As someone said before--do NOT buy XCP from anyone until this is fixed. Not on the DEX, not privately, not anywhere.
It sounds like the hacker is being cooperative, so probably a good guy and aligned with the success of the project and helping us to harden the code.
To resolve the situation, maybe devs could offer to pay the hacker a 'security bounty' to reward him for isolating this vulnerability and because he's been cooperative good guy, and also create a standing "security bounty" for anyone else in the wider community who finds exploits in the future.
Yes. Setting up a formal bug bounty system is definitely on our 'to do' list.
Cityglut, I know you have a lot on your plate, but when you have some time perhaps you can send out a wallet address for a security bounty fund?
If it turns out the "roll back" is 100% retroactive (and I get all of my XCP back on Poloniex), I will happily contribute 100 XCP to the bounty fund to get it started.
As a proposal for the community, perhaps we could send the first, say, [1000] XCP raised to the whitehat who exposed this exploit?
Will anyone else make a pledge to contribute alongside me?
