It's the most common form of scam. The owner of the exchange leaves with the money.
That's why exchanges are regulated. Step one of the regulation is getting the identity of all the owners. Step two is having servers and backups on regulated soils so you can seize everything at any time and reconstruct the ledgers.
It's not visible at all, because you can sell coins which never existed because exchange transactions don't happen on the blockchain.
You start off selling maybe 100 bitcoins which you've 'created', so the value of bitcoins on your exchange is 100 higher than in your 'wallet'. No-one can audit that and no one will notice because it's a tiny amount compared to the total volume. The more you do this, the more popular your exchange looks and the more you can repeat it and get away with it.
Eventually you be holding only a tiny fraction of the exchange book in actual bitcoin having cashed out 90% of it generating large amounts of money for yourself in the process.
If it ever looks like there's a run and you can't provide people with their bitcoin you claim "hack".
By the time you exit scam and claim "hack" the missing coins are gone but really they didn't exist so there's nothing to trace.
This is a scam and a stupid one too. Each exchange creates a new wallet for you when you sign up. When you buying Bitcoins they go to your wallet and you can verify the transaction on blockchain.info. Remember that the blockchain is public!
An exchange who works like a normal eWallet, so your money are stored in their database only, is seriously suspicious. I understand there are people who will fall for these scams, but there are scammed people everywhere in the world.
Also, a serious bitcoin trader/buyer should always have the bulk of his Bitcoins on a personal wallet not on an exchange.
Transferring Bitcoin to an internal customer wallet on the public blockchain would be extremely expensive. Transaction fees are still north of $10 last I checked! So most every exchange combines wallets, and I don't think this will change anytime soon.
I'm not sure I understood correctly. Could you elaborate?
Wouldn't selling created bitcoin lower the price of bitcoin at your exchange? A lower price would attract USD and the exchange would leak BTC with people doing arbitrage.
Then if you claim a hack wouldn't you have to show that value moved to the hackers wallets and that value and the value you retain had to add up to the total value received in BTC? And if the "stolen" amount of BTC couldn't be shown to be in another wallet, wouldn't the fraud be discovered?
Re: "When you buying Bitcoins they go to your wallet and you can verify the transaction on blockchain.info."
Not necessarily. For example you can trade on GDAX (between ETH/BTC/LTC/USD) without hitting the blockchain. Once you "withdraw" your purchase and deposit it into "your" (because it's not really your wallet) wallet on Coinbase, then maybe.
Many of these "internal" exchange transactions are only reflected in their internal DB and not public blockchain.
I think the parent comment was referencing "wash trades", where you trade between your own accounts to create an illusion of active trading (or movement up or down - whatever your objective may be).
Currently this is very easy to do. Such trades are local to the exchange, so they don't register on the blockchain. If you execute them as "maker" (limit) orders, there aren't any fees either. So you can fake significant market activity for free.
You can mix the stolen coins. Change them to many different coins, shuffle them around in and out of different tokens. In the end, move everything back to BTC and sell on localbitcoins in some offshore country like Hong Kong or Macau (and spread this around too not to raise suspicion, so travel around different countries and sell couple BTC on every stop, open local bank account, deposit money, rinse and repeat).
In fact, one would need context to conclude that "crypto" refers to cryptography, and not something else like cryptozoology or cryptofascism. There's also probably at least one legitimate metal band with "crypto" in their name.
> At some point Bitcoin exchanges will have to realise that they need to be ~as secure as a bank is~ orders of magnitude more secure than a bank. For exactly the same reason.
Fixed that for you. Banks can accept risks to liquidity pretty readily because cash is centrally controlled. Considering that cryptocurrencies are hyper-liquid and are unrecoverable short of a hard fork in the event of a catastrophic event (e.g. with eth after the DAO hack), exchanges need to have measures in place which would be unheard-of at most other firms.
This is right. Lax security practices at a bank are "more acceptable" because stupidity can be partially compensated for. Stealing money from banks, even if you have the ability to spend it for years is very risky, can be turned back (for losses of banks and governments, not, of course, when normal people get hacked/scammed/...)
If we are to have currencies beyond the reach of laws and courts (which seems to be the point of bitcoin and the like), we will need actually capable organizations.
I wonder what countries and governments will do ? Because we all know that they won't actually have good security practices.
> Banks can accept risks to liquidity pretty readily
Depends on the size of the liquidity crunch. It's not exactly unknown to bring a financial institution to its knees for lack of liquidity.
> cryptocurrencies are hyper-liquid
How so?
> unrecoverable short of a hard fork
Which is the usual way of dealing with this. I can't think of any cryptocurrencies that are decentralised enough that a small quorum of people can't effect a substantial change.
> exchanges need to have measures in place which would be unheard-of at most other firms
What are they doing that's more than financial institutions? Startups selling coffee or whatever, sure.
As long as users don't care about security, the exchanges won't care as well. Once users care enough, then the exchanges will. I think crypto exchanges are demonstrating a flaw in our society's approach to security where people have been conditioned into seeing hacks as inevitable and being taught to expect to live with the outcome and have ways to dampen the impact (credit monitoring, credit cards that detect and auto block fake transactions, etc.). The problem is that, at least for now, there is no dampening impact with crytocurrency. One hack and you lose everything, with nothing to reduce damage.
> One hack and you lose everything, with nothing to reduce damage.
Exchanges can mitigate this by storing the majority of their funds in multisig cold wallets.
Users can mitigate attacks against exchanges by never sending all of their coins to an exchange. For cashing out I recommend to 1) send a small number of coins to the exchange 2) wait until those converted USD arrive in the bank account 3) go back to step one.
Exactly what this exchange has done : "The exchange added that the hackers did not manage to steal all the digital cash it held because a lot was lodged in a "cold wallet" - a secure store used to hold the assets that were not being traded."
Banks aren't particularly secure. I would guess that most banks are significantly less secure than most cryptocurrency exchanges. In fact I suspect that if you ran a cryptocurrency exchange with the level of security offered by a bank the exchange would be hacked in short order.
The big difference here is that if a hacker transfers large sums out of a bank, the bank can just reverse those charges, whereas with a cryptocurrency exchange those funds are gone for good (for a solution to this problem see Covenant-based vaults [0]). Not only does draining a bank require serious investments in criminal organization and rare knowledge it also leaves a pretty big evidence trail.
Exactly, banks aren’t “trustless”, which means they can work together to reverse these types of hacks.
When the Bangladesh central banks was hacked through an incredibly insecure backdoor and 2 Billion was stolen, the hackers ended up with only 100 million, and only through shady other financial institutions. Who knows if they’ll end up with anything since that money will be hounded through the financial system.
Trust has an important place when dealing with such large sums of money, sorry to say it cryptoheads.
Even in a complete compromise of banks systems you are not going to be able to run off with all their money.
You need to get your transactions into the batches somehow. And the batch needs to still pass all automated checks.
Then you need to stay under the limits set for the bank on the correspondent account at the other bank / clearing house.
Banks know this and really don't have nearly good enough security practices for running a bitcoin exchange..
Six-digit passwords are fairly secure when combined with strict limits on the number of attempts allowed, how much money can be withdrawn in one day, and heuristic fraud detection.
But is there any good reason to forbid users from choosing longer, more secure passwords while still limiting the number of attempts and doing heuristic fraud detection? You know, other than that sixty year old legacy system that stores your passwords in clear text and doesn't support any other format than six digits?
Not to mention that Indo-Arabic digits are almost universal, other characters are not. Picture a chinese or armenian with a password that uses characters from their respective alphabets trying to type it on each other's ATMs.
If the consequence of my account being compromised is the bank adjusting the numbers in the ledger back then the bank are welcome to enforce such rules.
If a bank said that customers were responsible for the money stored in the bank and that the bank could not undo transactions (from the POV of the genuine client) then we'd be demanding much stronger banking passwords.
Actually getting tens-hundreds of millions out of the traditional banking system is _hard_. Transactions can always be reversed, and you'll never pull out millions in cash without some serious questions asked.
Yes, if people accept fractional reserve banking for bitcoin. I'd actually assume that's how most exchanges operate under the hood but many people who buy into bitcoin for ideological reasons won't accept that.
A consequence of making that formal is that the total owned amount of bitcoin would be more than 21m, because the hacker would own bitcoin and the users would own bitcoin on the exchange.
As long as there isn't a bank run, that discrepancy would not be a problem, but it would deflate the currency, also seen as unacceptable to bitcoin purists.
That policy may appear unwise, but to judge banks' security, there is enough evidence available without resorting to any such theoretical model of what's secure and what's not.
And that evidence is pretty clear. I do not remember any hacking incidents resulting in large-scale losses to consumer, so they seem to be doing something right.
This would be a significant vulnerability if bank customers were sophisticated at security, and if those passwords were the only input into their fraud detection systems.
Simply because these are decentralized assets/tokens/etc being corralled ina centralized manner. Square peg in round hole. Bank security is still not secure, regardless of what we think today.
The only viable solution to this is to go DEX (distributed exchange) only. You control to keys, wallet and swap directly with other peers. Bitshares and others facilitate this already and it’s only a matter of time before the tools get easier and enough exchanges get hacked that people wise up.
For long term storage, that sounds a terrible idea. Do you really want to trust your savings to $20 of electronic components that aren't designed to last more than a few years?
Yes. Ideally, only money you should have on the exchange is stuff that you are moving around often. If you're trading you don't have a choice, but if you're just holding why not use a wallet you setup?
If I was building an exchange for crypto here's what I would do.
1. Encrypt you users private keys client side with a password only they know. Now I just hold encrypted keys my side.
2. When the user wishes to make an exchange I would create the transaction client side let them sign it and do the exchange.
This way funds are now encrypted by default at rest and if compromise occurs the thief gets encrypted private keys only. Hopefully the users chose passwords secure enough to avoid compromise.
It's not perfect, but can we finally move away from the hot wallet model.
p.s. If you want to build this, and require advice and backing let me know.
This would require to perform any exchanging on the respective blockchains, which is not how most crypto exchanges work, for various reasons (performance, cost, missing atomicity across different blockchains, involvement of non-crypto currencies, ...).
The ones that don't implement this centralized model are the decentralized exchanges like BitShares or Etherdelta. Those however can't deal with actual fiat currencies and they suffer from serious performance weaknesses, effectively resulting in them having much less volume than the big centralized exchanges. But they are pretty secure when it comes to hacking attacks - actually, if done right, they also work pretty much like you explained it, with the users holding the keys necessary to access their funds while they're on the order book.
That does not solve exchange take over and transaction reversibility/clawback until the settlement X days in the future which is basic tenet of risk mitigation.
The reason you cannot electronically rob Ameritrade is because NOTHING can be done immediately outside Ameritrade. Since the settlement is at least T+3 there's no such thing as "Obtain control in 30 seconds and be out of there 3 minutes later with the loot"
Delay for risk mitigation on exchanges are known. You transaction will settle on a 3rd business day.
After a wire is authorized by a broker (i.e. passed authentication and the person making a request is authorized to make it and the margin is satisfied and there's no block on the fed level), it will be posted by your bank on the same fed business day if the wire is authorized before fed cut off time.
Coinbase is a VC-funded shady co if it does not operate based on strict and known confines. Banks and brokers spell out the confines (new account rules/withdrawal rules/funds availability rules) at the opening of a new account.
You don’t need to hold encypted keys to do this at all and doing so only adds risks. The user password can be a private key generation seed. That is how a lot of web wallets work already.
The closest thing to what you describe is shapeshift.io or evercoin.com
Limitation of this type of system is you can’t have a true order book and transaction fees are higher since you are on chain.
If your exchanges occur on the blockchain, then you have to pay the fees of the blockchain and wait for confirmations. And at that point, why not use a decentralized exchange like EtherDelta.
What exactly are the requirements for building an exchange?
- Large amounts of capital, for one.
- If in the US, a banking license; Offshore, not a requirement.
- I'm not clear on how exchanges like coinbase source their crypto. Probably a totally stupid question but what happens to the cash I give coinbase after they go off to exchange it for say Ethereum? Do they have a network of whales that are selling them crypto for fiat for some sort of premium? Do they just hold crypto and exchange at market rates (which presumably exposes them to large potential loses)? I know they're linked to GDAX but this still doesn't explain how they source their currency initially.
Why do you think you need large amounts of capital? All an exchange does is match up buyers with sellers, and collect fees.
> Do they have a network of whales that are selling them crypto for fiat for some sort of premium?
This is basically exactly how it works. They have an actual exchange (GDAX) and they just do the exchange on GDAX, and then take an additional cut as fees.
> I know they're linked to GDAX but this still doesn't explain how they source their currency initially.
>Encrypt you users private keys client side with a password only they know. Now I just hold encrypted keys my side.
I still wouldn't trust you as an exchange. There's plenty of email/password dumps available.
>Hopefully the users chose passwords secure enough to avoid compromise
They won't.
They won't. They won't. They won't.
And keep repeating that until you hate the idea of exchanges ever holding secrets related to large amounts of currency/fiat that law enforcement will not pursue to reclaim your currency.
Almost all crypto operate by requiring only one actor authorise create a valid transaction. You loose your one-single-point-of-failure-private-key and its over, what's needed is a more sophisticated system at the protocol level which requires secondary authorisation.
Back when I held bitcoin this is what I did. I had two ledger nanos holding a private key and one private key managed by an online wallet, that shut down since. It was a really comfortable way of accessing my coins and it felt quite secure.
Hmm, I wonder if a centrally trusted third party could have prevented something like this? Maybe, just maybe, anonymous currency systems (i.e. cash and all equivalents), just aren't inherently secure so there's no real point in replicating them? Just maybe...
And that this is expensive.