It's as much of a Bitcoin problem as the ethereum DAO hack is a ethereum problem. In a normal banking system you just roll back the transaction, which often is possible. In Bitcoin, what's gone is gone.
that's true with US cash too. the problem with some of these exchanges is that they essentially have these buildings with $50M+ cash sitting inside them, but they are NOT also running bank vault level security, quality-wise, to protect that stash. some are better than others, but it makes sense that the worst of them will be run by underqualified people.
I've had the opportunity to look/study behind the scenes at a few major Bitcoin websites, early on, and... let's just say you never wanted to learn how the sausage in the sausage factory gets made. "This PHP kinda works on my box... Let's ship!"
Also the attackers have plenty of time to snoop, wait and watch for an opening. If you were breaking into a real bank then hanging around drilling or whatever is very noticeable and limits your options. I assume they are always scanning for unauthorised access but it only takes one chink and they are very attractive prospects for hackers so the motivation is there.
It is a common misconception that bank transfers can easily be rolled back. In the main if it was fraudulent then the bank compensates you, they take the hit. Some times however they will say it was user fault and you take the hit. I was amazed when I found out that after perhaps 2 transfers it is impossible to get back, larger sums may be more easily (or the bank more motivated to) traced but returning the funds is not always possible.
Normal banking systems can have the same problem when they, too, have lax security. Witness the $100 million heist from the Bangladesh account at the NY Fed.
That the Bangladesh example is the common counterpoint despite tons of banks and money in US unaffected really supports parent's claim. You had go to to a 3rd world country whose banks had little to no security to make average bank look as bad or worse than Bitcoin exchanges. Doesn't work that way.
The quote was "normal banks can", not "average banks do at the same rate or worse". The point is that the same challenge exists with physical banks, it's just been solved better because they have had more time to develop the security protocols.
And they put more effort into doing so with regulations from central authorities pushing it. There are no regulations, central authorities, or even strong investments in such security for the Bitcoin exchanges. So, again, how normal banks handle security vs how Bitcoins are managed is difference between night and day. You bringing in an exceptional situation for normal banking (a) doesn't apply to majority of normal banks, (b) distracts from fact that such things are normal for Bitcoin but not status quo its proponents want people to avoid, and (c) ignores that there's rarely effort in protecting Bitcoin exchanges that matches what players in existing system put in.
So, people should trust or build on existing system if they care about their stuff disappearing or being stolen. There's mitigations that work for that situation for the common case. Unlike Bitcoin and its exchanges.
The point of attack was not. You won't regularly see hackers stealing $100 million through a bank in the U.S. or compromising all its members. You will see Bitcoin exchanges regularly suffer major losses. It's not the exception like Bangladesh: it's the rule. Hence my counterpoint.
Bitcoin has problems, but let's not pretend the normal banking system is unhackable, or even possible to roll back. One group did at least four thefts via SWIFT this year using RAT tools in banks, the largest of which netted $80M. Nothing rolled back, no one caught.
The important part is that the money lost was the Banks (or the insurance companies - it's unclear). $80m is not chump change, but it also isn't a catastrophic loss which gets passed on to savers.
Of course, understanding the difference between an exchange and a bank is worthwhile - but these guys getting rinsed repeatedly and taking out user wallets is a problem that can't be waved away.
Not quite true. The gang that struck Bangladesh attempted to steal a cool billion dollars. After subtracting the transactions that were caught during manual review at other institutions and the transactions that were rolled back, they 'only' got $80 million. Still a lot but it could have been much worse.
Thieves know there's a possibility the transaction can be cancelled, which is why they tend to strike on Friday afternoon. By the time the theft is discovered the destination account has already been drained.
that's true with US cash too. the problem with some of these exchanges is that they essentially have these buildings with $50M+ cash sitting inside them, but they are NOT also running bank vault level security, quality-wise, to protect that stash. some are better than others, but it makes sense that the worst of them will be run by underqualified people.
I've had the opportunity to look/study behind the scenes at a few major Bitcoin websites, early on, and... let's just say you never wanted to learn how the sausage in the sausage factory gets made. "This PHP kinda works on my box... Let's ship!"