"Some exchanges were in fact completely unaffected, revealing as false Gox’s claims that this was a bug in bitcoin."
This reveals a lack of objectivity here. There IS a bug in bitcoin. There are workarounds, and some exchanges implemented those properly.
Of course, MtGox should have followed best practices and implemented a workaround, but the above sentence is - on its face - flawed and biased. The fact that some exchanges were immune to the bug does NOT mean that bitcoin bears no fault or that Gox's claims are false. This was and is, in fact, an acknowledged and widely known bug in bitcoin.
The statement is inherently flawed, regardless of its source. Because some exchanges were unaffected does not mean that MtGox was not affected, and the statement itself implies that other exchanges were affected which would be evidence in MtGox' favor.
I'm not saying MtGox was not incredibly incompetent, however nobody is helped by this false defensiveness over a very serious and clear bug in bitcoin that seems to have affected at least a few exchanges.
Regardless of MtGox' incompetence, this IS a serious bug in bitcoin for which a workaround is required, and without which a bitcoin theft is possible.
Listening to Andreas, it sounds more like a feature than a bug and that's also why it hasn't been "fixed" since 2011 - organizations introducing blockchain technology into their stacks should know about that and develop work-arounds:
A little regulation and over sight might have prevented all this. And with out it going forward all anyone can do is advise best practices, and then watch as some ignore them and also have their money stolen. Very wild west. Totally something I'll be staying well back from
> A little regulation and over sight might have prevented all this.
Yes, but that is completely contrary to the whole reason Bitcoin exists in the first place. If you wanted a regulated currency you'd get fiat. It's wild west by definition, which is good for popcorn-muncher like me... but bad for friends of mine who have lost a significant amount of money by "experimenting" with Bitcoin. :(
Satoshi's motivations were political, his first message in the blockchain makes that clear. He hasn't shied away, he's disappeared for obvious reasons.
He/she/they talk about a need for finical transaction capability without the need of a trusted third party, but I'm not seeing how that was in any way overtly political.
Unfortunately things usually don't change on their own, it's actually good that this happened. The client-side key-management solutions that Andreas mentioned in the last paragraph of his statement are a testament to that.
Evolution in nature is brutal, I can understand that you don't want to be part of that process.
It's unfortunate that many people lost money (and some might have lost a lot), but if the ecosystem can recover from this without governmental regulation (as I expect it will), we have the first evidence (ever) that there is no need for a central authority to conduct oversight and ensure a robust currency.
It looks likely that the free market, which includes the self-regulating actions by Coinbase, Blockchain and others (as well as customer reactions), will punish the bad actors and reward "good" (well managed) companies. It will also create better consumers, who will now be more diligent in evaluating relevant services before they sign up.
You write that you'll be staying away for now, that is your right as a potential participant in the market. We are already seeing the major players (like Coinbase) react to your sentiment by increasing transparency to bolster confidence in their services.
1. This is what we want.
2. When have you seen the existing financial system react so rapidly and thoroughly to the many flaws and disasters incumbent within?
Yes, "a little regulation and oversight might have prevented all this", but it also might have prevented crypto currency from being able to prove its value (or fail to) in the free market.
> we have the first evidence (ever) that there is no need for a central authority to conduct oversight and ensure a robust currency.
No one has ever doubted that this was possible. 'Robust' currency has existed without a central monetary authority in the past (for millenia!). The reason the Fed exists is because its believe that it takes an existing 'robust' currency and makes it better.
""The Federal Reserve System (also known as the Federal Reserve, and informally as the Fed) is the central banking system of the United States. It was created on December 23, 1913, with the enactment of the Federal Reserve Act, largely in response to a series of financial panics, particularly a severe panic in 1907"" - http://en.wikipedia.org/wiki/Federal_Reserve_System
The common argument is that the modern, global economy is too complex to govern itself, and prone to disasters.
I'm not sure how this relates to my comment. Its not a binary issue of whether a currency can or cannot function on its own. Currencies functioned on their own okay before, and after the Fed, they've arguable done better. Whether you believe it or not is immaterial to my point--we have a wealth of evidence that robust currency can exist without a central authority. Just because bitcoin rebounds after some period of time doesn't mean that a) it wouldn't have been worse if there was central authority and regulation, b) that the rebound is translatable to other currencies, or to other crises, c) that the rebound was a result of anything other than exogenous increases in demand.
> It's unfortunate that many people lost money (and some might have lost a lot), but if the ecosystem can recover from this without governmental regulation (as I expect it will), we have the first evidence (ever) that there is no need for a central authority to conduct oversight and ensure a robust currency.
In the short term, yes, it means some fools* will be hurt by some frauds. Keep in mind, however, that no amount of regulation will prevent Madoff's greed, for example, and the foolishness of those who blindly trusted him.
In the long term, we will be training people to be better and more diligent actors.
If you can determine the guilty party in the case of frauds, you can still report them to the police. This is enough protection.
* I mean fools in the larger sense of acting without diligence. Every one of us has been such a fool at one time or another, and learned painfully from the experience.
Under the presumption that it is true that ~750k BTC has been stolen, has anyone considered the possibility of orchestrating a 51% attack on the attacker(s)?
Gox probably has logs of withdrawal requests. It might be daunting but feasible to sift the tx-MAL withdrawals from legitimate ones, then work with major pools and exchanges to double-spend stolen coins back to Gox.
Gox could then be forced (by the same 51% majority) to pay legitimate requests for reimbursement by vendors or 3rd parties holding stolen coins they transacted for goods or services, given reasonable documentation. Leaving us with some but not unacceptable collateral damage.
Also, that makes it more attractive to act maliciously, as an exchange. Either you make off with your stolen BTC (win), or the community fixes things for you (not really a loss).
What would help is some equivalent of FDIC. A group of Bitcoin "banks" that handle your deposits, with some pro-BTC group guaranteeing your deposit up to 100 BTC or something. Getting the insurance would of course require all sorts of intense auditing and oversight. And somehow, someone's gotta pay for it all (perhaps the same group of Bitcoin companies pay in). But that's... very far removed from the current state of affairs.
100% agreed - this would certainly undermine the movement. The open question is whether it would do so more or less than the loss of half a billion dollars held by the community. I'm not sure what the answer is, but shouldn't every option be on the table?
You are assuming that the thieves stole the bitcoin and just put them into a wallet somewhere.
Consider this simplified example:
A Gox thief sold the bitcoin on another exchange. Then I unknowingly buy that very bitcoin from that exchange. Now the blockchain is rewritten and my bitcoin is gone even though I am innocent of any crime.
The MtGox situation is tragic. But when you start messing with the fungibility of bitcoin, you introduce new consequences that reach much further into the ecosystem.
I'm not making that assumption - rather the opposite, which is why I mentioned the possibility of reimbursing people later. But this isn't strictly necessary. Pragmatically, you could double spend the coins back to the original owners and then make decisions about downstream action independently. Investigation of what happened to the stolen coins might provide more clarity on the best course of action there.
Vigilante rewriting of the blockchain has been discussed before and it tends to get hung up on the issue of agreeing who's the thief and who's the victim.
It seems like there is a straightforward enough principle in this case to do so without much argument. Not that the method would be perfect. But isn't it preferable to the alternative?
This would require you to discard all the blocks since the transactions started happening and re-mine them with those transactions excluded. This would be completely impossible unless you dedicated most of the mining equipment to this for months and asked those miners to part with their earned mining rewards until this rewritten chain caught up with the official one. Hardly likely.
I don't think this is what I'm suggesting at all. If a popular majority of miners agreed to accept transactions double spending the original coins, this would be tantamount to generating 750k new Bitcoin, not initially invalidating any blocks or other transactions.
With forensics on the initial theft, miners could then tree-traverse back up to blacklist future transactions on stolen coins. There are probably lots of ways to accomplish basically this. This would render all stolen btc dead in the water, hence the "force Gox to repay legitimate requests for reimbursement of those who transacted for stolen coins."
That second part, though, isn't crucial to the idea. The community could just double spend the coins to mitigate harm done without attempting to stop the stolen coins downstream.
My understanding of the way the network operates is that a group with 51% of hashing power can essentially arbitrarily manipulate the blockchain going forward. Nothing could stop them from confirming otherwise invalid transactions (re-spending the original outputs) and mining those new transactions. After which, clients, only looking backwards to the first block a transaction resides in, wouldn't notice that the funds were originally double-spent.
Only if they completely change how the protocol and the blockchain works so that you can somehow invalidate previously confirmed transactions. Then they need to make everyone upgrade all clients or suffer a hard fork. In the end, this would have to invalidate all the transactions that are dependent on the "evil" ones, reversing a boatload of transactions pretty much arbitrarily throughout the blockchain.
This means that if the purported thieves have transferred their coins to e.g. an exchange, potentially any of the transactions the exchange has made since then could be reversed, cascading from there.
It puts all the blame on Mt. Gox, assuming that their lack of good management is to blame. But I still see the lack of reversibility of transactions (one of bitcoin's strengths) as the major problem here. We live in civilized in a world where there are laws and polices and judges and banks and governments, but bitcoin tries to workaround them for no good reason.
I'm still hoping that banks will take what to me is the bitcoin's biggest feature (multiple wallet addresses and the ability to easily make cash transfers to other wallet address) but without pretending that centuries of legal and financial traditions somehow don't matter.
The n-of-m multisignature facilities described in that article are the future of Bitcoin. You probably don't need multisig arbitration when you buy a coffee or a stick of gum, but you probably do when you're transferring large sums. Of course, there was no multisig protection in sight in the MtGox case, but then there was no blockchain in sight either. Far worse errors of judgement were made there.
Bitcoin makes the use of arbitration services optional, and it makes the actual mechanics of arbitration services safer and more efficient. The arbiter in a 2-of-3 multisig transaction can't freeze or seize funds in transit -- hello PayPal! -- and takes zero action in the vast majority of cases, where there is no dispute.
Banks, credit card companies, and existing payment systems like PayPal can't easily, optionally disintermediate themselves. They must play arbiter. And we must pay for it.
> bitcoin tries to workaround them for no good reason.
There's a good reason. Why do businesses today pay transaction fees when you use your card to buy that coffee?
I'll just quote the opening paragraph of the original Bitcoin paper:
"Commerce on the Internet has come to rely almost exclusively on financial institutions serving as trusted third parties to process electronic payments. While the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust based model. Completely non-reversible transactions are not really possible, since financial institutions cannot avoid mediating disputes. The cost of mediation increases transaction costs, limiting the minimum practical transaction size and cutting off the possibility for small casual transactions, and there is a broader cost in the loss of ability to make non-reversible payments for non-reversible services. With the possibility of reversal, the need for trust spreads. Merchants must be wary of their customers, hassling them for more information than they would otherwise need. A certain percentage of fraud is accepted as unavoidable. These costs and payment uncertainties can be avoided in person by using physical currency, but no mechanism exists to make payments over a communications channel without a trusted party."
“Cold storage” does not “leak”. The idea that the funds were stolen,
unnoticed, from cold storage, due to Transaction Malleability,
strains the credulity of even the most gullible observers.
This part of the story still doesn't make sense.
One possible explanation that I haven't seen anywhere else is that MtGox lost control of the private keys to their cold storage.
How else could 744,000 BTC disappear, without anyone noticing, from cold storage?
a) Adreas is the Chief Security Officer of Blockchain and a well known / respected digital currency personality.
b) The most interesting part of the article was a link to another post reviewing Coinbase's security practices (1) where he concludes "it appears that the Coinbase system contains the expected funds and their cold storage system and process appear to be operating according to security best practices."
A Google Ventures video about coinbase security with Kevin Rose(from old Digg) asking a bunch of questions with Coinbase founder Brian Armstrong.
Sounds very legit to me.... but... you _still_ shouldn't leave huge amounts of bitcoin in any exchange! Make[1] your own btc-address + private key and keep the coins there. And note that bitaddress.org can be git clone'd and ran on a computer without internet access.
Coinbase isn't really an exchange (though it works as such for US dollars). It's mainly a hosted wallet service that provides apps, and merchant and developer tools to make it easier to engage with the bitcoin ecosystem.
>>I was part of the team helping to coordinate between the other exchanges to ensure that they could quickly resume operations which they did no more than 48 hours later. Some exchanges were in fact completely unaffected, revealing as false Gox’s claims that this was a bug in bitcoin.
I don't think that reveals anything about what happened in MtGox. Also, don't know if anyone's noticed... but mtgox.com has a message now. http://i.imgur.com/YDONE4d.png
And note the word "DONE" in that imgurl URL. Ominous...
This reveals a lack of objectivity here. There IS a bug in bitcoin. There are workarounds, and some exchanges implemented those properly.
Of course, MtGox should have followed best practices and implemented a workaround, but the above sentence is - on its face - flawed and biased. The fact that some exchanges were immune to the bug does NOT mean that bitcoin bears no fault or that Gox's claims are false. This was and is, in fact, an acknowledged and widely known bug in bitcoin.