At the time bitcoin wasn't worth so much so trading out might have been more reasonable. The large increase in price has made the debt much more significant.
It's unfortunate that those that have deposited since then have subsidised those that withdrew after the hacks.
Getting a real security expert and swapping from Ruby to Haskell or something is not the solution - you can still have bugs. Most security bugs come from misunderstanding some layer of abstraction or failing to check permissions in all possible branches, etc. These bugs are usually small logic errors and are completely independent of the technology used to transfer algorithm to machine code.
There is no silver bullet. The only secure software is software that has been used by millions of people in millions of ways and been slowly but surely improved. This software will still have bugs to be found, but far less than something newly written.
EDIT: And unit tests are not the solution either - do you have a unit test to check for a timing vulnerability? I thought not... (Counting off one of the many ways I've heard to make secure software)
Like I said blaming software is not a legitimate excuse. And there is no silver bullet but there must be procedures and good practices that make it too demanding and hard where time + effort will be way greater then the reward.
If you have 100KLOC in a complex system, it takes 1 line to destroy the security of the entire application. Unless your procedures and good practices include each line being meticulously checked for security vulnerabilities then you're going to have security bugs. Generally the only way this happens is if the software is used by millions of people and can afford to have this kind of verification done. Random bitcoin exchange put up over the duration of 3 weeks is so far from this level that you can't even begin to define procedures and good practices.
Just don't trust random websites with your money unless you have some form of insurance. It's not a hard concept.
Except that a trade api should never be 100kloc. The key to securing services like this is to drastically reduce attack surfaces. A lot can be gained just from splitting the API up into multiple services and multiple levels.
The HTTP api that's accessible over the internet would not be able to connect to the database, instead it would perform its actions by making requests to multiple services, every service having the absolute minimum api endpoints required. A user creation service. A user details service. An authentication service. A trade submission service. A trades reading service. Each of these servers would run on different VM's, if the money is there, make that different hardware.
Where possible the data would be split into different databases, a trade database, a users database, a wallets database.
The different services would have their own login credentials to those databases, would not be able to even connect to databases they don't need, and their credentials on those databases would only allow them to execute the queries that they need to do. (If a database you use does not allow for fine enough access control the service would access the database through a middleware that does.)
If that seems like a lot of work, I bet you there are security professionals reading this laughing at it knowing this is just a sane basic architecture, and that I'm a rookie and they'd do a dozen more stuff.
My point is just: Even if there's a 100kloc in your system, it doesn't mean it's impossible to secure. Even a 100kloc system will have a limited attack surface that can be divided, and controlled.
A cool way of introducing some additional proofing of your system is to do what big-science researchers do. Have two teams develop the same services, preferably in different languages. Then have a middleware in front of your database that requires for every action the request be sent from both services, and that the request be identical. As a side benefit your service would be quicker to reveal bugs in production as well.
There is no magic bullet but there are bullets. Certain programming practices can dramatically reduce the risk, as can certain environments vs. others.
There's not much to publish. If you can't view the source, and it doesn't run on your computer, and you can't easily migrate from one to another then you can't trust it and shouldn't use it.
While I'm not implementing a crypto currency exchange, I will still have to disburse float based funds over short periods of time. As the site code will be responsible for this, there exists a hypothetical opportunity for a bad agent to break in and siphon off those funds. I'm toying around with making it impossible to withdraw funds once they are deposited by a user. If funds were limited to penny value drips to keep instances running, the site could be made aware of larger transfers of value out of given addresses. If that was noticed by the system, another secret system could 'pull the plug' on the API tokens for the Coinbase API. I'll need Coinbase to implement token revokes in their API...
Better, if the code is Open Source, I can have more eyeballs on it to prevent such an eventuality. You can review my code here: https://github.com/StackMonkey. The pool controller is the one which will need to be closely scrutinized. The appliance can only watch incoming payments, so it's not really that venerable. I choose to make all this code Open Source because it will be in charge of customer funds and, more importantly, the infrastructure of the Internet.
Moving forward, I don't think it's a good idea to use anything hooked up to your Bitcoin float that isn't Open. Still, it's a choice people can make freely, even if it's a poor one. Education matters.
