48 comments

[ 2.8 ms ] story [ 104 ms ] thread
Hacked? A bitcoin exchange? No! It can't be!

At least it's their first time. Others are hacked on a semi-annual basis.

Let's hope it's actually the first time.
Though bitcoin exchanges being hacked seem common, it sounds like this one did a good job with layered security. Though we don't know what the damages total is yet, at least it isn't a complete loss.
I remember Bitfinex really stood outamong the other exchanes for its approach to technology and simplicity.
95% of the BTC aren't online, by their admission, which means 95% of the BTC might not even bet there. They could be using a 5% fractional reserve banking method and we wouldn't know unless everyone withdraws for a few days or so.
That's every exchange, pretty much. Even if 100% of BTC are online, you usually have no way of verifying that.

Cold wallets are considered essential for security, though.

Verifying whether someone has bitcoins or not is trivial - all they have to do is sign a message with the wallet's private key. That functionality is included in the standard wallet software.
Yes, but most exchanges don't do that. The ones that do can do it with cold storage as well; it's orthogonal to where they are stored.
What do you mean by "fractional reserve"? I get the impression that the Bitcoin world means something different by that term than the banking world.

Edit: I think some people are confusing fractional reserve (where reserves are less than deposits due to loans) with insolvency (where assets are less than liabilities). MtGox's problem was insolvency, not fractional reserve.

They mean that the company holds less bitcoins than the sum of their deposits. See MtGox for an example of when that went horribly wrong.
The fact that people can be saying encouraging things about the technical design or security of Bitfinex should tell you a lot about how seriously to take message boards on this topic.

Bitfinex was, according to reports I've read, derived from the source code for Bitcoinica, which was an exchange written by a 17 year old most famous for its spectacular security failures.

Do you know anything about the current state of their security?
I won't do security work for companies like these.
So the answer, in other words, is "no".
Maybe 2015 will be "year of the secure Bitcoin exchange".
My comment was without any kind of adjudication about the hot wallet breach itself, just a friendly reminder that there's a lesson hidden here: situations where something "shouldn't ever happen" need to be considered in the context of our systems and businesses. It isn't a panacea but while $332k is a lot of money, $66.4M is a lot more.
>Bitcoinica

They partnered with Alpha Point some time ago. A cursory google search will confirm that.

They should have stopped using that hot wallet immediately as soon as transfers not authorized by them happened. They detected that manually after a few hours, not automatically. There's still much to be improved in terms of security in Bitcoin exchanges.
We need for decentralized exchanges, like http://multigateway.com/ or Mercury
No, we need exchanges not built by a bunch of amateurs, opportunistic risk takers and outright scammers.
The guardian story earlier this week that talked about the NASDAQ using colored coins to represent ownership of financial assets seems like a pretty terrible idea when framed in the context of inevitable bitcoin theft. In this case, the hot wallet strategy minimized the financial damage incurred by the institution, but even this relatively small amount of bitcoin could have been a devastating loss if the coins had represented valuable NASDAQ financial assets.
Not 100% certain on what their proposed colored coin protocol is, but any instrument that's not a block chain currency itself can simply be detached from the colored coin in case of fraud.

I.E.: If you steal a colored coin linked to 5000 shares of Apple stock registered at a certain broker, then that broker might be informed that the colored coin was stolen, and then simply refuse to act out any transaction on the authority of the colored coin. NASDAQ, authorities and the broker can figure out amongst themselves what should happen to the 5000 shares of Apple stock represented by the colored coin. I imagine they'll simply fabricate a new colored coin and issue that to whoever lost the previous coin.

It's important to note that because Bitcoin is a public ledger, it is trivial to tag and subsequently identify stolen colored coins. This tracability is probably exactly what makes NASDAQ interested in Bitcoin as a tool for financial transactions.

What is the point of using bitcoin at all if a central authority is capable of rescinding the value of the coins at their discretion? The NASDAQ might as well skip the overhead of a global decentralized ledger and simply use a centralized system that they have complete control over.
Because NASDAQ does not need to be involved in each transaction unless there is a dispute or fraud is detected.
This seems like it would be prone to abuse. What is the advantage of transacting outside the purview of the central authority while still being subject to the prerogatives of the central authority? If I strike a deal with someone behind closed doors, then that person later claims that I actually stole from them, I have to trust that the central authority will make the right decision regarding the nature of the transaction, otherwise I may end up getting retroactively screwed in the deal. The reverse is also a concern; someone could steal your coins, then claim that you're only filing a grievance because now you regret the deal. All this does is give the central authority less information from which to draw an accurate conclusion.
Similar schemes have been discussed for stolen bitcoins, as well -- tagging them as stolen and then trying to get all parties/clients/exchanges to reject them.
Re: it is trivial to tag and subsequently identify stolen colored coins -

How does this work once the coins have entered a common wallet? Say I'm running a business, and someone pays me a stolen 1BTC for something and it goes into a wallet that already has 50BTC in it. There's now no difference between the 50 already in there and the 1 stolen.

The way I understand it, the coins themselves are not traceable, the transactions are.

As far as I understand it is that it's the transactions that carry the value, not the coins. So the fact that you have an incoming transaction for a colored coin, and not an outgoing one means you still own it. How many BTC is transferred in the transaction is irrelevant (which is why they use 1 Satoshi as an example). Finding out if a colored coin is valid means simply walking the block chain until you find an origin you consider authoritative.
Checking my model here.

You have a wallet for incoming transactions, checksum "abc".

You recieve two transactions, one from "def" and one from "ghi". You eventually pay wallet "xyz". The blockchain for this transaction looks like this:

    +---1BTC (from DEF)----> +-----+                  +-----+
                             |ABC  | +---.5BTC------> |XYZ  |
    +---2BTC (from GHI)----> +-----+                  +-----+
                             (3BTC)
How do you (as a third party, or the owner of ABC, or the owner of XYZ) differentiate which of the two transactions the .5BTC are the child of?
You cant. What if in your example ABC already had a balance of 1BTC (totaling 4) ? It's undefined.
You can't. But it doesn't matter which transaction the .5BTC is a child of. You have to see colored coins as a tag, not as an actual coin.

So:

    +-- 1BTC+C1 (from DEF) -> +-----+                 +-----+
                              | ABC | +-- 1BTC+C1 --> + XYZ +
    +-- 1BTC (from GHI)    -> +-----+                 +-----+
The DEF->ABC transaction is tagged with C1. And the ABC->XYZ transaction is also tagged with C1. XYZ should look at ABC's history and see if he ever had an incoming transaction with C1, and then check DEF and see if he had an incoming transaction with C1, etc..

There's probably a fancy scheme to make this checking of colored coins in the blockchain easier, I'm not familiar enough with colored coins to know for sure.

Ah! Okay, this makes more sense - it's extra metadata.
Since BTC is divisible to any limits and any amount of it could be controlling any amount of smart property.

Colored coins, Open Assets etc are all just fancy names. What we are basically doing is declaring that a bitcoin address X is now associated to some asset A, say a car. Whoever holds the private keys to X owns A. If all the money in X goes to Y then Y is the new owner.

- Nothing is binding you to hold your declaration or even check if your declaration is valid, but the central lawmakers. Me and you could both be claiming to own the same A, who is to decide? The law.

- Only digital assets can have some inbuilt mechanism that ensure that indeed A owns the private keys to X.

We already knew we could save messages in a transaction.

I think NASDAQ realizes this joke and thus jumped on it, why not, because the dispute resolution is still central authority and not an algorithm with inbuilt monetary punishment.

"hacked" = "stealing from your own website"
That would only be if they took customers' funds. They're saying that they'll eat the loss.
That's only fully realized if all customers pull out funds. If they're operating a fractional reserve, that's just a statement, nothing more. (There's zero reason why every exchange can't prove they're 100% funded on a regular basis)
How would they prove how much they have in deposits?
> will be fully absorbed by the company

So they'll pay with the money they stole themselves? At least they got some publicity out of it.

There's no connection between this company and the PC case manufacturer by the same name, is there?
No, that one is spelled differently (Bitfenix.)