This is starting to prove -- the hard way -- why regulations, certifications, and all that other stuff that feels like meaningless overhead the majority of the time has become a grudgingly accepted part of our lives.
It comes back to the most difficult problem: you inevitably need to trust someone, so how do you minimize your risk in that trust? I always thought the Bitcoin trust issues would revolve around the inability to trust that a service would be delivered once the provider is paid -- something that could theoretically be worked out with their reputation over the long run in a free market.
But it's unsettling to see that breaches like this don't evidently leave the impression with the Bitcoin community that a believer in the free market might hope they would, that providers in this market might not be driven to produce quality and reliability because somehow there isn't the demand for it.
Banking, as regards regulation, is a special case.
If a taxi company or a pizza company goes belly up, people shake their heads sadly and move to a competitor. The free market is the best arbitrator.
If a chain of banks goes belly up and people's life savings are gone, you get rioting in the streets. That's the kind of situation that let Hitler into power. For the sake of preserving civilization, governments act as the de facto underwriters of bank deposits. This free insurance is an effective subsidy, and people don't give you free money without demanding control to go with it, so it's inevitable that governments end up having a say in how the banking business is carried out.
People put their fucking life savings into Bitcoinica. If that starts happening on a large scale - if Bitcoin becomes a major currency, and people have the opportunity to put their life savings into bitcoin banks - then bitcoin banks will start being regulated, just as fiat currency banks are. As a libertarian, I'm not entirely happy about this, but we have to deal with the world as it is, not as it should be.
The reason that bank runs and failures are so destructive is because of the state build cartel, driven by central banking. That was built in order to prevent competition and to let fractional reserve(which is in essence fraud) to run wild.
The only reliable way to ensure stability in banking is to separate it from the state and let the free market do what it does in every industry known to man, weed out stupidity and fraud.
Except, of course, that there's no way to tell as an ordinary customer whether your bank is genuinely secure or just following cargo-cult security until they get hacked and lose all their money. There's also no way to make sure that your bank isn't using fractional reserve banking until there's a bank run and it fails.
And that's assuming people are rational and wise. They're not. For example since the Bitcoinia failure, the free market has lead to a whole bunch of Bitcoin users investing in something that has all the hallmarks of a ponzi scheme and accusing anyone who points this out of trolling and slandering the guy running it.
The competitors of a bank practicing fractional reserve and cargo-cult security would have a major incentive in pointing that out, in order to gain market share.
The free market does not lead people to nothing. What 'it' does is to reward lucrative (i.e. economical and profitable) behavior and to punish stupid ones. It is a form of social organization with an embedded stabilizing mechanism.
The same could be said of centralized banking, or centralized anything, as could be more easily seen on the more socialist economies of the soviet block.
Given that, let the people invest their money as they see fit, and punish fraud (including fractional reserve banking) as the crime it is. Simple solution.
"But it's unsettling to see that breaches like this don't evidently leave the impression with the Bitcoin community that a believer in the free market might hope they would, that providers in this market might not be driven to produce quality and reliability because somehow there isn't the demand for it."
It is not as if the regulated world is all sweetness and light with no problems. The LIBOR scandal involved lots of violations of law, ethics, and regulation, for instance, and as the rot is found to go deeper that only further proves regulation can't cure all ills. Compare only the benefits of any thing with only the negatives of another and you get a predetermined result.
BitCoin is only about a billionith as old as the regulated money system. Growing pains should be somewhat expected. (And I say this as someone who does not generally believe in it.)
But it's unsettling to see that breaches like this don't evidently leave the impression with the Bitcoin community that a believer in the free market might hope they would, that providers in this market might not be driven to produce quality and reliability because somehow there isn't the demand for it.
This time, It's simply bitcoinica users are caught waiting for a refund after the second breach. They ARE NOT using bitcoinica, at all. The site have been offline for months.
> that providers in this market might not be driven to produce quality and reliability because somehow there isn't the demand for it
Also, the market is young and small and very inefficient as yet. The tools for allowing market participants to reasonably evaluate trustworthiness of service providers don't really exist yet.
You can't really blame that on "lack of demand for quality and reliability". Give it five years and try your analysis again.
As the big banks in the USA have proven, government regulation is definitively not the answer to the question "How can you know whom to trust?”
A common sentiment: “Big Government doesn’t work.” No, it doesn’t work. But in many cases, it’s less broken then no government a/k/a The Free Market. I’m reminded of Winston Churchill’s quip: "It has been said that democracy is the worst form of government except all the others that have been tried.”
It could be that trusting democratic governments to manage a monetary system is fundamentally unsound. I’m listening: What alternative do you propose, and how is it going to scale beyond protecting the few wealthy info-elite that can protect themselves?
>how is it going to scale beyond protecting the few wealthy info-elite that can protect themselves?
This is why I have trouble with Bit Coin. I actually like the idea of Bit Coin, a predictable monetary policy that has many of the advantages of a traditional inflationary economy, but without the ability of a political entity to make short term fixes that screw us over in the long term. But the problem is that we're transferring elite status to a different group of people. In the end, your ability to mine coins, process transactions, protect yourself and transact business using a non-trivial system is an advantage and screw everyone who doesn't get it. If you don't have advanced hardware and cheap electricity, you're disadvantaged. If you don't know how to use a mouse, you're disadvantaged.
I wish I was smart enough to come up with a better solution.
Without any rules, there is no such thing as personal property and therefore a free market cannot exist. You're describing anarchy, where people take what they want by force.
You're free to move to someplace where they do not impose taxes, like Somalia.
Of course, you will have to vie with various competing warlords, all of whom will demand "protection money", but that's the price of freedom from taxation.
It's necessary to have a framework that makes taking the correct action more rewarding or less punitive than taking incorrect action.
We mostly rely on government to handle this. It's not perfect and it works in some folks' interests more than others, but I feel comfortable saying that it does increase the cost of most socially undesirable activities beyond their worth to most people most of the time.
Is it possible to come up with similar protection for Bitcoin without such an authority? I think you have to find a way to introduce risk for people handling Bitcoins they don't own, where they've got an amount of their own Bitcoins held as a security that could be forfeit if they fail to meet obligations.
But then, who holds the security? Who determines if it's forfeit? This doesn't have the feel to me of a situation that can be handled without human interaction, but I would definitely be intrigued if somebody figured it out.
I think it's considerably more complex than that, and not at all a red herring. I agree it's a coordination/network problem either way, but you would need actual evidence to argue that some methods of coordination are better than others.
I've read a reasonable amount about currency history, and the U.S. government's stewardship of currency in particular is not bad imo. Its stewardship of the banking system leaves more to be desired. I'm not sure its stewardship of the banking system is worse than what we had in the "free banking" era, though. You don't really have to be against markets to have an ordoliberal-style view (vaguely following Hayek) that markets work best within certain frameworks, as opposed to having a view that anarcho-capitalism will always produce the best solutions (more following Rothbard).
Saying that government regulation for financial markets is a red herring is like saying that SSL for ecommerce is a red herring. Sure, it's imperfect. It's not a complete solution. It gets circumvented sometimes. It creates a false sense of security sometimes. The people who run it do embarrassingly dumb things sometimes. But there's still a big difference between marketplaces with that protection and marketplaces without it.
> Unbeknownst to us, Tihan was using the mtgox api key as the password for a website called LastPass.
Unbelievable. They decide to use a password escrow service... and use a duplicate password to secure it. This is 100% cargo cult security. Clearly whoever did this had no idea what the value of LastPass was, just that it was what all the cool security kids were doing. The choice of the high-value BtGox key was (staggeringly) unfortunate, but any dupulicate would be equally ignorant.
It's even beyond using a duplicate password which as you point out is ignorant. They were so unclear on the concept that they used a password that was written down into their source code, and once that source code was stolen they didn't change that password!
They also failed to utilize the two different free multi-factor options LastPass offers (not to mention the premium ones).
LastPass tries to educate people and push them on not utilizing the same password anywhere with a security challenge, but that clearly didn't teach the concept here.
Their last breach involved losing access to their email: info@bitcoinica.com -- so what email did they use here with LastPass? info@bitcoinica.com They didn't utilize the security email either.
It is all unbelievable.
How do we drag this out of cargo cult security?
I see some are pushing certifications; If I made a free LastPass certification that both proves you understand the concepts, and that you're currently putting them into practice by showing that you/your company has multi-factor enabled would people demanded it?
I have no idea why their BTC are siting in a MtGox account, online. Any and all bitcoin that are not being used for transactions with customers should be squirreled away into a cold wallet immediately.
If they did that, they will only have 40 K USD gone instead of also 40 K BTC gone.
Bitcoinica is far the most toxic investment of my career. I still applaude founder Zhou Tong's bravery for creating it and wish dearly that the change in management had never taken place.
Bitcoin technology holds great potential but I fear there are still many hard lessons ahead.
The app and its infrastructure was created by a single, very inexperienced programmer. The app's original author, Zhou Tong, is only 17[1].
Not that age is an indicator of experience in general, but it's certainly the case here. I'm honestly shocked at the amount of trust placed in Bitcoinica.
Agreed that you are not personally responsible for this particular attack, though I see it as the latest in a series of cascading failures, beginning with the initial attack. It's the lack of consideration of security - that can only be baked in from the outset - that's the real root cause.
If the application had been self-hosted in a physically secured location, the attack that exposed the LastPass credentials would not have happened (email reset of root passwords). It may not be cool, but the cloud/consumer-level hosting is not appropriate for applications handling large sums of money.
Agreed. But one of the team members explicitly released the source code and that caused the hacker to correctly guess LastPass account. (At least this is the most "right" version of the story I've heard.)
Right now, as we speak, Bitcoin users are entrusting their money to an investment scheme that has all the hallmarks of a Ponzi[1]. We're talking 9% monthly interest if you invest enough bitcoins, utterly implausible explanations as to what the money's being invested in, a seemingly limitless capacity to swallow up new funds, and probably a whole bunch of other things I've forgotten. As far as anyone can tell, there's at least 32 thousand Bitcoins (about $240k at current exchange rates) invested in this scheme[2], possibly much more.
AFAIK Bitcoinica was the only site offering BTC derivatives, so presumably some people figured the potential profit was worth the risk. More generally, all Bitcoin exchanges seem to be run by amateurs, so people have to deal with them to cash out.
Derivatives as in options/futures/swaps/even more exotic?
That is quite possibly the scariest financial product ever devised, assuming there was nobody putting together complex products based on Zimbabwean currency during their period of massive inflation.
I wonder why. There seems to be a huge gap in the market for a professionally run enterprise here. Or at least, anything more focused beyond students half-assing it part-time.
Bitcoin market activity may not be large enough to ever pay back the significant cost of building a secure exchange. Also, as TradeHill and CampBX discovered, people just won't move off of MtGox no matter how bad it is.
People won't move off of MtGox for a simple reason: it has by far the best liquidity.
The only way for another exchange to get a foothold would be to offer similar liquidity, which would mean taking the other side of most trades themselves. This would be very risky and they would need deep pockets.
Putting aside the way the Bitcoinica account got compromised, I wanted to mention that I learned the hard way that either Mt.Gox is rife with security holes or a lot of these breaches are actually insider jobs from someone working at MtGox : A month back I realized that I had around 40 BTC lying around and decided to sell them on MtGox. First, my Mt.Gox is mostly inactive, so I actually had to reset my password and setup a new one that I had never used before. Then, after I sold my coins, I realized I cannot transfer my money to my Dwolla account; MtGox needs a scanned copy of my SSN! While I was deliberating whether I should trust MtGox with my SSN, 24 hours had passed, and I got an automated email from MtGox saying my money had been converted to bitcoins and has been transferred! Everything gone! So, the fact that :
1. My account was mostly inactive.
2. I had recently changed my account password to a new more complex one : 2 upper caps, 5 lower case, 2 numbers and one special character.
3. My money was sitting in my account for only 24 hours.
4. The time between my money getting converted to bitcoins and the actual transfer was just a few seconds, as if an automated script scans all accounts and the performs some tasks on them.
So, in short, please don't put all the blame on Bitcoinica. Something's wrong at MtGox too :)
Not that there aren't any keyloggers for Linux, I never found anything suspicious, nor have any of my other accounts been breached into. But yeah, if there is a keylogger, I bet it got installed from the Mt.Gox website itself ;)
I would've thought that no one would keep using Bitconica after their first major breach but here I am, shocked by the fact that people still kept trusting them with their Bitcoins
I've lost count of how many times they have been breached. Why don't they get independent pen testers and get them to test their system? Surely paying a pen tester $5k is much better than the amount of negative publicity you get when you lose $350K
This seems like it has turned into a game for the hackers now. Bitcoinica get breached, re-load their defenses and then its just a matter of time before the hackers get in again.
I don't think anything nefarious is going on, but it would appear there is little or no consequences for breaches which makes it a low risk, high reward opportunity.
If I were them, I'd kill the business, completely start over with a new company name, new site, new everything. As long as they're in business, they are going to remain a target.
Is it really that hard to imagine that this is an inside job? Come on... 4 or 5 big money-losing breaches? To the tune of what? A million dollars? And nobody is talking about cooperation between insiders and this "hacker" ?
Hanlon's razor. If anything, attacking via their hosting company shows bitconica are more secure than the vast majority of internet companies. The attacks took more effort than those on HBgary (a dedicated security firm), LinkedIn, Lastfm (who I know have more clue than most internet companies), ....
Even in 2012, internet security is still a joke. There's no need to invoke conspiracies.
OTOH when we keep hearing about the hacks, it's always something stupid. They are making amateur mistakes, so it's no suprise that they keep getting hacked.
That's a fallacious argument. The reason it's mainly used by criminals and speculators is because it's brand new, as far as currencies go. If Bitcoin had been used by lots of people already who then abandoned it, you might be able to make the argument you're trying to make.
And one thing I've noticed it increasingly being used for is basic (small-scale) financial services - for example, loans.
I doubt people are stupid enough to conflate Bitcoin with 3rd party websites that use bitcoins. Maybe a few will, but the success or failure of Bitcoin does not ride on a what a few dumb people do.
And Bitcoin does not have a "brand." You could say, and probably meant, "reputation."
> I doubt people are stupid enough to conflate Bitcoin with 3rd party websites that use bitcoins.
Well, some of the most touted features of Bitcoin are that it's anonymous, untracable, and unfettered burdensome mandates like FDIC insurance and PCI-DSS compliance.
In this case, those features mean in all likelihood the thieves won't be traced or punished, the depositors' money won't be returned, and there was no independent auditing to catch crap security practices.
High profile thefts might make people think they don't need the features that Bitcoin is offering.
It is worth noting that (some of) the people behind Intersango acquired and took over operations of Bitcoinica just before the recent hack that took Bitcoinica offline since May 2012 (see https://bitcointalk.org/index.php?topic=81581.0)
Intersango is currently the second largest bitcoin exchange after MtGox, and the largest bitcoin exchange for GBP (see http://bitcoincharts.com/markets/)
"Having never suffered a break in or major technical error, we are confident in our abilities to lead bitcoin into its rightful place in the real world."
Some blame for the May hack could be arguably attributed to Zhou Tong, however, having taken over for 3 months since...
Mt. Gox offers two-factor authentication methods (Yubikey and Google Authenticator). Neither was used. Lastpass offers two-factor authentication methods (Yubikey and Google Authenticator). Neither was used.
I'm not sure either, but apparently the person running the scheme has a 32,000 BTC ($250k USD) wallet so I'm guessing a lot of people must've bought in enough to send him a lot of money:
If the money were funding a payday loan shop, that's the kind of interest rate they charge to their customers.
ie, take in money via Bitcoin, loan out dollars to poor people as payday loans at very high rapidly compounding interest rate, pay somewhat smaller interest rate to Bitcoin funders.
I don't think payday loan shops are ever constrained by the amount of capital they can loan out, though. If they were, it would be trivial for them to borrow money at normal rates (say 10%) from a traditional bank and solve that problem. I'm sure they are much more constrained by the physical locations/marketing/accessibility of customers/etc and no money at 3000+%/year is going to help them solve those constraints.
Yep, but the transfer didn't happen until today. He might have had the passwords all along, that's a different thing.
In May, the equivalent of some ~90K US$ were stolen.
Today, 40K BTC + 40K US$ (amounting to ~350K at current valuation) were transferred out of Bitcoinica's MtGox account. Different issue and it definitely doesn't explain the recent rally.
I know nothing about bitcoin, can someone provide a tldr about why it is (seemingly) so difficult to build a secure site around exchanging these things?
I don't get how you can simply "Loose" a few hundred grand without a horse head winding up at the food of your bed.
If you run a service where you need to pay bitcoins out to users then that means your systems have to respond to user input and send money to them.
It turns out this is pretty tricky to secure.
The current popular strategy is to have hot and cold wallets. A hot wallet is online and can make payouts automatically.
A cold wallet is kept offline (airgap) and brought online by a human being to refill the hot wallet when it is running low. This only really makes sense if your service needs to secure large amounts of bitcoin for a long time without using them.
This recent bitcoinica hack is pretty inexplicable, they were keeping a large amount of coin in an account at an exchange called MtGox. This is effectively a hot wallet.
Lots of the bitcoin hacks have been security amateur stuff. E.g. MtGox was just storing MD5 hashed passwords. Unix added salts to passwords decades ago. The people making this sites don't know about security.
I know there is a temptation to blame bitcoin itself here, but wow... this is just some amateurish security on the part of these bitcoin sites. If the big banks were doing this, it would be cataclysmic disaster. Instead, the big banks have found other ways to drive themselves (and your money) into the ditch, and it dwarfs anything that bitcoin sites can manage to lose.
Using passwords after they've been known to be compromised. Check.
Storing passwords protecting north of a million dollars in an online password storage system and not even using the provided two-factor auth. Priceless.
This is just like the Mtgox guys claiming the bcrypt was not good after getting caught using unsalted MD5.
This is amateur bullshit and the lack of actual penalties makes me think I should have finished the exchange I started writing. You know, one where I would have the common sense to store financial values as decimals and not floats.
These are such naively simple mistakes, it just is hard to fathom.
The first reply's conclusion is spot on
You failed to disable Mt.Gox API,
You failed to protect mt. Gox with a Yubikey,
You failed to change Lastpass password,
You failed to protect Lastpass with one of their many 2nd factor auth. (some free)
Surely you mean integer, not "decimal", right? I'm not an expert, but to my understanding none of the values in the bitcoin protocol are expressed as base-10 fractions.
It's a nit, obviously, but if you're going to ding someone for naive mistakes...
Fixed-point DECIMAL representation in the database is just as good as storing Bitcoin values as integers. Baked into the field definition is the amount of precision. And Python and other languages have features to work with fixed-point numbers. This approach relieves the mental overhead and complexity of converting to integers (which might overflow a 32-bit int) and back all the time.
I just looked this up (feel free to correct me if you think I've missed something): the value field in a TxOut is a 64 bit unsigned integer. It's true that by convention the unit is 1e-07 BTC (i.e. a decimal fraction), but nothing in the protocol actually cares, the "decimalness" is just in what you call it. Implementing this with decimal math is just wrong, and likely to break your implementation due to subtle bugs. Storing it in a database as a decimal fixed point is plausible as it prints nicely, but in no way would I consider that choice "just as good as" a quantity that was designed to fit in a native machine word.
Yes, the internal representation of Bitcoins is the 64-bit unsigned INT, but I'm talking about storing customer account balances, trade prices, etc. I would not use DECIMAL if I were writing an alternative client for Bitcoin or for some other software that must create network transactions at a low level.
Even the RPC protocol for the main Bitcoin client returns fixed-point numbers and expects non-integers for input arguments [1].
But I think we can all agree that using FLOAT for this kind of thing is just plain wrong.
(Ironically this is exactly what I was doing as the language I was using didn't/doesn't [actually rather annoyingly] support decimal types natively so I have various currency types which have different levels of precision and I store BTC as "natively" as possible). That and my code never progressed terribly far and it would have had many more (qualified) eyes looking at it from a number of angles (security, financial data, integrity, replication, etc) before it would've touched the Internet.
Password is stored on your iOS device and securely transported to the site you're login into when you scan a QR code. No more excused for duplicate/easy to remember passwords!
It comes back to the most difficult problem: you inevitably need to trust someone, so how do you minimize your risk in that trust? I always thought the Bitcoin trust issues would revolve around the inability to trust that a service would be delivered once the provider is paid -- something that could theoretically be worked out with their reputation over the long run in a free market.
But it's unsettling to see that breaches like this don't evidently leave the impression with the Bitcoin community that a believer in the free market might hope they would, that providers in this market might not be driven to produce quality and reliability because somehow there isn't the demand for it.