[Greynum]

I don't think bitcoin related sites have less security than other sites that claim to be secure, it just that they are such a high value target and attract the attention of nearly all criminal hackers.

Also nearly all of the thefts that occurred where a result of a compromised email account which eventually led to root level access of the server through a virtual server console. Not as a result of bad programming that led to an exploit.

[hnolable]

All the incidents to date except the first Bitcoinica heist were due to bad security practices one way or another. Even that one could be considered bad security practices by trusting that Linode was secure.

That said, I expect we will see some really hardcore Bitcoin security incidents in the future that rival state sponsored hacking.

Stealing Bitcoin requires no additional effort to profit. Since Bitcoin is money and easily made anonymous, stealing Bitcoin == profit. Therefore there exists an arbitrage opportunity between the cost of buying 0-day exploits and the Bitcoins that can be stolen by use of those exploits. I expect as Bitcoin goes up in value so will the cost of a certain class of exploit.

What kind of software stack would you run if you were operating a Bitcoin bank that held a large amount of funds?

[mey]

This is the downside of Bitcoin's operating in a cash like nature. There is no FDIC for these "banks", the bank walls are digital and porous in ways unknown, and the bank can be robbed across international boundaries. What these companies need is insurance, but that insurance would be very hard/impossible to obtain.

[Dylan16807]

On the plus side, the way transactions work, the vault never needs to be connected to any networks at all. Hot storage is risky but cold storage is extremely safe.

[jlgreco]

I think this could be fairly easily harnessed in a semi-scalable manner too.

Two computers, A is trusted and B is untrusted. B is networked and hooked up with the rest of your system, A is in a vault and completely air-gapped. A has your wallets.

Give both a printer and webcam/scanner to both. B prints a transaction encoded as a QR Code (or something custom, if those don't hold enough data?) as well as key details (transaction amount say) in giant black bold capitalized English.

The human operator checks the english description for sanity, then gives it to computer A. Computer A reads the QR code, does OCR to confirm the key details (or lets the operator confirm them on the screen) and the QR code match, and preforms the transaction.

This could work at a "local bank branch scale" I think, but getting it up to "website scale" would be... improbable.

Not sure if I would trust this with my money, but it would be fun to implement.

(technically A wouldn't be air-gapped, it would just be operating over a QR-code sneakernet.. Should be reasonable though I think.)

[gizzlon]

You seem to like "crazy" ideas, for more of them check out the book "Silence on the wire" :)

IIRC, it's possible to create a one-way TP cable. Might be a little more feasible :)

[rmc]

The human operator checks the english description for sanity

There's a flaw in your system right there.

Lots of industrial accidents and accidents with computers have been from stupid operators (rather than buggy code per se).

[jlgreco]

Of course. But is it worse the flaws with than any business that handles cash? The idea is to use bitcoin's 'offline' functionality to bring it up to about the same security of regular cash.

[taligent]

It's about time that governments actually intervened and forced regulations on any company/entity that deals with Bitcoins.

[Dylan16807]

What kind of regulations? There are already plenty that affect a company's accounting no matter if it uses dollars or pesos or gold or bitcoins or pokemon cards.

[rmc]

I expect we will see some really hardcore Bitcoin security incidents in the future that rival state sponsored hacking.

It depends if Bitcoin becomes big and popular. If so, then yes, there will be lots of hacking attempts. If these security flaws with bitcoin sites keep appearing, then it will never get beyond 'toy' status.

[Greynum]

The first design rule would be not to have the wallet file on the same server as whichever stack was used.

Secondly the client facing stack can not interact with the server holding the wallet file directly. It would have to go through a third server which would run sanity checks on any transaction requests.

[rmc]

"security" is not just programming, but the whole methods & procedures. They might have good 'programming', but they had bad policies and bad security. If there's an email account of a founder, that when compromised, leads to the entire contents of your bank vaults being robbed clean, then you have bad security.

It should not be possible for there to be a virtual machine console, or for one compromised email account to give you that much power. That's how you do security.

[taligent]

There are plenty of high value targets e.g. Amazon, Apple Store, eBay, banks just to name a few. So to claim that Bitcoin services are unique in any way is just ridiculous.

And just because you get root access to a server does not mean that it should be trivial to gain access to the bitcoins. And why are they being hosted on VPS in the first place ?

The point is still valid that a true PROFESSIONAL is desperately needed.

[benmanns]

The difference here is that storing Bitcoins is like having cash sitting on the server that thieves can pick up and run away with. If you steal from Amazon the Apple store, an ACH or credit card chargeback will set everything straight.

If a burglar has the choice between a car worth $50,000 retail or $10,000 cash, what would he rather take? A stolen car is a lot harder to turn into something usable.

[davorak]

Bitcoin services are unique in the fact that it is very easy to send the money to yourself, be in your control, with out having it be attached to you identity in anyway. This seems unique to me, if there are other cyber crimes that make this just as easy I am interested in hearing about them.

[Dylan16807]

Why did you swap out 'the server' with 'a server'? Of course a server doesn't mean you get bitcoins. But the server, the server with the wallet, there is no realistic way to stop root from grabbing the encryption keys.