Regulation will not help, because the problem that causes this kind of stuff is embedded in bitcoin, but called a feature: Transactions are not reversible, and nobody can make transactions on a wallet other than the owner.
So in a system built around this, any hack, from good old Mitnick-style social engineering attacks, to something purely technica, will cause irreparable loss. Any computer , network, or even individual that has control of enough coins will have a huge target planted on their heads, because all thefts are final.
The security systems on a regular bank do not put fraud avoidance as their number one priority: That's just number two. What they really care about is fraud detection, because for most forms of fraud, and especially the ones that could ruin a bank, early detection allows them to undo the damage. If I could take a billion from Bank of America, and there was nothing that could be done about it after the fact, there would be millions of people working on finding ways to do just that. The payoff would be too great for it not to happen multiple times a year.
So the best the Bitcoin fanatics can hope for is for the major thefts to be rare. Still, they will happen, it's just unavoidable when the stakes are that high, and the rules so in favor of the thief.
Other commenters here have mentioned n-of-m multisignature transactions. This article describes how multisig works, and how it can be used to implement better arbitration than what's been possible with traditional payment systems.
Unfortunately we're in the early days of Bitcoin here: support for multisig isn't common, and neither is the awareness of just how important it is for large transactions. We'll get there though.
Wouldn't multisig on an exchange prevent the use of cold wallets? It wouldn't be possible to move funds to/from hot and cold without a signature from the depositor.
It would also make trades a little more difficult in that users that are slow in signing off a transaction slows the trade down. The buyer has to wait until the seller has performed an action. Could you DoS an exchange with multiple buy/sells that you don't release?
I was mostly responding to the claim that Bitcoin transactions aren't reversible.
To your point: I suspect multisig doesn't help solve the problems we keep seeing with exchanges. An exchange converts between currencies, and wants to make transactions easy. A bank keeps your money safe, and wants to make transactions more difficult to that end. Unless you're a currency day trader, I don't see a reason to conflate the two.
Personally, I'm appalled by the fact that we've built a system that makes it easy for individuals to secure their own funds, and yet we're using it to entrust funds to third parties who don't have a clue. All in good time I suppose.
You're still at a point where you require someone's reputation to be worth more than they'd gain from fraud.
Say A buys from B with C as arbitrator. A can pay C to claim B never sent the goods and both A and C will be better off (A gets goods for a fraction of what he would have paid B, C gets fees from both parties plus a bribe).
Sure, arbitration requires a trusted third party. Look though, the situation is a huge improvement over what we currently have:
1. Arbitration services can be decoupled from payment services. With multisig, buyer and seller get to choose an arbiter they trust based on reputation, jurisdiction, experience arbitrating similar kinds of transactions, etc. This is an unbundling of what credit card companies do today and opens up an entirely new and competitive market. As your scenario shows, reputation will be everything for these new companies. Evidence of foul play will be disastrous. However, in the less-than-competitive market of bundled payment and arbitration services we have today, evidence of foul play in arbitration doesn't even seem to make a dent (consider PayPal).
2. Which brings up another point: arbitration with multisig is safer for buyer and seller. In their dual role as arbiter, PayPal can and does freeze funds in transit indefinitely. A Bitcoin 2-of-3 multisig arbiter cannot do this if both buyer and seller agree there was no problem. The arbiter is simply outvoted.
3. The flip side of that is: arbiters don't have to get involved at all in the vast majority of transactions that aren't disputed. They don't have to process payments. They don't have to transfer money. They don't need all that infrastructure. They only get involved in settling disputes, in which case they cast their vote by signing the transaction to the buyer or seller. This should make arbitration services cheaper and more efficient on the whole.
4. Finally, unlike current payment systems, Bitcoin makes arbitration services optional. Whole classes of transactions suddenly become cheaper because of this. In the current system we're paying for arbitration services we don't even need. I'm not going to dispute that $3 charge for a cup of coffee. If you're friends and family making a larger payment to me, I don't need arbitration either.
Like Eli Dourado, I also think we're on the verge of some very interesting things happening in arbitration:
"What excites me most about the decentralized arbitration afforded by multisignature transactions is that it could be the beginnings of a Common Law for the Internet. The plain, ordinary Common Law developed as the result of competing courts that issued opinions basically as advertisements of how fair and impartial they were. We could see something similar with Bitcoin arbitration. If arbitrators sign their transactions with links to and a cryptographic hash of a PDF that explains why they ruled as they did, we could see real competition in the articulation of rules."
Bitcoin has a multi sig safeguard you can make it impossible to move funds without 3 people agreeing and signing the transaction. None of these clown run exchanges pay core Bitcoin devs to help them set this up so they get robbed. Incompetence + greed + laziness, they don't want to manually do transactions.
I won't speak to this particular case, but look at the incentives for any service that stores people's coins:
-You can cash out (steal) an arbitrary amount of people's coins, blaming it on a "hack". If technically competent you can make it look as legitimate as you like, even giving a detailed post-mortem.
-This will probably tarnish your operation and possibly your internet rep if the Google juice flows that way.
So how much is your internet reputation worth? Personally, there's probably a number that would sway me.
Until these incentives are changed somehow, with regulation or otherwise, it will happen.
Instead of changing incentives, we could remove the technical ability for services to do this.
One solution is m-of-n transactions, which Bitcoin already implements. Set things up so that any two of three keys can sign a transaction and spend your coins. The online service gets one key, you keep another on your computer, and a third goes in your safe deposit box.
Normally, you spend by signing a transaction from your computer and asking the service to do the same. The service can't spend coins without hacking your computer. If the service goes away, you pull the third key out of your safe deposit.
Which will shift the burden to individuals to secure their safetyboxes and safe, and backup their computers. However, it's a hell lot better than losing everyone's coins in one fell swoop.
>Personally, there's probably a number that would sway me.
Uncharitably, I could say "So we've determined you're a thief, now we're just haggling about the price."
But actually I don't think that thinking that there is a number that would probably sway you, means that that number really would. I'd like to think you'd actually say no to any number, through to billions.
At the end of the day, morality isn't nearly as elastic as people suppose. You either have it or you don't.
Maybe naive, but here's what I wonder. Why doesn't someone write an exchange, open source the code, and build transparency in from the beginning? Publish every wallet address with no associated info so users can watch transactions on the blockchain. Publish cold wallet addresses too and automatically route, say, 90% of deposited BTC into those. With such a system, you could transfer in BTC and watch 90% of it go to an address the exchange claimed was a cold wallet (I don't know how to verify that other than by trust, but this level of transparency is at least more than what we have today.)
Just to be clear on what I'm not saying, I don't claim this will solve all problems. I also don't claim that it is preferable to keep a significant amount of one's currency in a remote account. But people are going to do it anyway, angry/snarky/intelligently-worded arguments not withstanding. Why not embrace the transparency these platforms offer to buoy user confidence?
Even if you could start your own exchange using this codebase more easily, most of the value from such a service comes from professionally maintaining quality infrastructure, providing trustable guarantees on security, etc. The alternative is a series of crappily-coded exchanges that will continue failing due to poor code and lack of transparency. I don't know how to solve the problem of nefarious parties starting exchanges with this code, but solving that problem isn't my intent.
Once again, statements from an exchange are vague and inconsistent.
large fund withdrawals in the last weeks which have lead to a
complete depletion of our cold wallet balance
versus
We'll take the current available cold storage balance and distribute
it based on the below described distribution logic
Is the cold wallet completely depleted or isn't it?
And why choose such a cockamaime distribution scheme? 50% to the largest accounts and 50% to the smallest accounts?
Why not pro rata based on each account's balance?
So the largest accounts will enjoy 100% recovery while those in the middle get less, or even zero? This gives preference to certain accounts while providing the illusion of fairness.
Yet again, there's no disclosure of a balance sheet, no visibility to total assets and liabilities.
Why do people continue to trust their funds to incompetents and fraudsters?
And why choose such a cockamaime distribution scheme?
Perhaps to hide outright theft by Vircurex.
If you don't receive funds, you might conclude your account balances fell somewhere in the middle... or perhaps they didn't distribute any funds at all.
There's no way for users to know how large their account balances are relative to others.
>Why do people continue to trust their funds to incompetents and fraudsters?
At this point its a gamble. You either give up and admit
Vircurex has lost all of your wallet or you keep using them and hope the profit they generate from you will make its way back into your wallet while at the same time hoping they don't have any more security issues. Its not so much "trust" as it is hope.
Addressing you questioning the payout scheme. They are paying off large accounts first. Once those accounts are clear, you move on down the stack. By resolving the lower end accounts, you end up with less total users who 'have a problem'. That serves a few purposes, including encouraging the customer base to continue using the service, which serves the purpose of funding the rest of the users, including those in the middle. It also allows you to effectively address the issue with the remaining people who have funds frozen - something difficult to do with all users.
I think your overall argument is based on cognitive dissonance. You'd like everyone to be paid in full immediately. That makes perfect sense to me, but it remains they lost funds. With that fact at hand, you can no longer hold the expectation of everyone being paid in full immediately and the situation of lost funds getting resolved. This makes you angry, and so you lash out with blaming statements which are logically flawed. Simply put, you are attacking something with an approach that makes no sense. The reason it makes no sense is because you are having an unresolvable argument with yourself! Honestly, I see no way of fixing this in a better way than what they have implemented. To me, that indicates we should extend some amount of trust they'll resolve this in a way that gets people's money back to them.
Your last statement is probably the most valid, but may not be 100% applicable to Vicurex. I agree they appear to have been incompetent (which implies they may still be incompetent) but they don't appear to be fraudsters. Mt. Gox was both, if you ask me, because they never did a decent job of disclosing. To your first point, Vicurex should come clean now they've frozen funds and give estimates of recovery time.
I don't understand why they don't go through and pay everyone in equal proportion to what they currently have. Eg. 100 in total liabilities, they have 25 currently, everyone gets 1/4 of their total balance.
Seems like the most equitable way to do it.
"So following their academic study, Moore and Christin calculate a 1/3 failure rate for Bitcoin exchanges."
"Just one year ago, a study by Computer scientists Tyler Moore Southern Methodist University in Dallas, Texas) and Nicolas Christin (of Carnegie Mellon University) found 40 exchanges offering bitcoin services. Of those 40, 18 went out of business — 13 without warning, including five that collapsed instantly following cyber attacks. Almost all of the exchanges that collapsed took their investors funds with them. They estimated that: “Exchanges handling 275 Bitcoins’ worth of transactions each day have a 20 percent chance of being breached, exchanges handling 5570 Bitcoins have a 70 percent chance of failure” It was calculated that in 2013 the median lifespan of any Bitcoin exchange is 381 days, with a 29.9 percent chance that a new exchange will close within a year of opening. So following their academic study, Moore and Christin calculate a 1/3 failure rate for Bitcoin exchanges…"
Why the odd distribution? This means some users get everything back now, and some get nothing? Perhaps it's an attempt to keep some customers happy ("well, I got everything back so I guess its alright") so that exchange will keep running?
How can they justify anything but equally sharing the burden of the loss? "We owe X total and have Y available, so all accounts will get Y/X of their owed funds unfrozen, and the rest remain frozen."? I'm really not following the logic.
Minimization of impact to a larger group of customers which then serves the purpose of keeping the exchange running so it can make money to pay off the others. If you incrementally pay out to all customers, a large number will refuse to continue using the service. It's a trust issue, really.
My largest fear with cryptocurrency is that my luck will run out (nothing bad has ever happened to my holdings) and I will lose a significant chunk of money. Most of my holdings are in cold wallets but news like this makes me shiver and makes me realize cryptocurrency needs more grown ups fast.
The problem is the gateways between fiat and crypto, where centralisation occurs and due to AML/KYC policies and banking regulations all of the worst aspects of banking can affect users
bitcoin itself as the protocol/platform has proven to be quite solid
the trick is to not keep coins in exchanges unless you are into trading, but then you know that you are taking a risk
It's disingenuous in the extreme to suggest that AML/KYC policies and banking regulations have anything to do with a significant proportion of all Bitcoins ever in circulation having disappeared from counterparties claiming they were hacked. Real, regulated banks do not simply lose significant fractions of dollars in circulation.
It has a lot more to do with bad code, bad storage policies or bad intentions on the part of the exchanges, and most of them point to transaction malleability - a design flaw in the original protocol - as their excuse.
The steep barriers to entry into becoming an exchange due to these laws/policies and the whole cloudy and non clear nature of what protocols to adhere in each country ensure that exchanges are not started by the most competent but by the most reckless and foolish, see magic the gathering.
There are several exchanges in the works but they are bogged down with regulation and not able to open.
So... you're saying its easy for the reckless and foolish to somehow overcome these steep barriers and understand what it takes to open while those who are competent are unable to do so?
He's saying that those who understand what it takes to build a secure service see the problem as so difficult that they prefer to use their talents for something else. As a consequence, the services that do exist have been built by reckless people who don't understand the issue.
I don't know whether that's true, but that's what s/he wrote. It's an easy enough to understand and plausible notion.
You obviously never had to deal with bureaucrats, right now the 2nd biggest exchange BTC-e is runny by some shady eastern europeans who are simply ignoring all laws. The biggest exchange Mtgox was run by an incompetent fool who lost half a billion in the cushion of his couch or something.
Bitstamp seem to be doing the right things but I doubt that they can legally operate in US or take transfers from/to US as they are doing.
You have considerable risk keeping the wallet locally, just of a different kind. The most common way people have lost money locally thus far is probably just losing the wallet file without having backups. A worm or trojan whose payload steals people's bitcoins is also plausible, though afaik there haven't been any yet.
If you have enough money tied up in it to make you uneasy it would seem sensible to be using dedicated hardware for your coin management (with only the bare necessities of software installed on it).
As long as you hold the private keys yourself and don't keep them on third party websites your holdings are safe. Safer than cash since you can encrypt and back up the keys.
If you store your money in an unregulated exchange then you deserve whatever happens to you. This is basically no different than when people who don't back up their hard drive complain about losing all their stuff.
If you want to make a trade then sure, put a couple hundred bucks in or whatever, but realize that whatever you have in the exchange could disappear at any time.
Bitcoin wallets shouldn't be accessible from the exchange's code base. When a user wants to transfer funds out there should be a small fee and a human should process it from an secured computer. The verification step should include signing either with a cryptographic key, logging on with a hard to hack account, like gmail, or by sms verification. None of this passport / utility bill bullshit.
Exchanges usually charge a withdrawal fee to cover transaction fees. BTC-e also charge a fee for example. Bitcoin software doesn't provide (an easy if possible at all) means to compute the fee up front to pass on to the receiver. So exchanges charge a fee that to cover the average cost per transaction.
Bitcoin is the future! No regulation needed! Get your unsecured wallet here!
Can't wait for this currency to completely fade into obscurity - that's where it belongs because surely it has proved to not be a viable currency at all.
These stories are a bit alarming and can have some of us wondering if the exchanges we are using actually have the amount of coins they claim to have...
Where there are banks, there will always be bank robbers. This will never cease to be the case and the banks will always lose money this way. It's inevitable.
So, the problem becomes one of scale. For example, a bank can survive a small unauthorized withdrawal, but large thefts are what kills the business. Limit the withdrawal sizes and shut down everything at a core level when that security is breached.
The ability to move massive amounts around securely is a pipe dream.
That's a shame, I actually quite liked Vircurex for automated trading purposes. Luckily for me I've only got like .3 BTC currently on Vircurex, still sucks to see your own money "frozen" on some website not being able to get it back.
The whole problem here looks to me as a flaw in the design of current crypto currencies, because transfers take that long to complete you will always need escrow type services to make it useful.
Most US Financial regulation stemmed from Depression-era screwups. Thankfully, people-who-say-fiat are in their own little world that I can mostly ignore, but in the real, we're not doing much better with regards to forgetting the lessons of the depression. The 1999 Glass-Steagall repeal, for instance, was a major cause of the issues of the past decade.
I don't know much about the whole BTC protocol, but why aren't there any exchanges where funds are kept in the individual account holders wallets and the exchange only touches the money in a split second while transferring the funds? Or if this is already possible on some exchanges, why doesn't it happen more?
If the exchange can automatically move money from an address, the hackers can get to those keys if they gain the same type of access that they are gaining in these hacks.
The only way would be to use multisig, and have a trusted third party allow the coins to be moved if it was not suspicious.
It's downright amazing to me how these exchange thefts/hacks have made barely a dent in the price of bitcoin. Or maybe the converse is true, if there were none of these massive swindles, would the price of bitcoin be much higher than it is right now? 2000 USD? 4000?
Their example distribution is buggy. Users 3-6 all have the same 3BTC balance, yet they receive different distributions (users 3&4 get zero, user 5 gets 2BTC, and user 6 get 3BTC.)
Nonsense. Regulatory reform does not prevent bank thefts, in the same way as it will not prevent digital thefts due to security vulnerabilities. Also note that banks are legally allowed to run as fractional reserves. This means your $100 deposit is only backed by a minimum of $10 in the vault at any time.
Companies will be (and already are) getting smarter, by hiring security experts to audit software and detect vulnerabilities, and more transparent, by providing public accounting of funds to prove they are not running Ponzi schemes or fractional reserves.
Of course it does. Not 100%; but mostly. Your bank has multiple people handling all cash transactions, mandatory account balancing on at least a daily basis, all sorts of controls on its operations that you have no idea exist because the system facing you doesn't show them to you. It has these because they are required by law. Your bitcoin exchange has none of these.
Do you think regulators protect Etrade from security vulnerabilities?
Do you think government is required to provide insurance?
If the consumers demand these of their merchants, it will happen in the long term on their own accord, and government is not necessary to make it happen.
Who else commands that kind of money to be able to ensure a bunch of exchanges and other bitcoin-holding businesses? Just MtGox alone needs somewhere around 400 million USD right now. I guess if someone like Google, or Donald Trump, decides to start a bitcoin insurance company... but that sounds unlikely.
The 2nd problem and more serious problem is insurance fraud. You cannot be sure the people claiming to lose the coins actually lost them. In fact, forget my first point. The insurance fraud aspect renders any hope for bitcoin insurance void. If someone has any ideas how to even begin to run an FDIC-type thing on bitcoin, I'd love to hear how one would deal with insurance fraud.
Who else commands that kind of money to be able to ensure a bunch of exchanges and other bitcoin-holding businesses?
Insurance companies. Where do you think that consumer insurances companies insure themselves? Companies like Lloyd's and Munich RE have dozens of billions of dollars in insured amounts.
Someone else posted a study suggesting the average Bitcoin exchange lasted 381 days before disappearing with most of their users' money. The notional dollar-denominated value of Bitcoin lurches all over the place on a daily basis.
Insurance companies are generally quite conservative and regulated institutions and like to make a profit. Sure, they'll insure some crazy things like satellite launches where one launch vehicle explosion means the space insurance industry as a whole makes a loss that year, but they'll only do that because of enormous premiums.
Tack those enormous premiums onto Bitcoin exchanges' costs of doing business and suddenly Western Union money transfers would look cheap.
> Before the wild speculations beginn, the service will be recovered and we pay the losses out of our own pockets.[0]
From the forums it looks like they lost funds again in May 2013 due to the RoR code execution bug (CVE-2013-0156):
> After investigating the security breach we have to come to the conclusion that the attacker has been able to get root access to the systems.
By the sounds of things they've been insolvent for over a year after both breaches and at this time just happened to get more withdraws than deposits.
Terrifyingly in January, they "cleaned up" the server and kept on using it afterwards[2].
[0]: https://bitcointalk.org/index.php?topic=135919.msg1448056#ms...
[1]: https://bitcointalk.org/index.php?topic=49383.msg2102708#msg...
[2]: https://bitcointalk.org/index.php?topic=135919.msg1448204#ms...