Topic: Professionalism. We needs it. (Read 1580 times)

Look at the bitcoin money supply.  Almost five percent of it was just revealed to have been stolen.

That's unacceptable.  I mean, just completely, mindbogglingly, unacceptable. 

Put that in perspective.  Imagine someone stealing five percent of the world's total money supply, and the destruction of lives and livelihoods that follow.  We're seeing a limited version of that destruction right now, but as BTC gets bigger, this becomes more and more serious.  This is the kind of thing that can utterly destroy national and world economies if we don't get it under control, and I'm starting to think that the time to do it is getting here now, or already past.

We need accountability.  But I do think that accountability can be done without legislation - besides legislation would be limited to a single country, or patchwork different around different jurisdictions.  If there is an absolute demand for accountability, the blockchain makes it possible for the exchange and the people it serves to cooperate to verify that the amount currently held by an exchange and the amount entrusted to it by the customers are in fact equal. 

It's pretty simple in overview; customers keep track of transactions which are entrusting others with their money rather than direct spends.  IE, I spend my money for alpaca socks, that's a direct spend.  But if I send money to an exchange, or a bank, or anybody else whom I'm trusting to keep my money and give it back on demand, that's an entrusting transaction instead.   

An auto-audit capability could be built into the blockchain.  Imagine a protocol where at any time more than a week since last time an exchange got audited, anybody could broadcast a message initiating another audit.  This message would be received by all clients (it would be in the blockchain), prompting clients interested in the audit (ie, those which have made new entrusting transactions to that entity) to sign using the keys for the entrusting transactions.  The customers can remain anonymous; all the protocol needs is for there to be a response using the key.  The amount entrusted by all entrusting transactions is then visible, and then the exchange responds by countersigning its new spends and its unspent txouts.  Result: everybody can see whether the total held by the exchange has changed in a way that exactly matches the amount that customers have entrusted to it.

No need for KYC laws, no need for expensive human auditors, no need for licensing and barriers to entry, no need to pay for regulators and et cetera; instead, make it automatic. Build it in distributed trustless style the way we've built everything else.  Let the audit get checked in a distributed trustless way exactly the same way all the other tx in the blockchain get checked.

If you think about it ... That really has been the issue all along.  Satoshi built a trustless distributed infrastructure, and then we let these idiots butt in with financial service businesses which they constructed in centralized ways that required trust.    That was a mistake.  If you're going for a trustless distributed model, go for the trustless distributed model all the way from bottom to top.

In fact, it shouldn't matter if someone is a fast-food worker who majored in Philosophy, living in her mom's basement on a minimum-wage income; if she's smart enough to run an exchange and savvy to handle the software and professional enough to keep accounts secure and keep her own fingers out of the till, she'll pass the damn audits and she'll deserve to.  There's no reason (at least none yet) to throw FINRA and the SEC at her.

Thank you for sharing that with us.

No matter how bad the gox thing is.....
I don't want no goddamned BigBanking And Government licensing and bullshit
like the banking bailouts. Banks aren't supposed to lose the money. Yet they
have fucked it up a couple times now...back in 1929... and more recently with
the banking bailouts that happened. Fuck banks. Fuck the banking industry.

I've suggested several times over the last year that Bitcoin exchanges should be licensed broker/dealers.  In the US, that means SEC registration, management, sales staff, and even customer support people having to pass tough exams, audits, background checks, SIPC insurance, etc. The usual response on this board was hate mail.

Well, fanatical libertarian types, you were wrong.

I still don't know what exactly happened at Mt.Gox, but sure is full of amateurs out there.

Take the case of the departed Bitcoin-24, which suddenly found quite a bunch of Bitcoins missing and had to immediately close and refund customers as best as it could.

During the subsequent crisis (it was the 1st european exchange at the time, vastly superior to even Mt.Gox for EUR trading volume), its founder and owner was discovered to be the stereotypical kid in a basement, without even real programming experience; these questions were posted by him in a well-known programming Q&A site, when Bitcoin-24 had already been operational for months:

http://stackoverflow.com/questions/15165559/how-to-round-amounts-correct-update-1
http://stackoverflow.com/questions/15026825/php-mysql-how-to-prevent-two-requests-update

Yes.

That f**ing amateur was running an online trading site without even knowing how to properly handle decimal numbers and database transactions.

'Scuse my goddamn language, but I'm pissed off right now.

There have been  too many examples of exchanges getting hacked, losing client's money, using buggy software that allowed them to get robbed, operating on a 'fractional reserve' basis without telling their customers, etc.  As far as we can tell, Bitcoin financial service businesses, especially exchanges, are being run by goddamn amateurs (or idiots, or possibly crooks) who have no fucking clue how to keep accounts secure, keep their fingers out of the till, and keep an honest business afloat.  Gox turned into effectively a scam that wiped out nearly a billion dollars worth of assets and dragged the value of another ten billion dollars worth of assets down by nearly a third.   I count that as losing about four billion dollars worth of other people's money, for no reason better than being fucking idiots.  

I dunno 'bout y'all, but I'm keeping just about all my coins back to my own damn wallet in my own damn house after the last blow-up at Gox.  I have one account now on an exchange with 0.02 BTC in it -- If I decide I need to sell, I can wait the extra couple hours for a transfer TO the exchange to confirm fully before selling.  Likewise if I decide to buy, I can 'sweep' from my exchange account to my own damn wallet after an hour.  

The cynic in me half expects the longstanding ID bug at Gox (which meant that they were completely sodomized by transaction malleability, while transaction malleability was a known problem that everyone else dealt with successfully) to have been deliberately placed there  (and deliberately not fixed) by an asshole insider in order to facilitate robbing the customers' BTC deposits with plausible deniability for Gox.  Seriously, can anyone be that clueless without doing it on purpose?  I know, I know....  stupidity is an unlimited resource.  Still, people were trusting those idiots.

So what can we do?  Because BTC isn't technically recognized as 'money', these people aren't insured.  They aren't audited.  And they're barely regulated.  Can we use the blockchain to keep track of how much they're actually holding versus how much their customers have on deposit?  Just knowing that those amounts match would make me sleep a lot better at night.  

Can we insist that they get insurance?  Can we insist on audits?  Can we boycott those whose insurance won't cover their BTC deposits, or whose audits indicate they're not actually holding as much as their customers have on deposit?  

I hate to bring up the idea of treating them as full-fledged financial institutions under the law, but this is exactly the kind of crap that the laws governing financial institutions (usually) prevent, and it's why licensing financial institutions is so damn hard.  Maybe it fucking needs to be that hard, specifically in order to keep these goddamn goat-blowing amateurs out of the business.