So where are the auditing and insurance services we seem to need? Must be an opportunity here for someone who knows about that stuff.
No one would insure bitcoin exchanges.
Topic: Why are bitcoin exchange operators so inept? - page 2. (Read 4331 times)
No one would insure bitcoin exchanges.
So where are the auditing and insurance services we seem to need? Must be an opportunity here for someone who knows about that stuff.
Well security is pretty hard when you are the hacker 
(looking at you Bitcoinica)
(looking at you Bitcoinica)
The simple answer is because all too often Bitcoin ventures are set up an run by one person, who lacks all the necessary skills. In some cases that one person is a kid, too.
Seems the exchanges that got pwned are textbook demonstrations of the Dunning-Kruger effect.
The users are not blameless, provide something really secure and the vast majority of them will not use it.
They don't care about security until after they lose their coins. Until then they just want total convenience, the easier a hacker can get their coins the easier it is for them too, for example a password easy to brute-force is also easy to remember, and having to use a GPG encrypted message to order things done with your coins is not worth the few thousand coins at risk... until those coins go missing...
-MarkM-
They don't care about security until after they lose their coins. Until then they just want total convenience, the easier a hacker can get their coins the easier it is for them too, for example a password easy to brute-force is also easy to remember, and having to use a GPG encrypted message to order things done with your coins is not worth the few thousand coins at risk... until those coins go missing...
-MarkM-
Well that would result in the user losing their own coins, which is their own damn fault, not the exchange losing everything.
1) open exchange
2) sweep all deposits into bitcoin savings and trust (pirate bonds)
3) ...
2) sweep all deposits into bitcoin savings and trust (pirate bonds)
3) ...
I'm starting to think any company offering wallet services needs to have a large stash of BTC in cold storage. Enough to pay for any user funds lost, set aside solely for that purpose.
The users are not blameless, provide something really secure and the vast majority of them will not use it.
They don't care about security until after they lose their coins. Until then they just want total convenience, the easier a hacker can get their coins the easier it is for them too, for example a password easy to brute-force is also easy to remember, and having to use a GPG encrypted message to order things done with your coins is not worth the few thousand coins at risk... until those coins go missing...
-MarkM-
They don't care about security until after they lose their coins. Until then they just want total convenience, the easier a hacker can get their coins the easier it is for them too, for example a password easy to brute-force is also easy to remember, and having to use a GPG encrypted message to order things done with your coins is not worth the few thousand coins at risk... until those coins go missing...
-MarkM-
Re: Why are bitcoin exchange operators so inept?
Because from the outside good security is indistinguishable from bad security...
until they get hacked of course!
It's an economic problem. A startup company wants to reduce costs as much as they can. In the case of Bitcoin exchanges, that means forgoing security audits, insurance and bonding in order to get something out now. The users don't notice security problems because these involve back end processes that they never directly engage with. In any event, these startups are paying the price for cutting corners handling other people's money. And the users are paying the price for leaving significant sums of money in an account that has no auditing and no insurance.
Good points, but is seems like some losses occur due to sheer stupidty, for example not having good backup routines for offsite storage, having the majority of coins in cold storage and so on.
Besides, it's hard for users to know whether the 'hack' is because there's actually a break in, or if it's a rogue operator.
That's why you need auditing and insurance. Stupidity happens, that's a fact. But if you have audits to protect against stupidity in the first place and then insurance to pay out if stupidity still occurs, then that solves the problem (for the most part).
In this case, if Bitfloor had a respectable auditor, probably one of the first questions they would ask is: 'where all the Bitcoins are stored?'. If the reply was 'on this unencrypted hard drive over here...' then the auditor catches that problem right away. No process is 100% foolproof, but these exchanges can do a hell of a lot better than what they are doing now which is just skimping on costs and duping customers into making large deposits on their unaudited, uninsured platforms.
Best thing for these folks (or anyone for that matter) to do is keep your Bitcoins safe by sending them to my wallet. Then just send me an e-mail letting me know how much was deposited for safe keeping.
My wallet is secure. Honest.
Address in the sig. Better safe than sorry!
My wallet is secure. Honest.
Address in the sig. Better safe than sorry!
This offer is rated AA in Harnettopia.
One hack after another...
It's getting quite tiresome.
It's getting quite tiresome.
Didn't you know the most profit is produced if you hack your own site or claim a hack happened and then close up shop?
Seems to be a trend.
this, million times over.
It's an economic problem. A startup company wants to reduce costs as much as they can. In the case of Bitcoin exchanges, that means forgoing security audits, insurance and bonding in order to get something out now. The users don't notice security problems because these involve back end processes that they never directly engage with. In any event, these startups are paying the price for cutting corners handling other people's money. And the users are paying the price for leaving significant sums of money in an account that has no auditing and no insurance.
Good points, but is seems like some losses occur due to sheer stupidty, for example not having good backup routines for offsite storage, having the majority of coins in cold storage and so on.
Besides, it's hard for users to know whether the 'hack' is because there's actually a break in, or if it's a rogue operator.
Best thing for these folks (or anyone for that matter) to do is keep your Bitcoins safe by sending them to my wallet. Then just send me an e-mail letting me know how much was deposited for safe keeping.
My wallet is secure. Honest.
Address in the sig. Better safe than sorry!
My wallet is secure. Honest.
Address in the sig. Better safe than sorry!
lol'd don't be surprise if some moron does send you their bitcoins! lol
Best thing for these folks (or anyone for that matter) to do is keep your Bitcoins safe by sending them to my wallet. Then just send me an e-mail letting me know how much was deposited for safe keeping.
My wallet is secure. Honest.
Address in the sig. Better safe than sorry!
My wallet is secure. Honest.
Address in the sig. Better safe than sorry!
One hack after another...
It's getting quite tiresome.
It's getting quite tiresome.
Didn't you know the most profit is produced if you hack your own site or claim a hack happened and then close up shop?
Seems to be a trend.
Clearly there is money to be made in setting up a scam! we are all in the wrong business!!!
It's an economic problem. A startup company wants to reduce costs as much as they can. In the case of Bitcoin exchanges, that means forgoing security audits, insurance and bonding in order to get something out now. The users don't notice security problems because these involve back end processes that they never directly engage with. In any event, these startups are paying the price for cutting corners handling other people's money. And the users are paying the price for leaving significant sums of money in an account that has no auditing and no insurance.
Pretty much this. Most Bitcoin start-ups are launched on the smell of an oily rag. If they're moderately successful, any profits they're making are chewed up by rapid growth so they never have the money to invest in infrastructure unless they seek outside funds for that purpose. Most people also probably grossly under-estimate the amount of fraud and intrusion attempts they'll have to deal with as well.
Users need to accept the inherent risk in leaving funds on exchanges, and especially those which are doing everything as cheaply as possible or making compromises for convenience because their business has grown and they can't afford to hire additional staff.
It's an economic problem. A startup company wants to reduce costs as much as they can. In the case of Bitcoin exchanges, that means forgoing security audits, insurance and bonding in order to get something out now. The users don't notice security problems because these involve back end processes that they never directly engage with. In any event, these startups are paying the price for cutting corners handling other people's money. And the users are paying the price for leaving significant sums of money in an account that has no auditing and no insurance.
'zactly.
Vast quanties of Ineptitude.
Jump to: