300 XCP, if we wanted to do $20,000 bounty it would be 2600 XCP.
Earlier on this thread there were at least 12 people committing 100 XCP or 10% of their holdings, so if we rally together a bounty of 1300 - 2600 XCP should be feasible.