They do it by hiring competent people, by following standardized accounting and security practices, by having third party auditing, etc. All those things that companies like Mt Gox eschewed in the name of being able to rapidly push site updates without testing, etc. Yes, an environment with more stringent testing is less "fun," but at the same time, it's a lot more secure.
MtGox may also have wanted to avoid auditors and security people poking their nose around and discovering that they weren't actually solvent. The jury is still out on what actually happened there.
Transactions can be reversed. They leave a trail. The punishments are huge. It's not worth the risk. Hacking a bitcoin exchange has no consequences. MtGox has no idea where the money went.
The punishment part is the key. Hacking a bank is not difficult. However, taking the leap to actually funneling money out, and keeping the trail painted black, is well..life-altering and difficult.
Banks don't make websites without being hacked. They do, however, spend more on technical security for a single week than the entire Bitcoin community had spent on all technology to date, and they have substantial processes in addition to the tech to mitigate risk.
Insurance just smooths out risks over time and among different parties. It doesn't reduce the (expected) total losses from events, across the entire industry.
Banks have insurance for some risks, yes. They are able to buy insurance for a reasonable price precisely because the insurer perceives that the risks are low and well understood.
Application security modules in firewall/load-balancers. Rigourous patching cycles. Proper source control. Peer review. Functional testing. Load testing. Unit tests. Layer after layer of validation in every tier (browser, app server, database, middleware, etc). Enforced leave. Background checks. Hiring the sort of people who run and speak at white hat conferences to white and black box test applications. Separation of duties. External reviews. Not picking up every trendy programming framework at 0.1 release. Not building dependencies direct from github and rubygems. Internal security teams. Network monitoring and response in real time. Red teams.
In short, all that boring, expensive stuff a large chunk of both the bitcoin and HN community love to sneer at buggy-whip wielding by bloated, overweight entities.
>Flexcoin was attacked and robbed of all coins in the hot wallet. 'As Flexcoin does not have the resources, assets, or otherwise to come back from this loss, we are closing our doors immediately.'
Traders have a concept called value at risk (VaR). VaR can tell a trader the most they are likely to lose over a given time horizon for a given probability [1]. For example, a 1% daily VaR of $10 million means a portfolio will lose more than $10 million 1% of the time (or every 100 trading days). VaR helps instruct (a) traders to reduce their risk and (b) corporate treasuries to hold enough liquidity.
The Bitcoin economy is rife with theft and fraud. This is a risk to be managed. Losing one's hot wallet should never be a lethal blow. If hot wallets comprise an unsurvivable fraction of one's capital (a) reduce the hot wallets' sizes or (b) increase your capital.
Will either of these divert steam from growth and profitability? Yes - that is the price of prudence.
You are correct - VaR is a measure of financial risk. I was using it as an analogy.
Theft from one's hot wallet appears to be a common risk of Bitcoin businesses. Traders use VaR to quantify one of their own common risks, financial risk. Capital is then held against the risk. Bitcoin businesses should quantify and reserve against the risk of theft from their hot wallets. Part of this involves limiting the risk (thinly capitalising the hot wallet). Part involves holding reserves (in cold storage or U.S. dollars). That metric and reserve would not be VaR, just inspired by it.
Operational risk is usually managed with risk limits, reporting, dashboards. Since it is difficult to model quantitatively VaR tends not to be very applicable - except as a concept. The 1 in 200 event.
The concept of setting your risk limit at a non-lethal amount is completely valid. I don't know how bitcoin wallets work particularly, but simply having no more value stored in a hot wallet than can be tolerably lost (or a way of sharing that risk with users) in a single event seems reasonable. Then just work hard to prevent said loss since it destroys value.
You are having a banker’s response, i.e. someone who is used to have a currency guaranteed by a sovereign government and enforced by the rule of law.
> The Bitcoin economy is rife with theft and fraud. This is a risk to be managed.
Nope, it is a PR nightmare that no technicality will get you out of. ‘Malleability bug’, combined with an obnoxious foreigner in an exotic country was James-Bondian enough to get over people’s head. Most people still don’t understand what a browser does; they best understanding of cryptography is that they shouldn’t use their pet’s name for they password because it doesn’t include a number; their current level of confusion is such that even the BBC (the smartest media there is) still illustrate its papers with golden doublons engraved with a sticked B — and you can tell it’s digital because those are iridescent. BitCoin was beyond a tough sell to begin with; now you have three unresolved, unexplainable if they were resolved, impossible to repair if they were explained hacks, each involving more money than anyone can ever expect to have. It doesn’t matter that ‘hot wallet’ is marginal, transactional or what you want to call it: even the simplest explanation that is was “‘orders of magnitude’ less than MtGox” is still is a cop out. The current perception is that whomever will end up keeping your BitCoin is anyone technically savvier than you.
You might like that idea because you trust your own skill-set (risk-assessment and mitigation, I’d say from your comment, not crypto); that’s not the case of hardly anyone, certainly not the people whom you are trying to convince to adopt. Even if you pushed them to consider it, I can’t imagine any actuary seriously pricing the risk of getting it all gone, and only making sense of it far too late, not with the systemic odds on computer security that we had recently: a year of unweaving a industrial-spying complex gone loose, major to the point of being obviously intention SSL breaches at every level of every OS, even things as inspiring as brick-and-mortar Targets get now attacked digitally.
Underestimating economic risk because you exclude financial systemic crisis was one huge mistake; I can’t imagine anyone would jump to the occasion of doing that at an even more obvious level now.
Your explanations have as much chance saving BitCoin as I had stoping the War on Terror by pointing out on September 20, 2001 that lives were actually saved because the reduced traffic and activity after 9/11 meant less road and work accidents, and that all these people falling in smocking rumbles, that was demographics as usual. What is needed now is a compelling case of justice and the rule of law.
PR: With no evidence to support your claim that this is a nightmare, I believe you're overstating the situation. The current BPI/Winkdex/etc. values show there are plenty of people still quite confident in the Bitcoin system.
Risk management: Consider parent's option (a) again: there is no intrinsic reason Bitcoin-based services can't reduce their hot wallet size down to zero and send all settlement through a human review process. The "hot/cold wallet" design is a choice that many naive but greedy people are choosing in building their Bitcoin-based systems but it is not the only choice. In banks you usually only STP low-value, low-risk transactions; in the current breed of Bitcoin-based systems, it would appear that system designers are naivly STPing everything. There is no evidence I have seen to suggest that Bitcoin-based systems intrinsically cannot manage risk properly (this is obvious when you simply consider that the majority of coins have not been stolen).
Regulation: There is some kind of strange unstated assumption on HN that regulation magically makes banking safe all by itself, and until that regulation is in place Bitcoin-based systems cannot be safe or effectively risk managed. With the exception of insured deposits, which is a question of policy and time rather than strictly a matter of regulation, there is no reason that Bitcoin-based services can't proactively implement policies that the banking world is required to implement by law (AML/KYC rules, auditing, active risk monitoring, human review in settlement, etc.) Using a service that doesn't implement these policies is a risky choice (and yes, I believe many Bitcoin supporters will probably have to change their opinions about e.g. identity verification if they want to see Bitcoin survive and succeed).
Before anybody makes assumptions: I do not have an opinion about whether Bitcoin will succeed or not. I do think the underlying technology and possibilities are being unfairly stigmatised by critics' generalizations of the inadequacies in implementations of current Bitcoin-based systems.
> There is some kind of strange unstated assumption on HN that regulation magically makes banking safe all by itself, and until that regulation is in place Bitcoin-based systems cannot be safe or effectively risk managed.
Magically? No, that's not how regulation works. It takes a lot of work and diligence. But if done right, it will make it safer. If a regulator with sufficient authority had audited MtGox, it would have been closed down a long time ago, and people wouldn't have lost remotely as much money. Without it, bitcoin users are at the mercy of a bunch of utter amateurs.
> If a regulator with sufficient authority had audited MtGox, it would have been closed down a long time ago, and people wouldn't have lost remotely as much money.
You state this as though it was the only option people had available for not losing money.
> Without it, bitcoin users are at the mercy of a bunch of utter amateurs.
This statement is simply untrue. Nothing stops people from exchanging BTC in person. Nothing stops people from exchanging small low risk volumes on exchanges at a time. Regulatory oversight is not necessary to manage risk - it just makes things easier (and FWIW, something I support).
People who lost money on MtGox lost it because of decisions they made which they had 100% control over. There were viable alternatives open to them, they simply chose not to pursue those options.
Every government with an opinion on Bitcoin thus far has made it abundantly clear that (1) Bitcoin is risky (2) if you stuff up, nobody will rescue you. If you decide to participate despite these warnings, that's your own free choice. If you are not aware of those warnings, you're putting your money into something you haven't adequately researched, and would likely be bound to lose your money either way.
> Nothing stops people from exchanging BTC in person. Nothing stops people from exchanging small low risk volumes on exchanges at a time.
Lack of technical knowledge and understanding stops most people from handling BTC safely. In order to manage risk, you need to understand the risk, and a lot of people just don't, and nobody is telling them or helping them in an accessible, understandable and reliable way.
> People who lost money on MtGox lost it because of decisions they made which they had 100% control over.
But that doesn't mean they understood them 100%. You make it sound like they intentionally threw money away. They didn't. They didn't expect this, didn't understand this was possible, not to mention likely. Had everybody known how MtGox operated, and had trustworthy experts explained what that meant, nobody would have put money in MtGox.
No person on earth can afford to understand 100% of everything he deals with. Easy, safe, reliable interfaces are vital once you move from hunting and gathering to a more complex society.
> In order to manage risk, you need to understand the risk, and a lot of people just don't
Does that excuse them from responsibility for engaging in risky transactions?
> You make it sound like they intentionally threw money away
No, I'm simply advocating taking personal responsibility for one's decisions, and pointing out that safe Bitcoin use is entirely possible without regulatory oversight [1].
> They didn't expect this, didn't understand this was possible, not to mention likely
MtGox and multiple exchanges have been hacked long prior to this event. That sets a reasonable expectation of what could happen in the near future. Again, if you don't do your homework you must expect to get burned.
Bitcoin is an experiment. Just like any other experiment it can end in all sorts of ways, some good, some bad. You seem to believe that people should be protected from making mistakes all the time -- if that were the case we would never have invented the airplane, performed nuclear power (weapons) research, etc. We can't jump into F1 cars before learning how to drive and expect not to get hurt.
Sometimes you have to make mistakes to make progress, particularly in a field that is completely new and unlike anything that has come before it; the people who cannot deal with the consequences of those mistakes should not be in the game until the consequences of mistake making is more suitable for them. Sure it sucks watching all those 15 year old kids become millionaires over night and you may be tempted to sell your house for Bitcoin, but that's life - don't be a fool.
[1] Caveat:
(1) unfortunately the operating systems we run today are not very secure, and this is one risk that is very difficult to mitigate until companies take OS security to e.g. a capabilities-based level where application confinement can be guaranteed
(2) this is not to say that I think putting your money in it is a good idea today, just that fundamentally there's nothing stopping the situation from improving without regulators, even though - as I said previously - I support regulation similar to that applicable to similar financial services institutions
> No, I'm simply advocating taking personal responsibility for one's decisions, and pointing out that safe Bitcoin use is entirely possible without regulatory oversight [1].
I don't see how safe bitcoin use is possible for most people. Their own devices aren't secure, and online services cannot be trusted. What other option is there?
> MtGox and multiple exchanges have been hacked long prior to this event.
And yet this was totally non-publicized in the mainstream media. Everybody was all about how fantastic bitcoin was and how big MtGox was, and those articles were not followed by equally big articles about how MtGox was totally unsafe, and so were most other exchanges.
Faced with that, it makes total sense that people think that MtGox is the place to be.
> You seem to believe that people should be protected from making mistakes all the time
No, but I do believe people should be informed. And the bitcoin community seems very adverse to that.
> We can't jump into F1 cars before learning how to drive and expect not to get hurt.
Which is why there's such a thing as a driver's license. People know they shouldn't jump into a car without one. The cars themselves also need to meet all sorts of strict rules, without expecting every driver to be able to take it apart, repair it and, and judge its reliability. There are professional experts for that. We need similar professionals in bitcoin, otherwise it's going to stay are the current amateur hobby level.
> Sometimes you have to make mistakes to make progress, particularly in a field that is completely new and unlike anything that has come before it
Sure, but bitcoin isn't that new. Both finance and programming are well established fields, yet bitcoin fans and entrepreneurs insist on ignoring all the lessons from those two fields, with these disastrous results.
> With no evidence to support your claim that this is a nightmare
You want evidence for a figure of speech?
> BPI/Winkdex/etc. values
Those measure people smugly happy that they did not put their money elsewhere, or probably cut off from the sentiment that so many hacking it burying the perception. Given how easy it has proven to be to manipulate BitCoin, I doubt holding value is nearly a problem.
My point was not that people already convinced are unhappy, but that those that need convincing are not going to be with an accounting ploy that will only widen the spread, but something that address the story—whatever is the digital equivalent of a thick vault door. And the story is that BitCoin is too complicated to be tamperproof.
> The "hot/cold wallet" design is a choice that many naive but greedy people are choosing in building their Bitcoin-based systems but it is not the only choice. In banks you usually only STP low-value, low-risk transactions; in the current breed of Bitcoin-based systems, it would appear that system designers are naivly STPing everything.
STP: standard transfer protocol? Your point would be that BitCoin ‘banks’ (on-line hosting of your keys) when asked to transfer above a certain sum need to ask for escrow and wait for two-point authentification? It seems convoluted (which is too say a lot in BitCoin's case) but not a bad idea.
> There is some kind of strange unstated assumption on HN that regulation magically makes banking safe all by itself, and until that regulation is in place Bitcoin-based systems cannot be safe or effectively risk managed.
It's neither unstated, nor an assumption: it's the point of regulation. Some people claim to regulate, but actually try to cover their asses (namely, the many people whom I’ve known personally for a decade, in charge of monitoring Kerviel) it doesn’t change the stated goal.
> until that regulation is in place Bitcoin-based systems cannot be safe or effectively risk managed
Nope, greed, expensive individual verification and the fact that security is costly says so. There are plenty of options (all conveniently listed at the end of Akerlof‘s _A Market for Lemons_, a recommended read) many self-enforced, but none is: “My bank is safe because I said so. [Tug on fedora.]”
> Using a service that doesn't implement these policies is a risky choice
Then it's not a service, nor more than you’d expect to find an economy based on nitroglycerin as currency.
So far you have no flight out of BitCoin, however. The high-profile hacks do not seem to be depressing the price. Why?
If even a loss of $500 million - gone into the night with (so far, for anyone outside of the information sink of Mt. Gox) no trace - can't depress the price, what can? How many hacks is the critical number? Will even outlawing BitCoin depress the price at this point? Why is adoption failing to slow down, as it would if people were looking at this thing as just completely over-the-top risky?
Perhaps most of us just view this as a practical concern. We have to figure out how to keep the coins safe. And until we do we're going to have hack after hack after hack... Surely this is possible, though, isn't it? We've solved harder problems.
It's hard to say whether BitCoin will survive in its current form - legal and open. It is a big enough threat at this point to the establishment that we're going to see one of two things happen. Government and moneyed interests will either wage a foolish war against it, as they have with other nascent technologies like MP3. Or they will seek to appropriate it so as to profit from it. My bet is on the latter - which means BitCoin might just be here to stay.
> Will even outlawing BitCoin depress the price at this point?
Yes. You might remember that the last big crash was because of China, a major and growing part of the bitcoin market, banned it.
> Why is adoption failing to slow down
Adoption is slowing down. The growth this year isn't remotely comparable to that of last year.
> It is a big enough threat at this point to the establishment that we're going to see one of two things happen.
The main threat that bitcoin poses, is that it allows criminals to make large international payments easily. Beyond that, it really doesn't pose much of a threat, as you can tell from the many governments that have explicitly decided not to ban it, and even praised its potential.
But they will probably regulate it to some extent, and the bitcoin community should embrace that. This recent string of fiascos shows how many untrustworthy folk are offering financial services in bitcoin. Some standards, some mark of reliability, is necessary. There's no way each individual user can check which exchange actually knows what they're doing. Just look how a bunch of ignorant amateurs managed to create the biggest bitcoin exchange in the world.
The main threat that BitCoin poses is that it bypasses all existing financial institutions. The only way the financial industry is going to be OK with that is if they can find a way to profit more from BitCoin than they would have been able to otherwise.
> So far you have no flight out of BitCoin, however. The high-profile hacks do not seem to be depressing the price. Why?
I dont’t know, and that’s my point. I have the rare ability to understand that stuff really well, and it still gets over my head, everything is still based on anonymous forum speculation, and year-old leaks… Seriously? I’m not saying it’s crumbling (evidently, it's not) I’m saying people who are not invested are not going to be convinced by another layer of obfuscation.
Why? I’d venture this is because whomever holds BitCoin has more to loose, namely their potential key position if the currency succeeds, than their current asset. But I don’t know these people; they only came out once, to say that MtGox was an isolated incident, crippled with cluelessness and that serious actors were not exposed, and that they are going to implement audit.
I was expecting the next news cycle to be auditors with ties boasting on their portfolio of pen-test, accounting checks, etc. I was actually expecting to send an email to a couple of friends of mine (who have the perfect skill-set for that, and are both currently rotting in a soul-crunching position) to tell them to apply. Instead… The clueless club seems to enroll members, with an alarming (and admittedly anecdotal) k-factor. I do contagion studies; I don't like high k-factors. I like people who say ‘transparency is the best disinfectant’.
I am not prescribing a cure. My advice is for managing a Bitcoin business's exposure to the risk of theft.
I do not own Bitcoins; I am not trying "to convince" anyone to "adopt" them. That said, bubbles and gold rushes make millionaires. I respect the people who are trying to intermediate the Bitcoin market. This advice, dispassionately, is for them.
The problem with many people in the bitcoin community is that they believe that everything that has been learned about money over the past couple of centuries, doesn't apply to them. And often everything learned about programming over the past decades doesn't apply to them either.
Earlier this week there was news about another bitcoin exchange losing a ton of money because they had never heard of ACID transactions, for example. MtGox operated without any kind of quality control. I don't know what the problem is with this one, but it all sounds a lot like home-built hobby projects being used to handle terrifying amounts of money.
If bitcoin wants to succeed, it needs to weed out these amateurs, and embrace some regulation to ensure the quality of financial service providers in the community.
(The bitcoin value being up is good news. Maybe I should consider getting out now.)
With more of these issues happening in the bitcoin world, it just screams of bad PR and self-limiting for mass adoption. I know it was stated that this helps "weed" out the bad apples, but to be honest, I couldn't even tell you who the legimitate ones are and I bet you can't either because it's just too soon to tell. There's an implicit trust for me with banks in that they've been around for a while (even though many have/will fail(ed)), but you get some satiation with FDIC deposit insurance as well as government regulation.
Curious what other people think about the public perception of bitcoin right now, and how to avoid something like this.
The way I see it, unless you are a speculator/miner, there is no upside to using bitcoin for transactions right now. The risks are too high for almost existence benefits. I understand when merchants would be pushing bitcoin, no fees, no charge backs etc. But what is the benefit for the consumer?
The reduced fees could be split by consumer and merchant, so that the consumer gets lower prices. Practically though, I agree with you; right now the ability to reverse transactions is probably worth more than any price savings.
The average American spends $20,000 on their credit cards. If credit card fees are 4% and the retailer gives half back, the customer saves: $400 a year.
To save $400, the customer:
- Gives up access to credit
- Gives up 30 day interest free on purchases
- Gives up 1% back rewards ($200)
- Gives up fraud protection
- Takes on the risk of carrying 'virtual cash'
Of course all these services could be built on top of bitcoin, but that's going to cost money and eat into what little saving there already was. I can't see bitcoin working in retail. Maybe for easy currency exchange between people in different countries it'll succeed. Not sure where else.
One important barrier to this is that merchant agreements, at least years ago when I last read one carefully, prevented you from offering lower prices to non-credit-card payers.
Although I am not that big of a fan of Dodd-Frank on the whole, one good thing in that bill, at least in the US, is that it outlawed such clauses in merchant agreements.
I'm not sold on the dream of Bitcoin. But I will say that for a high-risk, international service (VoIP), Bitcoin via Coinbase is a fantastic thing. Fraud is massive, yet we have customers all around the world. With Bitcoin, they can buy locally from Egypt to China and instantly transfer to us. They get service with less payment hassle, we get risk-free cheap transfers. The most popular alternative is using Western Union, which is more work and more expensive. And Coinbase eliminates the exchange risk (well in theory).
But general consumers? Yeah I can't see myself buying something with BTC.
Sad to say, but this is probably correct. Bitcoin's anonymity for private keys is also its greatest weakness right now. In the case of disaster, there's no way to prove whether a private key was lost, stolen by an external party, or stolen by the founders. Bank accounts are much easier to audit.
I've lost faith. I've lost every bitcoin I've ever had, either as a result of fraud, theft, government intervention and one slightly embarrassing technical snafu. And now bitcoins are too expensive for me to consider it a fun experiment. I don't trust any of the players, and I don't believe any of the promises.
Good luck to bitcoin, but I'm out for the time being.
I don't mean to be patronizing, but I may come off that way: why have you not been holding the vast majority of your BTC in your own local and triply (or more) backed up wallet, and liquidating to USD/other fiat in small pieces when you need to? I don't get how people can lose their entire stash of coin to these types of things.
Why? Isn't the demand for the existing coins what drives the rise in value? Logically there should be demand for one's sale of the coins at that point right?
What I mean is that when the value keeps going up there is psychological barrier to cashing out. The thought is that it will keep going up so if I cash out now I'm missing out.
I have to agree with that, even if it's very hard and is on the edge of blaming the victim. I feel for people losing everything, but really, don't keep your stash at exchanges.
Those are meant for trading, not as main account. To make a comparison with fiat money, would you throw your main bank account at trading ? Chances are you would have a main bank account and a secondary one for trading that would only contain money you're ok to lose. To push the metaphor further, would put your whole money at trade in an obscur online bank that was created just a few time ago ?
The main strength of cryptocurrencies is that they are decentralized. You're supposed to have your stash on your main computer. Each time people try to use a centralized online wallet instead, shit happens.
This sounds quite weird as it feels like keeping one's money under his bed, but really, it was how it was meant to work. Again, I feel for victims here, but please, be smart about it : recommend to anyone owning crytocurrencies to hold them on a local wallet, with backup for keys encrypted on a thumbdrive. Explain to them what happened to you.
> I have to agree with that, even if it's very hard and is on the edge of blaming the victim. I feel for people losing everything, but really, don't keep your stash at exchanges.
The main reason that's unsafe, is because the exchanges themselves are unreliable amateur outfits.
Keeping the wallet on your own decive sounds smart, until you realize that your own device isn't very secure either, and every bit as much an amateur environment as the worst exchanges. Your PC can be stolen, or compromised by trojans and viruses (and you can bet they'll be targeted if lots of money is stored there), and you can lose your money in a hardware crash. Backups help, but every backup is also a new way someone else might get access to your wallet.
> To make a comparison with fiat money, would you throw your main bank account at trading ? Chances are you would have a main bank account and a secondary one for trading that would only contain money you're ok to lose. To push the metaphor further, would put your whole money at trade in an obscur online bank that was created just a few time ago ?
No, the proper metaphor here is to have your money in a bank, or to have it at home in a pillow. Most people have their money in a bank, and well-regulated banks are pretty safe. (The recent banking crisis was due to lack of regulation allowing banks to take crazy risks.)
What we need is well-regulated, safe bitcoin banks and exchanges.
> Keeping the wallet on your own decive sounds smart, until you realize that your own device isn't very secure either, and every bit as much an amateur environment as the worst exchanges.
You can't compare both. Am I saying that with a local wallet you have absolute security from everything possible in present and future ? Obviously not. But it's certainly not as easy (and that's an euphemism) to steal money put on 1M people computers than on one or a bunch of servers.
Criminals can reach a lot of computers with viruses, trojans, botnets, that sort of stuff. And if they know that a significant number of PCs contain very real money, you can bet they're going to try a lot harder than they have so far.
The more attacks can be distributed, the less the advantage of distributed wallets. And then it comes back to real security.
So far, real banks seems to be pretty good holding on to our accounts. Even if they squander our money on risky speculation, at least our accounts aren't being emptied on a massive scale. If bitcoin wants to truly challenge traditional money, then its financial service providers need to be held to the same standard.
> why have you not been holding the vast majority of your BTC in your own local and triply (or more) backed up wallet
My guess is: convenience. In practice, convenience often beats security, and it's very convenient to trust your bitcoins to an exchange that offers a nice interface to trade them with others or exchange them for money.
Also: the vast, vast majority of people know nothing whatsoever about security. A currency that requires detailed security knowledge is only going to be used by security experts and fools.
(Disclaimer: I have bitcoins and I'm not a security expert.)
I see your point, obviously, but well, we could also consider it would be more convenient to never lock house door and to let car keys ready to use in car :)
There is indeed a huge problem with the sync thing in cryptos wallet apps. But there are apps that fix that by only downloading part of blockchain, like the dogecoin android wallet or electrum for bitcoin. This is what we should advocate, and stress that any online wallet is a risk of loss.
> it would be more convenient to never lock house door and to let car keys ready to use in car
True, but those implications are easier to understand and manage for most people. They can open an unlocked door, so they understand that anyone can. And when they lose the key to their house, at least the house is still there.
I was. And i was backed up. The backup was mitigated by the embarrassing technical snafu that I mentioned, the other losses occurred when bitcoins were being held in escrow byt third parties. Those third parties were either shut down by the feds, hacked or the service owners plain just absconded with the funds.
I wasn't a bitcoin millionaire, I only had a modest amount and I never bought in when they were super cheap, but that still added up to a sizeable chunk of cash.
Bottom line, there's a lot of stuff that can go wrong, and there's no safety net when it does.
I'm wondering if the outcome of these stories is going to prove that claiming you've been hacked is an acceptable answer. If so, isn't it going to be tempting for struggling Bitcoin businesses to claim the same, and walk away with millions before they go to zero?
This may be an interesting hurdle for bitcoin that I've never really considered. Because the real life equivalent of bitcoin is essentially cash you have to take security extremely seriously. One fuckup and you lose everything. This isn't really like banks where if someone has their account hacked they can have funds reversed if they are quick enough.
Even Google couldn't keep their datacenters 100% secure, so how will startups fair against the extremely high security cost? Hopefully sane security measures will become widespread, or bitcoin services may be only run by those who can afford security audits.
While not bitcoin, I played around with dogecoin for a while (I was tipped about 3000 doge on reddit for a post). Right before Christmas, dogewallet was hacked (where I had transferred my doges to). Some good folk over at reddit band together to work on helping out those of us who were hacked. I create a new wallet, and then submit my info for donation doges.
A week or so later, they send me 3000 doges. I didn't realize until I checked my account (a few days after it was sent) that they had sent them. Here's the interesting part - less than an hour after they had sent it to me, those 3000 doges were immediately withdrawn and sent to another address.
Thankfully, I was playing around with Doge (so the value was all of a dollar fifty), but the entire thing turned me off. If this was bitcoin, or if I had actual money invested, I would have lost my investment TWICE.
I like to think I'm some what technically savvy, but in that moment, I realized I had no clue what the hell had happened. Trying to imagine my parents working with bitcoin...never.
I suggest to scan your computer for viruses, spyware, rootkits ... Today I checked my wallets and they are intact. I also run small mining pool and guess what ... no coins are missing.
Even exchanges can make use of this sort of technology to avoid holding customer funds for longer than absolutely necessary.
I think we'll start to see a migration to these sort of systems this year. Hopefully there will be increasing competitive pressure on services to implement safeguards like this.
There seem to be a lot of attacks lately is this a coordinated attack or are these exchanges just coming clean now?
Regardless since everybody's instinctive reaction is to sell/get out now It's the best time to build a proper exchange with all the best coding practices applied.
Best thing is you don't have to pay anybody for a security review since the bitcoins are a prime target just don't keep too many in the hot wallet.
Then again paying a few security professionals to hack you may be the cheaper option but how many exchanges do you think actually do that?
66 comments
[ 0.26 ms ] story [ 45.8 ms ] threadBut with bitcoin there is huge motivation. Anyone running a bitcoin website has a huge target painted on them.
How do banks manage to make websites without being hacked?
Do they not get hacked in the first place, or is it because they are able to "undo" most thefts?
Banks have insurance for some risks, yes. They are able to buy insurance for a reasonable price precisely because the insurer perceives that the risks are low and well understood.
In short, all that boring, expensive stuff a large chunk of both the bitcoin and HN community love to sneer at buggy-whip wielding by bloated, overweight entities.
Traders have a concept called value at risk (VaR). VaR can tell a trader the most they are likely to lose over a given time horizon for a given probability [1]. For example, a 1% daily VaR of $10 million means a portfolio will lose more than $10 million 1% of the time (or every 100 trading days). VaR helps instruct (a) traders to reduce their risk and (b) corporate treasuries to hold enough liquidity.
The Bitcoin economy is rife with theft and fraud. This is a risk to be managed. Losing one's hot wallet should never be a lethal blow. If hot wallets comprise an unsurvivable fraction of one's capital (a) reduce the hot wallets' sizes or (b) increase your capital.
Will either of these divert steam from growth and profitability? Yes - that is the price of prudence.
[1] http://en.wikipedia.org/wiki/Value_at_risk
Theft from one's hot wallet appears to be a common risk of Bitcoin businesses. Traders use VaR to quantify one of their own common risks, financial risk. Capital is then held against the risk. Bitcoin businesses should quantify and reserve against the risk of theft from their hot wallets. Part of this involves limiting the risk (thinly capitalising the hot wallet). Part involves holding reserves (in cold storage or U.S. dollars). That metric and reserve would not be VaR, just inspired by it.
The concept of setting your risk limit at a non-lethal amount is completely valid. I don't know how bitcoin wallets work particularly, but simply having no more value stored in a hot wallet than can be tolerably lost (or a way of sharing that risk with users) in a single event seems reasonable. Then just work hard to prevent said loss since it destroys value.
> The Bitcoin economy is rife with theft and fraud. This is a risk to be managed.
Nope, it is a PR nightmare that no technicality will get you out of. ‘Malleability bug’, combined with an obnoxious foreigner in an exotic country was James-Bondian enough to get over people’s head. Most people still don’t understand what a browser does; they best understanding of cryptography is that they shouldn’t use their pet’s name for they password because it doesn’t include a number; their current level of confusion is such that even the BBC (the smartest media there is) still illustrate its papers with golden doublons engraved with a sticked B — and you can tell it’s digital because those are iridescent. BitCoin was beyond a tough sell to begin with; now you have three unresolved, unexplainable if they were resolved, impossible to repair if they were explained hacks, each involving more money than anyone can ever expect to have. It doesn’t matter that ‘hot wallet’ is marginal, transactional or what you want to call it: even the simplest explanation that is was “‘orders of magnitude’ less than MtGox” is still is a cop out. The current perception is that whomever will end up keeping your BitCoin is anyone technically savvier than you.
You might like that idea because you trust your own skill-set (risk-assessment and mitigation, I’d say from your comment, not crypto); that’s not the case of hardly anyone, certainly not the people whom you are trying to convince to adopt. Even if you pushed them to consider it, I can’t imagine any actuary seriously pricing the risk of getting it all gone, and only making sense of it far too late, not with the systemic odds on computer security that we had recently: a year of unweaving a industrial-spying complex gone loose, major to the point of being obviously intention SSL breaches at every level of every OS, even things as inspiring as brick-and-mortar Targets get now attacked digitally.
Underestimating economic risk because you exclude financial systemic crisis was one huge mistake; I can’t imagine anyone would jump to the occasion of doing that at an even more obvious level now.
Your explanations have as much chance saving BitCoin as I had stoping the War on Terror by pointing out on September 20, 2001 that lives were actually saved because the reduced traffic and activity after 9/11 meant less road and work accidents, and that all these people falling in smocking rumbles, that was demographics as usual. What is needed now is a compelling case of justice and the rule of law.
PR: With no evidence to support your claim that this is a nightmare, I believe you're overstating the situation. The current BPI/Winkdex/etc. values show there are plenty of people still quite confident in the Bitcoin system.
Risk management: Consider parent's option (a) again: there is no intrinsic reason Bitcoin-based services can't reduce their hot wallet size down to zero and send all settlement through a human review process. The "hot/cold wallet" design is a choice that many naive but greedy people are choosing in building their Bitcoin-based systems but it is not the only choice. In banks you usually only STP low-value, low-risk transactions; in the current breed of Bitcoin-based systems, it would appear that system designers are naivly STPing everything. There is no evidence I have seen to suggest that Bitcoin-based systems intrinsically cannot manage risk properly (this is obvious when you simply consider that the majority of coins have not been stolen).
Regulation: There is some kind of strange unstated assumption on HN that regulation magically makes banking safe all by itself, and until that regulation is in place Bitcoin-based systems cannot be safe or effectively risk managed. With the exception of insured deposits, which is a question of policy and time rather than strictly a matter of regulation, there is no reason that Bitcoin-based services can't proactively implement policies that the banking world is required to implement by law (AML/KYC rules, auditing, active risk monitoring, human review in settlement, etc.) Using a service that doesn't implement these policies is a risky choice (and yes, I believe many Bitcoin supporters will probably have to change their opinions about e.g. identity verification if they want to see Bitcoin survive and succeed).
Before anybody makes assumptions: I do not have an opinion about whether Bitcoin will succeed or not. I do think the underlying technology and possibilities are being unfairly stigmatised by critics' generalizations of the inadequacies in implementations of current Bitcoin-based systems.
Magically? No, that's not how regulation works. It takes a lot of work and diligence. But if done right, it will make it safer. If a regulator with sufficient authority had audited MtGox, it would have been closed down a long time ago, and people wouldn't have lost remotely as much money. Without it, bitcoin users are at the mercy of a bunch of utter amateurs.
You state this as though it was the only option people had available for not losing money.
> Without it, bitcoin users are at the mercy of a bunch of utter amateurs.
This statement is simply untrue. Nothing stops people from exchanging BTC in person. Nothing stops people from exchanging small low risk volumes on exchanges at a time. Regulatory oversight is not necessary to manage risk - it just makes things easier (and FWIW, something I support).
People who lost money on MtGox lost it because of decisions they made which they had 100% control over. There were viable alternatives open to them, they simply chose not to pursue those options.
Every government with an opinion on Bitcoin thus far has made it abundantly clear that (1) Bitcoin is risky (2) if you stuff up, nobody will rescue you. If you decide to participate despite these warnings, that's your own free choice. If you are not aware of those warnings, you're putting your money into something you haven't adequately researched, and would likely be bound to lose your money either way.
Lack of technical knowledge and understanding stops most people from handling BTC safely. In order to manage risk, you need to understand the risk, and a lot of people just don't, and nobody is telling them or helping them in an accessible, understandable and reliable way.
> People who lost money on MtGox lost it because of decisions they made which they had 100% control over.
But that doesn't mean they understood them 100%. You make it sound like they intentionally threw money away. They didn't. They didn't expect this, didn't understand this was possible, not to mention likely. Had everybody known how MtGox operated, and had trustworthy experts explained what that meant, nobody would have put money in MtGox.
No person on earth can afford to understand 100% of everything he deals with. Easy, safe, reliable interfaces are vital once you move from hunting and gathering to a more complex society.
Does that excuse them from responsibility for engaging in risky transactions?
> You make it sound like they intentionally threw money away
No, I'm simply advocating taking personal responsibility for one's decisions, and pointing out that safe Bitcoin use is entirely possible without regulatory oversight [1].
> They didn't expect this, didn't understand this was possible, not to mention likely
MtGox and multiple exchanges have been hacked long prior to this event. That sets a reasonable expectation of what could happen in the near future. Again, if you don't do your homework you must expect to get burned.
Bitcoin is an experiment. Just like any other experiment it can end in all sorts of ways, some good, some bad. You seem to believe that people should be protected from making mistakes all the time -- if that were the case we would never have invented the airplane, performed nuclear power (weapons) research, etc. We can't jump into F1 cars before learning how to drive and expect not to get hurt.
Sometimes you have to make mistakes to make progress, particularly in a field that is completely new and unlike anything that has come before it; the people who cannot deal with the consequences of those mistakes should not be in the game until the consequences of mistake making is more suitable for them. Sure it sucks watching all those 15 year old kids become millionaires over night and you may be tempted to sell your house for Bitcoin, but that's life - don't be a fool.
[1] Caveat:
(1) unfortunately the operating systems we run today are not very secure, and this is one risk that is very difficult to mitigate until companies take OS security to e.g. a capabilities-based level where application confinement can be guaranteed
(2) this is not to say that I think putting your money in it is a good idea today, just that fundamentally there's nothing stopping the situation from improving without regulators, even though - as I said previously - I support regulation similar to that applicable to similar financial services institutions
I don't see how safe bitcoin use is possible for most people. Their own devices aren't secure, and online services cannot be trusted. What other option is there?
> MtGox and multiple exchanges have been hacked long prior to this event.
And yet this was totally non-publicized in the mainstream media. Everybody was all about how fantastic bitcoin was and how big MtGox was, and those articles were not followed by equally big articles about how MtGox was totally unsafe, and so were most other exchanges.
Faced with that, it makes total sense that people think that MtGox is the place to be.
> You seem to believe that people should be protected from making mistakes all the time
No, but I do believe people should be informed. And the bitcoin community seems very adverse to that.
> We can't jump into F1 cars before learning how to drive and expect not to get hurt.
Which is why there's such a thing as a driver's license. People know they shouldn't jump into a car without one. The cars themselves also need to meet all sorts of strict rules, without expecting every driver to be able to take it apart, repair it and, and judge its reliability. There are professional experts for that. We need similar professionals in bitcoin, otherwise it's going to stay are the current amateur hobby level.
> Sometimes you have to make mistakes to make progress, particularly in a field that is completely new and unlike anything that has come before it
Sure, but bitcoin isn't that new. Both finance and programming are well established fields, yet bitcoin fans and entrepreneurs insist on ignoring all the lessons from those two fields, with these disastrous results.
You want evidence for a figure of speech?
> BPI/Winkdex/etc. values
Those measure people smugly happy that they did not put their money elsewhere, or probably cut off from the sentiment that so many hacking it burying the perception. Given how easy it has proven to be to manipulate BitCoin, I doubt holding value is nearly a problem.
My point was not that people already convinced are unhappy, but that those that need convincing are not going to be with an accounting ploy that will only widen the spread, but something that address the story—whatever is the digital equivalent of a thick vault door. And the story is that BitCoin is too complicated to be tamperproof.
> The "hot/cold wallet" design is a choice that many naive but greedy people are choosing in building their Bitcoin-based systems but it is not the only choice. In banks you usually only STP low-value, low-risk transactions; in the current breed of Bitcoin-based systems, it would appear that system designers are naivly STPing everything.
STP: standard transfer protocol? Your point would be that BitCoin ‘banks’ (on-line hosting of your keys) when asked to transfer above a certain sum need to ask for escrow and wait for two-point authentification? It seems convoluted (which is too say a lot in BitCoin's case) but not a bad idea.
> There is some kind of strange unstated assumption on HN that regulation magically makes banking safe all by itself, and until that regulation is in place Bitcoin-based systems cannot be safe or effectively risk managed.
It's neither unstated, nor an assumption: it's the point of regulation. Some people claim to regulate, but actually try to cover their asses (namely, the many people whom I’ve known personally for a decade, in charge of monitoring Kerviel) it doesn’t change the stated goal.
> until that regulation is in place Bitcoin-based systems cannot be safe or effectively risk managed
Nope, greed, expensive individual verification and the fact that security is costly says so. There are plenty of options (all conveniently listed at the end of Akerlof‘s _A Market for Lemons_, a recommended read) many self-enforced, but none is: “My bank is safe because I said so. [Tug on fedora.]”
> Using a service that doesn't implement these policies is a risky choice
Then it's not a service, nor more than you’d expect to find an economy based on nitroglycerin as currency.
If even a loss of $500 million - gone into the night with (so far, for anyone outside of the information sink of Mt. Gox) no trace - can't depress the price, what can? How many hacks is the critical number? Will even outlawing BitCoin depress the price at this point? Why is adoption failing to slow down, as it would if people were looking at this thing as just completely over-the-top risky?
Perhaps most of us just view this as a practical concern. We have to figure out how to keep the coins safe. And until we do we're going to have hack after hack after hack... Surely this is possible, though, isn't it? We've solved harder problems.
It's hard to say whether BitCoin will survive in its current form - legal and open. It is a big enough threat at this point to the establishment that we're going to see one of two things happen. Government and moneyed interests will either wage a foolish war against it, as they have with other nascent technologies like MP3. Or they will seek to appropriate it so as to profit from it. My bet is on the latter - which means BitCoin might just be here to stay.
Yes. You might remember that the last big crash was because of China, a major and growing part of the bitcoin market, banned it.
> Why is adoption failing to slow down
Adoption is slowing down. The growth this year isn't remotely comparable to that of last year.
> It is a big enough threat at this point to the establishment that we're going to see one of two things happen.
The main threat that bitcoin poses, is that it allows criminals to make large international payments easily. Beyond that, it really doesn't pose much of a threat, as you can tell from the many governments that have explicitly decided not to ban it, and even praised its potential.
But they will probably regulate it to some extent, and the bitcoin community should embrace that. This recent string of fiascos shows how many untrustworthy folk are offering financial services in bitcoin. Some standards, some mark of reliability, is necessary. There's no way each individual user can check which exchange actually knows what they're doing. Just look how a bunch of ignorant amateurs managed to create the biggest bitcoin exchange in the world.
I dont’t know, and that’s my point. I have the rare ability to understand that stuff really well, and it still gets over my head, everything is still based on anonymous forum speculation, and year-old leaks… Seriously? I’m not saying it’s crumbling (evidently, it's not) I’m saying people who are not invested are not going to be convinced by another layer of obfuscation.
Why? I’d venture this is because whomever holds BitCoin has more to loose, namely their potential key position if the currency succeeds, than their current asset. But I don’t know these people; they only came out once, to say that MtGox was an isolated incident, crippled with cluelessness and that serious actors were not exposed, and that they are going to implement audit.
I was expecting the next news cycle to be auditors with ties boasting on their portfolio of pen-test, accounting checks, etc. I was actually expecting to send an email to a couple of friends of mine (who have the perfect skill-set for that, and are both currently rotting in a soul-crunching position) to tell them to apply. Instead… The clueless club seems to enroll members, with an alarming (and admittedly anecdotal) k-factor. I do contagion studies; I don't like high k-factors. I like people who say ‘transparency is the best disinfectant’.
I do not own Bitcoins; I am not trying "to convince" anyone to "adopt" them. That said, bubbles and gold rushes make millionaires. I respect the people who are trying to intermediate the Bitcoin market. This advice, dispassionately, is for them.
Earlier this week there was news about another bitcoin exchange losing a ton of money because they had never heard of ACID transactions, for example. MtGox operated without any kind of quality control. I don't know what the problem is with this one, but it all sounds a lot like home-built hobby projects being used to handle terrifying amounts of money.
If bitcoin wants to succeed, it needs to weed out these amateurs, and embrace some regulation to ensure the quality of financial service providers in the community.
(The bitcoin value being up is good news. Maybe I should consider getting out now.)
Curious what other people think about the public perception of bitcoin right now, and how to avoid something like this.
The average American spends $20,000 on their credit cards. If credit card fees are 4% and the retailer gives half back, the customer saves: $400 a year.
To save $400, the customer:
- Gives up access to credit
- Gives up 30 day interest free on purchases
- Gives up 1% back rewards ($200)
- Gives up fraud protection
- Takes on the risk of carrying 'virtual cash'
Of course all these services could be built on top of bitcoin, but that's going to cost money and eat into what little saving there already was. I can't see bitcoin working in retail. Maybe for easy currency exchange between people in different countries it'll succeed. Not sure where else.
But general consumers? Yeah I can't see myself buying something with BTC.
Good luck to bitcoin, but I'm out for the time being.
I don't even own any BTC.
Just a hunch, but the meteoric rise in value probably prevents most people from simply cashing out.
Those are meant for trading, not as main account. To make a comparison with fiat money, would you throw your main bank account at trading ? Chances are you would have a main bank account and a secondary one for trading that would only contain money you're ok to lose. To push the metaphor further, would put your whole money at trade in an obscur online bank that was created just a few time ago ?
The main strength of cryptocurrencies is that they are decentralized. You're supposed to have your stash on your main computer. Each time people try to use a centralized online wallet instead, shit happens.
This sounds quite weird as it feels like keeping one's money under his bed, but really, it was how it was meant to work. Again, I feel for victims here, but please, be smart about it : recommend to anyone owning crytocurrencies to hold them on a local wallet, with backup for keys encrypted on a thumbdrive. Explain to them what happened to you.
The main reason that's unsafe, is because the exchanges themselves are unreliable amateur outfits.
Keeping the wallet on your own decive sounds smart, until you realize that your own device isn't very secure either, and every bit as much an amateur environment as the worst exchanges. Your PC can be stolen, or compromised by trojans and viruses (and you can bet they'll be targeted if lots of money is stored there), and you can lose your money in a hardware crash. Backups help, but every backup is also a new way someone else might get access to your wallet.
> To make a comparison with fiat money, would you throw your main bank account at trading ? Chances are you would have a main bank account and a secondary one for trading that would only contain money you're ok to lose. To push the metaphor further, would put your whole money at trade in an obscur online bank that was created just a few time ago ?
No, the proper metaphor here is to have your money in a bank, or to have it at home in a pillow. Most people have their money in a bank, and well-regulated banks are pretty safe. (The recent banking crisis was due to lack of regulation allowing banks to take crazy risks.)
What we need is well-regulated, safe bitcoin banks and exchanges.
You can't compare both. Am I saying that with a local wallet you have absolute security from everything possible in present and future ? Obviously not. But it's certainly not as easy (and that's an euphemism) to steal money put on 1M people computers than on one or a bunch of servers.
The more attacks can be distributed, the less the advantage of distributed wallets. And then it comes back to real security.
So far, real banks seems to be pretty good holding on to our accounts. Even if they squander our money on risky speculation, at least our accounts aren't being emptied on a massive scale. If bitcoin wants to truly challenge traditional money, then its financial service providers need to be held to the same standard.
My guess is: convenience. In practice, convenience often beats security, and it's very convenient to trust your bitcoins to an exchange that offers a nice interface to trade them with others or exchange them for money.
Also: the vast, vast majority of people know nothing whatsoever about security. A currency that requires detailed security knowledge is only going to be used by security experts and fools.
(Disclaimer: I have bitcoins and I'm not a security expert.)
There is indeed a huge problem with the sync thing in cryptos wallet apps. But there are apps that fix that by only downloading part of blockchain, like the dogecoin android wallet or electrum for bitcoin. This is what we should advocate, and stress that any online wallet is a risk of loss.
True, but those implications are easier to understand and manage for most people. They can open an unlocked door, so they understand that anyone can. And when they lose the key to their house, at least the house is still there.
I wasn't a bitcoin millionaire, I only had a modest amount and I never bought in when they were super cheap, but that still added up to a sizeable chunk of cash.
Bottom line, there's a lot of stuff that can go wrong, and there's no safety net when it does.
Even Google couldn't keep their datacenters 100% secure, so how will startups fair against the extremely high security cost? Hopefully sane security measures will become widespread, or bitcoin services may be only run by those who can afford security audits.
While not bitcoin, I played around with dogecoin for a while (I was tipped about 3000 doge on reddit for a post). Right before Christmas, dogewallet was hacked (where I had transferred my doges to). Some good folk over at reddit band together to work on helping out those of us who were hacked. I create a new wallet, and then submit my info for donation doges.
A week or so later, they send me 3000 doges. I didn't realize until I checked my account (a few days after it was sent) that they had sent them. Here's the interesting part - less than an hour after they had sent it to me, those 3000 doges were immediately withdrawn and sent to another address.
Thankfully, I was playing around with Doge (so the value was all of a dollar fifty), but the entire thing turned me off. If this was bitcoin, or if I had actual money invested, I would have lost my investment TWICE.
I like to think I'm some what technically savvy, but in that moment, I realized I had no clue what the hell had happened. Trying to imagine my parents working with bitcoin...never.
There was a really interesting talk today at the Texas Bitcoin Conference by Ryan Singer of Crypto Corp (https://cryptocorp.co/) about "hierarchical deterministic multisig" (HDM) wallets: https://cryptocorp.co/technology.htm
Even exchanges can make use of this sort of technology to avoid holding customer funds for longer than absolutely necessary.
I think we'll start to see a migration to these sort of systems this year. Hopefully there will be increasing competitive pressure on services to implement safeguards like this.
Regardless since everybody's instinctive reaction is to sell/get out now It's the best time to build a proper exchange with all the best coding practices applied.
Best thing is you don't have to pay anybody for a security review since the bitcoins are a prime target just don't keep too many in the hot wallet.
Then again paying a few security professionals to hack you may be the cheaper option but how many exchanges do you think actually do that?