
Flexcoin is shutting down - lelf
http://flexcoin.com/
======
vishnupr
Please guys, please please use your own BTC wallets. It's not that hard,
really. Only put up your coins online in exchanges(Like BitStamp) for a few
hours to trade then immediately transfer them back to your OWN 100% trustable
wallet.

So many hacks and people are just not getting it. Trust no one, stay safe.

My Mac wallet of choice: [https://electrum.org](https://electrum.org)

~~~
pja
By doing this, you've turned your local hard drive and the backups you made
from it into an extraordinarily valuable object, thus massively increasing the
incentive to steal it.

"But wait!" you say, "I shall use modern cryptography to protect my wealth
from prying eyes!" Yes, and the thief in the night will use rubber hose
cryptography on you.

There is a reason why the vast majority of people entrust their wealth to
banks & not a safe buried under the floor of their house. I'm sure the BitCoin
community will learn this truth about monetary systems at roughly the same
rate as they've learnt all the others & probably the hard way given recent
evidence.

~~~
jnbiche
Out of _all_ of the many security incidents we've experienced in Bitcoin's
short but eventful lifespan, _not a single one_ has involved anything like
rubber hose cryptoanalysis. This in spite of the fact that numerous public
Bitcoin figures are known to be millionaires many time over.

Why is this? Well, if you choose to "use rubber hose cryptography" on someone
to steal their Bitcoins, you've graduated from a faceless, online, white
collar crime that many police departments won't even take a report for
("they've stolen your Bitwhats? Yeah, we'll get back to you.") to an extremely
serious crime that will get you locked up in violent prisons for a very long
amount of time in every country of the world.

So it's not surprising that the scenario you describe has not happened. It may
happen yet, but it will be a rarity and not a statistically-meaningful threat.

~~~
merloen
Civilized countries don't have violent prisons.

~~~
jnbiche
Agree 100%. Can you point to a country that doesn't have violent prisons? If
so, I'll change that to "most countries".

------
dabeeeenster
1\. Open bitcoin bank 2\. Receive deposits 3\. Claim you have been hacked 4\.
Run off with everyone's money

~~~
Cthulhu_
5\. ????? 6\. PROFIT

~~~
swombat
7\. Criminal investigation 8. JAIL!

~~~
smoyer
Maybe ... but the governments are terribly keen on Bitcoin and it would be
easy for them to say "we don't believe a crime has been committed". I think
it's far safer for the Bitcoin community as a whole to police themselves, but
determining how to add "self-regulation" in a decentralized way may take some
time.

~~~
pron
The irony!

I've just smiled to myself picturing those guys coming together and then
slowly re-learning everything we know about statesmanship and politics. Like
the moment they first realize different people have different values and want
different things. Then they're going to come up with the idea of democracy and
a parliament. Only this time around it will be the Aspergers among us who try
to figure out how to influence people. :)

But, of course, the best bit will be when they, so rationally, decide to give
up the final ruling power to a super-intelligent AI, and then the look on
their faces when the AI decides to do something that, while 100% rational,
_nobody_ wants.

~~~
acjohnson55
It's like NIH Syndrome, but applied to the basic fabric of society.

------
kalleboo
This easily is my biggest reservation about Bitcoin. There are huge huge
security requirements on the storage and use of Bitcoin.

And frankly (I'm sure tptacek or someone will come in here to tear me a new
one for saying this) but the state the art of computer security is a complete
joke. These systems we have are just too complex, and it's a statistical
impossibility to close all the security holes in the operating system and all
the software on top. You can never predict when and where the next Goto Fail
or Debian Random Number Generator flaw will show up. And that's for gigantic
corporations and governments. And people are telling end users to keep Bitcoin
safe on their home computer instead? Home computers will NEVER be safe.

~~~
M4v3R
It's just that people have to understand that current Bitcoin service
implementations are wrong. If you have Bitcoin private keys laying somewhere
on your server, you are doing it wrong. If you're covering that by the fact
that you have "cold storage", you are doing it wrong.

The only proper way to proceed is to use multisignature wallets. If you want
to know why that's better, visit our explanation site:
[https://www.bitalo.com/why_bitalo](https://www.bitalo.com/why_bitalo)

Fortnunately Bitalo is not the only service that provides this. More and more
services were created lately, most notably:

[https://api.trustedcoin.com/wallet/](https://api.trustedcoin.com/wallet/)

[http://www.bitgo.com](http://www.bitgo.com)

[http://greenaddress.it](http://greenaddress.it)

Vote with your money, don't support "Bitcoin banks" that can run with your
money any time they want.

~~~
jzwinck
With all due respect, I do not think multi-signature solves the real problem.
The real problem is that Bitcoin transactions are irreversible, so even if we
realize within hours that a hack has occurred, we can do nothing about it.

Banks as we knew them did not work this way. Yes, having to wait three days
for settlement is absurd, but folks are working to speed that up (to just one
day, haha). Yes, the fees add up. But the systems have been developed over a
really long time, and they have multiple levels of protection against you
losing all your money. In the US that's the FDIC and SIPC, for regular-sized
accounts. There will never been a direct equivalent for BTC, precisely because
no one's national security is tied to BTC. And most people won't buy deposit
insurance at any price higher than the "free" one they get from their
government.

Early adopters of Bitcoin spoke fondly of the fact that there are no
chargebacks. That's a great way to reduce transaction costs. It's also a great
way to make sure that when you get hacked (and you will) you cannot recover.

Compare this to the situation with ACH transfers (the US-only, low-cost "wire
transfer" system). Anyone who knows anything about computers would be aghast
at the technology comprising that system. The security appears to be pretty
lame. Yet people do not lose their savings via ACH. Why? It isn't because ACH
transfers are so secure--it's because the banks can undo them, which in turn
lowers the incentive for thieves. This is a virtuous cycle, by contrast to
Bitcoin's vicious one, and the way it works has nothing to do with technology.

~~~
jellicle
> And most people won't buy deposit insurance at any price higher than the
> "free" one they get from their government.

It's a product that can't really be sold, because the only people buying would
be fraudsters. Suppose a new bitcoin "bank" came to an insurer and said "we
want to buy insurance against losing any of our customers' money". The insurer
would, quite rightly, assume that the business plan here was to steal all the
money and put the loss on the insurer. The insurer would assume that to even
consider writing such a policy, they'd need to verify and stand behind every
single aspect of the "bank"'s business operations, website, and so forth. The
insurer would quickly realize that the premiums for such a policy would have
to be extravagant, like 100% of the amount insured. And the insurer would
decline the business.

The FDIC insurance "works" because of the large body of regulation and the
mandatory enrollment requirement, neither of which exist in bitcoin-land.
There isn't insurance for bitcoin banking, and can't be.

(Well, I suppose someone could offer fraudulent insurance - take premiums but
have no intention of paying out. But that's just fraud, not insurance.)

~~~
fauigerzigerk
I think a deposit insurance scheme could work very well if all (remaining) big
players came together and decided collectively to create one. It would be
widely publicised and it would be made very clear that no one should trust a
bitcoin bank that is not part of the scheme. Such a scheme would have to
include mandatory auditing of finances, QA and security.

So what I'm proposing is industry self regulation. That said, I doubt that any
deposit insurance scheme could ever be large enough to cover losses of such
enormous proportions as we have seen in recent weeks. The hope would be that
utterly incompetent adventurers like Mt. Gox would never pass the audit.

~~~
jellicle
If you think a bit about it, it can't work.

A bank can verify, on a daily basis, that they still have "most" of their
assets. And a lot of the assets can't be stolen in any real way. Banks owns a
house - house can't be stolen. The legal process will get it back. Bank owns
treasury bonds - can't be stolen, we know who is "supposed" to own them. Etc.

Occasionally there may be an unexpected asset leak (rogue trader or
something). But the damage is still limited, it's still small compared to the
assets of the bank. Barings lost something like 20% of all their assets -
obviously disastrous, but they still had 80% left. And a failure that large is
intended to be impossible to occur.

A bitcoin "bank", well, you audit it at 11AM and at 11:02AM it can have
nothing, 0, zero. No insurer is going to sign on for that sort of risk at any
price.

~~~
fauigerzigerk
_> No insurer is going to sign on for that sort of risk at any price._

One already has:
[http://www.bbc.com/news/technology-25680016](http://www.bbc.com/news/technology-25680016)

But I'm not suggesting getting insurance from insurance companies. I'm
suggesting that every bitcoin bank should set aside some small share of its
revenues to fund the industry's own deposit insurance scheme. That's how
deposit insurance works in many countries. If the losses exceed the fund's
resources then it's too bad for the depositors.

Insuring bitcoin banks (or rather storage companies) is not actually that
problematic because losses at different banks are uncorrelated. That's a much
simpler situation than insuring regular banks, which have loan loss risks that
are strongly correlated. Recession -> unemployment and bankruptcies -> non
performing loans at many banks at the same time.

You are right that regular banks cannot lose everything in a single event. But
that's not true for many other types of insured assets. Fire insurance being
one example. As long as there are many insured and the losses are not strongly
correlated it's not a problem for insurers.

------
mattlutze
If only there was a system, by which many of these institutions that hold
other people's bitcoin, could protect the currency against individual
institutions losing their clients' deposits.

I wonder what something like that might look like...

Maybe: [http://www.fdic.gov/](http://www.fdic.gov/)

~~~
deskamess
Or cold wallets done properly.

For larger amounts cold wallets are better. No US$ 100,000 FDIC cap.

~~~
mattlutze
OP's link was about clients' bitcoin in hot wallets hosted by the
bank/exchange. That seems to be a huge risk.

Recent events provide strong support for exchanges and banks to work with
insurance houses and develop insurance products. Flexcoin shouldn't be
shutting down and telling its customers "oh well" over their hot wallet theft;
they should have an insurance policy paying out value to their customers.

------
redthemad
Flexcoin via Twitter:

"While the MtGox closure is unfortunate, we at Flexcoin have not lost
anything."

"Flexcoin will be shutting its doors."

------
andyhmltn
No apology and a short little post. Disgraceful. Is that all it takes to run
off with $630,000+ of customers money?

~~~
mikkom
That's why there are bank laws. Maybe the people supporting "freedom" of
bitcoins slowly begin to understand the downside of no regulation and laws.

~~~
mike_hearn
The whole point of Bitcoin is that you don't need to trust third parties with
your money. Pointing out that people who choose to give their coins to a third
party might lose them seems trivial - yes, financial institutions collapse (if
you can call something like flexcoin an institution), and yes, regulation and
deposit insurance can help address that. Who was arguing otherwise?

The arguments for Bitcoin are that you don't / shouldn't need anything like
Flexcoin in the first place. Apparently though, some people end up buying
Bitcoins and then not storing them in their own wallets, ensuring they get the
worst of all worlds - no low-trust technology and no government bailouts.

------
duiker101
Every time a new bitcoin exchange opens, on the homepage one of the first
things you see is that they claim that is "secure". And than things like this
always happen.

~~~
danielweber
I bet they forgot the padlock icon.

------
jjindev
1\. We have a currency without government! 2\. We were robbed, and will now
contact the government.

------
ad93611
Due to the permanent nature of bitcoin transactions, I wonder if all bitcoins
stored in banks must enable multi-signature transactions. That way the money
can leave the bank only if there are 2 thefts. 2 thefts are exponentially
harder to pull off because second signature can be stored in different places
by different people.

------
pelario
This starts to feel like the banks in the Wild West.

I'm really curious about how it will evolve.

~~~
chii
The gov't start issuing notes based on how many coins you can present, and
then those notes gets traded instead actual bitcoins?

------
nbody
It's getting ridiculous... Startups should value security way more, especially
financial ones.

~~~
davidw
In economics, this is an information asymmetry problem if I'm not mistaken:

[http://en.wikipedia.org/wiki/Information_asymmetry](http://en.wikipedia.org/wiki/Information_asymmetry)

In other words, the people selling the bitcoin services know more about their
own security than users do.

~~~
stanleydrew
Yes, but it is a little different than the traditional used car "lemon"
information asymmetry problem, since there is an ongoing relationship and the
reputation effects are much stronger.

------
ck2
I am not trusting any crypto-currency site anymore unless they have an active
pen-test team employed.

We know good security is difficult but this is getting ridiculous - it has to
be a priority.

~~~
jnbiche
No, don't worry about pen tests. Just don't store your Bitcoins in someone
else's control, like an online wallet. This really isn't that hard.

The only time you should be exposed to any sort of counterparty risk in
Bitcoin is when you buy or sell them. And if you use a reputable service like
Coinbase or Bitstamp, and only keep your Bitcoins on that site for the few
minutes it takes to buy, sell, and transfer them, your risk should be
miniscule.

~~~
TeMPOraL
> _Just don 't store your Bitcoins in someone else's control, like an online
> wallet._

This AND hire your own pentest team to make sure you keep your bitcoins safe.
There's a reason people use banks for "normal" money.

------
izolate
Not a single "sorry" uttered. Shameful.

~~~
arethuza
Their lawyers probably told them that saying "Sorry" is an admission of
corporate and/or personal liability.

------
locksley
Any word on how they were Hacked?

I know that Bitcoinica, Gavin Andresen's faucet and TradeHill all got hacked
through Linode's support system a while back, in which the attacker managed to
reset all their passwords.

~~~
xeroxmalf
FYI, they got into TradeHill but couldn't compromise[0] any of the user
accounts because of the architecture of the site.

[0]
[https://bitcointalk.org/index.php?PHPSESSID=r2dliaaebhrctppc...](https://bitcointalk.org/index.php?PHPSESSID=r2dliaaebhrctppcub4bbsqg21&topic=67022.msg779310#msg779310)

------
primitivesuave
When things like this happen, I try to explain to the skeptics why I will
always have faith in Bitcoin.

Suppose you make a Bitcoin service where they print your keys onto pieces of
paper and store them in a big vault. When people want to withdraw coins, they
must visit the vault location and take money out, where the transaction is
verified by a physically present person. The owner of the vault could also
release an API to allow trusted third parties to conduct transactions on
behalf of the people who deposited Bitcoins in the vault.

We wouldn't need to worry about hackers, and if the vault is strong enough we
wouldn't need to worry about thieves.

But we would have to worry about the banker. The owner of the vault can devise
ways to increase the _apparent value_ of his vault, through financial
mechanisms like derivatives and credit default swaps. To prevent this from
happening, we could get a big organization with lots of guns and power to
regulate the actions of the banker.

But then again, the banker controls all your Bitcoins, so he can just use your
money to pay off the people with all the guns and power. Nowadays, everything
is for sale, everything can be stolen, and nothing is what it seems.

That's why I have a lot of faith in Bitcoin. Even though we haven't figured
out how to make a good vault, there's no real place for crooked bankers and
powerful organizations.

~~~
fauigerzigerk
That's a very weak argument. We just had the biggest financial crisis since
the 1930s and not a single saver in the U.S lost their funds in a regular bank
account.

Here's the secret: Deposit insurance.

Bitcoin related organizations are well advised to start copying some of the
good parts of the traditional financial system instead of just pointing at its
weaknesses. Some have already started:
[http://www.bbc.com/news/technology-25680016](http://www.bbc.com/news/technology-25680016)

~~~
ericb
Well, that's only nominally true. Every single holder of USD lost around 1-2%
a year to inflation, which is essentially a backdoor tax.

If you were in Cypress, or had a less trustworth (irony?) government that went
out of business, you probably didn't do well either.

~~~
merloen
> Every single holder of USD lost around 1-2% a year to inflation, which is
> essentially a backdoor tax.

That's only true of cash, and money in checkings accounts. Money deposited in
savings accounts yields interest, which (on average) more than compensates for
inflation.

~~~
mcdougle
What banks have savings accounts that yield that much interest? The average
yield on a savings account that I've seen is 0.01%. I've seen some "high
yield" accounts that can get you 0.03%.

If you're talking about money market accounts (where I believe you need to
park a substantial amount and can't touch the money in the account for
something like 10 years, but correct me if I'm wrong), you can get up to 3%
yield (just beating the stated inflation of 2%).

Am I missing something?

