If Stamp is down is Coinbase not working either? Coinbase is really my only means of complete exit. 
no they have decoupled from stamp a long time ago. so go, exit
Topic: Stamp hot wallet problem? (Read 4314 times)
no they have decoupled from stamp a long time ago. so go, exit
freebit13: How do those servers get get the signal to sign transactions?
they can periodically check list of pending transactions, correlate that to account balances and then sign if transaction is fine & some validations pass - like unusually high volume of tx going out would require manual intervention, etc
this way single signing server compromise will do nothing, but central db compromise will of course still be a problem, but that is much easier to secure since it does not need outside connectivity.
freebit13: How do those servers get get the signal to sign transactions?
True... 
freebit13: How do those servers get get the signal to sign transactions?
If Stamp is down is Coinbase not working either? Coinbase is really my only means of complete exit.
You do realize that a multi-signature address on an exchange involves other issues that greatly impact usability as an exchange
Multi signature means both you and the exchange need to agree for funds to be spent. If the exchange is compromised in a way that does not let them use their own keys your funds will still be stuck.
Multi-sig cold storage on exchanges would be a neat feature for added trust but it would make a lot of things more complicated (try filling up a hot wallet from cold storage if you require the signatures from different users. You'd need a whole new scheme where a part of the cold wallet is still owned by the exchange which kind of defeats the whole point).
The bottom line is that if you want to be able to make fast trades in both directions (usd <-> btc) you will have to place trust in the system to some degree because the blockchain can't help you here.
I would actually argue that currently for the majority of users it is best that an exchange handles their funds rather than sharing that responsibility (if you lose your key(s) for a multisig address on an exchange the funds are basically gone).
Transparency on how cold storage is implemented however is of prime importance. We'll see what bitstamp has to say soon and if they have done their job remotely well the damage should be minimal.
Btw it is clear that people can't withdraw if the hot wallet might be compromised. If I were running the exchange that would be my first reaction too. Stop all movements of funds until it is clear what is safe and what is not.
The users don't need to hold the keys, that would be disastrous because people could trade, lose and then refuse to pay, but if Bitstamp held 3 keys on different servers and had them all sign each transaction; they would be a lot more difficult to hack. Multi signature means both you and the exchange need to agree for funds to be spent. If the exchange is compromised in a way that does not let them use their own keys your funds will still be stuck.
Multi-sig cold storage on exchanges would be a neat feature for added trust but it would make a lot of things more complicated (try filling up a hot wallet from cold storage if you require the signatures from different users. You'd need a whole new scheme where a part of the cold wallet is still owned by the exchange which kind of defeats the whole point).
The bottom line is that if you want to be able to make fast trades in both directions (usd <-> btc) you will have to place trust in the system to some degree because the blockchain can't help you here.
I would actually argue that currently for the majority of users it is best that an exchange handles their funds rather than sharing that responsibility (if you lose your key(s) for a multisig address on an exchange the funds are basically gone).
Transparency on how cold storage is implemented however is of prime importance. We'll see what bitstamp has to say soon and if they have done their job remotely well the damage should be minimal.
Btw it is clear that people can't withdraw if the hot wallet might be compromised. If I were running the exchange that would be my first reaction too. Stop all movements of funds until it is clear what is safe and what is not.
Satoshi created a currency unit without a central party being necessary to prevent unit duplication.
And you want to tell me it's impossible for centralized exchanges to build a clever system that enables users to have some form of control over their trading funds? Well, perhaps it is.
And you want to tell me it's impossible for centralized exchanges to build a clever system that enables users to have some form of control over their trading funds? Well, perhaps it is.
The fact that it is centralized means that if the server(s) is in fact potentially compromised of course they can't let you control your funds because how should they know if your actions are legitimate or not?
Cold storage should ensure that in a worst case scenario most of the exchange funds are safe.
This incident will reveal if bitstamp can be trusted further down the road. We can expect a more thorough audit and if indeed only the hot wallet was compromised and users who lost funds are reimbursed
it will be a good thing not only for stamp but for confidence in bitcoin in general.
Now if that does not happen we can expect gloomy times ahead.
Until then, we'll have to cope with this amateur hour.
THIS times a trillion!
No way in hell would this happen to NYSE, NASDAQ, CME, CBOE, BATS etc...
Now I'm not comparing the scope or scale here, but until BTC exchanges up all their shit together it is indeed Mickey Mouse Club shenanigans like this that would NEVER happen on traditional major exchanges.
there are exchanges like bitalo.com out there that do not take control over the coins at all but have user-side generated keys that are stored only in encrypted form on the servers, combined with full multi-signature wallets and backup transaction so that you can get the coins back, even when the site loses all data or goes completely offline.
People just need to use it :-)
Good initiative, thanks for showing us that this can work, and illustrating how irresponsible and borderline criminal established exchanges are for not adopting such practices.People just need to use it :-)
Think about what Bitstamp have been working on instead: A fancy chart UI for trading and an Android app. Meanwhile, they can't even ensure or prove that cold wallet coins aren't lost.
You do realize that a multi-signature address on an exchange involves other issues that greatly impact usability as an exchange
Multi signature means both you and the exchange need to agree for funds to be spent. If the exchange is compromised in a way that does not let them use their own keys your funds will still be stuck.
Multi-sig cold storage on exchanges would be a neat feature for added trust but it would make a lot of things more complicated (try filling up a hot wallet from cold storage if you require the signatures from different users. You'd need a whole new scheme where a part of the cold wallet is still owned by the exchange which kind of defeats the whole point).
The bottom line is that if you want to be able to make fast trades in both directions (usd <-> btc) you will have to place trust in the system to some degree because the blockchain can't help you here.
I would actually argue that currently for the majority of users it is best that an exchange handles their funds rather than sharing that responsibility (if you lose your key(s) for a multisig address on an exchange the funds are basically gone).
Transparency on how cold storage is implemented however is of prime importance. We'll see what bitstamp has to say soon and if they have done their job remotely well the damage should be minimal.
Btw it is clear that people can't withdraw if the hot wallet might be compromised. If I were running the exchange that would be my first reaction too. Stop all movements of funds until it is clear what is safe and what is not.
This is exactly the point: Multi-Signature implementations make it possible that YOU must explicitly agree that the exchange or whatever service provider can move or take control of your coins! That way you keep control, which is the basic principle of Bitcoin and why it was invented. People dont trust banks and go into bitcoin and then they use bank-like and even more shady services like Gox or Stamp? Does not make much sense to me.
Instant trading should be rather done with BTC-IOUs, not with bitcoins
Satoshi created a currency unit without a central party being necessary to prevent unit duplication.
And you want to tell me it's impossible for centralized exchanges to build a clever system that enables users to have some form of control over their trading funds? Well, perhaps it is.
Yet our bitcoin exchanges miss other things too that could alleviate theft and fraud. Lack of audits, insurance, ...
Luckily, it's only a matter of time until we'll be able to safely trade Bitcoin on traditional brokers via ETFs. Until then, we'll have to cope with this amateur hour.
And you want to tell me it's impossible for centralized exchanges to build a clever system that enables users to have some form of control over their trading funds? Well, perhaps it is.
Yet our bitcoin exchanges miss other things too that could alleviate theft and fraud. Lack of audits, insurance, ...
Luckily, it's only a matter of time until we'll be able to safely trade Bitcoin on traditional brokers via ETFs. Until then, we'll have to cope with this amateur hour.
there are exchanges like bitalo.com out there that do not take control over the coins at all but have user-side generated keys that are stored only in encrypted form on the servers, combined with full multi-signature wallets and backup transaction so that you can get the coins back, even when the site loses all data or goes completely offline.
People just need to use it :-)
Good initiative, thanks for showing us that this can work, and illustrating how irresponsible and borderline criminal established exchanges are for not adopting such practices.People just need to use it :-)
Think about what Bitstamp have been working on instead: A fancy chart UI for trading and an Android app. Meanwhile, they can't even ensure or prove that cold wallet coins aren't lost.
You do realize that a multi-signature address on an exchange involves other issues that greatly impact usability as an exchange
Multi signature means both you and the exchange need to agree for funds to be spent. If the exchange is compromised in a way that does not let them use their own keys your funds will still be stuck.
Multi-sig cold storage on exchanges would be a neat feature for added trust but it would make a lot of things more complicated (try filling up a hot wallet from cold storage if you require the signatures from different users. You'd need a whole new scheme where a part of the cold wallet is still owned by the exchange which kind of defeats the whole point).
The bottom line is that if you want to be able to make fast trades in both directions (usd <-> btc) you will have to place trust in the system to some degree because the blockchain can't help you here.
I would actually argue that currently for the majority of users it is best that an exchange handles their funds rather than sharing that responsibility (if you lose your key(s) for a multisig address on an exchange the funds are basically gone).
Transparency on how cold storage is implemented however is of prime importance. We'll see what bitstamp has to say soon and if they have done their job remotely well the damage should be minimal.
Btw it is clear that people can't withdraw if the hot wallet might be compromised. If I were running the exchange that would be my first reaction too. Stop all movements of funds until it is clear what is safe and what is not.
Unreal start to 2015. 
Not saying it's going to be Gox 2.0 where people lose their funds, and the exchange operator just up and leaves, but just the sentiment.
Things like this shouldn't happen to a major exchange. Period. Leave a bad taste to the community and it's supporters.
Just unreal that 2 years in a row, 2 of biggest Bitcoin exchanges get compromised. This one may not be from seedy operator at the top, but just the fact it happened, hurts.
Not trying to spread FUD or giving up or anything, but this piece of news is very disappointing, to say the least.
Not saying it's going to be Gox 2.0 where people lose their funds, and the exchange operator just up and leaves, but just the sentiment.
Things like this shouldn't happen to a major exchange. Period. Leave a bad taste to the community and it's supporters.
Just unreal that 2 years in a row, 2 of biggest Bitcoin exchanges get compromised. This one may not be from seedy operator at the top, but just the fact it happened, hurts.
Not trying to spread FUD or giving up or anything, but this piece of news is very disappointing, to say the least.
This should make it clear to everybody that the exchanges are bitcoin's Achilles heel.
As long as bitcoin is still young, we need exchanges to get in and out of bitcoin. If the exchanges keep losing or stealing our money, bitcoin itself is dead.
Unreal start to 2015.
Not saying it's going to be Gox 2.0 where people lose their funds, and the exchange operator just up and leaves, but just the sentiment.
Things like this shouldn't happen to a major exchange. Period. Leave a bad taste to the community and it's supporters.
Just unreal that 2 years in a row, 2 of biggest Bitcoin exchanges get compromised. This one may not be from seedy operator at the top, but just the fact it happened, hurts.
Not trying to spread FUD or giving up or anything, but this piece of news is very disappointing, to say the least.
Not saying it's going to be Gox 2.0 where people lose their funds, and the exchange operator just up and leaves, but just the sentiment.
Things like this shouldn't happen to a major exchange. Period. Leave a bad taste to the community and it's supporters.
Just unreal that 2 years in a row, 2 of biggest Bitcoin exchanges get compromised. This one may not be from seedy operator at the top, but just the fact it happened, hurts.
Not trying to spread FUD or giving up or anything, but this piece of news is very disappointing, to say the least.
Thank you both for your help. 
Is the Bitstamp hotwallet adress/es known so others can follow the coins? Do they make it public?
As an aside, where can one find that Bitstamp depth sum chart on the first page?
https://blockchain.info/address/1L2JsXHPMYuAa9ugvHGLwkdstCPUDemNCf As an aside, where can one find that Bitstamp depth sum chart on the first page?
As an aside, where can one find that Bitstamp depth sum chart on the first page?
Here:http://coinsight.org/bitstamp
Is the Bitstamp hotwallet adress/es known so others can follow the coins? Do they make it public?
As an aside, where can one find that Bitstamp depth sum chart on the first page?
As an aside, where can one find that Bitstamp depth sum chart on the first page?
I have half my stash on stamp...
Should I be worried?
Should I be worried?
No, the other half at MtGox is completely safe!
Stamp didn't have the initiative yesterday, neither in the downfall or in the upwards bounce. That doesn't make sense.
Jump to: