Bitcoin Exchange BitFloor Says It Will Replace Stolen Coins 117
angry tapir writes "Bitcoin exchanges generally don't seem to recover that easily after security breaches. However, BitFloor, which was hacked and had 24,000 Bitcoins stolen in early September, is coming back online, refunding account holders whose coins were stolen and implementing new security measures, including cold storage for private keys." The key word is "intends" — but I hope it happens as promised.
Refund how? (Score:1, Insightful)
How can it do so? Are they going to void the old coins?
Re: (Score:3)
They'll have to generate/acquire new ones at their own expense, that's for sure.
Re: (Score:2, Insightful)
Unless they were the ones who "stole" the old ones...
Re:Refund how? (Score:5, Informative)
They are going to resume operation and earn money via trading fees. Assuming they get enough volume the profits will eventually be able to replay the depositors.
In other words they will try to earn their way out of insolvency.
Re:Refund how? (Score:5, Interesting)
If they didn't contract to refund in such cases then they aren't insolvent since there is no obligation to repay. If they did then if the terms for repaying are long enough in the contract they probably aren't insolvent either (you are allowed to carry debt without that automatically making you insolvent). If they do have such a contract but the penalties for breaking it are small enough or allowed to be paid over a long enough term then the same thing applies as above - you are allowed to have debt.
So what information leads you to conclude they are insolvent?
Re: (Score:2)
I'm using the common definition.
They promised to secure client funds and lost them, and they lack assets they could sell to reimburse the loss. That's insolvency.
Re: (Score:3)
They're only insolvent at the point that debtors can legally demand the money and they're incapable of paying.
Re: (Score:1)
Re: (Score:1)
Which would be true for most students.
Re: (Score:2)
Re: (Score:3)
If they didn't contract to refund in such cases then they aren't insolvent since there is no obligation to repay. If they did then if the terms for repaying are long enough in the contract they probably aren't insolvent either (you are allowed to carry debt without that automatically making you insolvent). If they do have such a contract but the penalties for breaking it are small enough or allowed to be paid over a long enough term then the same thing applies as above - you are allowed to have debt.
So what information leads you to conclude they are insolvent?
they would be insolvent if someone asked for the money.
oh, and someone did ask and he didn't pay. they(him) are insolvent because by their own words they don't have the money to pay back.
last time some numbers were thrown about the normal profits for bitfloor would take many years to cover up the losses.
this article didn't cover if he paid back the real money people had sitting in the system either.. that was/is a big issue. when it hit he basically just froze everything.
Re: (Score:3)
Only if he has an agreement to pay them money. It's a bitcoin thing, that people would hand over their coins with no agreement for them to be returned doesn't seem that unlikely.
I can ask you for $50 billion, that doesn't make you insolvent. I could ask a bank to return the $5000 I put in a term deposit, if the term hasn't expired they can not pay me back without being insolvent.
As I said it all depends on the contracts in place.
Re: (Score:3)
They left a large amount of bitcoins in an unencrypted wallet (to my understanding). What makes you think they'd have that level of sophistication in their contract?
Re: (Score:2)
Because I suspect their clients are foolish, and that they actually have no contract requiring that their money be returned.
I don't know this for a fact of course, I don't have any bitcoins with them (well at all in fact) to care enough to have checked.
Re: (Score:2)
They are going to resume operation and earn money via trading fees. Assuming they get enough volume the profits will eventually be able to replay the depositors. In other words they will try to earn their way out of insolvency.
Hopefully, there won't be a run on the bank as soon as it reopens.
Either that, or they'll have to furnish future IOUs to the people who've lost money, and so a bond/futures market for bitcoins where you can sell your IOU at a discount will probably open up as well.
Re: (Score:1)
Re: (Score:2)
According to the announcement BTC balances are locked and will slowly be released on a percentage basis as they are replaced so a run isn't possible.
Re: (Score:1)
Because either:
a.) You're completely unaware that "voiding" bitcoins is impossible - they can not be destroyed or voided; only lost - and dare to post an opinion given such a monumental level of ignorance about the subject at hand., or
b.) You're quite aware that bitcoins cannot be "voided" (frankly, a difficult level of knowledge to avoid with even a cursory look at the subject), and are trying to get a rise out of those who like to keep their conversations more or less fact-based.
Question answered?
Re:Refund how? (Score:4, Informative)
No one can make any more bitcoins than the pre-defined scheduled amount, and no one can guarantee that they're able to make them for themselves.. It takes a lot of (computer) work, and a bit of luck.. You basically buy lottery tickets to winning newly created money by agreeing to do work to process transactions.. That's not exactly right, but it'll get you a lot closer to understanding the system than where you're clearly at..
Re: (Score:2)
Bitcoins can't be created by anyone on a whim, they are not issued by any authority other than the authority given to the entity who solves a block. The system imitates gold, with the exception that the total mining rate is also predefined. If you get them stolen, you have to replace them by buying/mining/earning new ones.
Re: (Score:1)
pump and dump (Score:3, Interesting)
"Yes, we plan on buying a large number of Buttcoins to replace the ones that 'external hackers' stole from our 'customers'."
[price goes up on exchanges]
['stolen' coins all sold for cash out of an anonymous account that's surely not controlled buy the guy running BitFloor]
[BitFloor never heard from again]
Taking money from the Buttcoin crowd must be the easiest thing in the world. It's like if you took normal currency speculators and then gave them all severe head injuries.
Re: (Score:2)
Mod parent Interesting...it's completely possible. Even if the owners checked that the individual coins they have don't match the ones they had before, with careful laundering it could still be pulled off.
Re: (Score:3)
Wait, are the coins unique? Doesn't that defeat anonymity if you can track individual coins?
Re:pump and dump (Score:4, Informative)
Yes, the anonymity lies in throwaway email addresses that have no association with your real name.
Re: (Score:3)
What do email addresses have to do with bitcoins?
Re:pump and dump (Score:5, Informative)
There are no discrete "coins". There are only addresses and balances.
Re: (Score:1)
Correct, and it's fairly trivial to launder the coins between hundreds of throwaway addresses; surely the people using them to buy drugs don't care if they get their coins from an address that might be linked to the BitFloor heist.
Re: (Score:3)
It's true that "Coins" are only a unit of measurement in the BitCoin system, but transactions can be tracked just the same:
https://bitcointalk.org/index.php?topic=241.0 [bitcointalk.org]
Re: (Score:2)
Re: (Score:2)
You have that almost entirely backward. Bitcoin has no "balances" as they relate to an address; it has blocks (groups of 50BTC) that you can trace through a transaction history to determine the current owners of various subdivisions of that block.
You can think of it almost as if, to figure out how much money you have in the bank, you needed to check every dollar bill in circulation to see if you own a portion of it (though more accur
Re: (Score:2)
it has blocks (groups of 50BTC)
A block is not a "group of 50 BTC", a block is essentially a transaction in a ledger (the blockchain) which updates which accounts (addresses) hold what balances. By working through that ledger you can (and need to) determine the balance that each address has. Participants check blocks for validity so a miner can't generate blocks that don't follow the rules. As a carrot to encourage mining those who generate a block are allowed to award themselves a reward. Currently this reward is 50 BTC
It is possible for
Re: (Score:2)
Sorry, but with the exception of your point about parallel branches, you have that factually incorrect in every meaningful way.
"Accounts" do nothing more than sign blocks. They don't exist in any meaningful way in the system except as keys to sign blocks.
And yes, you most certainly can trace any Bitcoin (or
Re: (Score:2)
No, because transactions can combine coins from multiple sources to produce multiple outputs. After such merging and splitting you could assign a single coin several different valid histories and origins, thus making the concept pretty much meaningless.
Not that any of this makes any difference for any practical matter.
Re:pump and dump (Score:5, Interesting)
Anonymity was never a feature of Bitcoin, though first reports made claims to that. It is regarded currently and properly as pseudo-anonymous. Your bitcoin wallet maintains a ledger of every transaction ever made. So you can see money moving between people, unlike a stock exchange or bank. Scratch that, it's not a matter of can, it is a matter of having to see every transaction.
Where they "anonymity" lies us unlike a bank, you can create an account (address) out of thin air. You can control any number of accounts in your wallet, and move money between them. So no one can tell what addresses are in your wallet and who (person) controls however many bitcoins. Two people having 10 btc might divide it up differently - 1 person has all 10btc in one address, the other has 10 addresses all with one. You don't know who controls what. The only way to find out is to get enough wallets with enough addresses in them that you can start identifying people for past transactions, but you can always invent a new address so you can't ever "watch" anyone. It is just like - until recently - moving money between swiss bank accounts.
Re:pump and dump (Score:5, Funny)
You can control any number of accounts in your wallet, and move money between them. So no one can tell what addresses are in your wallet and who (person) controls however many bitcoins. Two people having 10 btc might divide it up differently - 1 person has all 10btc in one address, the other has 10 addresses all with one. You don't know who controls what. The only way to find out is to get enough wallets with enough addresses in them that you can start identifying people for past transactions, but you can always invent a new address so you can't ever "watch" anyone.
But your honor, it couldn't possibly have been MY client who purchased those drugs. As you can see here, he clearly transferred $160 from his account <dude@hendrixfans.net> to some nefarious third party <cantcatchme@mailinator.com>, who by COMPLETE COINCIDENCE purchased $160 worth of drugs from about 30 seconds later. We have NO IDEA who this mysterious cantcatchme is, other than being a beneficent of my client's quirky tendency to email unsolicited funds to random strangers just to brighten their day.
Why NO, I don't think it's the LEAST bit suspicious that this is the 23rd week in a row that this exact sequence of transactions has occurred between these exact same participants. What can I say? My client is a generous man. Like the other day when he spontaneously sent $200 to <bogusacct@mailinator.com>. Perhaps foolishly generous, as Mr. bogusacct promptly sent that money to <cashier@pokerboss.net>, but can one convict a man for carrying virtue to excess? I say no!
Re: (Score:2)
Re: (Score:2)
No, bitcoin addresses are not email addresses. They are hashes.
Re: (Score:2)
Well, sure if you want to track enough bitcoin transfers you probably can and they probably will for the large-enough scale crime. For the small timers though, you can create a separate dummy account for each day of the month and make it too much hassle for them to waste their time on you.
Re: (Score:1)
Well, sure if you want to track enough bitcoin transfers you probably can and they probably will for the large-enough scale crime. For the small timers though, you can create a separate dummy account for each day of the month and make it too much hassle for them to waste their time on you.
It's an arms race for sure. At first, being a small-timer and being just a little more sophisticated than other small-timers will probably be sufficient, but once they start to develop tools to track down the large-timers, those same tools can be turned on the small-timers as well. On balance, I feel this race will favor the prosecution in the long run, as long as they can explain the data analytics to juries. Or it would if the money-laundering underground was dumb enough to stay on a platform that provid
Re: (Score:2)
Though funny, you of course see the flaw in this part of your reasoning?
In case you don't - Each of those transactions would come from, and go to, an entirely different address. You wouldn't even see them as distinct 160BTC transfers; rather, you would just see a scattered collection adding up to 160BTC that "someone" (presu
Re: (Score:2)
Even if you bust the seller, and get his entire history of addresses to trace through the blockchain... You still have no way to tell that buyer-A equals buyer-B.
My hypothetical defendant was using a particular gambit that my hypothetical prosecutor saw thru. You now suggest a more sophisticated gambit to use, but there are ways of seeing thru it too. Like I said in another post, it's an arms race. Law enforcement will discover gambits and devise strategies for detecting the tell-tell patterns they leave in bitcoin transaction histories. The obvious gambits (fake intermediaries, scatter/gather, pool/split, currency conversion, etc.) will be countered quickly once la
Re: (Score:3)
Right, Bitcoin is pseudonymous, not anonymous, and even then you have to put some thought and effort into keeping your addresses independent, or the connections will be uncovered by some fairly basic traffic analysis. There are "mixing services" to deal with the latter issue, but use of one is somewhat suspicious in itself.
If you want fully anonymous transfers you need something more like an Open Transactions [github.com] server running in cash-only mode. This is a federated contract-based derivative system, as opposed
Re: (Score:2)
How is this different from bitcoin contracts? https://en.bitcoin.it/wiki/Contracts [bitcoin.it]
Re: (Score:2)
site got /.ed while mentioned in a buried 1pt comment... nice.
Re: (Score:3)
How is this [Open Transactions] different from bitcoin contracts? https://en.bitcoin.it/wiki/Contracts [bitcoin.it]
I'm not quite sure where to start. They're completely different concepts. Bitcoin contracts, like the assurance contract or an escrow contract, are ways to use the Bitcoin protocol to create transactions which are only valid under certain conditions—when enough money has been collected from a variety of different inputs, or when two of three stakeholders (payer, payee, arbiter) sign off on a transfer, etc. All the data about the transfer is public, integrated into the block chain, and traceable to par
Re:pump and dump (Score:4, Funny)
ButtCoin victim spotted.
Re: (Score:1)
...when nobody can verify that the bank didn't steal the gold bars themselves in the first place, and there's no legal or practical recourse if they don't replace them.
Gaze upon anarchocapitalism, ye mighty, and despair.
Re:refund from where? (Score:4, Insightful)
They can't dilute the currency. They only way they can replace the coins is to earn them via business profits.
Re: (Score:2)
They could credit people's accounts with bitcoins that aren't backed by actual real bitcoins and hope that not everyone tries to withdraw at the same time, much like how real world banks do things.
Re: (Score:1)
Re: (Score:2)
There is no technical reason why you couldn't have a bitcoin bank that works in the same way as a US Dollar bank. If Bitcoin does become the world currency of choice, people are going to want to save money like they do at the moment, and other people are going to want to borrow money like they do at the moment, and you have Bitcoin bank deposits which are bank created money backed by the loans they make to people, just like real world bank deposits at the moment
Re: (Score:2)
Re: (Score:3)
Out of whose pocket come these bitcoins? Or are they just changing user's balance thus diluting the currency?
that would be extremely interesting to know, since apparently the theft is way beyond his own means of paying capability. also it's to note that he initially sat on peoples real money too.
the actual article says though that he _intends_ to pay back.
This whole digital currency thing (Score:5, Insightful)
Gives me the willies...
Of course it's not much different than paper currency I suppose, it's all make-believe anyway.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Only if you like your currency easy to manipulate. Bitcoin was designed to make it nearly impossible to do this sort (or any sort) of manipulation. In order to do what you're proposing, you'd literally need to get thousands or tens of thousands of people to all agree to game the system and modify their software to allow that to happen. Then they'd either need to process invalid transactions (unsigned transactions for those accounts) essentially creating a corrupt transaction database with a broken trust
Re: (Score:2)
Yeah, currency is make-believe by its nature, there is no way around that. But we can still change who makes it or what to believe.
Re: (Score:2)
But can you believe in the dollars that are behind those guns? (c.f. sequestration)
And... (Score:5, Funny)
Nothing of value was gained.
Trust excanges? Nope. (Score:3)
I don't know why anyone would trust exchanges or online wallets. At this time they aren't really regulated, and surely don't have insurance. It's too much of a risk. Instead, keep all your bitcoins in a wallet (an encypted one of course) on your own computer. And make sure you have a backup, 'cause backups are important.
If you are really paranoid, you have an offline wallet that is only on a USB stick or similar, and keep just a few coins in your 'online' (on your computer) wallet. But never keep any more than what you need to pay off in a real online account. Sort of like Paypal, you only keep the minimum in there (or not use Paypal at all, 'cause they are slimey bastards).
Re:Trust excanges? Nope. (Score:4, Insightful)
Or better yet just avoid keeping your money in Bitcoins since the value of them could crash hard at any time as has happened numerous times in the past.
Re: (Score:2)
That's like saying avoid keeping your money in Euros, USD or Yen, since the value of them could crash hard at any time, as has happened in the past. It may not happen as much for these government issued currencies. After all, the markets are much bigger, and the governments tend not to like it if their currencies collapse too much. (Not that it helped a large number of countries in the past, including Zimbabwe, Germany, Armenia and other former USSR states, a number of South American states, and many others
Re: (Score:2)
Re: (Score:3)
If there were no BitCoins and physical money had to be used, the hackers could have set up a "dead man's switch" system that would release the info if the hackers didn't intervene and told this to Romney. That way setting a trap would be self-defeating. Send in an anonymously-contacted intermediary with a wire to do the physical collection for a cut.
You can't really do this with a kidnapping though so maybe it could make kidnapping easier...
Re: (Score:3)
But how? (Score:5, Insightful)
It's not like *real* money that you can just print out of thin air.
You've got to come up with that some how, and at $10 (so I don't need a calculator) that's $240,000 you've got to come up with. That's a lot of mining or fees at $0.10 each. That's hard to make up with low volume of trades.
Re: (Score:2)
Not like an exchange can arrange that, can they? ;-)
Man (Score:2)
We need to fix this security issue. It's almost like we need a deposit insurance corporation, even a federal one, so we can ensure our bitcoins aren't stolen... *rolls eyes*
You guys keep doing the early adopter thing, and let me know when your "currency" gets to its inevitable state of being a clone of the existing currency system.
Re: (Score:2, Interesting)
RTFA and you'll see that Roman took full responsibility for a huge security mistake that should never have occurred. How many banking executives at Goldman Sachs, Lehman Brothers, Chase, BofA, CitiBank or Wells Fargo have done anything like that? There are many ways to properly secure a bitcoin exchange, but even the biggest (Mt. Gox) was hacked last year, and the community learned a great deal from that experience. Gox did NOT go out of business and in fact, the exchange rate of BTC has skyrocketed from $
Re: (Score:2)
Re: (Score:2)
As someone who worked for firms working on bank security, i call tell you they remain silent about 100% of their electronic breaches and cover the money in silence. The reasoning is that lower accounts are their milking cow now, and news of some measly 200,000 robbed by electronic means (they lose more than that per day), while insignificant to the bank, would draw away those lesser accounts to whom 200,000 is a fortune. and draw away too many of the lesser accounts and the bank starts to be in real problem
Re: (Score:2)
Re: (Score:2)
Let's just say I'm not entirely confident that I should trust ANY of my money with "Magic: The Gathering Online Exchange".
Is it just me... (Score:2)
...or am I the only one picturing Mario jumping up, hitting a block and then collecting the coins that shower down?
Re: (Score:1)
Keyword not in summary? (Score:1)
Re: (Score:1)
Grow up, slashmods. People can have dissenting opinions.
Re: (Score:2)
You have the right to post "Bitcoin sucks". The mods have a right to determine that your post adds nothing of value to the conversation. You have a right to whine that this makes the mods immature; they have the right to ignore you.
Aren't rights wonderful?