It's just that people have to understand that current Bitcoin service implementations are wrong. If you have Bitcoin private keys laying somewhere on your server, you are doing it wrong. If you're covering that by the fact that you have "cold storage", you are doing it wrong.
The only proper way to proceed is to use multisignature wallets. If you want to know why that's better, visit our explanation site: https://www.bitalo.com/why_bitalo
Fortnunately Bitalo is not the only service that provides this. More and more services were created lately, most notably:
With all due respect, I do not think multi-signature solves the real problem. The real problem is that Bitcoin transactions are irreversible, so even if we realize within hours that a hack has occurred, we can do nothing about it.
Banks as we knew them did not work this way. Yes, having to wait three days for settlement is absurd, but folks are working to speed that up (to just one day, haha). Yes, the fees add up. But the systems have been developed over a really long time, and they have multiple levels of protection against you losing all your money. In the US that's the FDIC and SIPC, for regular-sized accounts. There will never been a direct equivalent for BTC, precisely because no one's national security is tied to BTC. And most people won't buy deposit insurance at any price higher than the "free" one they get from their government.
Early adopters of Bitcoin spoke fondly of the fact that there are no chargebacks. That's a great way to reduce transaction costs. It's also a great way to make sure that when you get hacked (and you will) you cannot recover.
Compare this to the situation with ACH transfers (the US-only, low-cost "wire transfer" system). Anyone who knows anything about computers would be aghast at the technology comprising that system. The security appears to be pretty lame. Yet people do not lose their savings via ACH. Why? It isn't because ACH transfers are so secure--it's because the banks can undo them, which in turn lowers the incentive for thieves. This is a virtuous cycle, by contrast to Bitcoin's vicious one, and the way it works has nothing to do with technology.
> And most people won't buy deposit insurance at any price higher than the "free" one they get from their government.
It's a product that can't really be sold, because the only people buying would be fraudsters. Suppose a new bitcoin "bank" came to an insurer and said "we want to buy insurance against losing any of our customers' money". The insurer would, quite rightly, assume that the business plan here was to steal all the money and put the loss on the insurer. The insurer would assume that to even consider writing such a policy, they'd need to verify and stand behind every single aspect of the "bank"'s business operations, website, and so forth. The insurer would quickly realize that the premiums for such a policy would have to be extravagant, like 100% of the amount insured. And the insurer would decline the business.
The FDIC insurance "works" because of the large body of regulation and the mandatory enrollment requirement, neither of which exist in bitcoin-land. There isn't insurance for bitcoin banking, and can't be.
(Well, I suppose someone could offer fraudulent insurance - take premiums but have no intention of paying out. But that's just fraud, not insurance.)
I think a deposit insurance scheme could work very well if all (remaining) big players came together and decided collectively to create one. It would be widely publicised and it would be made very clear that no one should trust a bitcoin bank that is not part of the scheme. Such a scheme would have to include mandatory auditing of finances, QA and security.
So what I'm proposing is industry self regulation. That said, I doubt that any deposit insurance scheme could ever be large enough to cover losses of such enormous proportions as we have seen in recent weeks. The hope would be that utterly incompetent adventurers like Mt. Gox would never pass the audit.
A bank can verify, on a daily basis, that they still have "most" of their assets. And a lot of the assets can't be stolen in any real way. Banks owns a house - house can't be stolen. The legal process will get it back. Bank owns treasury bonds - can't be stolen, we know who is "supposed" to own them. Etc.
Occasionally there may be an unexpected asset leak (rogue trader or something). But the damage is still limited, it's still small compared to the assets of the bank. Barings lost something like 20% of all their assets - obviously disastrous, but they still had 80% left. And a failure that large is intended to be impossible to occur.
A bitcoin "bank", well, you audit it at 11AM and at 11:02AM it can have nothing, 0, zero. No insurer is going to sign on for that sort of risk at any price.
But I'm not suggesting getting insurance from insurance companies. I'm suggesting that every bitcoin bank should set aside some small share of its revenues to fund the industry's own deposit insurance scheme. That's how deposit insurance works in many countries. If the losses exceed the fund's resources then it's too bad for the depositors.
Insuring bitcoin banks (or rather storage companies) is not actually that problematic because losses at different banks are uncorrelated. That's a much simpler situation than insuring regular banks, which have loan loss risks that are strongly correlated. Recession -> unemployment and bankruptcies -> non performing loans at many banks at the same time.
You are right that regular banks cannot lose everything in a single event. But that's not true for many other types of insured assets. Fire insurance being one example. As long as there are many insured and the losses are not strongly correlated it's not a problem for insurers.
For every discussion about Bitcoin, I wonder if improving the ACH system and/or writing services on top of it would be a logical next step to make the existing banking system more user-friendly.
For example, Venmo[0] is simply an app layer over the ACH system. Sending someone money is as easy as sending a text on iOS, or an email on your computer. Payouts to your bank account can be same-day but usually take 1 business day.
Other than the pseudonymity (which is admittedly one of Bitcoin's stated value propositions), doesn't Venmo capture most of Bitcoin's advantages? What's preventing someone from using the Venmo API to, for example, write a reddit micro-tipping bot? Is it that an app having ACH access to people's bank accounts is scary?
Those aren't rhetorical questions -- I'm genuinely interested in knowing what advantages cryptocurrencies have for the layperson compared to an enhanced ACH system where security is already taken care of.
(I do use Venmo, but am not affiliated with the company otherwise.)
One of the big upsides I see to Bitcoin is the borderlessness of it. Where I live, we already have free same-day wire transfers we can initiate from internet/mobile banking, and services supported by all the big banks for cheap (15 cents fixed fee) instant transfers using cell phone numbers as recipients. I think most countries have similar services. But as soon as you cross a border, suddenly everything has 10x greater fees, you run into anti-terrorism/anti-money laundering regulation snags, and so on.
You mention fees and AML/anti-terrorism regulation...it seems that the major impediment to cross-border wire transfers and ACH is regulation, not a lack of infrastructural capability. Assuming most countries have the same goals with regard to regulation, it seems feasible to develop some overarching regulatory system which would permit international transfer. I wonder if one can transfer money easily within the EU -- that could serve as a next step or a guide to implementation.
Just brainstorming here. I really do suspect that most of the benefits of cryptocurrency are due to the way it interacts with technology, which can be imitated through just a bit of innovation in the banking industry. (Imagine banks allowing customers to script transactions, like Bitcoin, or providing direct APIs to bill-pay and ACH transactions.)
Irreversibility is not a bug of Bitcoin, it's one of its greater strengths. Just look at the numbers that Paypal/eBay and merchants publish about the fraud caused by reversing payments. It's counted in millions, if not billions already. What we need is a safe way to use Bitcoin with all its strengths, not to make it more similar to flawed solutions that we currently have.
No consumer protection is why bitcoin simply won't take off as a method of legally spending money online. I have no promise a merchant will deliver me what's promised (or anything at all, for that matter). And no recourse if they don't.
Bitcoin needs a solution to address this for it to be a valid way of spending money. And irreversibility, pseudonymity, and no regulation make it impossible.
A 3rd party escrow I have to trust. Also without regulation. Likely, consumers wouldn't trust such an entity unless it was rather large, already known, and otherwise regulated. Like a bank. Consumers can trust those. Of course, the bank would want an escrow fee. Probably on par with the standard credit card fees.
Yeah, see, consumers like infrastructure. Someone they can call with issues. And to know that it's not just a server rack in some random semi-secure data center run by another fly-by-night-hacked-next-week bitcoin startup. And that you have insurance on the whole thing against theft, fire, hacks, etc. And that you're properly following all the government regulations for being a money transmitter.
Please, don't ever send money nor coins to these guys, they're scammers. M4v3R used to run http://bitmarket.eu and lost all the users' coins while running some sort of (according to his own words) "hedge fund" around December 2012. Around April 2013, with bitcoin around $50 he "kindly" offered to reimburse everyone over time, valuating each coin at 10€ arguing that it was their value when he lost them. I told them wanted my 10btc, not money, and they still owe me to this day.
See https://bitcointalk.org/index.php?topic=134208.0
It's like communism. Every time it fails, the supporters say "oh, no, they were doing it wrong."
Really, I'm not going to go to your site to find out why this variation of the perpetual motion machine is going to work. And it's the "only proper way to proceed" which means if we find a problem in it, there is no proper way to proceed.
Last week on HN someone called a Bitcoin wallet a pressurized system that can in an instant lose everything. There is no room for error. The slightest hole anywhere and you lose, instantly and irrevocably.
The only proper way to proceed is to use multisignature wallets. If you want to know why that's better, visit our explanation site: https://www.bitalo.com/why_bitalo
Fortnunately Bitalo is not the only service that provides this. More and more services were created lately, most notably:
https://api.trustedcoin.com/wallet/
http://www.bitgo.com
http://greenaddress.it
Vote with your money, don't support "Bitcoin banks" that can run with your money any time they want.