/post/3484483df2c239d0983a
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The following post is an update and complete account of the events that transpired during the recent maintenance period on SuperMarket. In this post we will openly go over all the details and provide you with everything that has taken place to resolve these issues.
A brief recap of the events that led up to this:
At approximately 11:17 AM UTC on March 8th a bug was NOT responsibly disclosed and was publicly posted on the /d/Super sub dread. The bug was the result of the Monero RPC becoming overloaded resulting in one-time time payments to be duplicated and sent to the Monero daemon repeatedly. This bug was NOT part of the market but instead was part of the official Monero RPC.
What wasn't disclosed and why:
Approximately 1 hour after the bug had been made public it occurred again completely draining the market wallets. During our research we found that the bug was a result of the Monero RPC becoming overloaded and was not a bug in the market itself. Upon discovering this we immediatley disabled all transaction processing and systematically took access to the market down while also informing Dread staff of the entire situation. During this time we began assessing the situation as a whole and began establishing a plan to resolve all issues that were present. Due to these events taking place in the midst of the chaos ensuing with Incognito's exit and extortion scam we were very careful with the information we published while we assessed the situation and worked towards a resolution.
The steps taken:
Our team completely overhauled our payout system, thoroughly audited all code and updates, and painstakingly tested all potential edge cases to ensure every aspect of our financial system was secured. We have taken full responsibility for this issue and our team has pooled together our personal funds as well as profits earned from the market and replaced all lost funds to ensure all users and vendors are whole and don't experience any loss whatsoever from this.
Moving forward:
At this time we can confidently say we have taken the necessary steps to ensure this sort of issue never happens again, we have thoroughly audited and tested the marketplace to ensure user funds are safe. We accept responsibility for what took place and will continue to uphold our high moral standards and integrity, we are committed to this community. We will be restoring access to all mirrors and users may continue conducting business as usual. The market will be live within 24 hours and we will begin working through all active tickets and vendor applications as quickly as possible.
We appreciate everyone's patience and understanding while we navigated this difficult situation.
-----BEGIN PGP SIGNATURE-----
iLUEARMKAB0WIQTdQpWcB5ai//hcKnVCgKWFssXUJgUCZfHhNAAKCRBCgKWFssXU
JtLqAgCpEaB+8jUGt2hNZbnrgF9dgkGpzF5fPufnP9ErOvekBgrxV4koDZSaypgl
lK8aPdrcjWPVo6sKNNsAdLFSRF4VAgCTlvOAO0ZWyVzkMuh5q+7UxTYPx214ToyY
I1c9bGA7QzYzdS4RXi8ogEHdYCAJzuzU14IPmins7iArP3/MiHPL
=lAMA
-----END PGP SIGNATURE-----
/u/Ganymedes · N/A votes · 13th March, 2024 - 18:27 · Link
At the end of the day Super suffered a wildly unfortunate bug which did not exploit any of the systems they themselves implemented in the market. Even so, with a lot of user/market funds lost, instead of exit scamming like every "sane" person would do they dipped their little bear paws in their own pockets and replaced affected user/market funds with their own. This is very responsible handling of an extremely serious problem that would have broken most contemporary market admins mental game. Fucking good job Super, I'm sure you'll make that all back very soon!
/u/newbieforever2018 · N/A votes · 13th March, 2024 - 20:21 · Link
Very well stated. This goes to character and it is on full display for all members of Supermarket to see.
/u/partytime · N/A votes · 13th March, 2024 - 22:08 · Link
As I commented already elsewhere on this thread, the SuperMarket staff are, imo, quite honorable, honest, and respectable. I've known MommaBear since before The Hub went down last year, and have had solid relations with her througout the time SuperMarket has been running.
/u/indigo2013 · N/A votes · 13th March, 2024 - 17:31 · Link
Maybe I am just dumb and misunderstanding, but what happened to the xmr wallets that were drained? Someone used the bug to exploit the market and steal the funds?
/u/MommaBear · N/A votes · 13th March, 2024 - 17:42 · Link
The bug was in the Monero RPC and did not appear to be exploitable by users. So even though our automated payment system only sent a single request to send out a payment the payment was duplicated several times over.
/u/Cryptobender999 · N/A votes · 13th March, 2024 - 17:58 · Link
So are those funds lost sort of as if you made a double payment to cancel the transaction or have some of the funds been located in wallets? Probably extremely hard to track due to XMR's RingCT
/u/MommaBear · N/A votes · 13th March, 2024 - 18:00 · Link
We are aware of the users that received additional funds, however with the nature of the DN they can be considered lost. We have replaced the lost funds with our own.
/u/wrseh10 · N/A votes · 13th March, 2024 - 19:47 · Link
Now that duplicate payment I saw the other day makes sense. We have 2 doubles to return. We answered your D.M just now.
/u/partytime · N/A votes · 13th March, 2024 - 22:06 · Link
Kudos to you, mate. Rare to find such honesty on the DN, imo. All the best of luck to your team!
/u/newbieforever2018 · N/A votes · 13th March, 2024 - 20:21 · Link
Good on you sir!
/u/Cryptobender999 · N/A votes · 13th March, 2024 - 18:07 · Link
Gotcha that's awesome of you guys team thank you for being so transparent about this issue and your plans moving forward. Much love /u/MommaBear
/u/newbieforever2018 · N/A votes · 13th March, 2024 - 20:29 · Link
To those who caught bans, not sorry! To those who willingly and with full knowledge of what you were doing partook in the theft of this markets funds may IRS auditors rain down their full wrath upon you. Some things were left unsaid but were not unseen.
