

LocalBitcoins.com bank account frozen and unfrozen - miohtama
http://localbitcoins.blogspot.fi/2013/06/localbitcoinscom-bank-account-frozen.html

======
jyu
The attacking group exploited a vulnerability in the banking system that they
did not account for. Bank transfers can also be reversed in certain
circumstances. To deal with these edge cases, instead of relying on other
parties, I think LocalBitcoins needs to proactively add some procedures to
avoid getting robbed.

I'm not a securities person, but there are a few common sense things they
could change to avoid getting exploited. Their trust model seems based on
total number of transactions, and not transaction volume. Just because someone
successfully transacts $10 for several transactions, does not mean they should
be cleared for their next $10,000 transaction. They could use rate limiting.

Ex: New account max is $100. After hitting $100 in bitcoin transactions, raise
the limit to $200, etc. You'd need to look at your transaction logs to
determine what the specific rate limits should be, but it's not more than a
few SQL queries to figure it out.

I'm not sure if LocalBitcoins is collecting identification, or are even
required to, but they might start considering it. MtGox has started requiring
identification for opening new accounts. Adding this routine requires adding
tech, operations, and customer service overhead.

Alternatively, LocalBitcoins could purposely keep really low amounts in their
hot bitcoin wallet.

    
    
        if @transaction.amount > hot_wallet.amount { 
          alert operations
          show pending transaction message
        }
    

This is done at CoinBase: [http://blog.coinbase.com/post/33197656699/coinbase-
now-stori...](http://blog.coinbase.com/post/33197656699/coinbase-now-
storing-87-of-customer-funds-offline)

~~~
powertower
What I want to know is how these places store my bank account / ACH details.
That always worries me more than losing a few Bitcoins.

From past experience with other services, they have about a 95% chance of
giving up all customer data due to a hack-in.

Even Linode was storing their private key in the same place their public key
was. You can never trust anyone these days.

I'd love to stop using BitInstant and dealing with their cash deposit down-
time and issues with their processors and moneygram, etc. But I get to make up
all the personal info and don't have to worry about making it into some
database that's going to get compromized.

~~~
jerguismi
On LocalBitcoins the service doesn't know the details of the buyer at all. The
seller has to display his account info so that the buyer can pay. From buyer
perspective it is quite safe.

