(RE: Exchanges hack) Let's talk about a solution before instead of crying after

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: moonpie45 on January 02, 2017, 03:56:22 PM

Quote from: franky1 on January 02, 2017, 06:26:57 AM

Quote from: moonpie45 on December 31, 2016, 07:42:06 PM

LN will also delay the time it takes for a trade to make it's way onto the orderbook, which will give those who keep their bitcoin "entirely" on an exchange the ability to "trade ahead" of you.

currently multisigs will delay time because the front end currently take a long time. due to having to manually build a transaction.
bt if the devs (im not relying on core dvs because they dont care about such things) othre devs will make userfriendly front ends that make it simplistic and easy as typing in an amount and pressing send.
thus a milisecond thing. not a minute thing.

imagine it.
you have a multisig with an exchange. the LN node is api calling the exchange as a hub, to send the signed tx's
along with signed TX the LN node can obviously API call other data to the exchange.
so imagine your LN node is the exchange 'bot' thus not needing to log into an exchange webpage separately but all done within an LN node

If I was trying to sell my BTC on Bitstamp, and had an already open channel with Bitstamp, then my LN client would need to contact Bitstamp's client to agree to a new state of the channel, I would need to receive the revocation transaction signed by Bitstamp, and verify the signature, Bitstamp would need to receive my revocation transaction from me and verify the signature, both Bitstamp and I would need to receive from eachother the new "final" transaction and verify eachother's signature.

This means that I need to send data to Bitstamp three times when using LN, verses only sending data to Bitstamp once if the BTC is confirmed into my bitstamp account. This might not take very long, but it would be long enough for someone to see that I am about to trade and act accordingly.

i am still not completely familiar with LN but still this data that you are talking about is a transaction (half signed transaction to be exact) so the size of it should not be anything more than 250-300 bytes (unless it has lots of UTXO) and even sending/receiving it 3 times with slowest internet connection shouldn't be any trouble. and making the transaction is of milliseconds and signing it is also as fast.

to everyone else, please stop repeating things like "exchanges security itself", "Don't keep your coins on an exchange", .... they are off topic here.

GMPoison

sr. member

Activity: 434

Merit: 250

There is a very simple solution. Don't keep your coins on an exchange. Even some of the worlds largest banks today get hacked so I don't believe the answer is trying to make these exchanges "hack-proof". Of course as bitcoin becomes larger and larger these exchanges will have more money to work with and spend on security, but for now only keep coins on an exchange that you wouldn't mind losing.

moonpie45

newbie

Activity: 55

Merit: 0

Quote from: franky1 on January 02, 2017, 06:26:57 AM

Quote from: moonpie45 on December 31, 2016, 07:42:06 PM

LN will also delay the time it takes for a trade to make it's way onto the orderbook, which will give those who keep their bitcoin "entirely" on an exchange the ability to "trade ahead" of you.

currently multisigs will delay time because the front end currently take a long time. due to having to manually build a transaction.
bt if the devs (im not relying on core dvs because they dont care about such things) othre devs will make userfriendly front ends that make it simplistic and easy as typing in an amount and pressing send.
thus a milisecond thing. not a minute thing.

imagine it.
you have a multisig with an exchange. the LN node is api calling the exchange as a hub, to send the signed tx's
along with signed TX the LN node can obviously API call other data to the exchange.
so imagine your LN node is the exchange 'bot' thus not needing to log into an exchange webpage separately but all done within an LN node

If I was trying to sell my BTC on Bitstamp, and had an already open channel with Bitstamp, then my LN client would need to contact Bitstamp's client to agree to a new state of the channel, I would need to receive the revocation transaction signed by Bitstamp, and verify the signature, Bitstamp would need to receive my revocation transaction from me and verify the signature, both Bitstamp and I would need to receive from eachother the new "final" transaction and verify eachother's signature.

This means that I need to send data to Bitstamp three times when using LN, verses only sending data to Bitstamp once if the BTC is confirmed into my bitstamp account. This might not take very long, but it would be long enough for someone to see that I am about to trade and act accordingly.

cpfreeplz

legendary

Activity: 966

Merit: 1042

Quote from: veleten on January 02, 2017, 11:42:17 AM

can't do much about it-if the exchange itself is hacked(Bitfinex style)
what you can do is move your funds out as soon as you finished trading,but it could be very annoying and impractical
no 2fa or supermegasecurity on the clients side will save you if the exchange security is breached,just hope for better and don't keep all your savings online

Better yet don't use exchanges where you're able to have a balance in their wallets. It's easy enough to find these exchanges so idk why people still use the scamming "hacked" kind of exchange. I've never had any balance on any exchange ever. And I've never lost money from an exchange getting hacked. That's one strong positive correlation!!

veleten

legendary

Activity: 2016

Merit: 1107

can't do much about it-if the exchange itself is hacked(Bitfinex style)
what you can do is move your funds out as soon as you finished trading,but it could be very annoying and impractical
no 2fa or supermegasecurity on the clients side will save you if the exchange security is breached,just hope for better and don't keep all your savings online

nara1892

hero member

Activity: 1666

Merit: 701

Quote from: traderethereum on December 30, 2016, 12:57:10 AM

Quote from: pooya87 on December 29, 2016, 11:36:16 PM

we have all seen exchanges being hacked and lost our precious bitcoins or at least heard about them. and these days i keep seeing these two topics saying there is a possibility for a new one!

i say lets talk about a solution. there is no point sitting around waiting for one to happen then start crying!

what can we do?
and don't keep your money on exchange site is not an acceptable answer! because you have to do it if you want to trade, the exchange may get hacked (allegedly or for real) 1 minute after you deposit.
what is the substitute for these exchanges?
decentralized exchange? how do they work? is there any good one around? why aren't they famous? what are the pros and cons?

i'll admit that i don't know much about decentralized exchanges and i am sure i am not alone here

let this topic be a compilation of all suggestion for either an existing solution or future possibilities and ideas.

for me, my solution is never put all of your bitcoin into one exchangers, but split it into many exchangers and don't use large amount in that exchangers, the most of your bitcoin will be store in your private wallet so if there is something bad happen with exchangers, we still have our bitcoin in our wallet that is safe in that wallet.

I think it is a strategy to not lose our coins on an exchange. I am not sure traders or those who store their bitcoins on an exchange have will to store low amount of coins because their motto is "no risk, no fun". however I agree with the idea to store bitcoins on an exchange in little amount.

mrkevio

full member

Activity: 210

Merit: 100

Exchanges are good for all of us and they aren't the only targets. Whether the website gets hacked or the owner runs away with the money doesn't even matter - this needs to be stopped as soon as possible. The only solution I can find is always withdrawing the money from your accounts. I know they are just $20 or so, but.. isn't it better to have it stored safe in your wallet than in others' wallet? Too many people are making this mistake and the bad thing is that they never think about the consequences.

digaran

copper member

Activity: 1330

Merit: 899

🖤😏

Hire the best online/internet security company since the best hackers work for them, monitor your servers and databases every few hours, have a good skilled and dedicated full support team ready for every event that might happen, only list top 25 crypto coins and avoid listing shitcoins.

Or you know follow everything franky said step by step

.

franky1

legendary

Activity: 4410

Merit: 4766

Quote from: moonpie45 on December 31, 2016, 07:42:06 PM

LN will also delay the time it takes for a trade to make it's way onto the orderbook, which will give those who keep their bitcoin "entirely" on an exchange the ability to "trade ahead" of you.

currently multisigs will delay time because the front end currently take a long time. due to having to manually build a transaction.
bt if the devs (im not relying on core dvs because they dont care about such things) othre devs will make userfriendly front ends that make it simplistic and easy as typing in an amount and pressing send.
thus a milisecond thing. not a minute thing.

imagine it.
you have a multisig with an exchange. the LN node is api calling the exchange as a hub, to send the signed tx's
along with signed TX the LN node can obviously API call other data to the exchange.
so imagine your LN node is the exchange 'bot' thus not needing to log into an exchange webpage separately but all done within an LN node

TastyChillySauce00

legendary

Activity: 3010

Merit: 1028

Leading Crypto Sports Betting & Casino Platform

Quote from: strasboug on January 02, 2017, 01:30:48 AM

While the exchange can be hacked one minute after your deposit, if you don't constantly keep the bitcoin in exchange, or keep only the minimum, your chances being hacked are a lot less. I never trust exchanges or online wallet, they are simply too risky. Mt Gox got tons of accounts hacked even before the big hack, so exchanges are not safe at all.

Well, that's why saving up our wealth while being connected to the internet is really not safe. Whether you will lose your money on exchanger is all about your luck. If you're having such a really bad luck then even if you have prevented as much possible problem which will be coming as you can then you may still get the problem.

strasboug

sr. member

Activity: 504

Merit: 250

While the exchange can be hacked one minute after your deposit, if you don't constantly keep the bitcoin in exchange, or keep only the minimum, your chances being hacked are a lot less. I never trust exchanges or online wallet, they are simply too risky. Mt Gox got tons of accounts hacked even before the big hack, so exchanges are not safe at all.

Wind_FURY

legendary

Activity: 2898

Merit: 1823

Quote from: X-ray on December 31, 2016, 09:52:43 PM

Quote from: Wind_FURY on December 31, 2016, 08:48:27 PM

Quote from: pooya87 on December 29, 2016, 11:36:16 PM

we have all seen exchanges being hacked and lost our precious bitcoins or at least heard about them. and these days i keep seeing these two topics saying there is a possibility for a new one!

i say lets talk about a solution. there is no point sitting around waiting for one to happen then start crying!

what can we do?
and don't keep your money on exchange site is not an acceptable answer! because you have to do it if you want to trade, the exchange may get hacked (allegedly or for real) 1 minute after you deposit.
what is the substitute for these exchanges?
decentralized exchange? how do they work? is there any good one around? why aren't they famous? what are the pros and cons?

i'll admit that i don't know much about decentralized exchanges and i am sure i am not alone here

let this topic be a compilation of all suggestion for either an existing solution or future possibilities and ideas.

What can you really do if you are an active trader? You need your Bitcoins available for trading at the exchanges most of the time because getting your deposit in your exchange account can take time sometimes. Most of the exchanges require at least 3 confirmations before you can see your deposit in your account.

That's the problem when it comes to trading. so far that the only possible way to safe your money as a traders is to get the funds out of the exchanger when your activities on trading is done or it's unnecessary to be there so, it could avoid your funds to be compromised and for now trading without depositing is not so possible

Would the Lightning Network help make these transactions to the exchanges faster and more efficient, or maybe also safer since we are dealing with payment channels directly to an exchange. So they cannot really run away with our Bitcoins if they close a payment channel. Unless I misunderstood how the LN is implemented. If I did, please correct me and explain.

Geronimomo

newbie

Activity: 7

Merit: 0

Quote from: X-ray on December 31, 2016, 09:52:43 PM

Quote from: Wind_FURY on December 31, 2016, 08:48:27 PM

Quote from: pooya87 on December 29, 2016, 11:36:16 PM

we have all seen exchanges being hacked and lost our precious bitcoins or at least heard about them. and these days i keep seeing these two topics saying there is a possibility for a new one!

i say lets talk about a solution. there is no point sitting around waiting for one to happen then start crying!

what can we do?
and don't keep your money on exchange site is not an acceptable answer! because you have to do it if you want to trade, the exchange may get hacked (allegedly or for real) 1 minute after you deposit.
what is the substitute for these exchanges?
decentralized exchange? how do they work? is there any good one around? why aren't they famous? what are the pros and cons?

i'll admit that i don't know much about decentralized exchanges and i am sure i am not alone here

let this topic be a compilation of all suggestion for either an existing solution or future possibilities and ideas.

What can you really do if you are an active trader? You need your Bitcoins available for trading at the exchanges most of the time because getting your deposit in your exchange account can take time sometimes. Most of the exchanges require at least 3 confirmations before you can see your deposit in your account.

That's the problem when it comes to trading. so far that the only possible way to safe your money as a traders is to get the funds out of the exchanger when your activities on trading is done or it's unnecessary to be there so, it could avoid your funds to be compromised and for now trading without depositing is not so possible

I agree. Keeping your funds off an exchange is an unacceptable answer! Check out OpenLedger to see an exchange where you own the private keys to your own assets. It works a little differently from Poloniex or Bitrex because there is no "signing in" because nobody keeps your username but you. Just make sure to backup your encrypted wallet file and use a strong password. mine is "haybaleaardvarkantimaterballoon" jk no it's not. But my account name is "kmnk" (which is sure easier than a long af bitcoin address) so send me tips if you find this useful.

X-ray

hero member

Activity: 3066

Merit: 536

Leading Crypto Sports Betting & Casino Platform

Quote from: Wind_FURY on December 31, 2016, 08:48:27 PM

Quote from: pooya87 on December 29, 2016, 11:36:16 PM

we have all seen exchanges being hacked and lost our precious bitcoins or at least heard about them. and these days i keep seeing these two topics saying there is a possibility for a new one!

i say lets talk about a solution. there is no point sitting around waiting for one to happen then start crying!

what can we do?
and don't keep your money on exchange site is not an acceptable answer! because you have to do it if you want to trade, the exchange may get hacked (allegedly or for real) 1 minute after you deposit.
what is the substitute for these exchanges?
decentralized exchange? how do they work? is there any good one around? why aren't they famous? what are the pros and cons?

i'll admit that i don't know much about decentralized exchanges and i am sure i am not alone here

let this topic be a compilation of all suggestion for either an existing solution or future possibilities and ideas.

What can you really do if you are an active trader? You need your Bitcoins available for trading at the exchanges most of the time because getting your deposit in your exchange account can take time sometimes. Most of the exchanges require at least 3 confirmations before you can see your deposit in your account.

That's the problem when it comes to trading. so far that the only possible way to safe your money as a traders is to get the funds out of the exchanger when your activities on trading is done or it's unnecessary to be there so, it could avoid your funds to be compromised and for now trading without depositing is not so possible

Wind_FURY

legendary

Activity: 2898

Merit: 1823

Quote from: pooya87 on December 29, 2016, 11:36:16 PM

we have all seen exchanges being hacked and lost our precious bitcoins or at least heard about them. and these days i keep seeing these two topics saying there is a possibility for a new one!

i say lets talk about a solution. there is no point sitting around waiting for one to happen then start crying!

what can we do?
and don't keep your money on exchange site is not an acceptable answer! because you have to do it if you want to trade, the exchange may get hacked (allegedly or for real) 1 minute after you deposit.
what is the substitute for these exchanges?
decentralized exchange? how do they work? is there any good one around? why aren't they famous? what are the pros and cons?

i'll admit that i don't know much about decentralized exchanges and i am sure i am not alone here

let this topic be a compilation of all suggestion for either an existing solution or future possibilities and ideas.

What can you really do if you are an active trader? You need your Bitcoins available for trading at the exchanges most of the time because getting your deposit in your exchange account can take time sometimes. Most of the exchanges require at least 3 confirmations before you can see your deposit in your account.

shinratensei_

legendary

Activity: 3276

Merit: 1029

Leading Crypto Sports Betting & Casino Platform

Quote from: franky1 on December 30, 2016, 04:41:06 AM

Quote from: franky1 on December 29, 2016, 07:23:52 AM

exchanges need to change

firstly
exchanges should ask their customer to register an empty public key. (emphasis PUBLIC)
the customer keeps the private key a secret.

next to log in users are shown a message. and the user has to paste in the signed message, to prove who they are.
that way 'passwords' are not saved on databases or involved because the message and reply(signature) is unique at each login.

next
the public key is used with a public key belonging to the exchange to form a multisig.
the multisig becomes the deposit address.

then when users want to make an order they sign a multisig transaction to give the exchange X of total balance. to place that X onto an order.
this way funds are made more so as a 50% user-50% exchange control of funds. and outside and inside hackers cannot take 100% control

in short LN will become useful for exchanges, because LN is about multisigs.

At least we need SegWit at first and LN won't be lame.

moonpie45

newbie

Activity: 55

Merit: 0

Quote from: franky1 on December 30, 2016, 04:41:06 AM

--snip--

then when users want to make an order they sign a multisig transaction to give the exchange X of total balance. to place that X onto an order.
this way funds are made more so as a 50% user-50% exchange control of funds. and outside and inside hackers cannot take 100% control

in short LN will become useful for exchanges, because LN is about multisigs.
[/quote]Using LN will not prevent the theft of fiat balances from users' exchange balances.

LN will also delay the time it takes for a trade to make it's way onto the orderbook, which will give those who keep their bitcoin "entirely" on an exchange the ability to "trade ahead" of you.

Quote from: BigBoom3599 on December 30, 2016, 09:29:14 AM

What about exchanges like ShapeShift? They don't hold your funds (not for long atleast) so if they get hacked, not much would be lost. Or is it just too impractical?

Shapeshift hold customer funds very briefly -- from the time you send a transaction to them, up until the time your transaction has sufficient number of confirmations for them to send whatever altcoin you are buying.

Quote from: cpfreeplz on December 30, 2016, 09:40:55 AM

Idiots keep money on exchanges and idiots read newspapers about 'bitcoins being hacked' so idiots have to use fiat made by other idiots because other idiots will keep those idiots' money in a vault for them.

If you ever keep anything on an exchange you're just dangling some raw meat in the ocean. Good luck with that.

There is a certain value in keeping money on an exchange. For example, you can quickly sell your bitcoin for fiat, hoping to be able to purchase a larger amount of bitcoin at a later time at a lower price, or you can lend out your bitcoin for margin loans, earning interest.

The question is if the expected return on keeping your bitcoin in an exchange is greater then the potential cost of the exchange getting hacked and loosing all or a portion of your coins. This question is not as clear cut as you make it out to be.

HaXX0R1337

sr. member

Activity: 574

Merit: 252

Even i dont buy the truth about the hack news from the exchanges which lost millions in the past years and if i am correct there are over 150 bitcoin exchanges world wide and these sort of hacks are happening every year but there were about 10 hacks in major exchanges this year alone and Bitfinex lost the most with around 62 million ,the rest of the exchanges could control their damage by managing their hot wallet.They have to start releasing details about the hacks rather than just telling they got hacked .

Senor.Bla

sr. member

Activity: 280

Merit: 253

As most of the time there are two solutions to this problem. You can do it on your own or you let other people do it for you.
How can you do it on your own? I am not talking about making your own exchange or trying to improve the exchanges security. I am talking about educating yourself and gaining knowledge. This will take time and effort, but you could protect your money with a cold storage, multi sigs and more. And if you do not want that then you have to let other people do it for you. They will take money for doings so and you have no guarantee that you can trust them.

BigBoom3599

sr. member

Activity: 462

Merit: 250

Quote from: DooMAD on December 30, 2016, 10:02:38 AM

Quote from: BigBoom3599 on December 30, 2016, 09:29:14 AM

What about exchanges like ShapeShift? They don't hold your funds (not for long atleast) so if they get hacked, not much would be lost. Or is it just too impractical?

That depends if you think $230,000 counts as "much". Wink

Even the swap services aren't bulletproof. A motivated attacker will usually find a weakness given sufficient time.

Ofcourse that's a lot of money Cheesy

but if you compare that to what other 'hacked' exchanges have lost it's nothing Tongue

Topic: (RE: Exchanges hack) Let's talk about a solution before instead of crying after (Read 3145 times)