Pages:
Author

Topic: Stamp hot wallet problem? (Read 4370 times)

legendary
Activity: 1176
Merit: 1010
Borsche
January 05, 2015, 01:25:54 PM
#70
If Stamp is down is Coinbase not working either? Coinbase is really my only means of complete exit. Lips sealed

no they have decoupled from stamp a long time ago. so go, exit  Grin
legendary
Activity: 1176
Merit: 1010
Borsche
January 05, 2015, 01:21:40 PM
#69
freebit13: How do those servers get get the signal to sign transactions?

they can periodically check list of pending transactions, correlate that to account balances and then sign if transaction is fine & some validations pass - like unusually high volume of tx going out would require manual intervention, etc

this way single signing server compromise will do nothing, but central db compromise will of course still be a problem, but that is much easier to secure since it does not need outside connectivity.
legendary
Activity: 1064
Merit: 1001
hero member
Activity: 616
Merit: 500
I got Satoshi's avatar!
January 05, 2015, 01:05:29 PM
#67
freebit13: How do those servers get get the signal to sign transactions?
True...
legendary
Activity: 1615
Merit: 1000
January 05, 2015, 01:01:24 PM
#66
freebit13: How do those servers get get the signal to sign transactions?
hero member
Activity: 644
Merit: 500
January 05, 2015, 12:57:49 PM
#65
If Stamp is down is Coinbase not working either? Coinbase is really my only means of complete exit. Lips sealed
hero member
Activity: 616
Merit: 500
I got Satoshi's avatar!
January 05, 2015, 12:53:13 PM
#64
You do realize that a multi-signature address on an exchange involves other issues that greatly impact usability as an exchange
Multi signature means both you and the exchange need to agree for funds to be spent. If the exchange is compromised in a way that does not let them use their own keys your funds will still be stuck.

Multi-sig cold storage on exchanges would be a neat feature for added trust but it would make a lot of things more complicated (try filling up a hot wallet from cold storage if you require the signatures from different users. You'd need a whole new scheme where a part of the cold wallet is still owned by the exchange which kind of defeats the whole point).

The bottom line is that if you want to be able to make fast trades in both directions (usd <-> btc)  you will have to place trust in the system to some degree because the blockchain can't help you here.

I would actually argue that currently for the majority of users it is best that an exchange handles their funds rather than sharing that responsibility (if you lose your key(s) for a multisig address on an exchange the funds are basically gone).

Transparency on how cold storage is implemented however is of prime importance. We'll see what bitstamp has to say soon and if they have done their job remotely well the damage should be minimal.

Btw it is clear that people can't withdraw if the hot wallet might be compromised. If I were running the exchange that would be my first reaction too. Stop all movements of funds until it is clear what is safe and what is not.
The users don't need to hold the keys, that would be disastrous because people could trade, lose and then refuse to pay, but if Bitstamp held 3 keys on different servers and had them all sign each transaction; they would be a lot more difficult to hack.
sr. member
Activity: 269
Merit: 250
January 05, 2015, 10:16:28 AM
#63
Satoshi created a currency unit without a central party being necessary to prevent unit duplication.

And you want to tell me it's impossible for centralized exchanges to build a clever system that enables users to have some form of control over their trading funds? Well, perhaps it is.


The fact that it is centralized means that if the server(s) is in fact potentially compromised of course they can't let you control your funds because how should they know if your actions are legitimate or not?

Cold storage should ensure that in a worst case scenario most of the exchange funds are safe.

This incident will reveal if bitstamp can be trusted further down the road. We can expect a more thorough audit and if indeed only the hot wallet was compromised and users who lost funds are reimbursed
it will be a good thing not only for stamp but for confidence in bitcoin in general.

Now if that does not happen we can expect gloomy times ahead.


hero member
Activity: 1372
Merit: 783
better everyday ♥
January 05, 2015, 10:11:48 AM
#62

Until then, we'll have to cope with this amateur hour.


THIS times a trillion!

