- Is there a target as to how much of customer's funds are kept in cold storage? (e.g., percent of total, or perhaps relative to recent withdrawal requirements)?
At least 50% in cold storage is the target. This can sometimes vary depending on daily volume, deposits, and withdrawal requests. I do my best to monitor this as to not delay withdrawals and maintain the target. I think this can be vastly improved and will be looking at changing the system/policy for this soon.
- Do new deposits go to cold storage? (if the hot wallet is compromised, new deposits made (e.g., automated payouts by mining pools) would still be secure)
I would recommend people use the GET /rest/bitcoin-address call from our API if possible to retrieve the latest deposit address for their account. This is not required though and old deposit addresses will continue to function. If the hot wallet was compromised then yes, new deposits could also be compromised since deposits do not go to cold storage. As I said in the previous response I will be looking at changing our deposit/withdrawal system/policy soon.
- Does the offline wallet where the cold storage resides remain protected due to an "air gap" (no access to it electronically, not connected to the network)?
Yes.
- Does BitMe maintain full reserve? (i.e., BitMe controls bank accounts with all customer USD funds and controls wallets with 100% of BTC funds. None of these amounts loaned out.)
Absolutely. 100% reserves for all USD and BTC, no shenanigans. We are not in the business of loaning out funds or leveraging up. Our business model is simple and is naturally transparent (see our
fees page). As part of the business finances we maintain the assets and liabilities of all customer deposits that we temporarily hold for purposes of buying and selling Bitcoins on our balance sheet. We cannot guarantee the safety or availability of these deposits that we temporarily hold and these are not insured.
- Does BitMe maintain offsite backups of its accounts and transactions? If for some reason the exchange's primary account database were lost due to a security breach, what information (and how recent) is still available from backup or archives?
We maintain write logs for our database that allows use to keep point-in-time backups. Currently, the write logs are encrypted and shipped to an off-site location (using write-only access without deletion permission) every 15 minutes, with a full backup being done once a day. This may change as our daily volume grows.
- If there is a security breach and BitMe cannot meet withdrawal requests of its customers, what is the withdrawal preference that BitMe would follow? Various preferences are:
- - A.) All deposited funds are of equal standing with bitcoins being valued at their market rate at the time of the loss,
- - B.) Withdrawals of USD funds, if not impacted by the breach, are made available to those customers who held a USD balance. in full.
- - Do customer deposits have preference over any other creditor claims? (i.e., a contract stating so such that they don't become unsecured creditors ending up in the same pool as the landlord for office space and hosting bill.)
- - or is there some other approach?
I need to look further into this issue before I can answer.
- If there is a DDoS or server availability issue, where should users turn to to learn status (e.g., blog, forum thread, Twitter, etc.)?
We would post an update on both our
blog (Tumblr) and
Twitter, and possibly post an update on these forums. If there was a long-sustained issue then we would probably point the site to a temporary status page.
- Does BitMe have (or plan to provide) an out-of-band communications method (e.g., e-mail to inform customers of any security issues?
As part of our security policy, we have been publicly posting
disclosures on our blog about issues that "cause abnormal or unintended behavior affecting users". If it was a serious security issue then those users affected would be contacted using their email address associated with their BitMe account.
Two-factor authentication is planned for the near future and will be implemented before we start accepting verified accounts with higher limits. Currently users are required to (re)enter their account password for withdrawals (except for previously linked bank accounts). This will most likely be replaced with a pin number/OTP at some point.