Topic: (RE: Exchanges hack) Let's talk about a solution before instead of crying after - page 2. (Read 3145 times)

this is why litecoin, vertcoin and other alts are also doing LN. so that a future LN client can interact with many coins and swap independently and settle on all blockchains at a later('withdraw') time.

but all LN concepts at the moment still have flaws, so its too early to tell

Having thought about it, I suppose the same potentially applies to ACCT, depending on which currency it is.  Transaction directly on chain tend to involve a miners fee, which (in BTC at least) is usually slightly higher than the exchange's buy/sell fees.  In that regard, ACCT would be better for one-off trades as there's literally zero counterparty risk involved.  But for frequent trades (daytrading) the exchanges would be more profitable, so your multi-sig proposal would be a significant improvement.

If scaling ever gets sorted, I sincerely hope the next big priority is ACCT.

the individual public keys used to form the multisig are empty of value. thus no need to 'coldstore' exactly.
because they are separate, that alone is a line of defense

because multisig involves dual signatures. an exchange via API can sign the tx(not on the front end) send the signed tx to the front end and then the front end sends the signed tx via api to the customers LN/multisig client.
thus the private key is not on the front end and transmission time is miliseconds (think how proxies work)

knowing the customer needs to sign too. the customer would refuse to sign if it noticed the destination of funds were going elsewhere. thus a hacker cant intercept. and also a hacker cannot change the destination after signing because the signature wont match the tx's new content.

lastly the customer just sends back a copy with their signature, thus also protecting their own private key by not having to use the privatekey within the exchange front end. but only on their own personal computer

because tx's are using real unspent funds and double signed it cant be double spend because funds cant move without both sides agreement.
and thus its no need to broadcast it to the network instantly. just holding a tx becomes like a bearer bond/promise/guarantee to pay.


current LN concepts do have MANY 'penalties' so although you can re-sign thousands of tx's at an agreed lower fee per re-sign. LN hubs want to introduce other ways to make money, hold funds and revoke funds. so LN has some faults.

hense why im more interested in traditional multisig utility which has been built into bitcoin for along time now. but lets hope the LN concepts aimed at repaying blockstream investors is not so heavy handed with its penalties, otherwise LN will be impractical

the shapeshift model wont work for daytraders.

but multisig/LN would.
this is because instead of seeing some mysql 'balance' you are seeing a signed tx of real unspent bitcoin value between you and an exchange and shows who owns what share of that value.
EG
[in: 1cU5t0m3r: 1.0btc]
[in: 13xCh4nG3: 1.0btc]
[out: 1cU5t0m3r: 0.999btc]
[out: 13xCh4nG3: 1.001btc]
[sig: 1cU5t0m3r]
[sig: 13xCh4nG3]

and that tx changes and gets resigned when a customer places an order (example below of placing an order for another 0.001btc)
[in: 1cU5t0m3r: 1.0btc]
[in: 13xCh4nG3: 1.0btc]
[out: 1cU5t0m3r: 0.998btc]
[out: 13xCh4nG3: 1.002btc]
[sig: 1cU5t0m3r]
[sig: 13xCh4nG3]

when the customer want to 'withdraw' he just broadcasts that tx to the network to get confirmed
the exchange cant run away with 2btc because he needs the customers signature
the customer cant run away with 2btc because he needs the exchanges signature

so they both have to mutually agree on who owes who what and both sign to show agreement

This is just plain bad luck then, u can die walking on street by falling brick or car crashing into u.
We are not talking about back luck here. 99% of btc are lost on exchanges because they are keeped there for extended period of time.
That can be avoided.

i have never used shapeshift myself to know for sure, but what the site says is that there are no additional fees for exchanging one coin to another except network fees.
and as for the price, it seems to be the same as what it is on exchanges.

the downside (as it was mentioned) is lack of trading with fiat. and also there is a limit for how much you can exchange for example it was ~1BTC for buying litecoin.

Most of the people that leave their BTC on exchanges are day traders, so it is not financially correct to use shapeshift, the transaction fee is high and again they just sell or buy at the current price order, so for a coin with low volume and high spread you will just be losing money on each trade.

Everything onlne can be hacked.Any exchange platform or any online btc wallet.

I don`t know about any decentralized exchanges.

I guess that a decentralized exchange will look like a multi-cryptocurrency hardware wallet with

peer-to-peer connection with other wallets.There is still risk of being hacked.

now this is a good answer.
i like it mainly because it is using the "multisig" feature which is already available in bitcoin protocol itself so it doesn't need something weird or new.

but also that is going to make things complicated.
lets assume you want to make a trade, you have to do all the signing,... and specially if you are keeping things in cold storage, that will be harder (time consuming) and time is sometimes important in trading with volatile prices.

also the first thing that came to my mind was confirmation time, but i don't think confirmation is necessary since it is a multisignature transaction and neither party can double spend, right?

i am not familiar enough with LN though, but from what i have read it seems like it can be good in this case as long as there aren't that much additional fees.

i am a bit late to reply but i'll read all comments.

lets keep things realistic here!

i have also checked that one but i get the same feeling that it is lacking lots of features, and it doesn't seem to be fast enough for selling at market rate or at least that was my impression. if it is worked on more, it may have some potential.

your right question is off-topic here.

please read OP!

That is on the exchanges, and they should do it, and they say they are doing it. all those exchanges that were hacked (claimed to be hacked) said they have multisignature, cold storage, blah blah and they ran away with our funds just fine.

I have heard about markets on base blockchains technology, I think it is good solution for anticipation of hacking problem on the markets, although i am not sure about that because it is still new.
But there is the markets that used blockchains technology for markets, but i don't know about the progress of market and i am forget the name of market too.  .

Is it possible to create a back up wallet by exchanges?Like some offline cold wallet where all the coins are kept and unless user request a withdrawal ,coins do not become online?

Bitsquare is a good decentralised exchange but there is just not enough people using it, i am not sure why.  maybe it is to complicated and people dont trust it yet.

All this talking, while the solution is obvious: decentralized exchange. With an OpenLedger account YOU keep the private keys, you can setup multi-sig accounts of 1/1 1/2 1/3 1/4 2/2 2/3 2/4 etc.

With a decentralized exchange there is no counterparty risk. Nobody can take your funds. You can trade BTC/USD BTC/CNY and BTC/BTS as well as many other markets.

BTS exchange used to have pretty low volume but now why anyone uses centralized exchanges with their chances of failure is beyond me.

Trade fees for core assets are tiny, like .001c, per trade. For OpenLedger backed assets it's .1%.

How to stay safe: trade on a blockchain!

See cryptofresh.com to see live trading activity.

i didnt mean literally bank accounts. i was just putting multisig into a prospective common people understand. and yes in multisig you can have 1-of-2 also.. but then again in joint bank accounts you can also require dual signature where in multisig you can require 2-of-2

there are multiple purposes requirements you can set on a multisig and bank account.
EG child trust fund require both parents signatures and only unlocked at a certain date.
=2 of 2 multisig with a CLTV script

i only mentioned it as some people dont understand multisig/LN at its most basic use-case concept

If this is the case, all exchanges with criminal records should not be protected. They should be exposed to world, to reduce transaction on their the sites where bye reducing victims. Not everyone can create an exchange from himself, we should protect those who cant.

1st of all, fuck milkmen. I mean seriously. They were obviously screwing everyone's mom. No wonder they don't exist anymore. Too many love-childs.

Anyways, with bank accounts you can have anyone can sign (ie 1 signature required) or everyone must sign (ie everyone on the account must sign). This is both in personal and business banking. Most joint accounts are probably anyone can sign though, but you do have a choice. It's definitely not a new concept.
Imagine this:

"Johnson!" Says your boss.

"Yessir!" You reply.

"I just got this $1,000,000 cheque that I need you to deposit into our business account that you're a signer for."

"I'll get on it right away sir!"

Deposits money. Withdraws $1million. Lives happy ever after in the Cayman Islands.


There's a reason this doesn't happen literally every minute of every day.

imagine old concept is depositing funds into your wifes account so that when you want to pay for something you need to ask her and its her that makes the payment. but she decides to run away with the milkman and your cash

imagine a new concept of a joint account where your wife cant run off with the milkman with all your funds, because she needs your authorisation to make payments aswell as hers.

multisig is the new concept but i feel exchanges will wait for LN to be the 'tool' to make that a userfriendly process because at the moment trying to do multisigs is not 'granny friendly' in current popular bitcoin implementations

this is difficult options because the hackers will always be aiming the exchange especially the big exchange which have huge market volume and if we want to starting trade bitcoin or altcoins putting our bitcoin to exchange is necessary to do so but i would go for my own solution that don't keep my money to the exchange too long because nothing 100% safe in crypto world

I was rather hoping for ACCT to be a thing by now, so you could exchange directly through your wallets between different coins and on different blockchains, but it seems we're still waiting for a breakthrough on that one.  Certain altcoins can already do it, but BTC needs to catch up, so we can trade in a completely decentralised manner without any third party middlemen like exchanges.

Out of all the myriad potential solutions, this one (IMHO) is the best.  The code works right now, so someone just needs to integrate it into Bitcoin.  Hoping for good news in 2017.



That depends if you think $230,000 counts as "much".  

Even the swap services aren't bulletproof.  A motivated attacker will usually find a weakness given sufficient time.