No way in hell would this happen to NYSE, NASDAQ, CME, CBOE, BATS etc...

Now I'm not comparing the scope or scale here, but until BTC exchanges up all their shit together it is indeed Mickey Mouse Club shenanigans like this that would NEVER happen on traditional major exchanges.
member
Activity: 81
Merit: 10
January 05, 2015, 10:08:02 AM
#61
there are exchanges like bitalo.com out there that do not take control over the coins at all but have user-side generated keys that are stored only in encrypted form on the servers, combined with full multi-signature wallets and backup transaction so that you can get the coins back, even when the site loses all data or goes completely offline.

People just need to use it :-)


Good initiative, thanks for showing us that this can work, and illustrating how irresponsible and borderline criminal established exchanges are for not adopting such practices.

Think about what Bitstamp have been working on instead: A fancy chart UI for trading and an Android app. Meanwhile, they can't even ensure or prove that cold wallet coins aren't lost.

You do realize that a multi-signature address on an exchange involves other issues that greatly impact usability as an exchange
Multi signature means both you and the exchange need to agree for funds to be spent. If the exchange is compromised in a way that does not let them use their own keys your funds will still be stuck.

Multi-sig cold storage on exchanges would be a neat feature for added trust but it would make a lot of things more complicated (try filling up a hot wallet from cold storage if you require the signatures from different users. You'd need a whole new scheme where a part of the cold wallet is still owned by the exchange which kind of defeats the whole point).

The bottom line is that if you want to be able to make fast trades in both directions (usd <-> btc)  you will have to place trust in the system to some degree because the blockchain can't help you here.

I would actually argue that currently for the majority of users it is best that an exchange handles their funds rather than sharing that responsibility (if you lose your key(s) for a multisig address on an exchange the funds are basically gone).

Transparency on how cold storage is implemented however is of prime importance. We'll see what bitstamp has to say soon and if they have done their job remotely well the damage should be minimal.

Btw it is clear that people can't withdraw if the hot wallet might be compromised. If I were running the exchange that would be my first reaction too. Stop all movements of funds until it is clear what is safe and what is not.



This is exactly the point: Multi-Signature implementations make it possible that YOU must explicitly agree that the exchange or whatever service provider can move or take control of your coins! That way you keep control, which is the basic principle of Bitcoin and why it was invented. People dont trust banks and go into bitcoin and then they use bank-like and even more shady services like Gox or Stamp? Does not make much sense to me.

Instant trading should be rather done with BTC-IOUs, not with bitcoins

 
N12
donator
Activity: 1610
Merit: 1010
January 05, 2015, 10:03:27 AM
#60
Satoshi created a currency unit without a central party being necessary to prevent unit duplication.

And you want to tell me it's impossible for centralized exchanges to build a clever system that enables users to have some form of control over their trading funds? Well, perhaps it is.

Yet our bitcoin exchanges  miss other things too that could alleviate theft and fraud. Lack of audits, insurance, ...

Luckily, it's only a matter of time until we'll be able to safely trade Bitcoin on traditional brokers via ETFs. Until then, we'll have to cope with this amateur hour.
sr. member
Activity: 269
Merit: 250
January 05, 2015, 09:57:07 AM
#59
there are exchanges like bitalo.com out there that do not take control over the coins at all but have user-side generated keys that are stored only in encrypted form on the servers, combined with full multi-signature wallets and backup transaction so that you can get the coins back, even when the site loses all data or goes completely offline.

People just need to use it :-)


Good initiative, thanks for showing us that this can work, and illustrating how irresponsible and borderline criminal established exchanges are for not adopting such practices.

Think about what Bitstamp have been working on instead: A fancy chart UI for trading and an Android app. Meanwhile, they can't even ensure or prove that cold wallet coins aren't lost.

You do realize that a multi-signature address on an exchange involves other issues that greatly impact usability as an exchange
Multi signature means both you and the exchange need to agree for funds to be spent. If the exchange is compromised in a way that does not let them use their own keys your funds will still be stuck.

Multi-sig cold storage on exchanges would be a neat feature for added trust but it would make a lot of things more complicated (try filling up a hot wallet from cold storage if you require the signatures from different users. You'd need a whole new scheme where a part of the cold wallet is still owned by the exchange which kind of defeats the whole point).

The bottom line is that if you want to be able to make fast trades in both directions (usd <-> btc)  you will have to place trust in the system to some degree because the blockchain can't help you here.

I would actually argue that currently for the majority of users it is best that an exchange handles their funds rather than sharing that responsibility (if you lose your key(s) for a multisig address on an exchange the funds are basically gone).

Transparency on how cold storage is implemented however is of prime importance. We'll see what bitstamp has to say soon and if they have done their job remotely well the damage should be minimal.

Btw it is clear that people can't withdraw if the hot wallet might be compromised. If I were running the exchange that would be my first reaction too. Stop all movements of funds until it is clear what is safe and what is not.

hero member
Activity: 695
Merit: 500
January 05, 2015, 09:56:16 AM
#58
Unreal start to 2015.   Cry

Not saying it's going to be Gox 2.0 where people lose their funds, and the exchange operator just up and leaves, but just the sentiment.

Things like this shouldn't happen to a major exchange.  Period.  Leave a bad taste to the community and it's supporters.

Just unreal that 2 years in a row, 2 of biggest Bitcoin exchanges get compromised.  This one may not be from seedy operator at the top, but just the fact it happened, hurts.

Not trying to spread FUD or giving up or anything, but this piece of news is very disappointing, to say the least.

This should make it clear to everybody that the exchanges are bitcoin's Achilles heel.

As long as bitcoin is still young, we need exchanges to get in and out of bitcoin. If the exchanges keep losing or stealing our money, bitcoin itself is dead.
hero member
Activity: 1372
Merit: 783
better everyday ♥
January 05, 2015, 09:48:52 AM
#57
Unreal start to 2015.   Cry

Not saying it's going to be Gox 2.0 where people lose their funds, and the exchange operator just up and leaves, but just the sentiment.

Things like this shouldn't happen to a major exchange.  Period.  Leave a bad taste to the community and it's supporters.

Just unreal that 2 years in a row, 2 of biggest Bitcoin exchanges get compromised.  This one may not be from seedy operator at the top, but just the fact it happened, hurts.

Not trying to spread FUD or giving up or anything, but this piece of news is very disappointing, to say the least.
legendary
Activity: 1400
Merit: 1000
I owe my soul to the Bitcoin code...
January 05, 2015, 09:47:52 AM
#56
Thank you both for your help.  Smiley
legendary
Activity: 1274
Merit: 1004
January 05, 2015, 09:33:23 AM
#55
Is the Bitstamp hotwallet adress/es known so others can follow the coins?  Do they make it public?



As an aside, where can one find that Bitstamp depth sum chart on the first page?
https://blockchain.info/address/1L2JsXHPMYuAa9ugvHGLwkdstCPUDemNCf
hero member
Activity: 742
Merit: 500
January 05, 2015, 09:32:03 AM
#54
As an aside, where can one find that Bitstamp depth sum chart on the first page?
Here:

http://coinsight.org/bitstamp
legendary
Activity: 1400
Merit: 1000
I owe my soul to the Bitcoin code...
January 05, 2015, 09:20:54 AM
#53
Is the Bitstamp hotwallet adress/es known so others can follow the coins?  Do they make it public?



As an aside, where can one find that Bitstamp depth sum chart on the first page?
member
Activity: 90
Merit: 10
January 05, 2015, 09:02:19 AM
#52
I have half my stash on stamp...

Should I be worried? Embarrassed

No, the other half at MtGox is completely safe!
p4n
full member
Activity: 167
Merit: 100
January 05, 2015, 06:16:48 AM
#51
Stamp didn't have the initiative yesterday, neither in the downfall or in the upwards bounce. That doesn't make sense.
Pages:
Jump to: