Topic: Camp BX Hacker / Security Audit: Results (Read 15921 times)

That's a load of BS mate. I had a withdrawal cancelled a couple of weeks before the snowstorm, and no explanation, apology, or any kind of response from your "team".

And this doesn't help your credibility either:

https://campbx.com/achupdate.php

 I can't believe you would finally post here after all the crap you've caused so many people.  I had a withdrawal, not even a big one, waiting for WEEKS and you kept saying excuse after excuse.  Finally I took my money out and will never be back and there are many others with similar stories.  Why don't you have a legit explanation about what's going on and been going on for 3 months now?

Hi Aurum,
     No we have not!

We have disabled email helpdesk to minimize spam.  You can create a ticket with helpdesk and our team will get back to you in 2 business days.  Live chat is also available from our after-hours team.

The withdrawals are backlogged by a few days due to our backend system switch and bank closures in Atlanta after the snowstorm.
We are working hard to clear the backlog.

Thank you,
     Keyur

Wow bounced e-mail from campbx?  Not a good sign

Has CampBX failed

I requested a withdrawal 9 days ago and nothing.
I submitted a support ticket and nothing.
I called and no answer.
I emailed [email protected] and it bounced.

I am happy to hear this Alex.  If MtGox gets hacked again, it can be a very big setback to Bitcoin.

Hi Stephen,
      We have been tweaking out security and monitoring procedures since launch to stay ahead of any potential issues.  I reviewed our change tracker sheet and there have been over 120 changes in 2012 (this includes everything from cosmetic edits to server hardware upgrades and patches), which should give you an idea of the work behind the scenes to stay current.  Here is the specific information you requested:

 - Does Camp BX use cold storage (an offline wallet that cannot be accessed should the exchange's service become compromised)
Absolutely.  We have hot wallet / cold wallet split system.


If so, then there are other questions:

 - Is there a target as to how much of customer's funds are kept in cold storage?  (e.g., percent of total, or perhaps relative to recent withdrawal requirements)?
Our wallet has higher churn rate, so percentage kept in hot wallet needs to be much higher than MTG's 3% number.  We set it based on current activity levels + volatility headroom.

 - Do new deposits go to cold storage?  (if the hot wallet is compromised, new deposits made (e.g., automated payouts by mining pools) would still be secure)
No - new deposits go to the hot wallet.  We have considered sending new deposits to cold wallet, but implementing and operating that code will require us to touch cold storage much more often.  This may defeat the purpose of cold storage.

 - Does the offline wallet where the cold storage resides remain protected due to an "air gap" (no access to it electronically, not connected to the network)?
Yes - air gap is a must otherwise it would be a "luke-warm wallet"! 

And I have other questions that I'ld like to now the answers to:

 - Does CampBX maintain full reserve?  (i.e., Camp BX controls bank accounts with all customer USD funds and controls wallets with 100% of BTC funds.  None of these amounts loaned out.)
Yes - for both USD and BTC. We do not lend or spend any of the funds.

 - Does CampBX maintain offsite backups of its accounts and transactions?  If for some reason the exchange's primary account database were lost due to a security breach, what information (and how recent) is still available from backup or archives?
Yes - this has been part of our DR plan since launch day.  In case of a server crash (much more likely than security breach, IMO) we can recover up to 1-hour recent data.

 - If there is a security breach and CampBX cannot meet withdrawal requests of its customers, what is the withdrawal preference that Camp BX would follow?  Various preferences are:
 - -  A.) All deposited funds are of equal standing with bitcoins being valued at their market rate at the time of the loss,
 - -  B.) Withdrawals of USD funds, if not impacted by the breach, are made available to those customers who held a USD balance. in full.
 - -  Do customer deposits have preference over any other creditor claims?  (i.e., a contract stating so such that they don't become unsecured creditors ending up in the same pool as the landlord for office space and hosting bill.)
 - -  or is there some other approach?
Answer to this question really comes down to the situation at hand.  If it was an overnight heist like what happened to MtGox or BitFloor, we may have to go for (B).  If this was a trickle-heist like MyBitcoin the answer may be more complicated.  The good news is that we do not have any creditors, so in case of a breach all funds will go back to customers.  Verified customers will get preference over unverified customers.

Hope this helps,
     Keyur

Shortly < 1 month

Hi Stephen,
     Excellent questions, and a lot of them!  I will post an update to answer these shortly.

Thank you,
      Keyur

Your service seems good but of course I am concerned with the legal reachability of a company in Japan (and the extra hassle of overseas fiat transfer).  However, its all about balancing this risk against that, so I recently got verified with MtGox.  I think "B" should be the fiat option.  Essentially, I do not want my fiat to be held as security for people who choose to leave excessive bitcoin on the exchange.  This risk makes it hard to hold funds on the exchange.

How are the paper wallets physically secured?  Hopefully they are not in an envelope in your sock drawer...

Thanks Tux, that's some clear answers

I think the "year ahead" only goes for experience, not really "technology wise", but it's still something that counts.

If you want (replaced CampBX with MtGox and replies in bold for readability):

 - Does [MtGox] use cold storage (an offline wallet that cannot be accessed should the exchange's service become compromised)

Yes.

 - Is there a target as to how much of customer's funds are kept in cold storage?  (e.g., percent of total, or perhaps relative to recent withdrawal requirements)?

On average 98% of customer bitcoins are held in cold storage, with possible variations on large bitcoin moves (large deposits or customers asking for large withdrawals).

 - Do new deposits go to cold storage?  (if the hot wallet is compromised, new deposits made (e.g., automated payouts by mining pools) would still be secure)

No, this wouldn't be practical in terms of number of bitcoin addresses to keep in cold storage. This could change thanks to BIP 0032 which we are working on implementing. It should be noted however that we are using a hardware security module for the hot wallet

 - Does the offline wallet where the cold storage resides remain protected due to an "air gap" (no access to it electronically, not connected to the network)?

Offline wallets are generated from an offline system and kept in paper format in three separate locations, using a technology based on raid. It will likely be changed to use Shamir's Secret-Sharing method in the future, and all existing offline wallets will be converted to this.

And I have other questions that I'ld like to now the answers to:

 - Does [MtGox] maintain full reserve?  (i.e., [MtGox] controls bank accounts with all customer USD funds and controls wallets with 100% of BTC funds.  None of these amounts loaned out.)

As described in our Terms of Service, customer funds are kept in full, and none are loaned.

 - Does [MtGox] maintain offsite backups of its accounts and transactions?  If for some reason the exchange's primary account database were lost due to a security breach, what information (and how recent) is still available from backup or archives?

We have realtime onsite backups on a separate system, and offsite backups at regular intervals. We are working on modifying the system to have a multi-site cluster working (working with people from Percona to reach the best system on this) - which would allow us to have a node of the cluster used to make backups way more often

 - If there is a security breach and [MtGox] cannot meet withdrawal requests of its customers, what is the withdrawal preference that [MtGox] would follow?  Various preferences are:
 - -  A.) All deposited funds are of equal standing with bitcoins being valued at their market rate at the time of the loss,
 - -  B.) Withdrawals of USD funds, if not impacted by the breach, are made available to those customers who held a USD balance. in full.
 - -  Do customer deposits have preference over any other creditor claims?  (i.e., a contract stating so such that they don't become unsecured creditors ending up in the same pool as the landlord for office space and hosting bill.)
 - -  or is there some other approach?

Fiat balances and Bitcoin balances would be accounted separately based on current rules, especially because of the difficulty to give a value to a given balance in Bitcoin (value at current rate or based on depth). This may change as we are discussing with a large insurance company in Japan to get all funds deposited on MtGox insured. This will however be only possible once the Japanese FSA provides its position on Bitcoin - which we expect to happen in the next months.

If that is the case, then how about giving the MtGox answer to the questions raised by Stephen Gornick in his post above?

I see this question (and perhaps others) is addressed in another thread -- one which I wish I had seen earlier, as that thread is the right place for this line of questioning. (if responding, please feel free to respond there)

Learning? Everyday we are learning something new... Watching? Yes very carefully... Now it is good that others start to finally work on their security... As far as we are concerned we are a year ahead of others on this matter and never stop on improving/checking things when it comes security.

These are good questions. 

Really, what is needed is a white paper describing a belt-and-suspenders approach to securing customer deposits.  CampBX has a great opportunity as the last US exchange standing and could really capitalize on that if they provided a comprehensive security document.  I really don't think such a document would help hackers much... if it did that would be an indicator that the security had issues (security through obscurity is not true security).

Additional questions:

Are these wallets encrypted?

Are there ANY unencrypted backups of the wallet, hard copies of the private key, etc?  If so how are they protected?

How are USD deposits secured?

Are USD/BTC deposits held individually and separately or is there a similar issue to bitfloor where USD on deposit could be used to pay off other losses (operating, or hacking).

(I've been a campBX user for several months now)

Thanks!

This is an old thread but there was a question asked of great importance and I don't see that it was answered:


The question specifically asks about managing an offline wallet.  The response is ambiguous and uses "wallet" singular and "it" when referring to "wallet", so that is nowhere near to being an assertion that that customer's bitcoin funds are held in cold storage.

There was a recent post pointing to the site's FAQ, but that FAQ doesn't address the use of a cold wallet either.


I wish this specific question and others had been asked of a competing U.S.-based bitcoin exchange as thousands of bitcoins would still be with their rightful owners as once they would have discovered that no cold storage was being used by that exchange things would have been different.

So, I'm submitting these questions, looking first specifically for the answer to:

 - Does Camp BX use cold storage (an offline wallet that cannot be accessed should the exchange's service become compromised)

If so, then there are other questions:

 - Is there a target as to how much of customer's funds are kept in cold storage?  (e.g., percent of total, or perhaps relative to recent withdrawal requirements)?

 - Do new deposits go to cold storage?  (if the hot wallet is compromised, new deposits made (e.g., automated payouts by mining pools) would still be secure)

 - Does the offline wallet where the cold storage resides remain protected due to an "air gap" (no access to it electronically, not connected to the network)?


And I have other questions that I'ld like to now the answers to:

 - Does CampBX maintain full reserve?  (i.e., Camp BX controls bank accounts with all customer USD funds and controls wallets with 100% of BTC funds.  None of these amounts loaned out.)

 - Does CampBX maintain offsite backups of its accounts and transactions?  If for some reason the exchange's primary account database were lost due to a security breach, what information (and how recent) is still available from backup or archives?

 - If there is a security breach and CampBX cannot meet withdrawal requests of its customers, what is the withdrawal preference that Camp BX would follow?  Various preferences are:
 - -  A.) All deposited funds are of equal standing with bitcoins being valued at their market rate at the time of the loss,
 - -  B.) Withdrawals of USD funds, if not impacted by the breach, are made available to those customers who held a USD balance. in full.
 - -  Do customer deposits have preference over any other creditor claims?  (i.e., a contract stating so such that they don't become unsecured creditors ending up in the same pool as the landlord for office space and hosting bill.)
 - -  or is there some other approach?

Camp BX got some press coverage:
http://www.zippycart.com/ecommerce-news/2796-ecommerce-solution-camp-bx-makes-bitcoin-legitimate.html
http://venturebeat.com/2011/07/07/camp-bx-bitcoin/

Also, they just announced a new affiliate program. The deal is the same as TradeHill.com, 10% off your trading fees if you sign up through an affiliate link such as this one (mine): https://CampBX.com/register.php?r=mdslj19rhcD

If you registered before the affiliate program started, email them, and they will get you the discount. (At least, they did it for me).

Their website claims they will disable your affiliate link if people complain that you are spamming it everywhere, so don't do that.

Are you planning to accommodate EU customers as well?

money went in, no problem. Now I'm just waiting to get my orders filled :-)

SELL SELL SELL! (I'm buying)