171 comments

[ 2.2 ms ] story [ 209 ms ] thread
What advantages does this service provide over bitcoin itself? My suggestion would be to make this very clear, and definitely make sure it is explained on the About page.
Definitely agree with making the advantages clear. I can see how this could be a pretty useful interface to BTC for non-technical users. I might have to try it out myself :)
Agreed. "Without coinbase, this is how you would use bitcoins _____..., with coinbase it looks like this instead ____." Dont assume any knowledge of bitcoins.
My guess is that you can send bitcoins to people who don't give a shit about it or know how to use the client and they can in turn pay for things with the coins you sent. I'm thinking of sending my dad a couple just to see if he can figure it out. :)
I like the idea, kind of a PayPal for Bitcoin. My issues would be the usual: I don't trust a new service with my bitcoins, don't know anything about their policy for data loss, etc. The about page and support pages don't really instill any confidence. If I knew I could trust them it would seem like a great service.
It's very cool to see that after posting looking for a co-founder to get into YC, it looks like Brian has gotten into YC as a solo founder and by the looks of it, is doing great.

I sent his previous post looking for a co-founder to friends because Brian looked seriously formidable. Best of luck to him.

(comment deleted)
This looks great - I can't wait until you can start ordering from eBay and Amazon with bitcoin.
FYI: You can get a virtual visa card sent to your email for bitcoins :::: http://www.btcinstant.com allows you order anywhere with bitcoins.
I think that this could be the hero that Bitcoin needs. If they make it super simple / super clean they could revolutionize Bitcoin.

To the creators, have you considered adding a USD (or other currency) funding option? Since getting the Bitcoins is probably the biggest obstacle for most everyday consumers.

If that's true it could be a good time to speculate/gamble a bit. I'm tempted to throw $500 or so at it, for the chance of another bubble.
Any technical details on how wallets are protected? I think we've seen how previous bitcoin websites have fared on HN, it would be cool to know some of the details on how the BTC are going to be protected so that the problems of the past don't happen again.
Yep - sorry we should really add a page on that. We're storing wallets in the cloud so this is an important concern. Private keys are encrypted in the database. bcrypted passwords. We also offer two factor authentication for your logins: http://blog.coinbase.com/post/25677574019/coinbase-now-offer...

We'll start keeping a majority of funds in cold storage as deposits grow (we're still in beta at the moment). I worked on fraud prevention at Airbnb previously and we had lots of money flowing through the site and stored with us, so I'm familiar with best practices around this. I also have a healthy respect for what can go wrong, and I think as we grow we'll go through regular security audits (and much more scrutiny as we pursue licensing as a money transmitter). You certainly shouldn't trust us on face value though, it's something we'll have to earn over many years.

Is it that Bootstrap makes every website look amazing or is it that people who build amazing looking websites tend to use Bootstrap?
It's that they all look similar and you like the look. You also might be looking at websites built more by hackers than by web designers. Bootstrap is great for visually clean rapid development, but that comes at the cost of individuality.

Props to Coinbase for changing the looming black top bar anyway.

It's a theme from http://bootswatch.com/. I wish more sites used one of those, completely agree with you on the black top bar.
How is this different than MtGox? I don't trust MtGox, but at least they've made mistakes and have spoken publicly about how they've fixed those mistakes.

On the other hand, are these guys storing my wallet safely? How about my balance (please god, don't store it as a float)? How about my password? If they're not launching with two-factor auth I won't even give it a chance (and likely ever, honestly).

I've gotten progressively more and more pessimistic about these sorts of sites even though I like the idea of BitCoin as a currency. If security isn't heavily discussed and visible (2FA, do it!) at the launch, it will be hard for me to take this seriously.

"Coinbase now offers Two-Factor Authentication"

http://blog.coinbase.com/

And what happens if someone gains access to your server or social engineers their way in with your hosting company? As far as I can tell, this has been the biggest problem with such services so far.
I'm not affiliated with coinbase; sorry if that was unclear.
Fantastic fantastic! Maybe I'm a nerd, but I'd be repping that on the front page.
Haven't signed up, but http://blog.coinbase.com/ does mention 2FA is supported through SMS or an app called Authy. In case the founder sees this, was there any reason why Verisign's VIP app (which has native apps on more devices and seems to be the de-facto standard for banking sites) was not used?
I hadn't seen it - thanks I'll check it out!
You mean Symantec's VIP app.

Personally, I have no idea why they didn't just use Google Authenticator and implemented OATH/TOTP on their own servers. Relying on a third-party for authentication seems a very bad idea, specially when there's an open algorithm that is essentially just feeding a secret and the current unix time to an HMAC-SHA1.

What's wrong with storing it as a float? I'm not saying you're wrong, I just genuinely don't know. If you could explain/point me to relevant literature I'd be grateful.
Quick Google, sorry it's easier than me offering an incomplete explanation: http://stackoverflow.com/questions/3730019/why-not-use-doubl...

And I really don't mean to pick on you, but that this isn't better known is why I worry when I see random sites popup offering financial services.

That's okay. I don't think I'm really representative anyway, as I'm not a professional/schooled programmer. Thanks for the link, I did try googling it myself but I didn't think to use the word "currency" so I just got a bunch of irrelevant results.
Some numbers with a finite representation in base 10, 0.2, for example, don't have a finite representation in base 2.

They are rounded, and doing arithmetic on such numbers leads to compounded rounding errors that you don't want to see when dealing with money.

Another problem is that the mantissa of floating point numbers is limited (52 bits for doubles), which can lead to truncated numbers, another big no no.

Storing BTC balances as floats is something a few services have done in the past so it makes sense to ask/bring up. Since BTC have 8 decimal precision, rounding can become noticeable very quickly even in addition and subtraction even though in real, today's value, it's not such a big deal.
It looks nice, but I don't see anything addressing safety and security. How does this service guarantee that any money you transfer to them will be kept safe? Also, do they guarantee that if a break-in occurs like the Bitcoinica disaster, that users' monies will be returned?
Nope. They can't get federal insurance since they aren't a bank. The "bank transfers coming soon" - I've yet to see a bitcoin exchange actually allow bank transfers, so that will be a welcome thing.

Still, you should be storing your money in your wallet, not leave it sitting around on a site.

I think that games should use litecoin or something instead of <insert name of fake in-game currency here>.

Yep - sorry we should really add a page on that. We're storing wallets in the cloud so this is an important concern. Private keys are encrypted in the database. bcrypted passwords. We also offer two factor authentication for your logins: http://blog.coinbase.com/post/25677574019/coinbase-now-offer...

We'll start keeping a majority of funds in cold storage as deposits grow (we're still in beta at the moment). And I think you're right a firm policy on this would be needed about loss of funds and what is covered. I'm interested in the idea of getting insurance through Lloyds of London or something along those lines, but haven't pursued it yet (we've just been building the prototype).

I worked on fraud prevention at Airbnb previously and we had lots of money flowing through the site and stored with us, so I'm familiar with best practices around this. I also have a healthy respect for what can go wrong, and I think as we grow we'll go through regular security audits (and much more scrutiny as we pursue licensing as a money transmitter). You certainly shouldn't trust us on face value though, it's something we'll have to earn over many years.

Even google's two factor authentication got hacked. How do you seceure yourself for something like that?
He meets with customers in person to verify their identity and exchange bitcoins. No.

How do you seceure yourself for something like that?

Probably by being careful.

Google's 2FA wasn't hacked, it was bypassed. Essentially, there was a second "door" (the account recovery flow) that wasn't protected by 2FA, and that's what the attacker used.
It doesn't matter. The point of that story is, the weak link is going to be exploited. Bitcoinica is a good example. Zhoutong said at the start he understands application security, and in fact the big attacks didn't result from exploits in his code, but from third-party vulnerabilities.
What do you mean by "We'll start keeping a majority of funds in cold storage as deposits grow"?

Are you re-investing some of the deposits, and the ones that you don't touch are in this so-called "cold storage"? If yes, what percentage do you keep in cold storage, and why don't we get interest if you reinvest some of our deposits?

I assume what is meant that deposits will be stored in wallets that are not online.
"Cold storage" in Bitcoin parlance is a wallet that is completely disconnected from the network. Since a "wallet" is really just a collection of private keys, one example of cold storage is to scatter pieces of the wallet (M of N splitting) in physically secure locations like safe deposit boxes.
The above is correct.

What you're describing is called fractional reserve lending and we definitely aren't doing that.

> What you're describing is called fractional reserve lending and we definitely aren't doing that

What? Why not?

Unless I'm misunderstanding him, what he's describing is simply "cold storage", not a fractional reserve. The putative bitcoins are still under the person's control, even if they are offline. It would only be fractional reserve lending if the person were actually lending a portion of their reserve.

But very cool site. Bitcoins are one of the things that drew me back into programming, and I'm grateful for that. (btw, are they still using json rpc for interprocess communication? it got a lot of flack, but I liked the API) But I got fed up with the volatility and the people it was attracting about a year ago and left it behind. It's good to see a legitimate business like yours getting involved (and with the ycombinator name, too!). Maybe I'll check it out again. There's a huge amount of potential there.

EDIT: My bad, I see that the parent comment was talking about fractional reserve lending. I only looked at the comment directly above your remark about reserve lending. Yeah, I'd stay away from fractional reserve lending since it's an anathema to almost everyone who uses bitcoins.

The potential was always there ever since Satoshi released the specs. The volatility is because of the nail-thin market depth, and the bubble was unavoidable (Hello 20/20 hindsight) because of that combined with some media attention and the first time occurence of a digital limited resource... Well, most people probably only thought as far as "OMFG the price is going up, I expect great returns on investment". Thankfully the price fluctuations are smaller now and we can all focus on building infrastructure and a market.

As for legitimate businesses there´s plenty. We´ve (mullvad.net) been accepting bitcoins for two years, but then again we were probably the first corporation and full-time business to do so :)

Oh, I totally agree that there are plenty of legitimate businesses using Bitcoin. I've sent you guys a lot of bitcoins over the past 1-2 years (great service, btw).

I've also paid some very professional developers and designers for high-quality work using bitcoins. Personally, I'd love for btc to take off more, since I'm a freelancer and do lots of work for overseas clients, and get hit with lots of banking fees. Btc is a fast and easy way to pay freelancers, and could be a great way to get paid by clients.

Nonetheless, I an easyjust got sick of all the hoopla surrounding Bitcoin and the constant Bitcoin heists, combined with the cluelessness of so many Bitcoin developers regarding security (not the core developers, but all the devs trying to build Bitcoin-related businesses). But perhaps it's time to give it another try.

Do my bitcoins stay as my bitcoins OR do I transfer my coins to coinbase and when I want to use them you transfer the same value back? I would feel a lot more comfortable with the later where your company was liable if you got hacked.
I don't believe it would be the possible to do the former with Bitcoin, short of telling them your private keys and erasing them from your storage I guess?
"Private keys are encrypted in the database"

Please encrypt the private keys with a key K derived from the users' passwords. When a user logs in, your server-side code can compute K and access the bitcoins. When a user logs out, the server should forget K, erase it from RAM, thus leaving the bitcoins securely encrypted on-disk. Not even an attacker getting access to your infrastructure, not even you(!), could steal the bitcoins when the user is not logged in.

Not a single online wallet service actually does it this way, the right way, sigh... This mechanism could have prevented numerous thefts: MtGox, MyBitcoin, Bitcoinica, etc.

How do you deal with the user forgetting their password in this case?
Like file system encryption is done. You don´t encrypt the hard drive with your pass phrase. You encrypt the encryption key to your hard drive with your passphrase. Your problem is solved with an extra key in offline storage.

In this case instead of just encrypting private keys with K (derived from user's password), you encrypt private keys with K and encrypt K with user's password. You also encrypt K with your own master key which is stored offline. You could either retrieve K manually or through a rate-limited API.

However, Estragons point about it only slowing down the attack still holds, although in Bitcoinicas case the loss would be much less, since they discovered the attack early. "not even you(!)" however is false.

Two possibilities:

For power users, if they forget their pw, they lose their coins. Period. That's the option I would use, as someone who never lost an important pw thanks to my use of redundant password safes.

For other users, when creating an account, coinbase.com could email them a "key recovery" file (or mail them a physical QR code), with instructions to keep it permanently stored in a safe place. This key recovery file would be K encrypted with a unique IV and a key known by coinbase.com, who would not keep a copy of the key recovery file. This would satisfy all my requirements: coinbase.com would be unable to steal/access the users coins, and an attacker merely getting access to the key recovery file would be unable to do anything with it.

At least for the MtGox and Bitcoinica thefts, this would only have slowed the attack down. All it would take is adding a password logger. Still might be a worthwhile extra line of defense, though.
Strongcoin does this, I believe.
What about Blockchain.info? I thought they were doing this?
I'm not a security expert, but at least I have first hand experience with the Bitcoinica hack. It seems that all the security features you have mentioned are present in many Bitcoin sites, including Bitcoinica,r and they don't prevent the easiest ways of losing wallets. Storing in the cloud is especially dangerous because for most (NOT all) cloud service providers, the front-end security (concerning authentication and authorization) is probably much weaker than your own implementation. For example, anyone can reset the password with an email, and change the root passwords of the servers. There isn't likely an option for second factor authentication.

This does not apply to cloud services with serious security considerations, such as AWS. It has IAM as well as second factor authentication. However, in Bitcoinica's case, both Linode and Rackspace don't seem to be a good choice to host wallets: Linode hack was actually a result of their customer service system compromise (i.e. possibly any support agent can reset the root passwords). While Rackspace Cloud's support staff couldn't log out the hacker and preserve the servers even when the hack was detected and password being changed.

These are really basic security features that cloud services are lacking.

You made a good point that things can be upgraded as you grow. Please do that. It's exactly what I intended to do when I launched Bitcoinica last year. But after I sold the company last year, no one really think it's an urgent thing to do because there were no performance issues, no availability issues and everything went just fine. It's important to stick to the plan, and preferably allocate a fixed portion of revenue for upgrading security features and doing audits.

I'm glad to give you more information so that you can make better decisions (just drop me an email). I have been leading Bitcoinica for half a year (until the handover in April) and I had some experience in running a Bitcoin site that scaled quite well. I'm working on a non-Bitcoin project at the moment but I really want Bitcoin to succeed.

Intent is not the same as action, and as you said, no one (including you) thought it was urgent to upgrade your security. Shortly thereafter you discovered that there are black swans.

The above is also very easy for someone (like me) to say when you´re not in the middle of it. You want to grow your business, and the benefits of working on security are hard to measure. I get it. That´s when you need to ask yourself what your priorities are, and if you´re in the business of selling turnips, or handling valuables such as bitcoins.

Brian, you are where Zhou Tong was a while ago, although there´s no hype around your service yet. It has great potential, especially with the backing of PG et al. Please don´t make the mistake of putting security on the back burner. If anything you should use it as your primary selling point.

If you´re comfortable with it, subject your internal architecture to public scrutiny. If you´re not, think really hard before you say "trade secret".

That's nice and all, but you're loading arbitrary javascript from Olark, CloudFront and Google on your login page. So no matter how much you secure your own systems, you're reliant on several third parties securing there's too.
"Widespread Adoption" About $2 million a day (USD) is already being transacted in bitcoin. It's quickly becoming an international currency of the world.

Er... bit of a stretch

Exactly what I thought. I wonder how much money is transacted in WoW, Second Life and other large mmorpgs.
WoW gold is a multi bullion dollar economy with daily transactions worth around around 10-100 times what BitCoin is currently doing depending on how and what you count.
This is a good point, I think we'll change it to "It's quickly becoming an international currency." Thanks for the feedback :)
ahem. There is already a large international currency that is way bigger than bitcoin (and maybe bigger than USD). Euro. (Though then we get into semantic arguments about "international")
How is a user protected from a transaction history subpoena?
BTC transactions are all public in the blockchain so they're not as anonymous as many think.

But as for preventing your identity from being linked to your BTC wallet? There's probably no way to prevent that if the service provider is under US jurisdiction.

You can certainly be fully anonymous with bitcoin but care must be taken... Mainly, you need to isolate your change to an identity wallet - a wallet used for specific purpose under a dedicated pseudonym. Identity of the pseudonym is protected by plausible deniability - "I bought those coins on MTGOX, but I sold some of them to some guy for cash on the street corner, that purchase wasn't me"

The more hops through a wallet (which can be created dozens of times), adds more plausible deniability and separation to any purchase.

Good point. And if you sign up to Coinbase anonymously and acquire BTC reasonably anonymously any data that gets subpoenaed is worthless.
Have they been hacked yet? It's a rite of passage.
Twitter Bootstrap is homogenizing the entire web! This place used to be cool, man. What happened?!
Well, at least they've made some modifications to it so that it looks good.
Since you auto-focus on the email address input field... it erases the default text that reads "Your Email" so it is initially quite confusing to know what you should enter.

I had to click on the page to de-select the input, see that it said "Your Email", and then enter my email.

The way it is now, it looks like you might simply want two passwords.

Looks like Mozilla clears placeholders on focus, while Chrome and Safari clear on the first input. In Internet Explorer they don't show up at all...
Good to know - you can guess which browsers we've been testing with. Sounds like a we'll need to do a js placeholder solution or change the page.
Barmstrong,

I asked the following downthread but I'm afraid its going to get buried in the muck:

"Zero Transaction Fees"???

Are you refunding the bitcoin transaction fees that are builtin to the protocol[1]? If you are going to eat that cost you should say so, it seems like a good marketing point.

[1] https://en.bitcoin.it/wiki/Transaction_fees

Don't think anyone will respond, but I believe the statement is a stretch. I think they just mean THEY won't charge transaction fees.
Good question, and sorry I just saw this.

So we aren't including any bitcoin transaction fees by default. If you try to send a transaction below 0.01 it will never get confirmed without the fee, so we added this user interface improvement a few days ago which gives the option of including the fee if people want to:

http://blog.coinbase.com/post/26452774981/confirming-small-t...

Coinbase will make money more like an exchange down the road, 0.5% to convert money into our out of bitcoin, but once you have your money in bitcoin there are no transaction fees (it mentions this on the homepage, but admittedly it's still a bit confusing). I wish there was a better way to distinguish between an exchange fee and transaction fee (to the average consumer these may be the same thing, I'm not sure).

In general, I would like to abstract out the idea of btc fees to the average user (I think it's an unnecessary complication for someone new to bitcoin). It would be much easier to just say "no fees" - this is simple and shows a clear benefit of using bitcoin. If you have to explain to people that "sometimes there are fees, but they are a lot lower, etc" it loses some of it's punch. Right now we can do zero fees and transactions still get confirmed. In the future we may be able to do it by eating the cost and have this be a cost of doing business, but that is a decision for later.

Hope it helps.

On Firefox with NoScript "your email here" appears, but disappears when Scripts are permitted.

  1. Start centralized bitcoin depository.
  2. Fail to provide any loss protection.
  3. "get hacked"
  4. Profit.
this is the tried and true model.
While I'm not a big fan of BitCoin, I don't think this is a very good argument. You could use the same argument for banks and "get robbed". Why doesn't this happen to banks?
FDIC Insurance, lots of regulation, and criminal liability.
(comment deleted)
The difference between the bitcoin banks/cloud wallets has been that the bitcoin counterparts seldom have any law or big organization to back them but only a few hackers with a bitcoind and a web servers. Some, like the old mybitcoin.com, have been hacked mysteriously with little data released, but only millions of $ worth of bitcoins gone forevermore.
If Joe Blow rents a $20/mo. VPN and opens up the "First Federated Bank of Joblovia", chances are he isn't going to be able to take a whole lot of wire transfers to his Bank of America account before the feds move in and shut him down. In fact this is basically what happened to some of the earliest Bitcoin exchanges who were less sophisticated with how they moved currency in and out; guys like Jered from Tradehill used their personal bank accounts to take money from people, and gave them Bitcoins online. The cashflow problems and subsequent collapse stemmed more from the constant shutdown of bank accounts than from the "misunderstanding" with Dwolla as to the nature of Dwolla's chargeback policy. I think.

In any case, Bitcoin offers the ability to do exactly this: Open a completely unregulated financial institution with no accountability. Looking at this site, the first question in my head was "Where are your coins stored?" Second was, "What are the limits, and how, exactly, do you guarantee funds will transmit since every country in the world has different limits, regulations and KYC disclosures required to make that possible?"

The answer for Bitcoin businesses thus far has mostly been "don't worry about it". In Bitcoin that's slang for "I'm using my bank account, my buddy's bank account, my girlfriend's bank account...and I swear you'll get your money on time until you don't, and I'm gone, and you're fucked."

This looks to be yet another one. No news here.

noduerme, it appears you have been hell banned.
I going to pretend you are actually serious about this. Let's make a strawman that actually makes it easier to suggest that this is "the same as banks".

Let's pretend for a minute that we're dealing with a non-FDIC insured bank (like some of the original online banks), with none of the regulatory controls that obviously provide a lot of protections.

Let's pretend for a minute that the bank stupidly keeps all of its holdings as cash that are held on site at the bank. It doesn't use notes or other securities for transactions, only cash. Let's pretend that the bank also self-insures those holdings (which basically means no insurance).

Okay, so I compromise the bank's security, take every bit of cash. I disappear to some island in the Pacific with every last cent.

How badly is the bank screwed? How badly are the customers of the bank screwed?

Actually, not that badly. I only wiped out the bank's reserves. That means both the bank and its customers have a short term liquidity problem, but not necessarily a significant asset problem.

A regulated bank would have 10% of all deposits in its reserves. Unregulated banks often have far less, but let's pretend it is 10%. The bank loses 10% of its value. If it can stay solvent, then nobody loses any money, but it might take a few days before people can make withdrawals (which could cause a bank run, but that's a whole different problem). If the bank can't stay solvent, it goes bankrupt, and depositors become creditors. It'll take a while to resolve the legal process, so liquidity is killed, but when it all ends, depositors are going to get back something close to 90% of their money back.

The key thing is that the bank lends out most of the money it takes in. Even if you rob the bank of all its cash, the bulk of the "assets" of the bank are all the IOU's from lendees, which is value that is really hard to "steal", because lendees tend to only pay their lender, and then tend to do so in installments over a great deal of time.

THIS IS WRONG: Hacking Coinbase would be more akin to hacking say Visa, and redirecting all payments to you instead of the intended merchant.... if Visa's transactions were all cash based, instead of credit based... and Visa was unregulated... and even then it is kind of different because Visa is a middle man between two banks...

UPDATED: Okay, I just read they are actually storing the bitcoins in the cloud, rather than just exchange the coins between the two parties.... So actually, it's not like hacking Visa, unless Visa didn't reconcile their transactions with its customers for extended periods of time and held all of the float as cash.

So what you're saying is that banks are more stable because only a small portion of their assets are kept as reserve? In that case, what's stopping bitcoin "depositories" such as this converting the bulk of their assets to something else as well?
Well, it doesn't make them more stable, but it makes them more resilient to criminal theft.

Bitcoin "depositories" open up a pretty big can of worms if they convert their assets. Part of the point of using bitcoin is not to have to use other assets.

They could start lending bitcoins, but that's going to invite a lot of scrutiny, particularly from the regulators.

They can't do that because there is nowhere really safe to put the BTC. They cannot loan it out because nobody needs that much BTC, and it's unwise to invest it in USD or anything else because the currency's fickleness compared to USD(you could lose a lot of money, or possibly make some).

The problem is that the current Bitcoin "banks" aren't really banks. They're more akin to socks under a mattress than a bank.

At a very basic macro economist level, banks have two functions:

1. They are a place for clients to place their money. To incentiveize this behavior, they pay those clients interest on the money in their accounts to keep it there.

2. They take that money and give out loans to people, and charge interest over the time it takes to repay the loan.

In a healthy economy, the two feed each other. Broadly speaking, the circulation of currency works like this: People/businesses take out loans. That money is used to buy things (houses, cars, short term equipment expenses, etc.). The businesses that are paid for the goods/services pay their employees, who put the money into the bank. Note that even in this situation, banks aren't entirely necessary, because people could just buy stuff, which goes to employers, who pay employees, who buy stuff...

Bitcoin does not have either economy yet. Right now, it's used just to buy things, with BTC being converted to a "real" currency(USD, Euro, etc.) on both ends. So it's really just a single directional currency. So, right now, if I wanted to operate a Bitcoin bank, I'd have to convert it to USD or some other currency, and keep it totally separate from my liquid BTC wallets to mitigate the risk of getting hacked and the wallets getting stolen. Unfortunately, that's incredibly risky, because I would then have to deal with the exchange rate between BTC and USD.

That isn't necessarily the fault of BTC banks though. Let us be honest here - if we (the viewing public of HN) collectively wanted to put in every effort to supplant flat currencies for BTC so nobody can print it anymore, all of us combined would not have the financial assets required to sway the supermassive giants of the world like Walmart, Amazon, Google, Apple, the big 3 car manufacturers, realtors, and more importantly than anything else, the stock markets to start trading in BTC would take the financial efforts of pretty much the entirety of the top 400 wealthiest Americans.

The markets are more resistant to currency shift than enterprises are to getting off XP and IE6. BTC will always fail because everyone is to lazy to get rid of the dollar as the reserve currency.

> BTC will always fail because everyone is to lazy to get rid of the dollar as the reserve currency.

All it takes is enough people using it.

This is not exactly true. I believe MTGox uses offline wallets for the storage of the funds, and I'd expect any other sane bank use it as well.

If someone breaks into the MTGox, they'll be only able to steal the "reserve". To get to the real money, the MTGox admin has to physically go into a vault (safe), and retreive its contents.

Since many people use Bitcoin specifically because it is unregulated, they won't complain to the government when their Bitcoins are stolen. What trotsky is really saying is that a Bitcoin company can just embezzle its customers' money and blame it on hackers. It's hard to know whether this has ever happened, but there have been some fairly sketchy incidents.
The truth is that all your money has already been stolen from the banks but we pretend it's still there via devaluing savings via money printing in an attempt to maintain the illusion each time the banking debt pyramid is about to collapse.
Please explain the use of "scare quotes" -- do you emphasize ease of the hack, or do you imply inside job rather than acutal hacking?
Inside job. Hence the "profit" in step 4.
At some point gross negligence becomes indistinguishable from malicious behavior.
Obviously he means inside job, as the next point is "Profit". Was that not blatantly obvious?
google "scare quotes'' + ''dan bloom" to see inside skinny on the meaning and origins of the scare quotes term, first coined in 1934.... ! but why is SCARE part of the term? if know, email me at danbloom AT gmail
That pretty much sums up the demise of Bitcoin, pretty much every bitcoin "exchange" seems to be created by high school kids doing their first steps in PHP and Javascript. Wake me up when a real bank (or a renowned exchange like Ameritrade, Intrade etc) starts trading Bitcoins.

That and for me the main blocker of Bitcoin is how to exchange my currency (MXN or EUR) into Bitcoins.

Just because it's hard to exchange EUR into Bitcoins doesn't mean that it always will be. See how it's with dollars.
Will there be an API? It looks neat!

It's one of those ambitious projects, that, even if failure is in the future, it's still a worthwhile project.

If I want to sell something, how can I get my Bitcoins converted to cash, safely and reliably? I don't trust MtGox, and I don't want to long-term forex risk exposure. Is there someone who could settle Bitcoin to USD, daily in San Francisco?
A reliable BTC<->USD exchange is going to be a key requirement for any meaningfully large BTC adoption.

A year ago, when I was looking around, there was none. I have no real qualms about dropping a few bucks into BTC, but I have to be confident that I can exchange it for the ability to pay my bills.

And yet such an exchange will inevitably charge fees that are higher than credit cards, which hinders adoption.
bit-pay.com offers a service where you can accept payment in Bitcoin, which is then immediately converted to USD at the average market rate (of the last 15 minutes) and sent to your bank account. I believe the funds are available next day, I forget.
So, this is essentially yet another cloud-based bitcoin wallet?

Also, how will you comfort your customers when you get hacked and their funds are gone? That is not a hypothetical thing to ask, but very real and has happened before in the cloud-wallet bussiness.

Anyone who wants to get started with bitcoin, I suggest using the client Electrum. Written in python, light, quick and secure.

are you a single founder?
I'm not sure why, but I find the term "for the masses" horribly insulting and elitist. It instantly turns me off on whatever it is you're talking about and tells me absolutely nothing about the product other than you think your target market is a mass of people that aren't as smart as you.
Congrats Brian! I remember when you told me about your idea at startup school. Heard you had left Airbnb and I suspected it was for this.
So the profit mechanism is through taking a percentage of bank transfers. So not going after banks.

Also did you mean shopping card or shopping cart? I can't resolve either from context and shopping card is not commonly used.