As somebody who has been closely watching NFC for years, I find this side of the Bitcoin business interesting.
People moan that NFC has been "just around the corner" for the best part of a decade, and some even think that it has missed its opportunity (it hasn't, btw), because it has taken so long to bring to market. This is largely because of the in-built security, and the demands it places on participants' business models.
These Bitcoin exchanges and other service providers, on the other hand, seem to have been put together with great haste. They seem to have little-to-no oversight, a high risk profile, untested systems, not much institutional experience -- and there's no safety net for customers.
It illustrates why the "old" financial services industry is so cautious when it comes to electronic money. "Move fast and break things" may work for all sorts of businesses, but it's not a good mantra if you're handling money.
NFC adoption was either killed (or put on hold) by Apple, thanks to their resistance in adopting it for god knows why.
Bitcoin exchanges seem to be trying to rebuild the wheel while touting they're not wheels.
There are many layers to banks and exchanges, including security and risk reduction, which add to the overall operational cost. These exchanges either thought they were exempt to these same issues or they thought they could skate by without addressing them.
It's almost an agency effect - "If other exchanges aren't doing it, why should I increase my costs by doing it?" This line of thinking and deferment of responsibility is what leads to financial crises.
But seriously, sorry to those who lost coins here. Also sorry to the folks of flexcoin, the timing couldn't be worse. Can't say it enough; cold-wallets and private key that's exclusively in your possession.
Only you can prevent forest f- er...bitcoin thefts.
Nice of them to link to their terms of service. The relevant section being:
"We have taken every precaution to defend your bitcoins from hackers and/or intruders. However, Flexcoin Inc is not responsible for insuring any bitcoins stored in the Flexcoin system. You are entering into this agreement with Flexcoin Inc. You agree to not hold Flexcoin Inc, or Flexcoin Inc's stakeholders, or Flexcoin Inc's shareholders liable for any lost bitcoins."
Also from what I understand they only lost the Bitcoins in the hot wallet. Presumably everyone's Bitcoins in cold wallets (the grand majority) are safe and returned to their users.
Also, one can argue that if they had truly taken every precaution then either intruders would not be able to break in or they are prepared for such a scenario. Evidently, neither was the case.
In other industries standards and "recommendations" exist to state a set of measures companies have to set up in order to be "secure"
Yes, just like a non-FDIC insured bank can tell you 'too bad, too sad' if they're robbed and your money was stolen. Unless you're specifically insured against loss, banks aren't obliged to give you money lost due to robbery unless you some how prove the robbery was the result of, say, gross negligence.
Yes, some state (rather than federal) banks are not FDIC insured. (Also, credit unions are a lot like banks and are not FDIC insured, but most of them are CUA insured, which is functionally the same thing.)
Corollary: Even if you take every reasonable legal precaution, there's still a possibility that you can be held liable once the class action lawsuit is filed.
Yes, but who would pay if you won? The corporation's assets have been stolen, and presumably there aren't enough left over to cover the shortfall (hence the closure of the site). Moreover, unless they screwed up their corporate formalities, the individual shareholders should be protected from this type of loss. Limited liability is one of the main reasons why corporations exist in the first place.
Yes, but it's really hard to pierce the corporate veil if all the formalities are in place. Negligence alone won't let you pierce the veil. Unless the shareholders effectively embezzled the corporation's assets, I don't see how you get around it.
Sure, but undercapitalization alone can with certain types of creditors, and gross undercapitalization can be a significant factor in favor of piercing the veil in other cases.
And actively concealing a known "leak" of funds held in trust for customers arguably goes far beyond mere negligence.
I'm definitely not trying to be argumentative, but as I understand it, corporate limited liability doesn't shield individuals (including agents of the company) from tort liability.
Also, it's not really true that anything that produces civil liability is a tort, is it? Civil liability also arises from contract law.
> I'm definitely not trying to be argumentative, but as I understand it, corporate limited liability doesn't shield individuals (including agents of the company) from tort liability.
That's not about piercing the veil (which protects shareholders from liabilities incurred by the company), that's just individual liability independent of the corporate existence of corporate liability. And your right, but negligence liability requires that the individual agent owes you a duty of care and failed it; even in the case where corporate negligence toward a harmed party is easy to establish, individual negligence of a particular corporate agent toward the same party may be much harder to establish. And, again, such liability is a completely different issue then the corporate veil.
> Also, it's not really true that anything that produces civil liability is a tort, is it? Civil liability also arises from contract law.
True, but I think the general point still stands that the corporate veil would be pretty flimsy to start with if it didn't generally include protection from liability arising through tort.
Bitcoin seems way too prone to being stolen or exploited for me to ever take it seriously. I dont have the same problems with exchanging real money, investing real money, and withdrawing real money.
I think coders just haven't got it through their head yet that BTC is cash. You do not keep more than an operating float of cash behind the counter. You keep it in the vault. And if that makes large cash transactions have to run asynchronously, well, too bad.
All of these companies have been operating as if keeping heaping wads of cash behind the counter was fine, merely because it was convenient.
> You do not keep more than an operating float of cash behind the counter. You keep it in the vault.
You're still making a fundamentally invalid comparison: with cash, your security threats are still limited to people who are nearby and have both the time and means to move large amounts of currency. Bitcoin allows anyone in the world to steal amounts which would require a large team with dump-trucks in the real world even if the bank completely screwed up their security design.
One million dollars in $100 bills is 10,000 bills. A bill is 0.010922 cm in thickness. That would be 109.2 cm. That would be a stack of bills just over 3 1/2 feet high if you made a single stack. You could probably fit a million bucks in a decent sized brief case and could definitely fit it inside a duffle bag. It doesn't take dump-trucks to steal a million bucks.
In addition to what petit_robert pointed out about the Mt. Gox theft being orders of magnitude larger, you're assuming the densest available US currency and that it's conveniently pre-packaged for easy shipment.
What we're actually talking about, however, is like being able to teleport into a bank anywhere in the world, wave a magic wand which converts everything on the premises into tightly packaged $100 bills, and teleporting back out of the country. In the real world, running out the door with a bunch of duffel bags and people shouting tends to attract a lot of attention and make escape a lot harder than closing a network connection.
I fail to see how 99% of USD, which are just records in a database, is different than bitcoins in that regard then. The failure I would argue is in the original analogy of taking physical money to begin with.
Because electronic money transactions are reversible. If you can convince the right people that a transaction was illegitimate, it can be reversed and you can be made whole.
BTC is not Cash period. Cash can be held in your hand in the form on Notes or Coins. There is no where around where I live that you could walk in a buy things with BTC.
Are you in San Fransisco? I live in a major city (top 10 population in us) and I'm not aware of any place I could go buy grocery, gas, or withdraw money with BTC.
I'm in Boston and there's a handful of places I can use BTC. But not many. The ATM is at South Station. I could do a bit with them when I lived in NYC over the summer too.
Yeah, I get the principle. But a busy cash register at a store services dozens of people an hour. A mildly successful exchange will be servicing hundreds or thousands each hour.
You wave your hands in the air and say 'they wait', but there goes all your speed and cost advantages.
Just like people who use UDP because it's more efficient, and then have to re-add all the stuff TCP has. It looks like Bitcoin has to re-add all the protections that the old money system has.
A cash register has things incoming and outgoing. It's not constantly draining all day. You might need someone to run to the bank to get a bunch of pennies or a bunch of singles to make change.
(And with the "cold storage" concept, it's free and instantaneous to move money into your own cold storage whenever your till gets over a certain amount.)
A float only has to cover volatility in the rate of deposits and withdrawals, because if ins == outs you can simply turn around the BTC from Peter to pay Paul. So the amount needed may be smaller than you think.
So put some numbers down. Let's say the transaction limit out of the float is something like 1 bitcoin, or 0.1 bitcoin (lower than that and you basically shouldn't be advertising any liquidity). How much skew should the float be able to cover there? 5 customers at the limit? 50? More?
edit: some small percentage of customers would be a smarter measure than some specific number.
It's symptomatic of all online wallets with instant automatic withdraw capabilities. Not just limited to Bitcoin. Online wallets, that transfer real money to external third parties (not just an internal credit transfer like Paypal or credit cards, which don't actually remit the money to unverified receivers outside of their system for 30 to 60 days) will all have this problem.
It's not at all required though. You can easily build per-user wallets that employ multisig, where the user has to actually authorise each transfer. If the service shuts down (or gets seized) you just publish your key and users can withdraw their own cash.
Why would I need an online wallet though. I mean that's what I use my bank for. They even give me a small amount of interest for the money I keep there. Anything not in my bank is in a real wallet in my back pocket.
This doesn't happen with regular cash because banks usually take this loss and pass it onto their customers as fees. The exchanges that have closed operate too unintelligently to be able to survive an attack. Almost 900 bitcoins in hot storage? That's almost 500,000 dollars being left in the open. It's like a bank keeping 500,000 dollars in a vault with no lock, no security, and no laws... With p2p coins, hot storage should be just enough for the day's operations and no more. Overdrew for the day? Make the customers wait, it's worth it for the safety.
This doesn't happen with regular cash because banks have the scale to absorb it and pass it on to their customers. Bitcoin doesn't yet; and even if it did, there's no real way to restrict it.
Just as an example, Bank of America has over $2 trillion in deposits. If any minimally significant portion of that amount goes missing, it's pretty easy to track just due to scale. There are policies in place that ensure any transaction above a certain size gets looked at. If there are too many large transactions in a day, that gets investigated too. In exchange for having these safeguards in place, the government is willing to guarantee these deposits in the form of FDIC insurance.
Banking regulation is a good thing, especially when you're talking about an anonymous currency where transactions can't be rolled back.
EDIT: Just wanted to add that while Bitcoin itself probably will never be a globally significant currency, some form of cryptocurrency is likely to obtain relevance. But some people are going to get burned along the way, and these are the risks that you need to accept if you want to dabble in what amounts to unregulated banking. The regulations exist for a reason.
What advantage will another currency have over Bitcoin, that will trump it's lack of branding? If Bitcoin (with first mover advantage and network effects) fails, wouldn't it be twice as hard for the next to start from scratch?
My uninformed intuition tells me it's more likely that there will be a Gold and a Silver - one better, one worse, each used for different things.
Bitcoin's complete lack of centralized trust and inherent deflation seem like they may become big problems over the long run. I get that the peer-to-peer nature of it is considered a strong point by many -- but it also exposes users to fraud with little recourse.
It's basically like carrying cash: you can walk around with $10,000 in your pocket, but if someone robs you and gets away, you're out $10,000. If someone steals your credit card, the bank has fraud protection measures in place that limit their losses, and they often can roll back transactions. Unless you impose a similarly regulated structure on top of Bitcoin (where banks are super-secure and won't transfer large amounts of BTC without an auditable authorization chain so people become personally liable for any fraud that may occur) you're not going to be able to solve these problems.
Deflation is a bigger issue, in my mind. The algorithmic scaling of Bitcoin basically ensures that it will either not be very much in demand at all, or it will become increasingly scarce relative to demand over time. This creates an incentive to buy and hold Bitcoin as its value has tended to go up over time. However, most of the modern economy is based on the assumption that money today is worth slightly more than money tomorrow. This creates pressure to spend or invest, rather than hold onto currency for any reason other than liquidity. If Bitcoin remains popular, it won't be because of its virtues as a currency.
Ah you are correct, FDIC/CDIC/etc do not in fact provide theft insurance, but you help with the point I was making though - Banks have been robbed for years, and individuals don't lose money when that happens (how could they? your deposit doesn't sit as cash somewhere waiting for you to claim it)
According to the FDIC, for most banks theft is covered by the banks insurance policy (they refer to it as a "banker's blanket bond") which also covers loss (of money) by fire, flood, and even things like embezzlement etc.
So until BTC exchanges/etc actually have insurance policies (literal policies, not figurative "insurance policies") the risk seems higher.
Also worth considering - I remember reading about a bit coin site that uses a Safe Deposit Box to store the majority of its holding "offline", but safe deposit boxes aren't insured by either FDIC (even in the event of bank failure) or by the bank, so if their safe deposit box is breached (either as a theft or just damage) there is no safety net.
Yeah, normal robbery is handled with normal insurance. The police are called, a police report is made, forensic accountants determine how much got swiped, the insurance company writes a check.
In the real financial world, matching and settlement occur asynchronously from each other, on different systems. Matching is "X tried to buy Y at Z, Q tried to sell Y at Z, their orders match." Settlement is physically delivering Y to X while physically debiting Z from Q.
Bitcoin developers haven't quite cottoned onto the wisdom of separating these functions architecturally. (One of many advantages is "If your matching system is compromised, you shut it down and investigate, but no money actually leaves. The settlement system is in your back office and much more protected than the matching system, because the settlement system doesn't have to talk to customers directly.")
Bitcoin developers instead have developed a security pattern called hot wallet/cold wallet, where BTC which are available to the system are "hot" and BTC which are not available to the system are "cold." The idea is that, in any given day, you might only require 2% or so of your company's total reserves to go in or out. You keep the private keys to, say, 5% of it on the live system. That's your hot wallet. You keep the private keys to the remaining 95% somewhere else. That's your cold wallet. Even if your live system is rooted, you should not (the thinking goes) lose the private keys to the cold wallet.
The Bitcoin community widely believes that this pattern is sufficient to prevent events like the recent Mt. Gox debacle, where the system was compromised and both the hot wallet and cold wallet were drained.
Bitcoin developers haven't quite cottoned onto the wisdom of separating these functions architecturally.
I'm not sure this is true. Any off blockchain transaction is basically an unsettled (and therefore reversible) bitcoin transaction. So for example, trades on bitcoin exchanges and payments between web wallets will have separate and distinct settlement phases. Generally bitcoin enthusiasts gloss over this though, because they don't like the idea of reversible transactions.
The current maximum transaction rate for the bitcoin networks is something like seven transactions per second. So either they'll have to figure out how to increase that or move to a more conventional clearing and settlement system if bitcoin-as-a-payment-network ever takes off in real size.
> The current maximum transaction rate for the bitcoin networks is something like seven transactions per second
What? I'm not entirely sure that I understand this correctly: Do you say that the whole bitcoin network, with all that computing power, can't compute more than 7 transactions per second?
The limit here is one of design: each block is currently limited to X MB, each transaction takes Y bytes, and each block is designed to happen every Z minutes; for Bitcoin's current values of 1MB (expected to be raised at some point if the size becomes a limit), something like 1k, and 10 minutes, that works out to 7 transactions per second.
Altcoins which have chosen blocktimes of say 1 minute will be able to do more transactions per second, and ones which lift the 1MB cap likewise.
They can compute more than 7 transactions per second, but it is at present a hardcoded artificial limit (one of many) because if the network tried to sustain e.g. 100 TPS like an actual bank, the block chain would balloon in size to terabytes very quickly, and since every Bitcoin client needs every transaction in history, that would force most people to abandon it.
> Today the Bitcoin network is restricted to a sustained rate of 7 tps by some artificial limits. These were put in place to stop people from ballooning the size of the block chain before the network and community was ready for it. Once those limits are lifted, the maximum transaction rate will go up significantly.
I don't know the details, but I think this arises from the rate at which blocks are discovered and the amount of space each transaction takes within a block. 7 tps is actually pretty high. All of paypal only does about 100 tps.
Execution (match engines are just a part of that) and settlement aren't just different parts of an exchange architecture; they are often different business units, or even different companies.
@patio11 - I dont understand. From what you wrote about matching-settlement vs hot-cold it seems there are still two systems at play there. I don't understand why there is a difference in security unless there is a time element in play (settlement at EOD).
Doesn't that violate the real time nature of bitcoin then? I have built e-commerce settlement systems in the past and I thought that the big challenge with bitcoin was always the instantaneous element.
You're correct, injecting extra time delay between transactions and settlement is one of the reasons why that architecture is more secure. That's a feature of it, not a bug. That is not the only difference: at almost all Bitcoin exchanges, your hot wallet is on your web tier and exposed to the adversary (so successful adversaries have authority to disburse 5% of your deposits), with the matching/settlement separation, a successful adversary still has no authority to disburse any percentage of your deposits. The hot/cold system also doesn't require e.g. intelligent accounting and reconciliation of those accounts, which is a major reason why the financial system actually works.
BTW: Bitcoin isn't a real-time system. The community widely believes it is, but people who actually understand what is happening would say "cough Yeah by 'real-time' we mean 'an hour later' cough."
Are you saying that Bitcoin-based financial systems cannot introduce a more secure settlement system without fundamental architectural changes to the Bitcoin protocol?
Or are you simply saying that nobody has apparently done so?
If the former, I would like to challenge that assumption. If the latter - what are you really trying to get at?
Hot storage is a wallet that is accessible online, eg, n wallet used by the "bank" to transfer coins from their own account to a customer that wants to be paid out.
A cold wallet is one where the keys are kept offline and not plugged into anything, eg, a printout, or a USB key.
If they secured their servers (from hacking), they could theoretically leave everything in hot storage (although it's not necessary for normal operations as others have stated).
One thing I don't get is... why is everyone storing their bitcoins in someone else's house? Why not store them yourself? To own bitcoins is to own a cryptographic private key. Why is everyone trusting someone else with the ownership of these keys?
Probably for the same reason most people don't store cash under their mattress and store it in a bank instead.
Of course, storing Bitcoins on your laptop is even more risky than storing cash under your mattress. Someone has to physically enter my house to steal the cash, but to steal my bitcoins? All they need is a virus, spyware, out of date OS, out of date router firmware, out of date NAS firmware, a zero day exploit, etc. and they can drain me of my coins from anywhere in the world.
Then of course there is the risk of simply losing the coins. An accidental deletion. A hard drive failure. Losing a laptop or having it stolen. You have to back everything up, you have to back it up offsite, and you have to trust the offsite backup. You have to keep your machines securely locked down.
All of this requires the user to be quite tech savvy. This will never change for storing coins locally... so if Bitcoin is going to be the "currency of the future" to be used by the masses then secure banks and exchanges have to be a thing. They also have to be a thing for lending and investing, anyway.
And people don't now realize that their mattresses are not connected to the Internet, and therefore the perfect place to securely store a currency that requires a computer to steal it.
Though I think I'd put those paper printouts with the QR codes on them in a fire-resistant box, at least.
I keep mine in a brain wallet. I can lose my house and my bank account, but my coins will always be in my head (and anyone else's head I share it with). That's something to think about.
Because the majority of BTC owners at the moment are speculators without technical savvy to create their own wallets. Storing BTC on these free online wallets is easier and humans will usually take the easier path.
Because people are used to dealing with the regulations that go along with other people storing your money.
Most people trust places like a bank, an investment brokerage, or paypal to store money, and not have it be "lost to hackers". There are banking regulations and insurance policy that have been around for 100 years to protect people from that kind of thing.
What I find interesting is that BTC market does not care about Flexcoin shutting down - prices continue to soar to USD 700 after the MtGox induced drop to ~ USD 500.
For me this actually shows promise of real market stabillity in the long run. Image what would happen if a real bank failed in a normal country. Or image what would happen to USD if the largest world bank would fail (destroying 12% of worldwide supply of USD) and nobody would bail them out? Would the drop be worse than 10-20%?
I'm more and more convinced the only safe way to keep your bitcoins is on your own computer. I have 1 BTC, and it's currently hanging out in my hard drive, with a wallet backup on another hard drive. I suddenly feel much safer.
When you say your 1 BTC is on your hard drive, do you mean it's on the hard drive of a running Internet-connected computer? If so, how do you address the threat of malware that searches for wallet files?
I was wondering when people would start to realise how easy a target all these sites that store BTC would be. I mean, I trust the banks with my money because they are legally liable for it. Some random website, where you can't audit the code and there's no real legal process for recovery of assets? Yeah that's a great system.
The whole point of state-backed currency is to provide stability and make it so there's money you can trust - not some wild west cross-your-fingers system. Yes, countries have failed (e.g. hyperinflation), but at least there are extremely powerful institutions in place who's remit is to prevent that at all cost.
This is what the Mt. Gox website said on its front page until last week:
You can quickly and securely trade bitcoins with other people around the world with your local currency!
Sadly, I think many people trust such marketing claims, partially because they assume the people behind the site know what they are doing, they assume the laws of a developed host economy like Japan are strong enough to prevent companies from making false claims (even while the market itself is unregulated), and, most importantly, they want to believe it will benefit them.
If you have money to piss away then buy some Bitcoins. I'm waiting for an awesome inforgraphic on the amount on money stolen and the likelihood of your bitcoins being stolen.
There are 12.4 million bitcoins in existence right now . 750,000 were stolen in the mtgox heist. 174,000 were confiscated by the government from Silk Road and its owner. So, just from these 2 incidents, 7.5% of the bitcoins in existence have either been stolen or seized by the US government. Considering the regular occurrences of thefts from both exchanges and from malware stealing it from people's computers, the percentage is likely much higher.
So here is what I've learned in dealing with crypto: most of this stuff is NOT written by security experts, the level of code out there is not expertly developed. Lots of this stuff is written by patching together random stuff, or hastily built. This won't be the last robbery story we see for a while. If btc wants to be taken seriously they need to create security standards.
These are very young companies, working with a good that has huge price volatility, resulting in them holding vast amounts of wealth. Ignoring the social, political, and economic debates around bitcoin, these companies have enormous risk and are high profile targets, and have varying ability to protect themselves. All this leads to uncertainty.
So then why don't these Bitcoin companies embrace ridiculous amounts of information disclosure and transparency?
Don't tell me you "take every precaution." Detail what precautions you are taking. Name an external pentesting firm that tests your infrastructure quarterly. Post their findings a few months after you have address the issues. Open Source everything that you can. Offer bug bounties paid in BTC for security issues discovered. Discuss, in detail, your hot/cold wallet storage setup. Do offensive analysis to determine the most likely attack scenarios, and publish them, along with the layer defense you have put in place to mitigate the risk.
Why haven't the major bitcoin banks/exchanges banded together and made a set of standards, akin to PCI-DSS to define security standards and implementations for these services? You would think that everyone would do it after MtGox sank. This is starting to leave bad joke territory and I hope it doesn't happen to Coinbase.
The resulting standards would probably be so expensive that they couldn't afford to implement them, or the standards would create an uncompetitive cost structure (see Coinkite). Also, security isn't lean.
I'm hoping for an actually independent security audit, because antonopolous, despite competing with CoinBase, has a stake in the entire nascent system being considered trustworthy, and therefore a conflict of interest. I'm not saying he wasn't telling the truth - I believe what he says about verifying that CoinBase was in control of its cold storage wallets - but I'm hoping that independent banking authorities can learn enough about BitCoin to conduct independent audits themselves, so that people who have no skin in the game can truly verify that CoinBase's cold storage procedures are adequate.
Bitcoin is money. The vast knowledge of handling money is within the financial industry. The Bitcoin crowd do not trust the financial industry, they fight them man. The Bitcoin crowd pays to learn the hard way. News at 11.
What I don't understand is why can't the bitcoins can not be seized and returned. If the feds can seize bitcoins obtained illegally through drugs why can't they seize bitcoins obtained illegally through stealing?
To own a bitcoin is to own the cryptographic private key that holds those bitcoins. If the bitcoins moved to a new address, then you would need the private keys of the new address. They can be acquired, but it's difficult, since hiding a crypto key is a lot easier than hiding cash.
And, to answer the other part of your parent's question (regarding how the Feds can seize bitcoin), it was always my presumption that the Feds merely used their legal authority to compel their targets to turn over their bitcoin (i.e. private keys, etc.).
EDIT: Now that I think of it, it seems like I read somewhere that, with Mt Gox in particular, the Feds seized their ~$5M in BTC a while back by having them transfer it to a wallet under their control. Can anyone corroborate this?
Thanks. I'd never heard of Google. What a fantastic invention!
Sadly, though, it doesn't appear to help as much with vague recollections, and certainly doesn't seem to pass the Turing test where actual discussion is concerned.
In any event, it appears that I've mixed it up with Silk Road, where actual bitcoin was seized.
Turns out that it takes a bit more "Googling" (I think I've coined a new verb for this new Google thing) to determine that you have something wrong vs. corroborating that something is true.
This all gives me a new idea. I haven't quite fleshed it out yet, but I am tentatively calling it a "discussion forum".
Depends on your instant withdrawal limits. If you want to allow your customers to withdraw many coins instantly then you need many coins in an open wallet ready to give them.
People moan that NFC has been "just around the corner" for the best part of a decade, and some even think that it has missed its opportunity (it hasn't, btw), because it has taken so long to bring to market. This is largely because of the in-built security, and the demands it places on participants' business models.
These Bitcoin exchanges and other service providers, on the other hand, seem to have been put together with great haste. They seem to have little-to-no oversight, a high risk profile, untested systems, not much institutional experience -- and there's no safety net for customers.
It illustrates why the "old" financial services industry is so cautious when it comes to electronic money. "Move fast and break things" may work for all sorts of businesses, but it's not a good mantra if you're handling money.