
Bitstamp is open for business - jvoorhis
https://www.bitstamp.net/article/bitstamp-is-open-for-business-better-than-ever/
======
zaroth
Have they figured out how the attackers got in? Have they competed the
forensic analysis to determine they can't get back in through the same or
similar vectors?

There's nothing really here about what happened or how they have mitigated it.
Perhaps it's too early and they don't really know, but then isn't going back
live fairly risky?

Aside from a persistent firmware threat, which has nothing to do with the
attack vector, I don't see why "yay we're on AWS now" is any different unless
they know the compromise was due to a specific piece of infra which is no
longer present. Isn't it much more likely to be a bug in their software logic
which would certainly not be fixed by restoring a backup...

~~~
sneak
I'm managing the incident response.

The investigation continues in parallel. First priority was safety, which
meant shutting everything down to prevent any additional issues or destruction
of evidence. Second was giving people the ability to access their funds and to
trade - a complete redeploy of the infrastructure which took us working 22/7
since Monday until just now.

An investigation is underway and we have some internal speculation from the
first bits of information - the real statements will come after we aren't
guessing. This is the first minute we've had to breathe this week.

~~~
im2w1l
So eh, are you sure they couldn't get back in?

~~~
sneak
Yes.

------
Animats
The real question is whether Bitstamp is now insolvent. They lost $5 million.
Did they get new funding to replace that, have enough capital of their own, or
are they dipping into customer funds? Their statements have carefully avoided
mentioning this issue.

If a real stockbroker lost funds like that, and became insolvent (debts >
assets), they would have to stop operations immediately. In some jurisdictions
it is a felony for a broker to continue to accept funds once insolvent. They
don't get to "fix it later". That's because, historically, the temptation to
fix it by speculating with customer funds has been a big problem.

Bitstamp now needs a full audit by an outside auditing firm.

~~~
imaginenore
Considering Bitstamp's fees, $5M shouldn't be a problem for them. They are a
huge exchange and they make a lot of money.

~~~
Animats
Bitcoin exchanges aren't very profitable. The numbers for Mt. Gox are
available now. [[http://www.businessinsider.com/mt-gox-
financials-2014-2](http://www.businessinsider.com/mt-gox-financials-2014-2)]
The numbers for 2013 are actuals; the future-year numbers were pure fantasy.
For the year ending March 31, 2013, Mt. Gox, the biggest Bitcoin exchange in
the world at the time, made $286,000. That's all. For comparison, the average
profit for a single McDonald's location is about $200,000.

The Bitcoin exchange business has low commissions, and they're heavily
discounted for big traders. Sometimes all the way to zero. It's hard for an
exchange to raise prices. So exchanges tend to look for other ways to make
money. Those ways usually aren't good for customers. Trading on one's own
exchange and front-running are tempting. Mt. Gox probably did that; many users
observed that, during busy periods, trades did not appear to be first in,
first out.

That's why no major financial firm has entered the Bitcoin exchange business.
It's not very profitable.

~~~
imaginenore
Bitstamp's 6-month volume is 2,179,978 BTC. Their fees start at 0.5% and go
progressively lower down to 0.2% for large volume customers.

Their volume and bitcoin prices were crazy high a year ago, I estimate they
made around $6-10M.

[http://bitcoinity.org/markets/list?currency=ALL&span=6m](http://bitcoinity.org/markets/list?currency=ALL&span=6m)

[https://www.bitstamp.net/fee_schedule/](https://www.bitstamp.net/fee_schedule/)

------
EvanDotPro
> We can assure customers that any bitcoins held with us prior to temporary
> suspension of services on January 5th at 9am UTC are completely safe and
> will be fully honored.

I, for one, am glad to see a Bitcoin story turn out with a somewhat positive
outcome, at least from the users' perspective.

That said, the article says a breach resulted in the loss of ~19,000 BTC, or
around $5.6 million. If they're honoring all user funds, does that mean they
are just eating that loss out of their own profits, and perhaps try to file an
insurance claim? Or were they actually responsible enough to set enough
profits aside in cold storage self-insure the total amount floating in the
"hot" wallets? On that note, I wonder if profits and hot wallet demands scale
proportionately or not, or if their margins are just at a scale where this is
a non-issue?

~~~
sneak
> does that mean they are just eating that loss out of their own profits,

Yup.

~~~
jacquesm
So you are essentially claiming a profit to date >> $5.6M.

There will be lots of parties interested in that information.

~~~
martinko
It is probably much higher. If we take a conservative estimate of 10k btc
traded per day, on average, and a trade commission of 0.008% (0.004 two ways),
we get to $5.6m in little over half a year. Now yes, the have some operational
costs etc, but they've been in business for several (?) years.

tldr: back of the envelope calculations show that they must have made more in
profit to-date.

~~~
jerguismi
The trading commission is 0,8% (0,4% two ways), and it is lower the more you
have volume. In addition, they have withdrawal fees.

In addition to operational costs probably fraud is also a big cost, but it is
very difficult to estimate how big it is for them.

And, they don't exactly need to take it from their profits, they can just do
fractional reserve... They are a bank, as are any bitcoin services that hold
money for the users.

~~~
tlb
How is fractional reserve profitable except by loaning BTC with interest
(which I don't think they do)?

~~~
wmf
It's probably more profitable than going out of business (which is probably
what would happen if they admitted to being insolvent).

------
polarix
To me this marks a turning point in the maturity of bitcoin - major breaches
may still be a cost of doing business, but end users can finally hope for some
limited insulation from such failures.

~~~
IkmoIkmo
Perhaps not this particular event, but definitely this period was a turning
point. Multi-sig is a great example. Here's a chart on the amount of bitcoin
stored in multi-sig addresses:

[http://p2sh.info/p2sh-ratio](http://p2sh.info/p2sh-ratio)

Nine months ago it was sub 0.1%. Three months ago it was sub 1%. Today it's
over 6% and growing rapidly.

Multi-signature is just one example of potentially radically improved security
versus the single key methods we had before.

We've also seen in the past 6 months 3 companies come out with proper
insurance. Circle, Xapo, Coinbase. All at a sub 1% cost. (Coinbase and Circle
free, Xapo I think 0.12% annually). Combined with multi-sig vault products
from Coinbase, which has done a lot of interesting security stuff. (the basic
2fa stuff of course, but I think also things like finterprinting devices to
detect stolen credentials from users.)

And with that, we're also seeing enterprise-products come out which offer
bitcoin management in a secure way. I wouldn't be surprised if such a company
like BitGo starts marketing insured warm wallets to exchanges on a percentage
cost basis, and let exchanges offer users to pay for the option of this
insurance.

And we've seen more steps taken regarding the bitcoin ETF on the NASDAQ, which
settles manually twice a day and allows (industrial) trading and liquidity but
gets rid of the issue that Bitstamp and everyone else has: running a warm
wallet on a server that automates transactions. The vast majority of
Bitstamp's coins were in cold storage, but if you want to run automated
transactions you can't do it on cold storage.

So this period has definitely been a turning point I think. Will be
interesting to see things develop the next few years.

------
ceejayoz
> On January 4th, some of Bitstamp’s operational wallets were compromised,
> resulting in a loss of less than 19,000 BTC.

That's a nice way of saying "we're out five and a half million USD"...

~~~
joeyspn
Apparently they were the ones moving the famous transaction of 200k bitcoins.
So, yes, for them this breach could look like: "Meh, we've lost some pennies".

[http://www.coindesk.com/194993-btc-
transaction-147m-mystery-...](http://www.coindesk.com/194993-btc-
transaction-147m-mystery-and-speculation/)

~~~
martinko
Those are all (vast majority) client funds. 5 million is coming out of their
pocket.

~~~
jerguismi
Who knows if it comes from their own pocket, or from the customer funds? It is
just their internal accounting in the end. The same way the banks work.

------
im2w1l
Wow they have multi-sig support now, that is pretty amazing. Would easily be
worthy of its own article in other circumstances.

If I understand it correctly it means money can not be withdrawn without both
the account holder and bitstamp signing the transaction. This means that
neither can the money be stolen by hackers, nor could bitstamp run off with
it. There are actually some bitcoins in the real blockchain "with your name on
it", as opposed to you just having a claim on bitstamp.

~~~
nadaviv
I doubt that. Having the funds jointly controlled by the exchange and the
user, and outside the full control of the exchange, would require each fund
transfer to be represented as a transaction on the Bitcoin network, which is
simply impossible - the volume of transactions on an exchange is a few
magnitudes larger than what Bitcoin can currently handle. To keep up with that
volume, exchanges must use an internal off-chain accounting system, which
precludes the use of multi-signature (or any other smart contract based on
Bitcoin scripting).

In addition, this would require the user to be online and actively sign
transactions when a matching order is found.

I think that they most likely meant that they're using multisig internally to
protect their funds, in a setup where all the keys are controlled by them.

------
joeyspn
He doesn't say in the post that they have ditched the previous PHP site in
favour of Django/Python... Lesson learned? xD

[http://oi60.tinypic.com/20sj3b9.jpg](http://oi60.tinypic.com/20sj3b9.jpg)

PS: Still wondering why they use Apache instead of Nginx which is more
efficient/robust/secure

~~~
jerguismi
They have always been django/python and have never used PHP, please don't
spread this kind of bullshit (unless you have solid facts to back it up. I
remember checking the setup in 2012 and it was already django back then).

~~~
joeyspn
Ooops, I didn't know that. I guess I rely too much on wappalyzer (which showed
PHP). Sorry for the confussion...

------
kolev
I think the conclusion from all this heists is that virtual money is much
easier to steal. Next time you will see physical break-ins and so on. We've
watched all those action movies where people risk their lives to get hold of
$5M. Nowadays, you can do this remotely from the convenience of your home...
but it will be easier for the old crooks to steal a key vs bags of cash, so,
let's see how this goes forward.

~~~
IkmoIkmo
It's trivially easy to secure bitcoin, it's just data after all, a private
key, one you could write on a dollar bill if you wanted and secure no
different from a dollar bill.

The difference is securing bitcoins in high-risk environments: live automated
servers. But that only goes for a small minority of bitcoins as only about
0.5% of bitcoins are traded on a daily basis, the rest can be in what is
called cold-storage which is way, way easier to secure than a bunch of
physical money, gold, diamonds, whatever. The 0.5% is a bit like the security
of wallets in people's pockets: not very good and not comparable to bank-grade
security of those same people's savings in a bank. Or comparable to lone ATMs
which can be raided.

Beyond that, bitcoins exist on an open ledger. While it may be hard to trace
that now, we're seeing blockchain analysis tools develop all the time. Who
knows what they might uncover later? I certainly wouldn't be excited as a
criminal to leave a permanently recorded trace of every single transaction
ever since the moment of the theft, with the prospect of decades of cheap
supercomputers doing analysis of this open source data set which might reveal
yourself. Bitcoin is great for pseudo-anonymity when buying por n online, but
it probably won't stand the test of time in protecting you from every criminal
investigation, a bit like a randomly generated pseudonymous email address
gives a large extent of privacy, but not if you're a criminal.

~~~
Mosteran
It's not easy to secure it. You have to do two things very well:

1) Don't let anyone find the private key

2) Don't let yourself lose the private key

The more of 2 you do, the harder 1 gets and the more of 1 you do, the harder 2
gets. If you have only a single copy on paper, it's hard for anyone to find,
but also easily damaged or lost. If you make a backup on a computer, a virus
might find it, making the paper copy worthless.

Not only that, but from the moment you generate the key, you have to be
completely confident about the security of the computer you're using. People
recommend a clean install of OS from the original CD and never connecting to
the internet. That's not impossible but not easy, furthermore you have to
carefully destroy all record of it left on that computer. So unlike gold, not
only do you have to keep it secure in the future, but you have to have made
sure that it was always secure throughout the past. You can't transfer
ownership to anyone else without them going through the same rigmarole too,
unlike gold which you can physically give to someone and they can be confident
it won't evaporate in front of their eyes one day.

I agree with you about blockchain analysis. Who knows what new techniques
might be able to dig up. They might not have much certainty but perhaps enough
to put suspicion on someone.

------
qznc
Nice, they gave me good odds on fairlay. Betting 0.001￼￼￼BTC on 3.5 odds did
not earn me much money, but It made Bitstamp drama more thrilling. :)

------
moe
Is the address of the stolen wallet known?

It would be interesting to watch where that money is moving and how the thief
goes about anonymising it.

~~~
FatalLogic
Yes, it's trackable, subject to the pseudonymous limitations and opportunities
for obfuscation inherent in blockchain technology.

[http://blog.cryptocrumb.com/2015/01/bitstamp-theft-
bitcoins-...](http://blog.cryptocrumb.com/2015/01/bitstamp-theft-bitcoins-
being-spent.html)

BTW, in that title, the word 'spent' is used in the formal sense for
blockchain transactions. It doesn't mean the money is gone or ''used up'. It
really just means 'moved'.

After reading that, it looks like the person who stole this money is actually
panicking and making a lot of dangerous mistakes. I guess they are in a state
that's between terror and ecstasy. I doubt they had any sleep recently, and
they're going to be looking over their shoulder for a very long time.

