Topic: Bitfloor status update - September 6, 2012 (Read 7693 times)

I did say I was sorry. Damn. Forgive me not.

dry man...dry

That's exactly how cold wallets are supposed to work. This fancy device you are imagining is commonly referred to as a "computer".

What if the wallet we kept on some sort of special purpose Wallet device? Something like a powerful microcontroller that was not running an operating system but rather had a specific implementation for controlling it. What if this this microcontroller did thing for example like measure the statistical frequency and amount of withdrawals and limited withdrawals that were outside of the statistical frequency? What if this device were even located somewhere at an IP address that only listens to the ip address of the server and vic versa, or physically located next to the server. What if the access to the 'hot wallet' was controlled through some sort of automated ubi-key type thing?

just musing,
crazy_rabbit

"Fuck you, got mine!" - The Bitcoiner's Creed

You weren't saying that back when it was your money on the line too...

Shit happens.

Is it just me or was there a part missing from his update about how people owed BTC would be repaid? I'm not sure its a good idea for the community to back someone who can leave unencrypted wallets on the server and when it gets hacked say "oops my bad. Your bitcoins are gone but good news you can deposit more soon and hope I do a better job securing them this time."

I think after ever incident "we" as a community of service providers can learn.  These are IMHO very good questions and ones that we have been discussing inside our own company.  Far too often this forum is used as the sole communication mechanism to the customer base.  Some ideas we have been brainstorming, a good starting point for a discussion I think (feel free to add details and more bullet points).

In a hack (or failed hack or suspected hack in progress):

• The service should be halted.  This includes immediate deletion of all hot wallets and in the case of encrypted databases immediate destruction of host encryption key.  Obviously both of these should be available in offline form.
• If there is no loss of control of the server the site should be replaced with a static page indicating in general terms the issue and warning users not to deposit coins.  This page likely should be pre-created and have an offline backup as time is of the essence in any hack or attack.
• If there is a loss of control of the server, the server should be taken completely offline (hard power switch at datacenter if necessary). One idea would be to have a status.domainname.com site on another server (probably a low powered VPS in a different hosting provider).  It would at least provide partial communication.  Nameserver change could redirect traffic to the status server although that change will take time to propogate.
• If the service uses social media those could be used to communicate with users.
• All registered users should receive an email with similar information.  User email list should be stored off site in a fast accessible form in the event that access to server or database is lost.  The mass email should be tested before needed to ensure it won't get caught by spam filters.
• If cellphone numbers are available users should receive a text notification & warning.
• Moderators of bitcointalk should be notified so an "Important News" thread can be created.

I would point out that the scenario you described above is exactly why a cold wallet should be used.  If hot wallet is also used "incoming client addresses" should always be directed to the cold wallet.  The hot wallet is then only filled from the cold wallet. 

Nah, I'll just wait until I can get the money in bitcoins at some point in the future

You could have the USD deposited to a US account with ACH and have them send you $9 worth of BTC?  If you needed the $9 badly enough that is.

The fees as the same as before.

ACH is free. Wire $15.

What's the fee for those? I only have 9 usd in the account. For international wire transfers usually eat that for breakfest

International users can request a wire transfer. I will not be giving out MtGox codes. ACH and Wire are the only options for USD withdrawal.

What are the options for us non-US folks that ACH doesn't apply to.
I'd love to be able to get e.g. a mtgox code or something.

Any ETA on when we'll have options available?

There is an Important Announcements forum board.  A thread for this issue was (eventually) created there:
 - http://bitcointalk.org/index.php?board=87.0


Some people got an e-mail initially ... though it was only saying API keys might have been compromised.  It even said "No accounts were compromised financially nor was there any access to coins or any funds. Our system are separated to protect against this.":

 - https://bitcointalksearch.org/topic/m.1159003

There was then many hours that passed before the "bitfloor needs your help!" forum post.

The normal procedure for using a hosted (shared) EWallet is to create a new deposit address before each transfer.

Anyone not doing that but instead is re-using a BitFloor deposit address is probably a miner or for receiving some other type of withdrawal.  If BitFloor was offline, then there was no was no way to obtain a new Bitcoin deposit address.   If it was a miner payout, the upside was that the amount sent was probably not all that much (e.g., just hit the payout threshold).

Of course, the best course of action would have been for BitFloor to send an E-mail to all users immediately when it was ascertained that there had been a compromise -- and included explicit instruction to no longer deposit funds and to halt any automated transfers.

After the Linode outage a few days earlier which took BitFloor down, written was:


But that had not been implemented yet.

If you wish to have automated transfers to a static bitcoin address then the most secure solution is likely to have it be an address that you control.  Creating a paper bitcoin and using that for your mining payouts or dividends or whatever is a good approach.  Then when you want to spend using those funds, you simply scan the QR code and spend then (e.g., on Blockchain.info/wallet - import function).

 - http://www.BitAddress.org

A question I thought was serious from the other thread;

What of those who deposited BTC, either manually or automated, after the hack?  There was, as far as I have heard, no email notification, and the website message was ambiguous.

Starting a thread on this forum is not exactly a high standard of damage control for your users.

Thanks for opening the website so we could withdraw our USD. I have got all my funds back now. I appreciate this. Money is really tight for me. So the only thing I have lost is one heck of an exchange that I will miss for the time being.

I really hope Bitfloor can launch again. I enjoyed it MUCH more then MtGox. I wish you the best, and hope to use your service again in the future.

A solution of making BTC holders whole might best be solved by providing bonds in exchange for the losses.

Sorry you got hacked and had all those silly people spreading FUD, demanding that you *must* pull a Corzine and merge all the remaining assets into one big, damaged pool to be eventually redistributed after the lawyers took some outrageous percentage.  I never believed it for one second and said so, vehemently.

I'm not at all surprised to hear that your lawyer(s) agreed with me about the blatant illegality of holding USD against their owners' consent.

The correct course of action was completely obvious all along and I'm convinced you knew that, especially given your initial response.

Bitfloor is a really nice exchange and I look forward to using it more in the future.