
Bitcoin Bail-Ins and Yuan Bets - kgwgk
http://www.bloomberg.com/view/articles/2016-08-08/bitcoin-bail-ins-and-yuan-bets
======
devishard
> It is easy to make fun -- and I do make fun -- of bitcoin/blockchain
> enthusiasts for naively re-creating everything that has existed for decades
> or centuries in the traditional financial system.

From a "blockchain enthusiast"'s perspective, this is exactly why Bitfinex and
other centralized Bitcoin businesses are idiotic. If we're just implementing
centralization on top of Bitcoin's decentralized structure, Bitcoin has
literally no benefits over the traditional financial system. It's actually
worse, because when a major traditional financial institution gets hacked,
they reverse the charges instead of going bankrupt. Bankruptcies happen all
the time in the Bitcoin world because creating a centralized Bitcoin puts a
target on the business that grows as the business grows, and the damage when
they get hit is irreversible.

The benefit of Bitcoin is decentralization, and businesses that don't
understand this are always going to come across as naive. Sometimes so naive
that they fail.

~~~
CydeWeys
> From a "blockchain enthusiast"'s perspective, this is exactly why Bitfinex
> and other centralized Bitcoin businesses are idiotic.

Speaking as a fellow "Bitcoin enthusiast" who's been involved in it for five
years, exchanges are useful for selling Bitcoin. The key is to limit your
exposure to hacks by leaving your money with them for as little time as
possible. So my balances are always sitting at zero, right up until I want to
sell some, at which point I deposit it, wait the six required confirmations
(roughly an hour), immediately sell it, then immediately initiate a
withdrawal. Even assuming a very pessimistic situation of the exchange I'm
using suffering a full loss every year, that still puts my % loss from hacks
at well under 1%. That's a risk worth taking considering how much more
inconvenient all other ways of selling Bitcoin are.

~~~
craigyk
sounds like a PITA.

~~~
CydeWeys
It's really not though? All I have to do is two things spaced roughly an hour
apart (from the comfort of my own home). Buying a money order or mailing a
check are more involved.

~~~
ubernostrum
_I keep my money as cash, in a vault that I had to design and build from
scratch in my own home. It 's probably not secure against robbery, but it's
how I have to store my money to avoid the fact that all the banks are being
robbed blind all the time. When I do actually have to transfer money to
someone, I go to a bank where I keep a zero-balance account, make a deposit
and physically stay there until it clears. Then I initiate the transfer, and
as soon as that clears I immediately withdraw any leftover funds from the
account and go back home to put it in my vault._

If someone had seriously proposed this as a way they use traditional cash +
banks, you'd be laughing at them.

~~~
riboflava
Many laughable things become fine with technology. Look at various encryption
or network protocols. If someone had seriously proposed to Caesar that to keep
their messages truly safe they needed to work out the math of a one time pad
for every communication (or maybe more practically by modern standards, AES),
they'd be executed. Rather than dismiss things on analogy, look at things as
they actually are. The total amount of friction for the bitcoin equivalent is
very little which makes it not a problem at all.

~~~
devishard
If I have to transfer my money into an exchange, wait for it to clear, and
then immediately transfer it out into a wallet with a long random address with
a random key that I then have to protect, that's not "very little friction"
compared to traditional banking. There are many benefits to cryptocurrency,
but ease of use is not one of them, and when you claim it is, you come across
as out-of-touch with the average user.

------
chollida1
Ohh a Matt Levine post, so I guess the top 10 comments will be people
recommending that everyone subscribe to his daily news letter:)

On a serious note....

> Engineers at Sydney-based Metamako LP and Exablaze Pty. Ltd., and Chicago-
> based xCelor LLC are rolling out switches that take around four
> nanoseconds—four billionths of a second—for messages to transit from one
> side to the other, sending data from exchanges to electronic traders.

Wow, can anyone shed some light on how they time this? What sort of clock, I'm
assuming its some fancy hardware that you use to benchmark at the 4 nano
second level? Or do you just claim this and assume that no one can prove you
wrong?

As to Bitfinex, on the weekend a few friends and I were batting around ideas
on how to reliably trade bitcoins without having to worry about being robbed
by the exchange^H^H^H^H^H err worrying about the exchange being hacked and
passing their mistake onto you.

The top ideas we had were:

\- only trade on US domiciled exchanges, the US government tends to poke their
nose into everything and this is one case where you benefit.

\- phone the exchange before you start trading. If you can't get someone on
the phone, that's a very bad sign:)

\- Similarly, if the C level executives of the exchange aren't well known and
always around at the regular bitcoin industry conferences then that's a bad,
though this fails the Mt Gox test.

\- we tried to figure out if you could pull the coins out each night and put
them back in each day, but even then, you'd run the risk of the hack happening
while you had coins held by the exchange.

But we came to the conclusion that there just isn't any sane way to trade
bitcoins currently where you can eliminate "exchange risk". If anyone does
know of a way please let me know.

~~~
blueprint
How about a decentralized exchange, like, say, Bitsquare?

~~~
gnaritas
Far too slow for any real trading. Exchanges exist for trading quickly, they
must be centralized due to this.

~~~
blueprint
> Far too slow for any real trading.

Maybe if you're a day or mechanical trader. Although, I personally don't know
if that's actually true. Have you tried it? Can you share any data or
citations?

> Exchanges exist for trading quickly

Agreed

> they must be centralized due to this.

Have you encountered any definite proof of your conclusion?

~~~
gnaritas
> Maybe if you're a day or mechanical trader.

Or swing trader or any kind of trader looking to time the market. Trading
requires the ability to execute in near real-time. Block chain transactions
and worse, fiat transfers between parties, takes far too long for trading to
be effective.

> Have you encountered any definite proof of your conclusion?

They must be centralized to obtain the necessary speed _because currently
block chain transactions are too slow_. Proof is unnecessary, logic is more
than ample. One can't trade effectively if ones capital is hung up in
"transit" between parties. Exchanges exist specifically to provide fast
trading. There wouldn't be any exchanges if block chain transactions were fast
enough.

~~~
blueprint
Swing trading does not require the ability to place an order in near real
time. You need to have done your DD and generally you just place your order
the day before you expect your event.

We don't know that blockchain transactions are inherently slow and we haven't
verified that no decentralized architectural/algorithmic/structural solutions
exist to coordinating trades. In fact, I can think of one or two. So I'm
asking you for data, not hypothesis. Do you have any info from your research
about trade order execution times on p2p exchanges over time or userbase size?
Or is it just your conclusion from anecdote?

------
CydeWeys
I don't believe this is accurate:

> So when hackers stole about 36 percent of the bitcoins at Bitfinex, they
> didn't just steal 36 percent of each customer's bitcoins: They stole,
> basically, all of the bitcoins owned by 36 percent of the customers, and
> none of the bitcoins held by 64 percent of the customers. (Weighting
> customers by account size; you know what I mean.)

I think that all, or almost all, of Bitfinex's Bitcoins were stolen. Certainly
more than 36%! The hackers generated all transactions and then simultaneously
broadcast them. There's no reason they wouldn't or couldn't have gone after
every last Bitcoin that was accessible to them. Bitfinex did not realize the
attack was occurring in time and did not send out any counter-transactions to
attempt to spend all of their coins first (realistically they had on the order
of seconds to minutes for this). We know that Bitfinex wasn't using cold
wallet storage like they should have, instead opting for some multi-sig scheme
using BitGo that didn't actually work, so essentially all of their Bitcoins
were available to be stolen, and were.

What's happening is that the 36% haircut is across _all_ values in all
accounts, including fiat currencies that were on deposit such as USD, as well
as other cryptocurrencies that Bitfinex trades such as Ethereum. So Bitfinex
lost all of their Bitcoin, which represented 36% of the total value on deposit
with them, most of the rest of which was fiat currencies.

~~~
zeven7
Just to fill in a couple gaps: The attack lasted approximately 3 hours,
starting by draining the largest accounts and moving down from there over
time. It's known not all of them were stolen. I've seen estimates (by
outsiders) that approx. 60+% of bitcoins were stolen. It was certainly more
than 36%.

Edit: Sources:

[https://www.reddit.com/r/Bitcoin/comments/4wizdn/txid_and_bi...](https://www.reddit.com/r/Bitcoin/comments/4wizdn/txid_and_bitcoin_addresses_connected_to_the/d67dtk3)

[https://www.reddit.com/r/Bitcoin/comments/4wmpzt/bitfinex_as...](https://www.reddit.com/r/Bitcoin/comments/4wmpzt/bitfinex_assets_remaining/)

~~~
CydeWeys
Thank you for filling in the details.

------
HairyGing3r
Socialising the losses couldn't work with us customers. Since bitfinex'
biggest market is in the US I don't see how this (bitfinex tokens) could fly
without many lawsuits

~~~
merkleme
But I thought Bitfinex was a global exchange... Does an exchange just need to
have a few US customers to face US lawsuits?

~~~
Isomatik
Yep. If you're open for business to US citizens, or even really just moving
USD around, you can't escape the USA's jurisdiction. And it appears Bitfinex
compiled fully to AML/KYC laws for US customers dealing in USD, so
everything's definitely documented.

"In prosecuting money laundering offenses, the US Department of Justice takes
the position that jurisdiction exists over a financial transaction if the
laundering is completed by a US citizen anywhere in the world, or by a foreign
national or non-US corporation if the criminal conduct occurs in part in the
United States—even if the foreign individual or company never themselves took
an action in the United States, or intended for an act to occur there... US
enforcement authorities increasingly operate on the assumption (unless
convinced otherwise) that they have jurisdiction for such offenses whenever a
suspect transaction is denominated in US dollars.
[http://www.whitecase.com/publications/insight/how-us-laws-
ca...](http://www.whitecase.com/publications/insight/how-us-laws-can-apply)

[https://www.mayerbrown.com/files/Publication/577b946b-8ad0-4...](https://www.mayerbrown.com/files/Publication/577b946b-8ad0-445d-b566-8b4a9682c373/Presentation/PublicationAttachment/ad366972-a841-447e-bd23-86883403a000/understanding-
reach-jurisdiction.pdf)

~~~
merkleme
Wow, thats pretty staggering. I'm sure I read an article (maybe just a tweet)
by Andreas Antonopoulos stating that by complying to KYC/AML that they left
themselves more vulnerable to this hack.

~~~
compil3r
The issue comes into play that Bitfinex owned the private keys of all wallets
in their possession, and the winners of positions were shown an accounting
ledger through Bitfinex as opposed to having possession of their own coins.
Now I can not pretend I know what happened behind the scenes with the back and
forth between Bitfinex and the CFTC, but I can say that based on all evidence,
Bitfinex was unable to pay out all positions within the required 28 day
period. Verbiage within the original CFTC complaint suggests that the primary
cause of this was Bitfinex's accounting system that was at fault.

~~~
Isomatik
Bitfinex could have moved to a cold storage system to make the bulk of their
bitcoins secure, but doing so would have required them to register as a
futures merchant and submit to additional auditing (which makes perfect sense,
you can't expect to dump people's money into a shared pool only you have the
books for). They chose to remain unregistered and use their multi-sig hot
wallet system because the on chain transaction is enough for "proof of
delivery". I'm sure someone could argue that qualifies as "The CFTC forced
them to act insecurely", but Bitfinex gets zero sympathy from me for doing
shit they profited from at the expense of their customers, while taking money
from customers to socialize the loss.

------
jbapple
A big contributor to the GFC was pension funds ("dumb money") buying CDOs with
rates that were way too low for the risks. Do I need to be worried about the
same thing for cat bonds?

------
joeyspn
The bitfinex hack stinks. A lot...

Still waiting for a proper post-mortem/post-hack. They must be gaining
precious time and lawyering up before all the details are released and SHTF...

------
compil3r
BFXCoin isn't totally without precedent, as BitcoinBuilder (created in the
wake of MtGox) was recognized by the Japanese courts.

