Author

Topic: BTC exchanges must tap the minds of community for ideas on preventing DDOS/manip (Read 1257 times)

member
Activity: 87
Merit: 10
There should be a splash page on another server that waits 5 seconds before you can get on the exchange.  There should also be a 5 second limit between placing orders; this would be a vast improvement over hour long trade lag.
sr. member
Activity: 434
Merit: 250
In Hashrate We Trust!
Look at any capital market exchange - they have solved this problem.

However, it introduces tons of other issues like HF, front-running, etc, etc.
It'll never be solved, get used to it. Eventually, only the super rich will be manipulating the market, just like in capital markets ...

It is easy to screw the HFT-algos:
-match orders once every 10 seconds
-dont apply queue system for orders at same price, process them at random order.
-HFT algos cannot make the advantage of being physically close to the exchange since the exchange is decentralized
hero member
Activity: 632
Merit: 500
No central exchange will solve this. 

Let's not go down the wrong road.

Decentralized exchange is the only road to go down here. 
full member
Activity: 210
Merit: 100
firstbits: 121vnq
At the moment they could implement temporary higher trading limits (even up to .1BTC), get rid of their APIs temporarily, and implement some sort of verify/captcha front-end step. That would solve the problem enough to trade I believe.

newbie
Activity: 35
Merit: 0
We just need more exchanges and for MtGox's market share to lower.

Once the bitcoin market volume is much bigger, a decentralised exchange approach will be possible with Over the Counter trading.  This will only be possible when you can go to your neighbour and trade FIAT or some other commodity for BTC, until then we are stuck with centralized exchanges.
legendary
Activity: 3192
Merit: 1279
Primedice.com, Stake.com
Ddos and manip are killing bitcoins. Mtgox etc need better ddos protection.
member
Activity: 117
Merit: 10
Look at any capital market exchange - they have solved this problem.

However, it introduces tons of other issues like HF, front-running, etc, etc.
It'll never be solved, get used to it. Eventually, only the super rich will be manipulating the market, just like in capital markets ...
hero member
Activity: 714
Merit: 510
That is a very interesting idea.
newbie
Activity: 35
Merit: 0
Big mtGox has far too much power. Centralized power is an obvious weakness.

My proposal is that this community has many security experts within it, who probably could come up with a list of ways or methods of preventing DDOS and market manipulation. So how about we help BTC exchanges out and offer a list of ideas or advice on how to prevent DDOS and market manipulation?

My list which of course could be updated if I have more info.

1. Greater decentralization, there is no reason why we need this much centralization around mtGox yet for mining it's all about being decentralized for security? We need to stick with decentralization whenever possible.
     (b) Redundancy, cloud computing, virtual machine based infrastructure so there is little to no down time.
2. Multi-factor authentication must be the defacto standard for all exchange sites and sites which don't offer this should be flagged by the community as high risk.
     (b) Google authenticator, Yubikey, or whatever.
3. The community and the exchanges must determine best practices and follow them relentlessly. What allows these kinds of attacks and what kind of best practices could prevent them?
4. Provide incentives or rewards or adjust the incentive structure to discourage market manipulation. If the manipulators can't make any money or perhaps risk losing something then according to game theory they'll not want to take that decision.

One thing that occurred to me is that the bitcoin exchanges could perhaps whitelist traffic coming from bitcoin vpn providers.. that way anyone with a bitcoin vpn wouldn't be affected.. of course the attackers could then turn to attacking the vpn providers but there are a few of them and it might at least spread the problem out a bit more.
newbie
Activity: 28
Merit: 0
As far as stopping DDOS that's easy, you just have to use an exchange with a well designed server infrastructure, not a crappy system set up to trade game cards. What MtGox calls a DDOS, a traditional exchange would call high volume.

As far as stopping manipulation, that's harder. With traditional commodities you can lower the risk of manipulation by having very high liquidity. That wont happen until people start actually using BTC as a currency and not some fancy virtual gold substitute.

Did you buy drugs online or pay someone for services in BTC in the last couple months? If not, you're part of the problem.
hero member
Activity: 714
Merit: 510
Where is the whitepaper on Ripple?

And how long are they going to take to implement this? I don't have much faith in Bitinstant. They took my money and never gave me coins in over a week now.
legendary
Activity: 1400
Merit: 1013
The problem is getting fiat in to an exchange, and rapidly transferring it between exchanges.

Ripple is supposed to fix that. If all the exchanges became gateways then users could deposit fiat anywhere, and trade with it anywhere, and cash out anywhere. The exchanges could use periodic wire transfers between themselves to settle accounts.

If Bitinstant ever gets their debit card going, and if they accepted USD deposits via Ripple then people would be more willing to keep more of, or possibly all of, their dollars in the system because they could spend it instantly. This would make a large amount of dollar liquidity available to all the order books.
hero member
Activity: 714
Merit: 510
Big mtGox has far too much power. Centralized power is an obvious weakness.

My proposal is that this community has many security experts within it, who probably could come up with a list of ways or methods of preventing DDOS and market manipulation. So how about we help BTC exchanges out and offer a list of ideas or advice on how to prevent DDOS and market manipulation?

My list which of course could be updated if I have more info.

1. Greater decentralization, there is no reason why we need this much centralization around mtGox yet for mining it's all about being decentralized for security? We need to stick with decentralization whenever possible.
     (b) Redundancy, cloud computing, virtual machine based infrastructure so there is little to no down time.
2. Multi-factor authentication must be the defacto standard for all exchange sites and sites which don't offer this should be flagged by the community as high risk.
     (b) Google authenticator, Yubikey, or whatever.
3. The community and the exchanges must determine best practices and follow them relentlessly. What allows these kinds of attacks and what kind of best practices could prevent them?
4. Provide incentives or rewards or adjust the incentive structure to discourage market manipulation. If the manipulators can't make any money or perhaps risk losing something then according to game theory they'll not want to take that decision.
Jump to: