Author

Topic: How does a hot wallet empty a cold wallet? (Read 2121 times)

newbie
Activity: 56
Merit: 0
February 28, 2014, 09:45:35 AM
#12
It happens when the cold storage is warm. If the cold wallet passphrase or the private keys were not printed on paper and were accessible to a networked computer in any fashion then it would not be considered as a cold wallet to me.
I suppose that could be. It's not really a cold wallet if scripts from networked machines automatically pay "hotter" wallets when they run low.

Exactly, the keyword "automatically" demands programmatic access to the secrets, that effectively makes it just another hot wallet.
newbie
Activity: 13
Merit: 0
February 28, 2014, 09:32:01 AM
#11
Read his personal blog sometime.

I'd love to. Where is it?
sr. member
Activity: 339
Merit: 250
February 28, 2014, 08:01:33 AM
#10
Karpales rolled his own wallet(s) using the Bitcoin raw protocol and of course is totally inept at everything so fucked it up. If he had just used the regular bitcoin client but kept it offline, or used Armory offline wallet there would be no problems. Read his personal blog sometime. He makes insecure crypto libraries using Php and then immediately uses them in production without even realizing he's created a big bag of shit.


I'm wondering if that's how maybe he got hacked? he puts all his code on github for everyone to see!
sr. member
Activity: 339
Merit: 250
February 28, 2014, 08:00:11 AM
#9
Assume for a moment Gox might be telling the truth (Ya right, hahaha)
The purpose of a cold wallet is security and the hot wallet(s) don't have access.
The "crisis document" is clearly a lie, or am I missing something about the cold wallet?

Something hot leaked out of Mark Krapeles pants after he drank too much cold coffee
full member
Activity: 206
Merit: 100
February 28, 2014, 07:11:03 AM
#8
It happens when the cold storage is warm. If the cold wallet passphrase or the private keys were not printed on paper and were accessible to a networked computer in any fashion then it would not be considered as a cold wallet to me.
I suppose that could be. It's not really a cold wallet if scripts from networked machines automatically pay "hotter" wallets when they run low.
newbie
Activity: 56
Merit: 0
February 28, 2014, 12:03:54 AM
#7
It happens when the cold storage is warm. If the cold wallet passphrase or the private keys were not printed on paper and were accessible to a networked computer in any fashion then it would not be considered as a cold wallet to me.
hero member
Activity: 899
Merit: 1002
February 27, 2014, 11:35:48 PM
#6
Karpales rolled his own wallet(s) using the Bitcoin raw protocol and of course is totally inept at everything so fucked it up. If he had just used the regular bitcoin client but kept it offline, or used Armory offline wallet there would be no problems. Read his personal blog sometime. He makes insecure crypto libraries using Php and then immediately uses them in production without even realizing he's created a big bag of shit.
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
February 27, 2014, 11:30:59 PM
#5
Assume for a moment Gox might be telling the truth (Ya right, hahaha)
The purpose of a cold wallet is security and the hot wallet(s) don't have access.
The "crisis document" is clearly a lie, or am I missing something about the cold wallet?
A hot wallet empties a cold wallet if you refill the hot wallet from the cold wallet every time it gets low. If the rule is "when the hot wallet is low, refill it from the cold wallet" and you keep applying that rule, a leak in the hot wallet drains the cold wallet eventually.

How do you get a leak in the how wallet? Easy. You have a rule like: "if the customer complains that their withdrawal didn't process, and it has been at least 24 hours, check the transaction ID in our database. If it didn't confirm, process another withdrawal from the hot wallet."

Do you have to be a complete idiot with no audits and no controls to allow defects like these to cause you lose 99% of customer funds over years? The answer to that question is left as an exercise for the reader.

Quote from: Join_Statement
Bitcoin operators, whether they be exchanges, wallet services or payment providers, play a critical custodial role over the bitcoin they hold as assets for their customers.  Acting as a custodian should require a high-bar, including appropriate security safeguards that are independently audited and tested on a regular basis, adequate balance sheets and reserves as commercial entities, transparent and accountable customer disclosures, and clear policies to not use customer assets for proprietary trading or for margin loans in leveraged trading.  It does not appear to any of us that MtGox followed any these essential requirements as a financial services provider.
newbie
Activity: 57
Merit: 0
February 27, 2014, 11:27:02 PM
#4
It shouldn't, if done right.  Withdrawing from a cold wallet should take some kind of conscious manual intervention.

If we assume that the wording in the crisis draft isn't literally accurate, then the following thread and article suggest one of the more believable theories I've seen about what might have happened:

https://bitcointalksearch.org/topic/i-bet-that-mark-lost-the-private-keys-and-is-crying-theft-out-of-embarassment-489813
http://letstalkbitcoin.com/somethings-not-right-at-gox/

The TL;DR version:

A successful Transaction Malleability exploit emptied their withdrawal hot wallet for the first time in a long time.  Gox goes to refill the wallet during the initial BTC withdrawal freeze and ... uh oh... the cold wallet private key is lost/corrupted/not working.  It might have gone undetected because deposits and watching the wallet balance wouldn't evidence the broken private key.

(Edited for clarification)
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
February 27, 2014, 10:49:04 PM
#3
Has Gox actually said this? Doesn't seem clear who the author is...

Agreed, it was supposedly "leaked".


...It's preposterous....
It's preposterous, yes.
The "crisis document" is being widely quoted and it has this Huge, glaring flaw.
You helped verify my basic understanding of a cold wallet, thanks




full member
Activity: 206
Merit: 100
February 27, 2014, 10:27:00 PM
#2
Has Gox actually said this? Doesn't seem clear who the author is.

Whatever the supposed mechanism is, it doesn't make any sense.

You should be able to calculate how many bitcoins your wallets control. Maybe there were some fees you didn't take into account, but it should be close. Then you see how many your wallets actually control. If the total is way off, you investigate, same as any other business that checks its cash register at the end of the day.

This document suggests that no one made that simple comparison for years. It's preposterous.

It would be like McDonald's declaring they ran out of assets because the cashiers kept giving out money due to an error in their protocol, and this lost cash was continually replenished from McDonald's corporate bank account. That's what the document purports.
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
February 27, 2014, 09:42:27 PM
#1
Assume for a moment Gox might be telling the truth (Ya right, hahaha)
The purpose of a cold wallet is security and the hot wallet(s) don't have access.
The "crisis document" is clearly a lie, or am I missing something about the cold wallet?
Jump to: