They were even thinking about requesting blockchain rollback (that possibly means making fork and paying to miners to follow that fork instead). If that would pass, that would really doom bitcoin as is.
Not nearly enough power or impact for that. The masses of miners who could roll back will not care for their plight and even billions stolen is worth less to the community and miners than making sure all transactions go through. For example; imagine what else is on that block chain they'd have to also kill? How many times exchanges been hacked and no re-dos? How could bitcoin keep it's status as super-solid if they allowed such things and it's only that status which gives it value? Totally untenable for bitcoin.
> FUD is an acronym for fear, uncertainty and doubt. It is a marketing term that is often used to cast a shadow over a competitor's product when your own is unable to compete. FUD is a technique used by larger companies who have a large market share. The FUD acronym was first freely defined by Gene Amdahl after he left IBM to found his own company, Amdahl Corp, with this statement: "FUD is the fear, uncertainty, and doubt that IBM sales people instill in the minds of potential customers who might be considering Amdahl products."
The interesting thing about bitcoin exchanges is that the exchange effectively has a position in the market too, unlike traditional exchanges like the NYSE. They have to buy bitcoin from other exchanges, and if they get hacked they can lose it permanently.
Edit because I’m throttled and can’t reply anymore: the “buying from other exchanges” is really not the lynchpin of my argument. The point is that these exchanges hold inventory and are vulnerable to bank runs and theft makes them much less stable than traditional exchanges.
That's not accurate. They don't buy bitcoin from other exchanges.
Why would it be any different to traditional exchanges?
They hold funds on behalf of customers, and if they get hacked they can lose it permanently, that's true. But it doesn't mean the exchange itself needs to have a position in the market.
Traditional exchanges do not, in fact, hold funds or securities for customers, or handle settlement, or a myriad of other things that crypto exchanges handle.
I’m sure many do come from customers. But the idea that exchanges never buy bitcoin from each other to maintain their stocks seems quite a fantastical claim to me.
When I go onto an exchange to buy a Bitcoin, someone on the other end is selling it. To sell it, they have to deposit it on the exchange. I don't see why an exchange would buy from other exchanges unless they saw arbitrage opportunities.
If they did see arbitrage opportunities they are engaging in risk (there is timing risk for example) and I'm not even sure they could legally do this as deposits should be ringfenced.
Because unlike other exchanges, they actually hold onto the inventory that’s being exchanged. That’s exactly what the hot and cold wallets are, inventory that can be irrevocably lost.
This fact exposes them to theft and something akin to a bank run, where withdrawals can exceed deposits, something that can never happen on the NYSE because it doesn’t hold inventory.
He's kinda right. Many exchanges use other exchanges to provide liquidity on their exchange, either directly or through users who perform arbitrage. That's how bitfinex started for example, they partnered with Bistamp and used their book to fill in theirs. Nowadays, it can happen with DEX'es on the protocol level too - eg, Kyber Network taps into the liquidity provided by Uniswap (hey, keyber is a liquidity network after all. Disclosure: don't own any Kyber tokens)
Cue a dozen bitcoin apologists explaining how "bitcoin the protocol is actually extremely secure, it just so happens that every third person involved with implementing bitcoin-the-actual-token is either a crook or incompetent or an incompetent crook."
How can it be anything else? This even concerns individual account security "The hackers "had the patience to wait" and acquire access to a number of accounts before withdrawing the huge haul of bitcoins, according to Binance.".
In this case customers in the end won't lose money, as binance can cover the loss from their own assets. And similar has been happened with most hacks in the past - as only hot wallet is emptied, the cost is manageable.
Though IMO 7000btc is too much for hot wallet in any case...
You can equivocate all you'd like, but the reality is that having your cash stolen from the bank is a non-issue while having your bitcoin lost or stolen is pretty much an inevitability without careful OpSec. Your disingenuous link to a google search for "theft+stolen - bitcoin" reflects poorly on your argumentation skills.
How is it disingenuous? You said that heists were "vanishingly rare" outside of Bitcoin.
As it happens, your cash in the bank is being slowly devalued via inflation as the banks are constantly making new money in the form of loans.
Bitcoin being the way it is is a feature, not a bug. If you don't get it, that's fine, but don't make ridiculous claims like only bitcoin is susceptible to crime and incompetence.
It's an important distinction, even in this thread someone has already confused the difference. I have warned people off of bitcoin for years with the specific explanation of the difference, and how no real system is secure (regardless of the underlying cryptosystem being correct).
Yet it's somehow acceptable for companies to collect massive amounts of personal information for profit and get hacked. So my realization is that it doesn't matter, a system is useful because of it's value, and hacks are a part of that expected value. You know who sounds like an incompetent, the company that leaked 230 million people's personal information. You know who sounds like a crook, the companies that said they would stop selling geo location data, but continue to anyway.
Some companies store money directly in servers, and some are barely punished for leaking personal information (meaning the economic incentive to stop that behavior is not there; the loss of value is externalized). To an extent one of those sounds more honest to me, and it's not the traditional one. This is not a problem with bitcoin, this is a problem with capitalism, bitcoin just makes it obvious.
Checking in! Yes, security is hard. But seriously just about everyone is doing generally fine with this. It's especially hard to run an exchange. But bitcoin isn't an exchange. Lots of people own their own security and run their bitcoin without exchanges and that all works fine. Lots of exchanges even run these days without issues (Coinbase has like a decade under them now). Seriously, it's not even a lot of money.
Cue a dozen bitcoin haters explaining how "the difference between exchanges and the protocol doesn't matter and how bitcoin shouldn't be valuable anymore because exchanges gets hacked."
All questions of its own merits aside, how is Bitcoin still worth anything at all after so many hacks? Isn't a large part of value the security to know that you'll actually be able to realize it?
Well the thief didn't touch any other cryptocurrencies that were on binance. What do you think is more valuable, a currency that thief wants a lot or one that they don't want?
Bitcoin itself wasn't hacked. They stole the keys from a server most likely.
I don't think it's possible to harden a modern OS against some potential hacker on the internet. Especially when we know that 0-days are sold and traded. So the idea of putting $41m worth of Bitcoin in a single wallet is frankly frighting to me. We saw what happens with pwn2own. Now scale that up a few million USDs.
Well if 7000 stolen from hot wallet is something like 2% of assets and rest is in cold storage, then the risk is manageable. However I agree that 7000 BTC is a lot even if you are running a huge exchange.
These hacks are only possible becuase of poor security on centralized exchanges. With p2p trading you dont have this problem.
Theres a common saying in bitcoin communities - "Not your keys, not your coins". Never leave bitcoin on an exchange with a third party. In this case though binance will have to reimburse their customers.
This one heist of bitcoins is more than the total sum of money stolen from US banks in 2011. (Source: https://www.fbi.gov/stats-services/publications/bank-crime-s...). It looks especially bad because about 20% of the stolen money from bank robberies is recovered, instead of lost for good; I don't know how much of Bitcoin heists are repatriated, but I suspect the percentage is much closer to 0%.
No. Most of it never went out, and much of what did was recovered.
"The Federal Reserve Bank of New York blocked the remaining thirty transactions, amounting to $850 million, due to suspicions raised by a misspelled instruction. All the money transferred to Sri Lanka has since been recovered. However, as of 2018 only around $18 million of the $81 million transferred to the Philippines has been recovered."
Its not the underlining security of bitcoins block chain that keeps getting hacked but the exchanges that do. (though there have been a couple of cases where things messed up for example https://en.bitcoin.it/wiki/Value_overflow_incident )
Think of it a bit like this. Treat Bitcoin like the Dollar and the Exchanges like banks. The underlying value of the dollar isn't so badly effected because bank robberies happen.
Instead of Storing your money in your own personal vault, people are storing their money in the banks vault(s) because it allows for more convenient usage of your funds. Instead of having to unlock your own safe, deposit what you took out your own vault into a bank and then drive to the store to do your shopping and pay on your card, you can go right to the store as you already have your funds in the bank (Bit of a shit anagogy as this would be more fitting if the store didn't accept cash, only plastic).
To get a quicker exchange of bitcoin to other coins / cash and back again (and have lower fee's), people are storing their coins in the exchanges wallets instead of their own. Instead of breaking into thousands of peoples homes and breaking into everyone's vault in turn, Hackers are targeting the exchanges as its a single place storing large amounts.
EDIT: Tweak a few bits of wording. I'm blaming the lack of coffee :-P
> The underlying value of the dollar isn't so badly effected because bank robberies happen
Since you and a number of other sibling comments have raised this point: This comparison is poor.
There are tens of thousands (probably even hundreds of thousands) of banks worldwide, each of which hold only a literally trivial fraction of their assets in (robbable) cash.
That's why bank robberies don't matter.
In contrast to that, a substantial fraction of total Bitcoin transactions are handled by just a handful of exchanges, each of which have a substantial amount of their assets in hackable digital form.
Bank of America has $2.34 trillion dollars in assets. If they had that in robbable cash, in one place, then it's safe to say bank robberies would matter.
Edit: My number of banks worldwide is way off as I was thinking in terms of banking licenses, whereas for bank robberies, it's the physical branches that should be counted. In that case, there are about 80.000 banks in the U.S. alone.
> There are tens of thousands (probably even hundreds of thousands) of banks worldwide, each of which hold only a literally trivial fraction of their assets in (robbable) cash.
Binance said that the coins were taken from their hot wallet and not their cold wallets. It could be said that separating these wallets (if done correctly) is removing the vast majority of their assets from the "robbable on site cash".
> Bank of America has $2.34 billion dollars in assets. If they had that in robbable cash, in one place, then it's safe to say bank robberies would matter.
Exchanges (imo) need to adopt the same security measures as retail banks do. Multiple cold wallets (Like how there are multiple cash depots in the banking system) and multiple hot wallets (like how there are multiple branches of a single retail bank).
I'm not trying to defend the security practices of exchanges at all (imo, a lot of them to it in a very poor manner). And not saying bank robberies don't matter (Didn't the price of BTC dip after the mtgox hack?) but that with the right practices in place a robbery shouldn't matter too much. Which if the CEO of this exchange is to be believed the lost coins will be replaced from their "rainy day fund". (Though I'm always skeptical that such funds do infact exist)
My point is, the underlying security of bitcoin isn't what keeps getting hacked. But the security of the exchanges holding said coins.
Note: I'm not a Bitcoin "supporter" (the power usage for transactions alone blow my mind) though I do see the value of a decentralised payment system removing the ability to have your payment platform taken away from you because your thought process doesn't align with the gatekeepers (Example: https://finance.yahoo.com/news/mastercard-activist-sharehold... )
How is the USD still worth anything with the incredible amount that has been printed? The fed chair himself said we can just print more money if we need it. [2] No other country can do that without going into hyperinflation.
"$12 billion in U.S. currency was transported from the Federal Reserve to Baghdad in April 2003 and June 2004, where it was dispensed by the Coalition Provisional Authority. A Vanity Fair magazine report concluded that of this sum, "at least $9 billion has gone missing"" [1]
Upvoting because that incident is interesting, but this is false:
>No other country can do that without going into hyperinflation.
Other CBs have significant enough credibility or special situations where they can print comparable money without setting off hyperinflation. Definitely Japan's and probably Europe's.
That's not at all how it works. Zimbabwe and Venezuela's federal governments claimed their currencies were worth something until they were blue in the face.
It's worth something because the people using it feel it's worth something, and that's true for non-fiat currencies as well. Bitcoin and gold are non-fiat, but still heavily depend on demand to determine their value.
How is the USD worth anything after some many bank robberies?
Bitcoin itself worked as expected, and the fact that no one can easily reverse transactions is one of the features described in the original whitepaper:
"Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers"
They're not really insured: the exchange has claimed they have a self insurance fund (they call it 'SAFU') that they will draw on to make their customers whole. We'll see if that happens.
I get that is part of bitcoin, not the protocol failing, personal irresponsibility etc etc.
But I’m seeing less and less a justification for the deliberate lack of security in the bitcoin world. So a hack like this happens. Regardless of how it happened or who’s to blame, why continue to tolerate bitcoin? What is it giving you that’s worth the enormous mountain of precaution that you need to take to secure yourself?
It's in an offline wallet, right? And backed-up somehow incase the hardware wallet dies. And that backup made with an known-clean, freshly-installed, offline computer to avoid malware stealing it when you're making the backup.
I expect to lose more from btc's value crashing than some elite conspiracy of hackers having sabotaged my hardware & somehow working out my private key which isn't stored in plaintext
If I was holding a really great worth of btc, going the full mile of cold storage would make sense. At that point you're invested, quit kidding around
I used to be a supporter of bitcoin but then I gave it some long thought and realized bitcoin will never make it as intended. The very essence that makes bitcoin appealing is what keeps it from being user friendly and functioning safely. Once you try to fudge with that, you undermine everything bitcoin is supposed to address. There is just no way around it.
Little bit of a preface; I dislike bitcoin because of scaling reasons and reasons due to power consumption per transaction. So don’t assume I’m a supporter.
That said, how is this different from having physical cash in a bank, or a digital ledger that pushes money elsewhere and is only caught much later.
The answer is only that it’s an immature global system, there’s no (current) list of black market coins, which is entirely possible to create- meaning hacked bitcoins would not re-enter circulation and the value diminishes wildly.
The effect you’re seeing currently is due to an immature currency market which has never been held to the same standard as our fiat currency market. It also hasn’t been battle tested over hundreds of years. Of course it is deficient.
I’m not excusing them, I wish that people with little to no security chops would not be involved in financial matters, but a lot of these companies sprung up out of hobby projects many years ago and one could argue that the industry they’re in has changed around them. It’s not as big a deal if someone steals 4000 bitcoins if they’re worth 20c each.
Why? Everyone can decide freely which coins to accept.
Regardless, by law, accepting these coins would already constitute possession of stolen goods, and would therefore be illegal. The "legal fungibility" is already zero.
Bitcoins are not specific units. They are more like water, infinitely dividable.
If you stole a bucket of water and then pour it in to your swimming pool and then distribute the content of your swimming pool to 100 different people, who has the bucket of stolen water?.
Bitcoin also doesn't track the movement of specific coins because they don't exist. Its just a list of transactions. A wallet with $100 in it gets $5 in and then sends out $5. How do you decide if this was the $5 that went in? Is it first in first out?
> Everyone can decide freely which coins to accept.
If that were happening at any scale, the coins would be essentially worthless as a currency. They only make sense if there's some kind of agreement as to what is an acceptable/valid bitcoin. But then having a blacklist of "stolen coins" requires an authority that curates the list.
One disadvantage of the Bitcoin/Ethereum architectures is that one cannot give permission to receive a currency transaction first.
A common strategy of hackers seems to be to distribute stolen digital currencies among many addresses of non-participating actors, therefore losing money, but obscuring their own identity.
If a bank robber came to your door and offered you a share of money, you wouldn't take it either, especially if this transaction is public.
Even though several billion dollars of cryptocurrency (compare with hundreds of billions of dollars) have already been stolen, my guess is that taking these coins out of circulation wouldn't affect the system much.
If that doesn't happen, everyone participating in cryptocurrency might become more and more legally liable.
On the contrary, it will increase the value of your assets due to less coins in circulation.
Governments could easily mandate such blacklists to be used (in fact, assuming you are a US person, you are already barred from interacting with certain addresses, see the treasury link above), I think it's only a matter of time until this happens. And compared to the fiat currencies, such requirements are much easier to verify, at least in non-private digital currencies.
The difference is that I have physical cash in the bank and the bank is robbed, I don’t even have to really think about the financial impact of the news: even if the bills I deposited are stolen, I can walk in to another branch of the bank the same day and still access the funds.
Bitcoin in its current form can’t have a useful “black market list”, because that list has to be generated somehow. Do you make a central authority in charge of list management? Or do you trust some fraction of the population to “vouch” that coins are bad? All the options would either open the door to immediate abuse or require a central authority that doesn’t exist.
Regarding the immaturity of the projects: your comment isn’t really a response to the parent commenter. I agree that many bitcoin companies today started as hobbits projects. But why should we tolerate that they’re operating in an industry which can so easily lose millions of dollars for users, but operating with the security guarantees of hobbyists running a hobby webpage?
The difference is that I have physical cash in the bank and the bank is robbed
This may seem pedantic, but no! You certainly don't have physical cash at your bank.
Only a miniscule percentage of monetary reserves are in physical form and a bank is not obliged (as a matter of fact it would be rather counter productive) to store physical cash on customer deposits.
It’s also not really true. At least in many countries bank balances up to some amount (eg $250,000 in Australia) are insured by the federal government.
But outside of that many things could cause the bank to lose your money. And there wouldn’t be a recourse for it.
I suspect you're confusing money and cash - they're two distinct things. I would be incredibly to learn that my bank had anywhere near the amount of cash stored compared to the amount of money deposited there. Cash has storage costs and pays a 0% return where deposits with a central bank have historically paid higher than that. (This isn't universally true.)
I’m not sure I understand the intent of this pedantry: you’re agreeing with me.
The comment I replied to compared bitcoin to cash-in-the-bank, and my point was the same as yours: while I may have handed the bank cash, my ability to get money back isn’t tied to that specific cash, or even to any amount of cash that might be stolen from the bank at all. The money is insured, and so if the bank is robbed, my ability to withdrawal my money is unchanged.
So even if all central bank money would be printed in bills and coins, and would be distributed to banks, that still would be only a small percentage of the numbers on everyone's bank account.
This means that those numbers on your bank account are not "money you have now", it is "money you will have in some future, when everyone pays back their loans".
So that is what they mean with a "bank run". Everyone wants their money NOW, but that is impossible, since most of the money is lended out.
So to the parent poster, even if there is no robbery, you will have a serious problem when everybody wants their money NOW. See what happened in Greece some years ago, where nobody was able to withdraw more than 50 euro's per day, since the banks had a crisis.
Thinking the money on your bank account is yours NOW is just an illusion.
Since people are downvoting, let me explain with an example to make things clear:
Fractional-reserve banking is the common practice by commercial banks of accepting deposits, and making loans or investments, while holding reserves at least equal to a fraction of the bank's deposit liabilities.
Let's say we have a 5% reserve, which is realistic if you look at EU and US. Let's say there is a new bank, and you deposit 100 euro's at that bank.
I go there to lend out $95, which is allowed because the bank keeps $5. You have a nice shop, and I buy something for $95.
You deposit this $95 at the bank, which they can lend out again keeping a 5% fraction. I go there and lend out $90, buy something at your shop, and you again deposit this at the bank. We do the same with $85 and $80.
So you now have an account with 100 + 95 + 90 + 85 + 80 = $450. Nice! Now you go to that bank and request that money in cash.... oops.
Seems weird, but this is actually how it works. Look it up if you don't believe me: fractional reserve banking!!!
I suspect you're getting downvotes not out of disbelief but because most educated people in the developed world are already well familiar with the concept of fractional reserve banking. (For myself, it was covered in my 12th grade AP economics class) Your rather long comment doesn't contain any new information for the majority of readers.
>Bitcoin in its current form can’t have a useful “black market list”, because that list has to be generated somehow. Do you make a central authority in charge of list management? Or do you trust some fraction of the population to “vouch” that coins are bad? All the options would either open the door to immediate abuse or require a central authority that doesn’t exist.
Not necessarily. Each person could create their own blacklist, and just not trade with anyone who is using coins on it. Granted, that requires personal integrity. But it's a bit like saying "I don't do business with Iran." Some countries do, others don't.
If you are skeptical of the personal integrity component (on the part of others) you could make it more useful by saying "I don't trade with anyone who doesn't also share my same blacklist"
> But it's a bit like saying "I don't do business with Iran." Some countries do, others don't.
Almost all countries follow the US imposed sanctions against Iran. If you don't it will be very hard to do business with anyone in the US. Here is an example of a bank from my country being fined by US regulators for allowing transactions to Iran (and Cuba):
> A two-year criminal probe was conducted jointly between the U.S. Department of Justice and the office of Manhattan District Attorney Cyrus Vance. The Treasury Department’s Office of Foreign Assets Control conducted its own investigation.
Companies follow those sanctions because they don't want to be slapped by US regulators (they don't have to pay the fine, but that means losing access to the US banking system). Not many western countries besides the US have problems with Iran (as opposed to other middle eastern countries).
-----
As to your point: everyone creating a blacklist is a big hot potato game. If you're not on top of the latest hacks and get some bitcoin that were stolen you'll be at a loss. This would defeat Bitcoin's fungability and defeat it's purpose as a currency.
>If you're not on top of the latest hacks and get some bitcoin that were stolen you'll be at a loss.
We are talking about blacklist that would make a stolen bitcoin, no longer a real bitcoin and thus be at lost. If you consider it still a real bitcoin, how can you consider it a loss? If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck. If it doesn't... it's probably not...
You talk about being on top of the latest hacks... isn't the same as being on top of the latest counterfeited money?
You could level the same criticism at the information age entirely.
People are pwned every day. Leaked passwords, leaked photos, leaked sensitive information, trivial fraud, identity theft, social engineering so easy that you can get into a website's AWS account with its WHOIS information. No need to focus on hobby projects: the government and mature corporations get pwned and leak your data, too. It's a massive clusterfuck.
Our security models are still so fledgling and so bad that last week I watched my girlfriend download and execute a binary from a fake download button served by Google Adsense.
And I'd agree. But I don't think we should revert back to papyrus.
I could, and do. And for each technology I might use, I ask myself if the benefits outweigh the risks of the present security model. For some, the answer is yes. But for bitcoin, where it seems that other financial vehicles are capable of meeting the needs of the economy without the pitfalls of the Bitcoin industry’s low security bar, I agree with the earlier commenter: why tolerate this behavior?
I think tolerance is a weird way to discuss this issue. I don't think it's the right word nor concept. But to continue the theme, there are things I don't tolerate about, say, the banking and credit card system either.
Like how, by default, if I type my credit/debit card number into a <form>, anyone can use that data any time in the future to spend my money, and I have to remain eternally vigilant each time my transaction statement comes. Or how annoying or impossible it is to send/receive money between random people just using our bank accounts, usually having to rope in yet another party/service. Or how hard it is to juggle bank accounts in multiple countries as a traveler.
I suppose you're asking why someone would use bitcoin despite news like this? Sure, I like using bitcoin for online payments and money transfers.
If you're asking why anyone should tolerate the risk of keeping your bitcoin in somebody else's pocket, like Binance's pocket, then I agree. They shouldn't, but they don't necessarily understand that.
Blacklisting coins won't work unless all the miners refuse to consider transactions containing them forever.
Bitcoin has sender based transactions. All I (the possessor of black market coins) needs to do is to send a small number of coins to a large number of addresses (exchange hot wallets, exchange cold wallets, random people's addresses) and now the taint is spread so wide that in order to enforce the blacklist you need a positive declaration from each of the destination addresses that they are not the thief.
>there’s no (current) list of black market coins, which is entirely possible to create- meaning hacked bitcoins would not re-enter circulation and the value diminishes wildly.
How would that be possible? Isn't the value based off of wallets, so what you need are blacklisted wallets, and trading with a blacklisted wallet blacklists your own wallet. This would also mean all coin mixers are nearly guaranteed to become blacklisted. At such a point, people will just choose to do business with blacklisted wallets instead.
We can already trace coin flows between wallets involved in far worse crimes than theft, yet the entire bitcoin community considers allowing them to operate as a cost of doing business. I don't see why millions of dollars worth of stolen coins would prompt a black list system when child abuse sites using bitcoins didn't prompt a black list system.
"The effect you’re seeing currently is due to an immature currency market which has never been held to the same standard as our fiat currency market."
I don't think immature is the right word even though you're right about other point. The regular system has a lot of regulations, security, and so on to reduce repeating and some big risks. The cryptocurrency community lacks most of that. The reason they do is philosophical: they believe their own decentralized protocols and individual activities are better than [de-]centralized, government-regulated, traditional activities. The hacks are a logical consequence of people with that false belief doing things that logically follow from it. And don't work.
They'd have been better off making a multinational, public-benefit corps with charters and contracts having tons of protections built in.
I agree, but think it's even worse. The various exchanges are immature, fly-by-the-seat-of-the-pants tech companies sitting on mounds of other people's cash. That makes them tempting targets.
Worse, they are trying to protect that cash from everyone on the internet. If you want to steal actual cash from a bank, you need to walk into it and threaten a teller, and you're probably going to jail. If someone hacks into BofA and drains a bunch of accounts, the losses will be covered by the bank or the FDIC.
If a bunch of people put cash in one place, then trust an immature company with no insurance to keep it safe, this will happen again and again. It's like a data breach, except easier money.
> What is it giving you that's worth the enormous montain of precaution that you need to take to secure yourself?
It's giving you precisely the opportunity the Binance hackers seized: doing transactions that no one else wants done. You don't have to ask permission nor trust anyone but Bitcoin itself.
> Or what happens when you can't get a bank account? You're locked out of the ecosystem.
Cryptocurrency is totally impractical without a bank account. Meeting random people in the street to trade cash for bitcoins is about the shittiest and most dangerous UX I've ever heard of.
Hacks like that could be avoided if people would use decentralized exchanges and other DeFi dApps. The goal of the whole blockchain movement is to have no single point of failure. Luckily there is a whole suite of so-called decentralized blockchain applications coming out and building the next level of infrastructure for finance. This is a great newsletter to stay up to date on the latest decentralized applications: http://tokenvalley.substack.com
Explain to me as if I was your 50 years old parent: "What is that Bitcoin money and why I should use it if that 'exchange' thingy can loose it and they won't recover it back? I know my current bank will recover all my money if they get robbed."
Take for granted that I (your 50 years old parent) have near zero knowledge about technology and I just won't use my own wallet and what not.
Based on my own parents, I wouldn't want you within 100 feet of bitcoin. I would also wouldn't want you being able to use a credit card online. I'm not sure why they are so against learning anything about technology yet so capable of learning new things not related to technology.
Bitcoin is not well adapted for the technologically unsavy. By design, centralized exchanges should not be used for treating in Bitcoin. However, since Bitcoin does not support trading in the order of seconds, or other features necessary for speculation, like margin positions, speculators use centralized exchanges. They are aware of the subpar regulation and security standards in the industry and take the risk. Again though, this has nothing to do with casual users of the currency, they shouldn't be using centralized exchanges.
The best, to my knowledge, decentralized anonymous crypto exchange is bisq [0].
The "unable to recover" feature is central to Bitcoin by design, because that way it cannot be censured or otherwise manipulated by non-majority actors.
To finish, Bitcoin is not the most technically sound cryptocurrency around. It is a historically pivotal idea and implementation, but it's details are not the future of cryptocurrencies.
>Mt. Gox announced that approximately 850,000 bitcoins belonging to customers and the company were missing and likely stolen, an amount valued at more than $450 million at the time.
This hack pales in comparison to the MT Gox incident. Partly because Bitcoin exchanges are more professional now, have decent security, insurance funds and real commitments. But it's also because this hack is actually relatively small.
> "Cyber-insurance is a common necessity today as identify theft, malware and cyber-attacks are frequently being performed against high-value blockchain and crypto-currency companies."
Except they're not banks, and not intended to store your funds long-term.
137 comments
[ 5.0 ms ] story [ 169 ms ] threadhttps://www.webopedia.com/TERM/F/FUD.html
(I think this is an important period to understand. History repeats.)
Edit because I’m throttled and can’t reply anymore: the “buying from other exchanges” is really not the lynchpin of my argument. The point is that these exchanges hold inventory and are vulnerable to bank runs and theft makes them much less stable than traditional exchanges.
Why would it be any different to traditional exchanges?
They hold funds on behalf of customers, and if they get hacked they can lose it permanently, that's true. But it doesn't mean the exchange itself needs to have a position in the market.
If they did see arbitrage opportunities they are engaging in risk (there is timing risk for example) and I'm not even sure they could legally do this as deposits should be ringfenced.
This fact exposes them to theft and something akin to a bank run, where withdrawals can exceed deposits, something that can never happen on the NYSE because it doesn’t hold inventory.
> the exchange effectively has a position in the market too, unlike traditional exchanges like the NYSE. They have to buy bitcoin from other exchanges
Exchanges don't have to buy bitcoin from other exchanges, and exchanges don't necessarily have a position in the market.
Though IMO 7000btc is too much for hot wallet in any case...
https://news.google.com/search?q=Theft+stolen+-bitcoin
As it happens, your cash in the bank is being slowly devalued via inflation as the banks are constantly making new money in the form of loans.
Bitcoin being the way it is is a feature, not a bug. If you don't get it, that's fine, but don't make ridiculous claims like only bitcoin is susceptible to crime and incompetence.
It's disingenuous because what I actually said was:
"MASSIVE HEIGHTS LIKE THIS are vanishingly rare except in blockchain token land."
Emphasis added to highlight your deliberate misreading of what I wrote.
Yet it's somehow acceptable for companies to collect massive amounts of personal information for profit and get hacked. So my realization is that it doesn't matter, a system is useful because of it's value, and hacks are a part of that expected value. You know who sounds like an incompetent, the company that leaked 230 million people's personal information. You know who sounds like a crook, the companies that said they would stop selling geo location data, but continue to anyway.
Some companies store money directly in servers, and some are barely punished for leaking personal information (meaning the economic incentive to stop that behavior is not there; the loss of value is externalized). To an extent one of those sounds more honest to me, and it's not the traditional one. This is not a problem with bitcoin, this is a problem with capitalism, bitcoin just makes it obvious.
However, most third persons involved with implementing bitcoin-the-actual-token don't get hacked.
I don't think it's possible to harden a modern OS against some potential hacker on the internet. Especially when we know that 0-days are sold and traded. So the idea of putting $41m worth of Bitcoin in a single wallet is frankly frighting to me. We saw what happens with pwn2own. Now scale that up a few million USDs.
Theres a common saying in bitcoin communities - "Not your keys, not your coins". Never leave bitcoin on an exchange with a third party. In this case though binance will have to reimburse their customers.
https://www.europol.europa.eu/newsroom/news/mastermind-behin...
$1 Billion stolen from a Bangladeshi Bank
https://en.wikipedia.org/wiki/Bangladesh_Bank_robbery
MoneyTaker operated silently for years without being caught stealing millions from US and Russian banks.
https://www.reuters.com/article/us-cyber-banks-atm/hackers-h...
Conflating physical bank heists made by desperate people and sophisticated cybercrime is disingenuous.
No. Most of it never went out, and much of what did was recovered.
"The Federal Reserve Bank of New York blocked the remaining thirty transactions, amounting to $850 million, due to suspicions raised by a misspelled instruction. All the money transferred to Sri Lanka has since been recovered. However, as of 2018 only around $18 million of the $81 million transferred to the Philippines has been recovered."
Think of it a bit like this. Treat Bitcoin like the Dollar and the Exchanges like banks. The underlying value of the dollar isn't so badly effected because bank robberies happen.
Instead of Storing your money in your own personal vault, people are storing their money in the banks vault(s) because it allows for more convenient usage of your funds. Instead of having to unlock your own safe, deposit what you took out your own vault into a bank and then drive to the store to do your shopping and pay on your card, you can go right to the store as you already have your funds in the bank (Bit of a shit anagogy as this would be more fitting if the store didn't accept cash, only plastic).
To get a quicker exchange of bitcoin to other coins / cash and back again (and have lower fee's), people are storing their coins in the exchanges wallets instead of their own. Instead of breaking into thousands of peoples homes and breaking into everyone's vault in turn, Hackers are targeting the exchanges as its a single place storing large amounts.
EDIT: Tweak a few bits of wording. I'm blaming the lack of coffee :-P
Since you and a number of other sibling comments have raised this point: This comparison is poor.
There are tens of thousands (probably even hundreds of thousands) of banks worldwide, each of which hold only a literally trivial fraction of their assets in (robbable) cash.
That's why bank robberies don't matter.
In contrast to that, a substantial fraction of total Bitcoin transactions are handled by just a handful of exchanges, each of which have a substantial amount of their assets in hackable digital form.
Bank of America has $2.34 trillion dollars in assets. If they had that in robbable cash, in one place, then it's safe to say bank robberies would matter.
Edit: My number of banks worldwide is way off as I was thinking in terms of banking licenses, whereas for bank robberies, it's the physical branches that should be counted. In that case, there are about 80.000 banks in the U.S. alone.
Binance said that the coins were taken from their hot wallet and not their cold wallets. It could be said that separating these wallets (if done correctly) is removing the vast majority of their assets from the "robbable on site cash".
> Bank of America has $2.34 billion dollars in assets. If they had that in robbable cash, in one place, then it's safe to say bank robberies would matter.
Exchanges (imo) need to adopt the same security measures as retail banks do. Multiple cold wallets (Like how there are multiple cash depots in the banking system) and multiple hot wallets (like how there are multiple branches of a single retail bank).
I'm not trying to defend the security practices of exchanges at all (imo, a lot of them to it in a very poor manner). And not saying bank robberies don't matter (Didn't the price of BTC dip after the mtgox hack?) but that with the right practices in place a robbery shouldn't matter too much. Which if the CEO of this exchange is to be believed the lost coins will be replaced from their "rainy day fund". (Though I'm always skeptical that such funds do infact exist)
My point is, the underlying security of bitcoin isn't what keeps getting hacked. But the security of the exchanges holding said coins.
Note: I'm not a Bitcoin "supporter" (the power usage for transactions alone blow my mind) though I do see the value of a decentralised payment system removing the ability to have your payment platform taken away from you because your thought process doesn't align with the gatekeepers (Example: https://finance.yahoo.com/news/mastercard-activist-sharehold... )
"$12 billion in U.S. currency was transported from the Federal Reserve to Baghdad in April 2003 and June 2004, where it was dispensed by the Coalition Provisional Authority. A Vanity Fair magazine report concluded that of this sum, "at least $9 billion has gone missing"" [1]
$12 Billion in cash!!
[1] https://en.wikipedia.org/wiki/Allegations_of_misappropriatio...
[2] https://www.youtube.com/watch?v=q6vi528gseA
>No other country can do that without going into hyperinflation.
Other CBs have significant enough credibility or special situations where they can print comparable money without setting off hyperinflation. Definitely Japan's and probably Europe's.
It's worth something because the people using it feel it's worth something, and that's true for non-fiat currencies as well. Bitcoin and gold are non-fiat, but still heavily depend on demand to determine their value.
That's simply false. https://en.wikipedia.org/wiki/Quantitative_easing#After_2007
Japan, Switzerland, Sweden, the UK, the Eurozone...
The EU injected €2.4 trillion in this fashion over a four year period. (https://www.independent.co.uk/news/business/news/ecb-money-p...) $12B is nothing.
It turns out warfare is extremely expensive (see also: guns v. butter) and one of your line items is buying off local warlords.
Bitcoin itself worked as expected, and the fact that no one can easily reverse transactions is one of the features described in the original whitepaper:
"Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers"
Well, because in bank robberies, it is the bank losing money, not the customers - this is exactly what bitcoin is missing.
> this is exactly what bitcoin is missing
What you mean to say is this is what many cryptocurrency exchanges are often missing, which I agree with.
But I’m seeing less and less a justification for the deliberate lack of security in the bitcoin world. So a hack like this happens. Regardless of how it happened or who’s to blame, why continue to tolerate bitcoin? What is it giving you that’s worth the enormous mountain of precaution that you need to take to secure yourself?
I expect to lose more from btc's value crashing than some elite conspiracy of hackers having sabotaged my hardware & somehow working out my private key which isn't stored in plaintext
If I was holding a really great worth of btc, going the full mile of cold storage would make sense. At that point you're invested, quit kidding around
Semi-related, it’s wild to me that the best practice for a digital currency is the functional equivalent of keeping your money in your mattress.
That said, how is this different from having physical cash in a bank, or a digital ledger that pushes money elsewhere and is only caught much later.
The answer is only that it’s an immature global system, there’s no (current) list of black market coins, which is entirely possible to create- meaning hacked bitcoins would not re-enter circulation and the value diminishes wildly.
The effect you’re seeing currently is due to an immature currency market which has never been held to the same standard as our fiat currency market. It also hasn’t been battle tested over hundreds of years. Of course it is deficient.
I’m not excusing them, I wish that people with little to no security chops would not be involved in financial matters, but a lot of these companies sprung up out of hobby projects many years ago and one could argue that the industry they’re in has changed around them. It’s not as big a deal if someone steals 4000 bitcoins if they’re worth 20c each.
Regardless, by law, accepting these coins would already constitute possession of stolen goods, and would therefore be illegal. The "legal fungibility" is already zero.
If you stole a bucket of water and then pour it in to your swimming pool and then distribute the content of your swimming pool to 100 different people, who has the bucket of stolen water?.
Bitcoin also doesn't track the movement of specific coins because they don't exist. Its just a list of transactions. A wallet with $100 in it gets $5 in and then sends out $5. How do you decide if this was the $5 that went in? Is it first in first out?
Even assuming you mean "address" rather than "wallet", you can decide by looking at which UTXO was consumed. This is a drawback of Bitcoin.
If that were happening at any scale, the coins would be essentially worthless as a currency. They only make sense if there's some kind of agreement as to what is an acceptable/valid bitcoin. But then having a blacklist of "stolen coins" requires an authority that curates the list.
A common strategy of hackers seems to be to distribute stolen digital currencies among many addresses of non-participating actors, therefore losing money, but obscuring their own identity.
If a bank robber came to your door and offered you a share of money, you wouldn't take it either, especially if this transaction is public.
Even though several billion dollars of cryptocurrency (compare with hundreds of billions of dollars) have already been stolen, my guess is that taking these coins out of circulation wouldn't affect the system much.
If that doesn't happen, everyone participating in cryptocurrency might become more and more legally liable.
"What color are your bits?": https://ansuz.sooke.bc.ca/entry/23
"Treasury designates [...] digital currency addresses": https://home.treasury.gov/news/press-releases/sm556
Governments could easily mandate such blacklists to be used (in fact, assuming you are a US person, you are already barred from interacting with certain addresses, see the treasury link above), I think it's only a matter of time until this happens. And compared to the fiat currencies, such requirements are much easier to verify, at least in non-private digital currencies.
Bitcoin in its current form can’t have a useful “black market list”, because that list has to be generated somehow. Do you make a central authority in charge of list management? Or do you trust some fraction of the population to “vouch” that coins are bad? All the options would either open the door to immediate abuse or require a central authority that doesn’t exist.
Regarding the immaturity of the projects: your comment isn’t really a response to the parent commenter. I agree that many bitcoin companies today started as hobbits projects. But why should we tolerate that they’re operating in an industry which can so easily lose millions of dollars for users, but operating with the security guarantees of hobbyists running a hobby webpage?
This may seem pedantic, but no! You certainly don't have physical cash at your bank.
Only a miniscule percentage of monetary reserves are in physical form and a bank is not obliged (as a matter of fact it would be rather counter productive) to store physical cash on customer deposits.
But outside of that many things could cause the bank to lose your money. And there wouldn’t be a recourse for it.
The comment I replied to compared bitcoin to cash-in-the-bank, and my point was the same as yours: while I may have handed the bank cash, my ability to get money back isn’t tied to that specific cash, or even to any amount of cash that might be stolen from the bank at all. The money is insured, and so if the bank is robbed, my ability to withdrawal my money is unchanged.
So even if all central bank money would be printed in bills and coins, and would be distributed to banks, that still would be only a small percentage of the numbers on everyone's bank account.
This means that those numbers on your bank account are not "money you have now", it is "money you will have in some future, when everyone pays back their loans".
So that is what they mean with a "bank run". Everyone wants their money NOW, but that is impossible, since most of the money is lended out.
So to the parent poster, even if there is no robbery, you will have a serious problem when everybody wants their money NOW. See what happened in Greece some years ago, where nobody was able to withdraw more than 50 euro's per day, since the banks had a crisis.
Thinking the money on your bank account is yours NOW is just an illusion.
Fractional-reserve banking is the common practice by commercial banks of accepting deposits, and making loans or investments, while holding reserves at least equal to a fraction of the bank's deposit liabilities.
Let's say we have a 5% reserve, which is realistic if you look at EU and US. Let's say there is a new bank, and you deposit 100 euro's at that bank.
I go there to lend out $95, which is allowed because the bank keeps $5. You have a nice shop, and I buy something for $95.
You deposit this $95 at the bank, which they can lend out again keeping a 5% fraction. I go there and lend out $90, buy something at your shop, and you again deposit this at the bank. We do the same with $85 and $80.
So you now have an account with 100 + 95 + 90 + 85 + 80 = $450. Nice! Now you go to that bank and request that money in cash.... oops.
Seems weird, but this is actually how it works. Look it up if you don't believe me: fractional reserve banking!!!
Think about it: if commercial banks wouldn't handle finance in the way you describe, it would be virtually impossible that they go bust.
They could still be drowned by dodgy loans. But let's just say that the risk profile would be rather different.
Not necessarily. Each person could create their own blacklist, and just not trade with anyone who is using coins on it. Granted, that requires personal integrity. But it's a bit like saying "I don't do business with Iran." Some countries do, others don't.
If you are skeptical of the personal integrity component (on the part of others) you could make it more useful by saying "I don't trade with anyone who doesn't also share my same blacklist"
Almost all countries follow the US imposed sanctions against Iran. If you don't it will be very hard to do business with anyone in the US. Here is an example of a bank from my country being fined by US regulators for allowing transactions to Iran (and Cuba):
https://www.reuters.com/article/us-ing-sanctions-idUSBRE85B1...
> A two-year criminal probe was conducted jointly between the U.S. Department of Justice and the office of Manhattan District Attorney Cyrus Vance. The Treasury Department’s Office of Foreign Assets Control conducted its own investigation.
Companies follow those sanctions because they don't want to be slapped by US regulators (they don't have to pay the fine, but that means losing access to the US banking system). Not many western countries besides the US have problems with Iran (as opposed to other middle eastern countries).
-----
As to your point: everyone creating a blacklist is a big hot potato game. If you're not on top of the latest hacks and get some bitcoin that were stolen you'll be at a loss. This would defeat Bitcoin's fungability and defeat it's purpose as a currency.
And in my second paragraph, I make exactly that point:
make it more useful by saying "I don't trade with anyone who doesn't also share my same blacklist"
A blacklist like you suggest has been tried and shot down many times, for example: https://bitcointalk.org/index.php?topic=333824.0
The same happen with counterfeit money, yet here we are, still using it everywhere.
In most case, if it's physical, you can catch it before it get send. If it's digital, you can cut access. No big deal.
Go see any big Ebay seller and find one that didn't lost any money from a scammer.
We are talking about blacklist that would make a stolen bitcoin, no longer a real bitcoin and thus be at lost. If you consider it still a real bitcoin, how can you consider it a loss? If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck. If it doesn't... it's probably not...
You talk about being on top of the latest hacks... isn't the same as being on top of the latest counterfeited money?
People are pwned every day. Leaked passwords, leaked photos, leaked sensitive information, trivial fraud, identity theft, social engineering so easy that you can get into a website's AWS account with its WHOIS information. No need to focus on hobby projects: the government and mature corporations get pwned and leak your data, too. It's a massive clusterfuck.
Our security models are still so fledgling and so bad that last week I watched my girlfriend download and execute a binary from a fake download button served by Google Adsense.
And I'd agree. But I don't think we should revert back to papyrus.
I think tolerance is a weird way to discuss this issue. I don't think it's the right word nor concept. But to continue the theme, there are things I don't tolerate about, say, the banking and credit card system either.
Like how, by default, if I type my credit/debit card number into a <form>, anyone can use that data any time in the future to spend my money, and I have to remain eternally vigilant each time my transaction statement comes. Or how annoying or impossible it is to send/receive money between random people just using our bank accounts, usually having to rope in yet another party/service. Or how hard it is to juggle bank accounts in multiple countries as a traveler.
I suppose you're asking why someone would use bitcoin despite news like this? Sure, I like using bitcoin for online payments and money transfers.
If you're asking why anyone should tolerate the risk of keeping your bitcoin in somebody else's pocket, like Binance's pocket, then I agree. They shouldn't, but they don't necessarily understand that.
So you'd be okay with a bitcoin that didn't have require power consumption and scales? Because they exist you know.
https://web.archive.org/web/20100701145902/https://blog.magi...
Bitcoin has sender based transactions. All I (the possessor of black market coins) needs to do is to send a small number of coins to a large number of addresses (exchange hot wallets, exchange cold wallets, random people's addresses) and now the taint is spread so wide that in order to enforce the blacklist you need a positive declaration from each of the destination addresses that they are not the thief.
How would that be possible? Isn't the value based off of wallets, so what you need are blacklisted wallets, and trading with a blacklisted wallet blacklists your own wallet. This would also mean all coin mixers are nearly guaranteed to become blacklisted. At such a point, people will just choose to do business with blacklisted wallets instead.
We can already trace coin flows between wallets involved in far worse crimes than theft, yet the entire bitcoin community considers allowing them to operate as a cost of doing business. I don't see why millions of dollars worth of stolen coins would prompt a black list system when child abuse sites using bitcoins didn't prompt a black list system.
I don't think immature is the right word even though you're right about other point. The regular system has a lot of regulations, security, and so on to reduce repeating and some big risks. The cryptocurrency community lacks most of that. The reason they do is philosophical: they believe their own decentralized protocols and individual activities are better than [de-]centralized, government-regulated, traditional activities. The hacks are a logical consequence of people with that false belief doing things that logically follow from it. And don't work.
They'd have been better off making a multinational, public-benefit corps with charters and contracts having tons of protections built in.
Worse, they are trying to protect that cash from everyone on the internet. If you want to steal actual cash from a bank, you need to walk into it and threaten a teller, and you're probably going to jail. If someone hacks into BofA and drains a bunch of accounts, the losses will be covered by the bank or the FDIC.
If a bunch of people put cash in one place, then trust an immature company with no insurance to keep it safe, this will happen again and again. It's like a data breach, except easier money.
Bank deposits are insured by the FDIC, and ACH transactions are reversible. Bitcoin is neither insured by the federal government or reversible...
you aren't obliged to use it, are you?
It's giving you precisely the opportunity the Binance hackers seized: doing transactions that no one else wants done. You don't have to ask permission nor trust anyone but Bitcoin itself.
Mt.Gox should have been a general warning, which, apparently wasn't heeded too much.
Unless you’re talking about something else.
The difference is what happens when it doesn't. What happens when Venmo decides you cannot buy porn or marijuana or whatever, you simply can't.
Or what happens when you can't get a bank account? You're locked out of the ecosystem.
This is one of the reasons why cryptocurrencies exists. To provide a system for when nothing else works.
Cryptocurrency is totally impractical without a bank account. Meeting random people in the street to trade cash for bitcoins is about the shittiest and most dangerous UX I've ever heard of.
30% wish to avoid restrictions on the movement of money, 50% see it as money-making operation.
Take for granted that I (your 50 years old parent) have near zero knowledge about technology and I just won't use my own wallet and what not.
Lol, given these conditions and unwillingness to change them you definitely shouldn't use it at all. Just forget you ever heard about it.
The best, to my knowledge, decentralized anonymous crypto exchange is bisq [0].
The "unable to recover" feature is central to Bitcoin by design, because that way it cannot be censured or otherwise manipulated by non-majority actors.
To finish, Bitcoin is not the most technically sound cryptocurrency around. It is a historically pivotal idea and implementation, but it's details are not the future of cryptocurrencies.
[0] https://bisq.network/
2. You should anyway only use proper exchanges, then it's like using your current bank.
3. You don't have to use your own wallet. Cryptocurrencies gives you the opportunity to do so, but it's not a requirement.
Who remember how big of a blow it was during mtgox incident. People forget...
>Mt. Gox announced that approximately 850,000 bitcoins belonging to customers and the company were missing and likely stolen, an amount valued at more than $450 million at the time.
This hack pales in comparison to the MT Gox incident. Partly because Bitcoin exchanges are more professional now, have decent security, insurance funds and real commitments. But it's also because this hack is actually relatively small.
I find it surprising is that coin price is down just 4%.
Except they're not banks, and not intended to store your funds long-term.