/u/[deleted] · N/A votes · 13th March, 2024 - 20:42 · Link
[removed]
/u/BehindBars · N/A votes · 13th March, 2024 - 20:59 · Link
Yes, we're more concerned with the people acting maliciously stealing funds than developers who personally covered the losses. If anything this event is a true testament to Supers credibility. gtfo
/u/newbieforever2018 · N/A votes · 14th March, 2024 - 00:11 · Link
Right on!
/u/partytime · N/A votes · 13th March, 2024 - 22:04 · Link
I have been in contact with MommaBear during this downtime at a few points. The transparency being displayed here is consistent with my long-term relationship with MommaBear and the SuperMarket team. Honest, open reporting is in the post, and a full explanation of what occurred as I understand the situation. In keeping with MommaBear's discretion, I won't name the person responsible for this mess, who openly and intentionally posted the exploit for everyone to see. My anger at that act is beyond my ability to convey. That goes for those who deliberately stole from SuperMarket as well. You know who you are, you scummy bastards (yes, I'm swearing in a post I'm so angry). So remember, mates. If you find a bug in a market and are unsure what to do, message the market staff privately here on dread, or on the market itself. HugBunter and Paris may also be contacted through the Mod Mail in /d/dread (MESSAGE THE MODS button in lower right corner of the sub), especially for superlist markets (Super is Pending on the superlist at this time). This is mentioned by Hug on another thread. Again, my admiration and respect for the Super Market staff over the handling of this issue. I know of no better team on the DNM's.
/u/newbieforever2018 · N/A votes · 14th March, 2024 - 00:10 · Link
And if it seems like everyone is ignoring you then you can even post a topic here on /d/super titled "Found a bug, who to tell? " without mentioning what the bug is. This really works!
/u/snowbunni · N/A votes · 13th March, 2024 - 22:45 · Link
REPLACED ALL LOST FUNDS?? WOW!!! SUPER DUPER!!! :DDD THANK YOU FOR BEING A STAND-UP HUMAN BEING!!! <333
/u/Amer1canSpirit-PR · N/A votes · 13th March, 2024 - 23:07 · Link
Thank you for being soooo transparent and honest /u/mommabear SuperMarket is fantastic YOU GUYS ROCK !!!!
/u/zelaphishio38z · N/A votes · 14th March, 2024 - 00:10 · Link
Thank you @MommaBear
/u/floatthisway · N/A votes · 13th March, 2024 - 17:31 · Link
[removed]
/u/empathogene · N/A votes · 13th March, 2024 - 17:34 · Link
Incredible response. Thanks so much folks.
/u/iflipdaily · N/A votes · 13th March, 2024 - 18:08 · Link
[removed]
/u/TexasBoy713 · N/A votes · 13th March, 2024 - 18:26 · Link
Just to be devils advocate arent thety vendors also?>?? im not saying its happening but vendor exit scam tooo just to see both side of the coin in some light
/u/partytime · N/A votes · 13th March, 2024 - 22:10 · Link
No, MommaBear and the other staff of SuperMarket are not, repeat NOT, vendors of any kind. They are, as /u/iflipdaily says, they are a solid team with exceptional ethics for the DN. I stand with them in this troubled time, and have no issues using SuperMarket in the future.
/u/DeeMsTer888 · N/A votes · 13th March, 2024 - 18:40 · Link
Brilliant news. Thanks for the update
/u/MsLadyMelody · N/A votes · 13th March, 2024 - 18:45 · Link
Plus one vote from me. Sadly I tried to calm a few peoples nerves because as you stated, people are going to be freaking out over the whole ordeal. A few people was understanding but there was that guy who aspired for a GED that just went berserk and nothing anyone said mattered. I'm glad to see you guys come back online and even more excited to take my account out of vacation and proceed with business as normal on your marketplace. As I see other peoples comments I will direct them here so they can be relieved over the downtime. It's truly admirable of you guys to pool your own funds together to get the situation resolved!!
/u/newbieforever2018 · N/A votes · 13th March, 2024 - 20:23 · Link
Indeed!
/u/Giffie · N/A votes · 13th March, 2024 - 18:48 · Link
Thanks for the clarification mate! Keep up the good work
/u/NorthenCorridor · N/A votes · 13th March, 2024 - 19:00 · Link
Awesome update!! very shitty situation but handled amazingly!!!! Can't wait to get back home!
/u/psyalienkidd · N/A votes · 13th March, 2024 - 19:24 · Link
Bears rising! Great work guys
/u/boogieshoes · N/A votes · 13th March, 2024 - 19:43 · Link
Thanks Super support. Ready to get back online.
/u/newbieforever2018 · N/A votes · 13th March, 2024 - 20:30 · Link
Bravo to you and your team /u/MommaBear
/u/mzMEs8z1r4ID14J5 · N/A votes · 14th March, 2024 - 00:22 · Link
Awesome work guys! This says a lot about your market and team, and I hope a long and successful runtime and peaceful retirement to you!
/u/[deleted] · N/A votes · 14th March, 2024 - 01:39 · Link
Marketing move to gain more trust? All I see is Lorem Ipsum signed by you. Yes, you can downvote me.
/u/Flitti2 · N/A votes · 14th March, 2024 - 21:54 · Link
sebastian 😭😭😭😭
/u/[deleted] · N/A votes · 15th March, 2024 - 00:13 · Link
It's SEB
/u/Kingscrown · N/A votes · 14th March, 2024 - 02:15 · Link
Definitely respected. Everything was up front. Only thing was in question was when the market would be back, not if.. Hats off to /u/MommaBear /u/FatherBear for their full transparency and getting everything under control.