[accused of EXIT SCAM] Altilly Crypto Exchange - list MAID

Anyone intelligent enough to create and run a working exchange should have no problem stopping hackers. A properly secured Linux system is virtually impossible to hack. This leads me to believe they were either scamming people, or lazy, neither of which inspires confidence in them.

1 Like

But what if you just bought it?

4 Likes

Whats your hourly rate? And do you have professional indemnity insurance?

Thats easy to say and a little more difficult to achieve in practice.

DISCLAIMER: I have lost money on Altilly

3 Likes

“The servers the Altilly Exchange platform utilised were provided by an independent hosting provider.”

Copy-paste amateurs think using third party hosting is secure. Beware noobs! :roll_eyes:

cough should have used Safe Network! cough :smiley:

1 Like

From a system level it isn’t that difficult. I can understand how a web application may be vulnerable and give access to the system, but it should stop there with an unprivileged user, and what they are allowed to access. Allowing someone to not only gain access to the system, but to create a new system user and take over the systems is incompetence.

I used to carry insurance and do consulting, but I’m out of that game, now. My rate was $125/hr. In an eight hour day, I could install an entire web application stack and lock it down.

1 Like

It’s one thing to set up an “unhackable” system. It is entirely another to ensure it remains unhackable.
Reading between the lines at https://altilly.com/ point 2 it would seem there was some social engineering involved as well as forgetfulness around the old non-2FA-protected email account.
We can take all the precautions we want, stay up to date with exploits but if you - or someone else associated with the project - falls for some social engineering attack, you need to hope your pro indemnity insurance covers it.

1 Like

before maybe, but after? The safetokens will exist in its own network. Are you thinking about wrapped safetokens?

The greatest vulnerability in any system—cyber or not—is human. People often overlook this fact.

7 Likes

Yes, wrapped safetokens

Well I wonder if that will do any good…
They certainly give the impression of trying hard to make things better.

3 Likes

Excuse me? These two are completely unrelated issues.

1 Like

Unrelated in terms of technologies involved, but not in competence. One knows they need to protect themselves which means either they get someone involved in the project who knows how, or they hire someone on contract to protect them. As I said, being vulnerable enough to allow their systems to be completely taken over is either a ruse to steal the money, or negligence of the highest order.

Competence in one area does not automatically translate to competence in another, especially not when the two areas require fundamentally different ways of thinking and when they operate on different levels on the stack. According to your theory, any programmer or systems architect is a good security expert and vice versa. Reality disagrees.

3 Likes

To “create and run an exchange” you don’t even have to be a programmer, much less a security expert. You have to be businessman and have enough capital to start it up. It’s hardly a question of intelligence or general competence.

4 Likes

That’s not at all what I said. I said they are aware of the threats and the need to protect themselves. They may not have the expertise to do so themselves, but they know the possibility is there. Businessman, developer, whatever the case, a failure of this magnitude is negligence or a scam.

2 Likes

On that I agree.

Imo, if you are not able and willing to purchase insurance that will protect 100% of your customers’ assets you have no business opening an exchange. You can risk your own money w/o proper insurance but not your customers’. Same goes for investors who join up with you: they must be able to verify proof of insurance (to protect the customers not themselves necessarily).

2 Likes

This got magically shortened to 14 days… Final date is: 9th of January 2021 - 23:59 CET.

1 Like

This is a total exit scam…

6 Likes

Maybe I am being naïve, but I doubt that (time will tell). They really do put a lot of effort in updating their homepage with information. The text about when you need to claim your coins has now also been revised to ’ Saved assets can be claimed until the 9th of January 2021. Lost assets can be claimed until the 26th of February 2021.’, which thus matches the 90 days time frame mentioned previously And besides that, they’ve updated the ‘What’s the cause’ section last night. And on top of all that the list of lost/saved coins already shows several coins that are repaid. Anyway imo persons who want to cheat you, usually do not put this much effort in it after they got your money. Considering this, I would like to give them the benefit of the doubt and at least show a positive comment at the end of this thread.

1 Like