~~~
tveita
[http://www.money-rates.com/research-center/best-savings-
acco...](http://www.money-rates.com/research-center/best-savings-
accounts/2014.htm)

Interest rates are very low right now, but you appear to be off by a order of
magnitude.

~~~
mcdougle
You're right. I was just pulling numbers from memory. Still, even those
examples are an order of magnitude off from keeping up with 1% to 2%
inflation.

------
Udo
What I don't understand is why are Bitcoin sites keeping such amounts in their
hot wallets in the first place? Bank robberies happen, that's why traditional
banks don't keep a huge amount of cash in the teller's office. Why not just
transfer almost everything into cold wallets immediately? This way, the worst
that could happen is every once in a while a human needs to bring a cold
wallet online for a big withdrawal - with the added benefit that, you know, an
actual human would check if the transaction is actually valid.

It seems to me the solution to this problem (which will keep on happening
apparently) is not primarily to make a site that is absolutely penetration
proof, but to devise a system where the scope of a breach is guaranteed to be
very limited.

------
maaaats
I'm not very into BitCoin, so I have a question: To me, it seemed like
everyone were saying that one should use an online bank a year ago. Why? What
do you gain by having them in a bank?

~~~
jnbiche
Can you please point me to someone who was saying you should use an online
wallet (i.e., "bank") a year ago?

Among every Bitcoiner I've ever known, we'll all stressed the importance of
_not_ using any type of online wallet, unless it's a special one like
blockchain.info that lets you maintain control over your coins.

You do gain some convenience by storing your Bitcoins in an online wallet,
since you can use them then from any device. But you make a _very_ tempting
target for unethical people. Plus, you get all the convenience of an online
wallet with blockchain.info, and yet you still maintain control over your
money.

That said, even a system like blockchain.info is not appropriate for storage
of large amounts of Bitcoins, like your savings. For that, only a system like
paper wallets or Electrum or Armory deterministic wallets -- created on a
secure, offline computer -- are appropriate.

------
twobeard
What Bitcoin does better than anything else is to highlight the current state
of computer security, which is plain terrible. For that alone Bitcoin deserves
to exist.

------
bobjordan
Problem with bitcoin security right now is the truly secure self storage tools
are immature. For example, I've been trying to get this armory program
([https://bitcoinarmory.com/](https://bitcoinarmory.com/)) to complete
building database for more than 1 week. It just doesn't want to work on my
Mac. My dad is not going to endure this to secure his bitcoins.

~~~
jnbiche
Armory is notoriously bad on Mac. Why are you using Armory?

Use Electrum, back up your passphrase in a secure location, and be done with
it. Unless you're storing your inheritance, that should be fine. There have
been no security flaws in any of the SPV clients on desktop, including
Electrum.

If you're storing a huge sum, you should be using Linux.

------
zacinbusiness
Ok. So where can I find an accurate exchange rate for Bitcoin vs. U.S.
dollars? I'm just curious to see what the rate is these days, given that
people keep getting "hacked." And as a so-far-not-adopter, I wonder if now may
be the time to "invest" a little into the Bitcoin thing.

~~~
bendoernberg
If you're going to buy in the US I'd recommend using Coinbase. Their price
will be within $10-$15 of the prices you'll get at the largest BTC exchanges.

~~~
zacinbusiness
Is Coinbase considerably more secure than MtGox? As I've said elsewhere, I do
believe that Bitcoin is a resilient and useful currency. But I'd hate to get
Goxed (I'm coining this term here).

------
blueskin_
Yet again, why coins are only secure in your own wallet. Giving them to a
third party is throwing them away.

~~~
tomeric
How can Bitcoin ever go mainstream if you need regular people to secure their
computers, remember their passwords and backup everything so wallets aren't
lost?

~~~
panacea
Answer: It won't ever go mainstream.

------
zacinbusiness
"His soul swooned slowly as he heard the snow falling faintly through the
uni­verse and faintly falling, like the descent of their last end, upon all
the liv­ing and the dead."

(there are some people having a dick fight about their majors in
college...well I was an English major.)

------
servowire
Use your own wallet. If you do not own the Private Key - you do not own the
Bitcoin!

Sad this has to happen again and again.

------
igl
if bitcoint was made for the people, it would be forbidden already. wake up.

------
notastartup
We've been hacked = All your coin are belong to us

