Author

Topic: Physical security of MtGox (Read 1841 times)

hero member
Activity: 784
Merit: 1000
March 14, 2013, 11:45:26 PM
#16
You could just put your wallet in an offline computer in some vaults, with MT or someone else sharing the keys, nobody can sign the transactions if they don't have physical access to the computer. If you are talking about the possibility of coercing others to give up all the coins by threatening to kill the kidnapped guy, well, traditional banks are not any safer in this aspect either.
full member
Activity: 126
Merit: 100
March 14, 2013, 10:51:44 PM
#15
This is actually a decent question. Banks are protected with vaults, panic buttons, gps trackers, ink bombs. However MtGox might just be a regular office building. I'm assuming they have cameras. If they don't already have it they should at least get panic buttons to alert police as soon as a a robbery takes place. 

They could also install one of those doors that will automatically lock once the panic button is pressed, that way the robber can't escape.

And what if the guy figures out he's trapped and just starts killing employees until they let him out? Or some variation of this?

This idea is similar to those RapeX devices they're marketing to women in south africa. Basically it's a tube that is inserted vaginally that has barbs on the inside. If someone decides to rape the wearer, bad bad day for him. But I read a good sarcastic tagline for it "RapeX - A great way to get raped and murdered!".
legendary
Activity: 2058
Merit: 1452
March 14, 2013, 10:47:50 PM
#14
This is actually a decent question. Banks are protected with vaults, panic buttons, gps trackers, ink bombs. However MtGox might just be a regular office building. I'm assuming they have cameras. If they don't already have it they should at least get panic buttons to alert police as soon as a a robbery takes place. 

They could also install one of those doors that will automatically lock once the panic button is pressed, that way the robber can't escape.
burn the bitcoin keys for teh lulz?
hero member
Activity: 728
Merit: 500
March 14, 2013, 10:29:27 PM
#13
This is actually a decent question. Banks are protected with vaults, panic buttons, gps trackers, ink bombs. However MtGox might just be a regular office building. I'm assuming they have cameras. If they don't already have it they should at least get panic buttons to alert police as soon as a a robbery takes place. 

They could also install one of those doors that will automatically lock once the panic button is pressed, that way the robber can't escape.
legendary
Activity: 2506
Merit: 1010
March 14, 2013, 09:52:10 PM
#12
I'm sure wallets and such are backed up. The website itself is hosted remotely. Still, the damage would be immense.

Discussed here:

- Does [MtGox] use cold storage (an offline wallet that cannot be accessed should the exchange's service become compromised)

Yes.

 - Is there a target as to how much of customer's funds are kept in cold storage?  (e.g., percent of total, or perhaps relative to recent withdrawal requirements)?

On average 98% of customer bitcoins are held in cold storage, with possible variations on large bitcoin moves (large deposits or customers asking for large withdrawals).

 - Do new deposits go to cold storage?  (if the hot wallet is compromised, new deposits made (e.g., automated payouts by mining pools) would still be secure)

No, this wouldn't be practical in terms of number of bitcoin addresses to keep in cold storage. This could change thanks to BIP 0032 which we are working on implementing. It should be noted however that we are using a hardware security module for the hot wallet

 - Does the offline wallet where the cold storage resides remain protected due to an "air gap" (no access to it electronically, not connected to the network)?

Offline wallets are generated from an offline system and kept in paper format in three separate locations, using a technology based on raid. It will likely be changed to use Shamir's Secret-Sharing method in the future, and all existing offline wallets will be converted to this.

When the funds for Mt. Gox's current U.S. and Canadian customers are "transitioned" and then handled by Coinlab, that's discussed here:

Quote
CoinLab's Tiered Security Options:

Medium Security (Hot Wallet) amounts are kept minimal and layered behind clients and firewalls
High Security (Cool Wallet Storage) is kept in a physically secure location
Ultra High Security (Cold Wallet Storage) is split using Shamir's Secret Sharing Algorithm and distributed physically

 - http://coinlab.com/storage
full member
Activity: 238
Merit: 100
RMBTB.com: The secure BTC:CNY exchange. 0% fee!
March 14, 2013, 07:50:43 PM
#11
Somewhere in Tokyo is an office. The MtGox office.

What would happen in the event a criminal gang decides the raid it?

I'm sure wallets and such are backed up. The website itself is hosted remotely. Still, the damage would be immense.

Find something else to keep you up at night.

All this worry isn't good for you.
sr. member
Activity: 434
Merit: 251
March 14, 2013, 06:45:47 PM
#10
jesus, again i've spent 30 min lokking at random comics...

Could have been worse with xkcd Wink
sr. member
Activity: 316
Merit: 250
member
Activity: 95
Merit: 10
full member
Activity: 128
Merit: 100
March 14, 2013, 01:47:48 PM
#5
hero member
Activity: 518
Merit: 500
March 14, 2013, 01:10:44 PM
#4
hero member
Activity: 602
Merit: 500
Vertrau in Gott
March 14, 2013, 01:09:52 PM
#3
What if Mr. Magicaltux gets kidnapped and hold for hostage until mtgox sends all coins to the criminals??

Well Mr. Magicaltux got a very dangerous live!
legendary
Activity: 896
Merit: 1001
March 14, 2013, 01:04:21 PM
#2
This is what would happen:

http://www.youtube.com/watch?v=Ze3hthGRbRo

hero member
Activity: 700
Merit: 500
March 14, 2013, 12:57:56 PM
#1
Somewhere in Tokyo is an office. The MtGox office.

What would happen in the event a criminal gang decides the raid it?

I'm sure wallets and such are backed up. The website itself is hosted remotely. Still, the damage would be immense.
Jump to: