But also because crypto is totally unregulated -- and by the rules of the game, if you have the keys, you have the coins -- you have zero recourse. Not that it could be reversed anyways. In both these real-world cases, you've got the police.
That applies to regular theft as well, it's illegal and still it happens.
I'm not a lawyer, but I'm pretty sure that using a guessed key to transfer funds is as illegal as using a guessed password would be to transfer funds from one bank account to another or using a "guessed" house key to enter a house and walk away with the TV.
That's not to say that you have a lot of options to get your ether back, but that's not fundamentally different from regular theft either.
> but that's not fundamentally different from regular theft either.
Regular theft certainly occurs and is illegal, however this scenario is entirely different from the most common types of regular theft.
A criminal operating in a foreign nation is going to steal: physical items from my house, my wallet, my car, items in my car, my bike, the watch on my arm, the tv in my living room, valuables in my home safe, valuables in my safety deposit box (that one is very difficult in general)? Nope.
The most common types of regular theft involve physical items that are physically lifted. Even most bank account scams are performed domestically, not internationally.
There is an extraordinarily tiny set of potential criminals likely to, or capable of targeting me when it comes to the most common forms of regular theft. It is not open to a global-scale competition as in this 'blockchain bandit' case.
A friend recently had their vehicle broken into. A thousand dollars worth of physical items were stolen. Half of it was recovered quickly by checking local pawn shops. Good luck doing anything like that with Ethereum and a foreign bandit.
> A friend recently had their vehicle broken into. A thousand dollars worth of physical items were stolen. Half of it was recovered quickly by checking local pawn shops. Good luck doing anything like that with Ethereum and a foreign bandit.
That's true, at least for recognizable things. If the thief steals currency, e.g. a stack of dollar bills, you'll have about the same potential to get those bills (or others) back unless you locate the thief. The jurisdiction adds a layer of confusion, but that's not the relevant part imho. If I break into your mail account and illegally transfer your domains to my hoster, you'll have high chances to get them back, even if I'm in another country or continent, because there's a central authority that has the power to make it happen if you can provide sufficient proof. There's no such authority for ether (well ... they could fork, but realistically, they won't) or cash, and that's what makes it hard.
> This is basically theft where there is no risk for the thief.
Sure, my point is just that the difference isn't in legality or possibility for recourse, but in the probability of successful enforcement of the law. The problem isn't so much that the thief is in another country, even if he lives next door to you, it's impractically hard to track him down unless he makes a mistake.
You can exchange for Monero to gain anonymity, and there will always be a way if you're willing to pay for it. 80% of a few millions is still a good sum.
It doesn't. With credit cards we get (included at no additional cost) 30-day loans, chargebacks, various forms of insurance and rewards for spending. None of those exist with any kinds of cryptomoney. Privacy isn't really improved with most forms of cryptomoney as you have not anonymity but pseudonymity of fully public information. Once you identify anyone (as any merchant or transaction recipient can) you can immediately access their entire transaction history all the way back to day 1. Any reasonably advanced government agency can build tools to crawl and deanonymize network participants too.
>But also because crypto is totally unregulated -- and by the rules of the game, if you have the keys, you have the coins -- you have zero recourse.
I don't think that's true. If you could go to the cops with dead-to-rights evidence that someone stole your coins, pretty sure the cops could still charge them with larceny because the law still views cryptocurrency as a form of property. Plenty of people have been charged with crimes for stealing cryptocurrency -- the ex-secret service agent who stole from the custody of the Silk Road investigation comes to mind.
It's just that catching and prosecuting cybercriminals across jurisdictions is a _very_ hard problem that it might as well be that you have "no recourse" in 99.99% of cases.
> But also because crypto is totally unregulated -- and by the rules of the game, if you have the keys, you have the coins
Nothing could stop you from opening a business that would offer insurance in case of key theft. Most banks offer around $100k (depends on the country) in case they go bankrupt or robbed which is very little if you have life time savings in them that are way more than $100k. Big banks have an advantage though in that if they ever go bankrupt they tend to be bailed out by the government which is hard to replicate as a business (you still end up paying for it through inflation so you don't technically get your money back when your bank goes bankrupt as the total value of your money goes down).
> Nothing could stop you from opening a business that would offer insurance in case of key theft.
There is no way to prove a key was stolen and no way to prove the theft was not a fraud. Insurance is backed up with jail time for insurance fraud and is STILL rife with fraud (especially automotive insurance).
Blockchain theft insurance is not a business that would survive long.
One aspect that would be interesting is: I would expect that after an insurance payout the stolen coin would be legally the property of the insurance company. The stolen coin would accumulate on the books of the insurance company, which could then pay a premium to a recovery agency to get it back.
Of course the anonymity factor would make it all difficult, but on the other hand you can't ever truly abscond with the cash. If they could trace the movement through the ledger to a legitimate business entity that respects the same country's laws, they might be partially recoverable.
At a small scale it would be a waste of time, but on a large enough scale it might work.
> Blockchain theft insurance is not a business that would survive long.
Why not? If they only garanty $100k and everytime you lose your key you get to pay more like car insurance. Making it more expensive to fraud with time. Not to mention all the fraud detection mechanisms that could be put in place and jail time could still apply if you're caught frauding.
> Nothing could stop you from opening a business that would offer insurance in case of key theft.
I don't think insurance models work for this. How can the insurance company verify that the key wasn't stupid simple? It seems very hard to determine prices and premiums if can't assess the 'risk' - knowing that all 'risk' comes from the potential of user-error and nothing else
Also, there's the issue that in our financial system its very difficult for the common person to transfer all of their money to another account they own and call it theft. If I'm not mistaken that is a possibility with every single cryptocurrency, right?
I would expect that to get a reasonable premium, you would have to agree to follow certain best practices that would reduce the risk profile. Implementation would of course be hard.
You could be forced to use something like coinbase where they store your private keys. Actually coinbase already provides some kind of insurance in case they get hacked.
