Forgot your password?
typodupeerror
Bitcoin Businesses Security The Almighty Buck News Your Rights Online

Bitcoin Exchange BitFloor Says It Will Replace Stolen Coins 117

Posted by timothy
from the fdic-never-replaces-bitcoins dept.
angry tapir writes "Bitcoin exchanges generally don't seem to recover that easily after security breaches. However, BitFloor, which was hacked and had 24,000 Bitcoins stolen in early September, is coming back online, refunding account holders whose coins were stolen and implementing new security measures, including cold storage for private keys." The key word is "intends" — but I hope it happens as promised.
This discussion has been archived. No new comments can be posted.

Bitcoin Exchange BitFloor Says It Will Replace Stolen Coins

Comments Filter:
  • Refund how? (Score:1, Insightful)

    by Anonymous Coward

    How can it do so? Are they going to void the old coins?

    • They'll have to generate/acquire new ones at their own expense, that's for sure.

    • Re:Refund how? (Score:5, Informative)

      by Wonko the Sane (25252) * on Thursday September 27, 2012 @11:21AM (#41478177) Journal

      They are going to resume operation and earn money via trading fees. Assuming they get enough volume the profits will eventually be able to replay the depositors.

      In other words they will try to earn their way out of insolvency.

      • Re:Refund how? (Score:5, Interesting)

        by nedlohs (1335013) on Thursday September 27, 2012 @11:36AM (#41478389)

        If they didn't contract to refund in such cases then they aren't insolvent since there is no obligation to repay. If they did then if the terms for repaying are long enough in the contract they probably aren't insolvent either (you are allowed to carry debt without that automatically making you insolvent). If they do have such a contract but the penalties for breaking it are small enough or allowed to be paid over a long enough term then the same thing applies as above - you are allowed to have debt.

        So what information leads you to conclude they are insolvent?

        • I'm using the common definition.

          They promised to secure client funds and lost them, and they lack assets they could sell to reimburse the loss. That's insolvency.

          • They're only insolvent at the point that debtors can legally demand the money and they're incapable of paying.

          • by Anonymous Coward
            Under your common definition, signing a student loan instantly makes you insolvent.
            • by Anonymous Coward

              Which would be true for most students.

            • by Shrike82 (1471633)
              A student loan has a defined repayment period and method. The loan company couldn't legally demand the money as they'd be in breach of contract.
        • by gl4ss (559668)

          If they didn't contract to refund in such cases then they aren't insolvent since there is no obligation to repay. If they did then if the terms for repaying are long enough in the contract they probably aren't insolvent either (you are allowed to carry debt without that automatically making you insolvent). If they do have such a contract but the penalties for breaking it are small enough or allowed to be paid over a long enough term then the same thing applies as above - you are allowed to have debt.

          So what information leads you to conclude they are insolvent?

          they would be insolvent if someone asked for the money.
          oh, and someone did ask and he didn't pay. they(him) are insolvent because by their own words they don't have the money to pay back.

          last time some numbers were thrown about the normal profits for bitfloor would take many years to cover up the losses.

          this article didn't cover if he paid back the real money people had sitting in the system either.. that was/is a big issue. when it hit he basically just froze everything.

          • by nedlohs (1335013)

            Only if he has an agreement to pay them money. It's a bitcoin thing, that people would hand over their coins with no agreement for them to be returned doesn't seem that unlikely.

            I can ask you for $50 billion, that doesn't make you insolvent. I could ask a bank to return the $5000 I put in a term deposit, if the term hasn't expired they can not pay me back without being insolvent.

            As I said it all depends on the contracts in place.

        • by Richy_T (111409)

          They left a large amount of bitcoins in an unencrypted wallet (to my understanding). What makes you think they'd have that level of sophistication in their contract?

          • by nedlohs (1335013)

            Because I suspect their clients are foolish, and that they actually have no contract requiring that their money be returned.

            I don't know this for a fact of course, I don't have any bitcoins with them (well at all in fact) to care enough to have checked.

      • They are going to resume operation and earn money via trading fees. Assuming they get enough volume the profits will eventually be able to replay the depositors. In other words they will try to earn their way out of insolvency.

        Hopefully, there won't be a run on the bank as soon as it reopens.

        Either that, or they'll have to furnish future IOUs to the people who've lost money, and so a bond/futures market for bitcoins where you can sell your IOU at a discount will probably open up as well.

        • by Yomers (863527)
          Yeah, I would not be surprised if, once they get turnover again, coins will get "stolen" one more time. It's a common scheme with unlicensed online "banks".
        • According to the announcement BTC balances are locked and will slowly be released on a percentage basis as they are replaced so a run isn't possible.

    • by csumpi (2258986)
      They make new ones.
  • pump and dump (Score:3, Interesting)

    by Anonymous Coward on Thursday September 27, 2012 @11:12AM (#41478049)

    "Yes, we plan on buying a large number of Buttcoins to replace the ones that 'external hackers' stole from our 'customers'."

    [price goes up on exchanges]

    ['stolen' coins all sold for cash out of an anonymous account that's surely not controlled buy the guy running BitFloor]

    [BitFloor never heard from again]

    Taking money from the Buttcoin crowd must be the easiest thing in the world. It's like if you took normal currency speculators and then gave them all severe head injuries.

    • Mod parent Interesting...it's completely possible. Even if the owners checked that the individual coins they have don't match the ones they had before, with careful laundering it could still be pulled off.

      • Wait, are the coins unique? Doesn't that defeat anonymity if you can track individual coins?

        • Re:pump and dump (Score:4, Informative)

          by GameboyRMH (1153867) <{moc.liamg} {ta} {hmryobemag}> on Thursday September 27, 2012 @11:33AM (#41478355) Journal

          Yes, the anonymity lies in throwaway email addresses that have no association with your real name.

        • Re:pump and dump (Score:5, Informative)

          by Wonko the Sane (25252) * on Thursday September 27, 2012 @11:35AM (#41478369) Journal

          There are no discrete "coins". There are only addresses and balances.

          • by Anonymous Coward

            Correct, and it's fairly trivial to launder the coins between hundreds of throwaway addresses; surely the people using them to buy drugs don't care if they get their coins from an address that might be linked to the BitFloor heist.

          • It's true that "Coins" are only a unit of measurement in the BitCoin system, but transactions can be tracked just the same:

            https://bitcointalk.org/index.php?topic=241.0 [bitcointalk.org]

          • That's incorrect. The codebase uses the term "coin" to refer to a transaction output, ie a discrete unit of value that can be claimed by the holder of a private key. There can be multiple outputs/coins sent to the same address. Internally Bitcoin has almost no notion of balance - the balance you see in your wallet app is merely the sum of unspent outputs.
          • by pla (258480)
            There are no discrete "coins". There are only addresses and balances.

            You have that almost entirely backward. Bitcoin has no "balances" as they relate to an address; it has blocks (groups of 50BTC) that you can trace through a transaction history to determine the current owners of various subdivisions of that block.

            You can think of it almost as if, to figure out how much money you have in the bank, you needed to check every dollar bill in circulation to see if you own a portion of it (though more accur
            • it has blocks (groups of 50BTC)

              A block is not a "group of 50 BTC", a block is essentially a transaction in a ledger (the blockchain) which updates which accounts (addresses) hold what balances. By working through that ledger you can (and need to) determine the balance that each address has. Participants check blocks for validity so a miner can't generate blocks that don't follow the rules. As a carrot to encourage mining those who generate a block are allowed to award themselves a reward. Currently this reward is 50 BTC

              It is possible for

              • by pla (258480)
                a block is essentially a transaction in a ledger (the blockchain) which updates which accounts (addresses) hold what balances. [...] You can't say "this bitcoin came from those found in block X".

                Sorry, but with the exception of your point about parallel branches, you have that factually incorrect in every meaningful way.

                "Accounts" do nothing more than sign blocks. They don't exist in any meaningful way in the system except as keys to sign blocks.

                And yes, you most certainly can trace any Bitcoin (or
                • by ultranova (717540)

                  And yes, you most certainly can trace any Bitcoin (or fraction thereof) back to its origin block.

                  No, because transactions can combine coins from multiple sources to produce multiple outputs. After such merging and splitting you could assign a single coin several different valid histories and origins, thus making the concept pretty much meaningless.

                  Not that any of this makes any difference for any practical matter.

        • Re:pump and dump (Score:5, Interesting)

          by scorp1us (235526) on Thursday September 27, 2012 @12:01PM (#41478659) Journal

          Anonymity was never a feature of Bitcoin, though first reports made claims to that. It is regarded currently and properly as pseudo-anonymous. Your bitcoin wallet maintains a ledger of every transaction ever made. So you can see money moving between people, unlike a stock exchange or bank. Scratch that, it's not a matter of can, it is a matter of having to see every transaction.

          Where they "anonymity" lies us unlike a bank, you can create an account (address) out of thin air. You can control any number of accounts in your wallet, and move money between them. So no one can tell what addresses are in your wallet and who (person) controls however many bitcoins. Two people having 10 btc might divide it up differently - 1 person has all 10btc in one address, the other has 10 addresses all with one. You don't know who controls what. The only way to find out is to get enough wallets with enough addresses in them that you can start identifying people for past transactions, but you can always invent a new address so you can't ever "watch" anyone. It is just like - until recently - moving money between swiss bank accounts.

          • by firewrought (36952) on Thursday September 27, 2012 @01:18PM (#41479589)

            You can control any number of accounts in your wallet, and move money between them. So no one can tell what addresses are in your wallet and who (person) controls however many bitcoins. Two people having 10 btc might divide it up differently - 1 person has all 10btc in one address, the other has 10 addresses all with one. You don't know who controls what. The only way to find out is to get enough wallets with enough addresses in them that you can start identifying people for past transactions, but you can always invent a new address so you can't ever "watch" anyone.

            But your honor, it couldn't possibly have been MY client who purchased those drugs. As you can see here, he clearly transferred $160 from his account <dude@hendrixfans.net> to some nefarious third party <cantcatchme@mailinator.com>, who by COMPLETE COINCIDENCE purchased $160 worth of drugs from about 30 seconds later. We have NO IDEA who this mysterious cantcatchme is, other than being a beneficent of my client's quirky tendency to email unsolicited funds to random strangers just to brighten their day.

            Why NO, I don't think it's the LEAST bit suspicious that this is the 23rd week in a row that this exact sequence of transactions has occurred between these exact same participants. What can I say? My client is a generous man. Like the other day when he spontaneously sent $200 to <bogusacct@mailinator.com>. Perhaps foolishly generous, as Mr. bogusacct promptly sent that money to <cashier@pokerboss.net>, but can one convict a man for carrying virtue to excess? I say no!

            • This post should either be modded Funny or Insightful, but I can't quite decide which...
            • by scorp1us (235526)

              No, bitcoin addresses are not email addresses. They are hashes.

            • Well, sure if you want to track enough bitcoin transfers you probably can and they probably will for the large-enough scale crime. For the small timers though, you can create a separate dummy account for each day of the month and make it too much hassle for them to waste their time on you.

              • Well, sure if you want to track enough bitcoin transfers you probably can and they probably will for the large-enough scale crime. For the small timers though, you can create a separate dummy account for each day of the month and make it too much hassle for them to waste their time on you.

                It's an arms race for sure. At first, being a small-timer and being just a little more sophisticated than other small-timers will probably be sufficient, but once they start to develop tools to track down the large-timers, those same tools can be turned on the small-timers as well. On balance, I feel this race will favor the prosecution in the long run, as long as they can explain the data analytics to juries. Or it would if the money-laundering underground was dumb enough to stay on a platform that provid

            • by pla (258480)
              Why NO, I don't think it's the LEAST bit suspicious that this is the 23rd week in a row that this exact sequence of transactions has occurred between these exact same participants.

              Though funny, you of course see the flaw in this part of your reasoning?

              In case you don't - Each of those transactions would come from, and go to, an entirely different address. You wouldn't even see them as distinct 160BTC transfers; rather, you would just see a scattered collection adding up to 160BTC that "someone" (presu
              • Even if you bust the seller, and get his entire history of addresses to trace through the blockchain... You still have no way to tell that buyer-A equals buyer-B.

                My hypothetical defendant was using a particular gambit that my hypothetical prosecutor saw thru. You now suggest a more sophisticated gambit to use, but there are ways of seeing thru it too. Like I said in another post, it's an arms race. Law enforcement will discover gambits and devise strategies for detecting the tell-tell patterns they leave in bitcoin transaction histories. The obvious gambits (fake intermediaries, scatter/gather, pool/split, currency conversion, etc.) will be countered quickly once la

          • Right, Bitcoin is pseudonymous, not anonymous, and even then you have to put some thought and effort into keeping your addresses independent, or the connections will be uncovered by some fairly basic traffic analysis. There are "mixing services" to deal with the latter issue, but use of one is somewhat suspicious in itself.

            If you want fully anonymous transfers you need something more like an Open Transactions [github.com] server running in cash-only mode. This is a federated contract-based derivative system, as opposed

            • by scorp1us (235526)

              How is this different from bitcoin contracts? https://en.bitcoin.it/wiki/Contracts [bitcoin.it]

              • by nazsco (695026)

                site got /.ed while mentioned in a buried 1pt comment... nice.

              • How is this [Open Transactions] different from bitcoin contracts? https://en.bitcoin.it/wiki/Contracts [bitcoin.it]

                I'm not quite sure where to start. They're completely different concepts. Bitcoin contracts, like the assurance contract or an escrow contract, are ways to use the Bitcoin protocol to create transactions which are only valid under certain conditions—when enough money has been collected from a variety of different inputs, or when two of three stakeholders (payer, payee, arbiter) sign off on a transfer, etc. All the data about the transfer is public, integrated into the block chain, and traceable to par

  • by kiriath (2670145) on Thursday September 27, 2012 @11:15AM (#41478097)

    Gives me the willies...

    Of course it's not much different than paper currency I suppose, it's all make-believe anyway.

    • by Guru80 (1579277)
      Modded funny or not, it's the damn truth.
    • by gox (1595435)

      Yeah, currency is make-believe by its nature, there is no way around that. But we can still change who makes it or what to believe.

  • And... (Score:5, Funny)

    by Anonymous Coward on Thursday September 27, 2012 @11:18AM (#41478139)

    Nothing of value was gained.

  • by magic maverick (2615475) on Thursday September 27, 2012 @11:25AM (#41478227) Homepage Journal

    I don't know why anyone would trust exchanges or online wallets. At this time they aren't really regulated, and surely don't have insurance. It's too much of a risk. Instead, keep all your bitcoins in a wallet (an encypted one of course) on your own computer. And make sure you have a backup, 'cause backups are important.

    If you are really paranoid, you have an offline wallet that is only on a USB stick or similar, and keep just a few coins in your 'online' (on your computer) wallet. But never keep any more than what you need to pay off in a real online account. Sort of like Paypal, you only keep the minimum in there (or not use Paypal at all, 'cause they are slimey bastards).

    • by GameboyRMH (1153867) <{moc.liamg} {ta} {hmryobemag}> on Thursday September 27, 2012 @11:27AM (#41478255) Journal

      Or better yet just avoid keeping your money in Bitcoins since the value of them could crash hard at any time as has happened numerous times in the past.

      • That's like saying avoid keeping your money in Euros, USD or Yen, since the value of them could crash hard at any time, as has happened in the past. It may not happen as much for these government issued currencies. After all, the markets are much bigger, and the governments tend not to like it if their currencies collapse too much. (Not that it helped a large number of countries in the past, including Zimbabwe, Germany, Armenia and other former USSR states, a number of South American states, and many others

    • I do not know much about bitcoins but I do know about the someone said they hacked into Romney tax returns. They wanted to be paid in bitcoins. So is bitcoins going to make it easier to kidnap people? The people must have thought that they could get a million dollars without being caught. It would be much easier than having a pick up place for a million dollars in cash since the serial numbers to that money could be scanned into a computer. So that cash would have to be sold to someone for a discount s
      • If there were no BitCoins and physical money had to be used, the hackers could have set up a "dead man's switch" system that would release the info if the hackers didn't intervene and told this to Romney. That way setting a trap would be self-defeating. Send in an anonymously-contacted intermediary with a wire to do the physical collection for a cut.

        You can't really do this with a kidnapping though so maybe it could make kidnapping easier...

      • by timeOday (582209)
        The answer is yes. The reason we don't have government-backed digital cash is because currency that is not inherently traceable makes it harder to regulate trade, and some trade is illegal. Same reason they stopped making large-denomination paper currency - it's most useful to dictators and drug dealers. And also for under-the-table (or "underground economy") business that would be otherwise be legal except it can't be regulated and taxed. And before you start, no, I'm not saying cash or digital cash sh
  • But how? (Score:5, Insightful)

    by scorp1us (235526) on Thursday September 27, 2012 @11:31AM (#41478329) Journal

    It's not like *real* money that you can just print out of thin air.

    You've got to come up with that some how, and at $10 (so I don't need a calculator) that's $240,000 you've got to come up with. That's a lot of mining or fees at $0.10 each. That's hard to make up with low volume of trades.

  • by TheSpoom (715771)

    We need to fix this security issue. It's almost like we need a deposit insurance corporation, even a federal one, so we can ensure our bitcoins aren't stolen... *rolls eyes*

    You guys keep doing the early adopter thing, and let me know when your "currency" gets to its inevitable state of being a clone of the existing currency system.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      RTFA and you'll see that Roman took full responsibility for a huge security mistake that should never have occurred. How many banking executives at Goldman Sachs, Lehman Brothers, Chase, BofA, CitiBank or Wells Fargo have done anything like that? There are many ways to properly secure a bitcoin exchange, but even the biggest (Mt. Gox) was hacked last year, and the community learned a great deal from that experience. Gox did NOT go out of business and in fact, the exchange rate of BTC has skyrocketed from $

      • by Ash-Fox (726320)

        RTFA and you'll see that Roman took full responsibility for a huge security mistake that should never have occurred. How many banking executives at Goldman Sachs, Lehman Brothers, Chase, BofA, CitiBank or Wells Fargo have done anything like that?

        What huge security mistakes did those banking executives do again?

        • by nazsco (695026)

          As someone who worked for firms working on bank security, i call tell you they remain silent about 100% of their electronic breaches and cover the money in silence. The reasoning is that lower accounts are their milking cow now, and news of some measly 200,000 robbed by electronic means (they lose more than that per day), while insignificant to the bank, would draw away those lesser accounts to whom 200,000 is a fortune. and draw away too many of the lesser accounts and the bank starts to be in real problem

      • by TheSpoom (715771)

        Let's just say I'm not entirely confident that I should trust ANY of my money with "Magic: The Gathering Online Exchange".

  • ...or am I the only one picturing Mario jumping up, hitting a block and then collecting the coins that shower down?

  • Looks like we do need them to point out the keyword here since it was not included in the summary at all... Makes one wonder how "key" the word can be.

There is hardly a thing in the world that some man can not make a little worse and sell a little cheaper.

Working...