Pages:
Author

Topic: (RE: Exchanges hack) Let's talk about a solution before instead of crying after - page 3. (Read 3159 times)

legendary
Activity: 966
Merit: 1042
Idiots keep money on exchanges and idiots read newspapers about 'bitcoins being hacked' so idiots have to use fiat made by other idiots because other idiots will keep those idiots' money in a vault for them.

If you ever keep anything on an exchange you're just dangling some raw meat in the ocean. Good luck with that.
legendary
Activity: 4424
Merit: 4794
What about exchanges like ShapeShift? They don't hold your funds (not for long atleast) so if they get hacked, not much would be lost. Or is it just too impractical?

thats a coin swap service.

not a full day-trade exchange that handles fiat.

but lets play devils advocat. lets say full exchanges were to have been hacked.
this is because private keys are on the same front-end server as the users place orders.

this can also be mitigated by exchanges having a front-end with only publicly(deposit) keys and a 'command' database.

EG instead of the front end signing transactions, the front end puts a user withdrawal request into a database. and secretly a secondary system is checking that command database in seconds and processes it from another system. double checking the user actually authorised it.

the 'delay' is not stupidly a long manual process but a milisecond response time. just separated instead of combined into one system
though i would still prefer this separate system to use multisigs to not have 100% control of funds
sr. member
Activity: 462
Merit: 250
What about exchanges like ShapeShift? They don't hold your funds (not for long atleast) so if they get hacked, not much would be lost. Or is it just too impractical?
legendary
Activity: 4424
Merit: 4794
I doesn't really matter what people here are proposing to reduce victims at the time exchanges get "hacked". People are too lazy and don't care as their behaviour didn't change a single bit after all incidents that we have seen. If you put decentralized exchanges aside, then the only possible outcome will be that exchanges store all their coins offline and thus get rid of hot wallets. It will annoy people as cashouts will be more time consuming as exchanges have to process everything manually, but at least it will have an immediate effect. But then again, it will protect you from hackers, but there are also the employees or the exchange operators that may turn out to be filthy thieves.

no no no

putting funds offline in exchanges full control is the problem.. not the solution

the solution is to have funds not be able to move without users authorisation.
by this i mean get rid of "passwords" stored on an exchange, because this is still giving exchanges/hackers control. and instead use a bitcoin feature built in since day one.. SIGNATURES


How would that work out since coins people deposit will get mixed within their system? As soon as you request a cashout, you'll get different coins than what you deposited. They don't appoint a certain amount of coins just for you where you can request a cashout and receive exactly these coins. I really don't see how exchanges are willing to change the way their system is set up. Every proposed change has to comply with the policies of the insurer (in case they have everything insured).

exchanges need to change

firstly
exchanges should ask their customer to register an empty public key. (emphasis PUBLIC)
the customer keeps the private key a secret.

next to log in users are shown a message. and the user has to paste in the signed message, to prove who they are.
that way 'passwords' are not saved on databases or involved because the message and reply(signature) is unique at each login.

next
the public key is used with a public key belonging to the exchange to form a multisig.
the multisig becomes the deposit address.

then when users want to make an order they sign a multisig transaction to give the exchange X of total balance. to place that X onto an order.
this way funds are made more so as a 50% user-50% exchange control of funds. and outside and inside hackers cannot take 100% control

in short LN will become useful for exchanges, because LN is about multisigs.
legendary
Activity: 1218
Merit: 1006
The right question is how were they hacked? Hacking is inevitable, so what are exchanges doing to prevent the hack. We will always use exchange even if we have the safest wallets but are precautions being engaged?
Actually no any exchange platform have ever made a detail announcement regarding how their security system fails on hack which make it quite suspicious and i believe majority of hack is just inside job.

The only way to minimize loss during hack is to use multiple trading platform till we don't get any working decentralized trading platform, and this may take few more years.
sr. member
Activity: 406
Merit: 252
Veni, Vidi, Vici
In my opinion exchanges should follow or copy policies following from banks. I am pretty sure hackers have stolen funds from banks but the latter (of course) does not make any announcement. So a predefined amount must be given to any customer in case of hacking. Secondly,  I don't know if is possible to make contracts with any insurance company. Lastly very strict selection of their employees. Most of the hack problems are due to careless or over confident or crooks employees. It is almost impossible to avoid hacking. So, at least, let's restrict the loss.
legendary
Activity: 2170
Merit: 1427
I doesn't really matter what people here are proposing to reduce victims at the time exchanges get "hacked". People are too lazy and don't care as their behaviour didn't change a single bit after all incidents that we have seen. If you put decentralized exchanges aside, then the only possible outcome will be that exchanges store all their coins offline and thus get rid of hot wallets. It will annoy people as cashouts will be more time consuming as exchanges have to process everything manually, but at least it will have an immediate effect. But then again, it will protect you from hackers, but there are also the employees or the exchange operators that may turn out to be filthy thieves.

no no no

putting funds offline in exchanges full control is the problem.. not the solution

the solution is to have funds not be able to move without users authorisation.
by this i mean get rid of "passwords" stored on an exchange, because this is still giving exchanges/hackers control. and instead use a bitcoin feature built in since day one.. SIGNATURES


How would that work out since coins people deposit will get mixed within their system? As soon as you request a cashout, you'll get different coins than what you deposited. They don't appoint a certain amount of coins just for you where you can request a cashout and receive exactly these coins. I really don't see how exchanges are willing to change the way their system is set up. Every proposed change has to comply with the policies of the insurer (in case they have everything insured).
legendary
Activity: 4424
Merit: 4794
I doesn't really matter what people here are proposing to reduce victims at the time exchanges get "hacked". People are too lazy and don't care as their behaviour didn't change a single bit after all incidents that we have seen. If you put decentralized exchanges aside, then the only possible outcome will be that exchanges store all their coins offline and thus get rid of hot wallets. It will annoy people as cashouts will be more time consuming as exchanges have to process everything manually, but at least it will have an immediate effect. But then again, it will protect you from hackers, but there are also the employees or the exchange operators that may turn out to be filthy thieves.

no no no

putting funds offline in exchanges full control is the problem.. not the solution

the solution is to have funds not be able to move without users authorisation.
by this i mean get rid of "passwords" stored on an exchange, because this is still giving exchanges/hackers control. and instead use a bitcoin feature built in since day one.. SIGNATURES
legendary
Activity: 2170
Merit: 1427
I doesn't really matter what people here are proposing to reduce victims at the time exchanges get "hacked". People are too lazy and don't care as their behaviour didn't change a single bit after all incidents that we have seen. If you put decentralized exchanges aside, then the only possible outcome will be that exchanges store all their coins offline and thus get rid of hot wallets. It will annoy people as cashouts will be more time consuming as exchanges have to process everything manually, but at least it will have an immediate effect. But then again, it will protect you from hackers, but there are also the employees or the exchange operators that may turn out to be filthy thieves.
legendary
Activity: 4424
Merit: 4794
The right question is how were they hacked? Hacking is inevitable, so what are exchanges doing to prevent the hack. We will always use exchange even if we have the safest wallets but are precautions being engaged?

they were not hacked. they just wont admit to embezzling funds.

the solution is to prevent them from being able to embezzle funds.. which means that if there was also an outsider hacker. they cant steal either.

this is done by not giving exchanges 100% control of funds
hero member
Activity: 2464
Merit: 519
The right question is how were they hacked? Hacking is inevitable, so what are exchanges doing to prevent the hack. We will always use exchange even if we have the safest wallets but are precautions being engaged?
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
legendary
Activity: 4424
Merit: 4794
exchanges need to change

firstly
exchanges should ask their customer to register an empty public key. (emphasis PUBLIC)
the customer keeps the private key a secret.

next to log in users are shown a message. and the user has to paste in the signed message, to prove who they are.
that way 'passwords' are not saved on databases or involved because the message and reply(signature) is unique at each login.

next
the public key is used with a public key belonging to the exchange to form a multisig.
the multisig becomes the deposit address.

then when users want to make an order they sign a multisig transaction to give the exchange X of total balance. to place that X onto an order.
this way funds are made more so as a 50% user-50% exchange control of funds. and outside and inside hackers cannot take 100% control

in short LN will become useful for exchanges, because LN is about multisigs.
legendary
Activity: 966
Merit: 1006
I have heard about bitsquare being one of the decentralized trading platform however it seems they still lack lots of things or are not capable of handling large volumes. I found it more like localbitcoins but they say its completely p2p trading, i still don't know how actually they work but i don't think there are other decentralized trading platform like bitsquare right now.
legendary
Activity: 2604
Merit: 1036
Set up your own exchange and try to be your own boss. Maybe aspire to organize some kind of a peer-to-peer offline exchange but still you will need to procure clients from the real world and be a sweet talker in order to get your margins worth your time  Grin

Or just use an online Butcoin exchange like everyone else and be alert.
hero member
Activity: 2870
Merit: 574
Vave.com - Crypto Casino
we have all seen exchanges being hacked and lost our precious bitcoins or at least heard about them. and these days i keep seeing these two topics saying there is a possibility for a new one!

i say lets talk about a solution. there is no point sitting around waiting for one to happen then start crying!

  • what can we do?
    and don't keep your money on exchange site is not an acceptable answer! because you have to do it if you want to trade, the exchange may get hacked (allegedly or for real) 1 minute after you deposit.

  • what is the substitute for these exchanges?
    decentralized exchange? how do they work? is there any good one around? why aren't they famous? what are the pros and cons?
i'll admit that i don't know much about decentralized exchanges and i am sure i am not alone here

let this topic be a compilation of all suggestion for either an existing solution or future possibilities and ideas.

for me, my solution is never put all of your bitcoin into one exchangers, but split it into many exchangers and don't use large amount in that exchangers, the most of your bitcoin will be store in your private wallet so if there is something bad happen with exchangers, we still have our bitcoin in our wallet that is safe in that wallet.
hero member
Activity: 658
Merit: 505
I don't think there is anything we can actualy do. Exchangers are attractive target and from time to time tho will be attacked. It's up to them to put their security to a higher level and protect themselves as well as their customers. Also they should have a policy how to treat their customers if damage has been done and how to return the coins.
I don't know much about the decentralized exchangers too but O don't know how this could be a solution. Can't they be attacked also?
legendary
Activity: 3472
Merit: 10611
we have all seen exchanges being hacked and lost our precious bitcoins or at least heard about them. and these days i keep seeing these two topics saying there is a possibility for a new one!

i say lets talk about a solution. there is no point sitting around waiting for one to happen then start crying!

  • what can we do?
    and don't keep your money on exchange site is not an acceptable answer! because you have to do it if you want to trade, the exchange may get hacked (allegedly or for real) 1 minute after you deposit.

  • what is the substitute for these exchanges?
    decentralized exchange? how do they work? is there any good one around? why aren't they famous? what are the pros and cons?
i'll admit that i don't know much about decentralized exchanges and i am sure i am not alone here

let this topic be a compilation of all suggestion for either an existing solution or future possibilities and ideas.
Pages:
Jump to: