

I'm leaving Bitcoin - zhoutong
https://bitcointalk.org/index.php?topic=81581.0

======
panarky
"Spectacular failure is your destiny."

I thought jellicle's advice to Zhou Tong was insightful 248 days ago. Time has
proven its wisdom.

<http://news.ycombinator.com/item?id=2973803>

\-- systems that work with money are attacked hard and often, by intelligent
skilled people

\-- in fact some of the people who attack your system are likely to be both
more skilled and more intelligent than you are

\-- systems that work with money that fail, fail spectacularly ("What do you
mean someone withdrew $8 million last night?")

\-- banking websites, Paypal, etc. are all like icebergs - you don't see
9/10ths of the things they've done to prevent spectacular failure

\-- spectacular failure is your destiny if you don't work very hard to prevent
it

\-- spectacular failure may be your destiny even if you do work very hard to
prevent it

You should plan accordingly.

~~~
zhoutong
Thank you for your original advice. It's definitely useful. But it's not
relevant today.

I don't wish to link the Bitcoinica fiasco with my leave because I sold
Bitcoinica a few months ago. And I lost my control in January. Basically
everything didn't go as I planned. (I'm VERY conservative about wallet
security.)

I wanted to build an independent exchange system to replace hedging, so that
most funds can stay offline. But the new owner didn't like the idea.

I know it failed like predicted, but my involvement in the failure is highly
limited. I sold the site for the same reasons: What if someday I'm hacked, or
caught? (The valuation (P/E) was less than 1!)

I'm a web developer, not a security expert. I know how to protect the API keys
but I'm not good at encrypting a wallet.dat. That's all I thought since day
one.

~~~
palish
May I ask how much money in total you personally netted from making
Bitcoinica? I'm intensely curious, but I'd understand if you'd prefer not to
tell.

~~~
zhoutong
Unfortunately, I have signed an NDA on this.

------
h2s
These bitcoin hacks have amazed me every single time. The old-school financial
industry goes to extreme lengths in order to protect the money it's in charge
of. Physical money is stored securely and guarded. IT infrastructure is
carefully guarded both physically and electronically.

By comparison, these bitcoin folks seem quite content to store what is
essentially _money_ on run-of-the-mill servers in run-of-the-mill data
centres. Linode? Rackspace? Are you people fucking serious? It keeps
happening, and I keep wondering why any thinking person would trust plain old
data centre security staff with their money like this.

~~~
icebraining
They go through great lengths, except apparently verifying if you're
authorized to access an account, as in the Citigroup hack. Or having two-
factor auth. Or being able to use passwords with decent length. Or providing a
better payment system than a single set of codes that you have to hope no
company leaks, or you'll have to get a new CC (see the Global Payments hack),
when even fucking Twitter knows how to develop an authorization scheme that
can be individually revoked.

Seriously, the banking industry is hardly a paragon of security. Many startups
give you better ways to protect your cat pictures than the average bank gives
you to protect your money.

~~~
rplnt
I have not seen an online banking without two factor auth though.

~~~
lbotos
I assume you are not in America? PNC, M&T, and TD all do not have two factor
auth. (That I've seen.)

~~~
rplnt
Yes, Europe. Maybe there are different laws? Some decade ago you used to get
plastic card with grid of passwords. Now it's usually SMS verification for
every transaction (and sometimes for login).

------
SkyMarshal
Thanks for posting, Tong, good luck with next.

Might I suggest a post-mortem on the various security problems you dealt with,
for those of us who weren't following closely? I'm sure you learned a lot,
even if what not to do.

I don't think many programmers, especially web developers in the consumer
startup scene, are faced with such security pressures as Bitcoinica was, so it
would probably be very useful for many to read a behind-the-scenes accounting
of that.

~~~
Estragon
I would love to read that, too, but it's worth noting that the particular
failure in this case appears to have been pretty boring. According to his
account he was transferring operational control to a different group, and one
member was relying on an insecure email server which was used to reset the
root password on a Rackspace VPS.

------
ewillbefull
This has no remarkable impact on Bitcoin or the community, it's just the
founder of Bitcoinica (which was hacked several times) disassociating himself
from Bitcoin because his reputation has been decimated.

~~~
zhoutong
If I did something seriously wrong, I would definitely admit it.

The recent hack is not my fault. It just destroyed the only reason that I stay
in Bitcoinica.

~~~
ewillbefull
I am certainly not accusing you of any misbehavior, but even you would admit
this incident did not serve your reputation well -- deservedly or not. And
that is indeed your motivation for leaving.

~~~
zhoutong
Reputation damage is never the motivation for leaving. I wanted to leave long
ago. The income was too attractive for me to actually leave.

Without money I can finally rationally re-think my destiny.

~~~
muyuu
I strongly disapprove of the recklessness you have displayed several times,
but then again you're a kid and it's understandable.

I hope you are successful and that you have banked well in the Bitcoinica
deal.

------
DiabloD3
I hope this thing with Zhou and Bitcoinica isn't going to screw up my
company's all Bitcoin IPO: <https://glbse.com/asset/view/DMC>

We're seeking 200k BTC for a self-green powered mining farm at our own DC up
here in Maine, so we profit from the mining farm itself, having nearly no
cooling needs for the DC, selling power generated back to the grid, and also
renting excess space to other companies who want out of the way DC space in a
quiet part of the country.

------
javert
zhoutong, you are definitely an inspiration. Sad to see you leaving bitcoin.

------
pixie_
I still suspect he stole the 18k bitcoins, the guy is slippery.

~~~
dkersten
Why would you think this?

~~~
dkersten
I was genuinely curious why grandparent would think that _"I still suspect he
stole the 18k bitcoins, the guy is slippery."_. Why is the guy "slippery"?
What makes you think that _he_ stole the bitcoins?

Why would someone downvote for asking for clarification..?

