
Winklevoss Twins’ Bitcoin Exchange - wehadfun
https://gemini.com/
======
tetrep
They have a reassuring security page[0]. It's nice to see they're enforcing
good practices, I especially appreciate their "no-link email policy" where
they will never send you links in emails, which seems like a great way to head
off phishing attempts. I hope they actually present this to users in some way
during sign-up though, or it won't be of much help unless a user manually
navigates to the security page and reads through most of it.

I'm a little disappointed that they only have level 2[1] HSMs in the cloud, as
I would be uncomfortable protecting my hot wallet keys with only tamper
evident protections, rather than level 3+ that actually attempt to detect
intrusion and delete keys. Bitcoin makes for very quick stealing once you have
keys, so reactive defenses against key loss don't help much as you're
literally in a race condition with the attacker to empty the wallet (you into
a non-compromised one, the attacker into their own). But I would assume they
weighed cost/risk and I've never heard of a security compromise of Amazon's
HSMs so it was probably a reasonable choice.

edit: I should also applaud their use of PGP and (explicit) respect for
responsible disclosure.

[0]:
[https://exchange.gemini.com/security](https://exchange.gemini.com/security)

[1]:
[https://en.wikipedia.org/wiki/FIPS_140-2#Level_2](https://en.wikipedia.org/wiki/FIPS_140-2#Level_2)

~~~
dtwhitney
I personally know many of the engineers at Gemini and have worked with some of
them in the recent past. If I were going to choose a team to build a bitcoin
exchange, the people I know at Gemini would be on it. If you're into bitcoin,
I think this is the place to put your money.

~~~
cenal
What benefit do they offer over something like Coinbase to a casual Bitcoin
observer like me?

~~~
benmmurphy
Looking at Coinbase and Gemini as a user I would probably prefer Gemini
marginally because their bullshit about using HSM. They both seem to be hosted
in AWS which from my POV is a major fuckup. Gemini and Coinbase are basically
running a CTF where if you can find a hypervisor exploit and get lucky you can
drain their hot wallet.

~~~
silverbax88
I saw a presentation at OWASP a couple of weeks ago by Coinbase, where they
stated that the BTC are stored on air gapped servers, and that 97% of the
Bitcoins never exist on routable servers.

------
artursapek
It's live! You can see there is some activity starting:
[https://cryptowat.ch/gemini](https://cryptowat.ch/gemini)

Also, there was a great post on /r/bitcoinmarkets by the CTO of another
exchange, picking apart Gemini's technical setup. Worth a read if you're into
modern frontend web development.

[https://www.reddit.com/r/BitcoinMarkets/comments/3nkxh3/gemi...](https://www.reddit.com/r/BitcoinMarkets/comments/3nkxh3/gemini_approved_for_launch/cvp219l)

~~~
dubcanada
I'm not sure if 'picking apart Gemini's technical setup' is the right way to
describe it, I tend to think of 'picking apart' being negative while the
comments are entirely positive.

~~~
artursapek
I meant it as in he scrutinized it.

------
roymurdock
What is the difference between this exchange and say, Coinbase, that makes it
"next generation"? The website is very light on details.

~~~
Caprinicus
Well for a start coinbase is not an exchange

~~~
pmorici
Yeah they are. They wern't originally but they launched 'Coinbase Exchange' a
while back and now offer both their traditional broker service as well as
Exchange services.

------
TomGullen
Interesting (unfortunate?) time to launch this with the malleability attacks
going on.

~~~
eterm
Is this a dank meme based on the fall of mtgox or are there actually
malleability attacks going on?

~~~
patio11
The Bitcoin network is presently undergoing a malleability attack designed to
cause Bitcoin nodes to run out of memory.

[http://motherboard.vice.com/read/i-broke-
bitcoin](http://motherboard.vice.com/read/i-broke-bitcoin)

~~~
haakon
Not quite; there are two separate attacks currently ongoing against Bitcoin:

* The malleability attack: a transaction relayer is able to change the hash of the transactions, thus confusing senders or receivers who rely on this hash to check if the transaction has confirmed. This creates a nuisance, but all money arrive where they are supposed to. This attack does not affect memory usage on nodes, and it's an old and well-known issue.

* A transaction spam attack (misleadingly called a "stress test") where a shady group called coinwallet.eu creates a large amount of big transactions. These mostly have appopriate fees so that regular users who want their transactions to confirm in a timely manner has to out-bid the spammer. All the unconfirmed transactions are stored in the memory of nodes, so this severely affects memory usage (currently about 1 GB on some nodes).

~~~
redcalx
Why do you say it's misleadingly called a stress test? Regardless of motives
it is effectively stressing the bitcoin network AFAIK.

~~~
mod
"stress testing" and "maliciously stressing" aren't the same, motive is
inherent in the word "test"

------
pnathan
Nifty. I think this is the first BTC operation I've seen where words like
"compliance" are used in a serious fashion, and a direct aim at institutional
investors is presented. Institutional investors are Very Serious Business, so
it should be a fun ride.

I'm still holding out for a BTC ETF. :-)

------
gregwtmtno
Very slick identity verification process.

Instead of requiring a scan of your driver's license or other identifying
document, they ask you for questions about your history. I've seen a similar
process used at etrade.

~~~
knodi123
It's just a 3rd-party identity verification web service. I've gone through
that at a number of sites.

------
bko
> Gemini operates fully in the United States. We work exclusively with
> American banks; your dollars are eligible for FDIC insurance and never leave
> the country

Is this just for the cash balance with the exchange or the bitcoin balance as
well? I can't imagine it does, but it would be a strong selling point if it
did. If its not, its pretty misleading as written.

> FDIC insurance covers all types of deposits received at an insured bank,
> including deposits in a checking account, negotiable order of withdrawal
> (NOW) account, savings account, money market deposit account (MMDA), time
> deposit such as a certificate of deposit (CD), or an official item issued by
> a bank, such as a cashier's check or money order.

> FDIC insurance covers depositors' accounts at each insured bank, dollar-for-
> dollar, including principal and any accrued interest through the date of the
> insured bank's closing, up to the insurance limit.The FDIC does not insure
> money invested in stocks, bonds, mutual funds, life insurance policies,
> annuities or municipal securities, even if these investments are purchased
> at an insured bank.

[0]
[https://www.fdic.gov/deposit/covered/](https://www.fdic.gov/deposit/covered/)

~~~
ryanworl
I think it is written fairly. Bitcoins and not dollars, and the rest of those
things you listed that are covered by FDIC insurance are denominated in
dollars. If someone (not _you_ specifically) cannot understand the difference
between dollars and bitcoins, they shouldn't be trading currencies.

~~~
bko
Well, some people want exposure to bitcoins without necessarily understanding
the block chain, recourse or anything really. That's the whole pitch behind
everything the Winklevosses do in this domain. That's why they opened a
bitcoin exchange traded fund and that's probably their rationale behind this
exchange. Saying that "your dollars are eligible for FDIC insurance and never
leave the country" makes someone think that their bitcoin balance is FDIC
insured. I wasn't sure at first either and stock exchanges very explicitly
state that their products are not FDIC insured and may lose value. Maybe the
exchange has a similar disclaimer when you buy bitcoins on the exchange but I
still think its a bit misleading to have that basically front and center.

Nothing wrong with wanting to invest in bitcoins without fully understanding
them.

~~~
IkmoIkmo
> Well, some people want exposure to bitcoins without necessarily
> understanding the block chain, recourse or anything really. That's the whole
> pitch behind everything the Winklevosses do in this domain.

Yes and no. They initially wanted to open up the bitcoin market to
institutional investors who want exposure without having to change anything in
the trading software they use, the accounting structures etc. This meant:
provide a bitcoin security that can be traded by wall street typically, such
as an ETF on the NYSE or NASDAQ or something to that effect.

Barry Silbert's Second Market (definitely a wall street player) got there
first in terms of accounting structures. They created a bitcoin security that
anyone can buy and put on the books just like any other security (like some
oil or wheat derivatives or whatever). But that was still sort of an old-
fashion security that you buy on the phone rather than on an automated
exchange. Not something that pension funds, university endowment funds etc can
easily get into and scale up, but it opened up the bitcoin market to say small
family wealth funds that wanted some exposure to the bitcoin price. Bitcoin is
one of those things that is likely to either go to $0 or become 3 orders of
magnitude more valuable. So if you believe there's a 10% chance that'll
happen, investing $100k has an expected value of $9.9m, of course these are
just made up numbers but this is often the rationale for investing even modest
amounts of money. Silbert's GBTC (marketed under Grayscale) did fairly well
but in wall street terms it's a really tiny fund (iirc about $50m or so).

The 'holy grail' for bitcoin investment right now would probably be an ETF.
Basically the above security, but then traded on an exchange, a derivative of
bitcoins trading on mainstream exchanges (i.e. exposure to bitcoin's price
potential traded on exchanges where anyone can easily and automatically buy in
without having to know anything about bitcoin or change accounting/audit
practices). The Winklevoss's pitch was always to set up that ETF, which
they're still working on, and the fact they just launched a normal exchange
tells me they're either 1) building up the orderbooks, building relations with
investors and building up liquidity etc a bit for a potential ETF launch later
down the line or 2) the ETF is facing major, perhaps insurmountable roadblocks
so they're pivoting to something less ambitious which is launch their own
exchange. (which generally sucks because 1) there are major established
players, like Coinbase, which are true software companies with half a billion
dollar valuations, solid engineering teams and a big headstart, and 2) because
none of the big players, like an investment fund, will be likely to register
for your tiny exchange just to trade some bitcoin. They did get a lot of the
legal frameworks right though, so it may be an interesting partner for
investors nonetheless.)

As for security... well bitcoins are obviously not FDIC insured, but their
security looks really tight, I'd feel very comfortable trading with them.
[0][1] They still offer the 'you don't need to know anything about bitcoin or
worry about security' pitch, but you still need to register with them rather
than just select their security on the NYSE and click 'buy', and that doesn't
fly for most big investment funds with strict auditing and accounting
practices and automated trading teams. We'll see how it works out.

[0]
[https://exchange.gemini.com/security](https://exchange.gemini.com/security)
[1]
[https://www.reddit.com/r/IAmA/comments/3nu7gj/we_are_cameron...](https://www.reddit.com/r/IAmA/comments/3nu7gj/we_are_cameron_and_tyler_winklevoss_but_you/cvrbh0v)

~~~
bduerst
Isn't Gemini their first step towards the ETF?

Also, FDIC insurance isn't for "if" your assets are lost, it's for "when". You
can trust security and safety all you want, it's when things go wrong that you
need insurance.

I really hope they get private insurance, because just like making sure there
are enough lifeboats on the Titanic, hindsight is always 20/20.

------
clamstew
Did Uber open source their css?

------
dmalvarado
On an unrelated note, can anyone tell me what that parallaxy, image sliding
feature of their website is, so search for it and learn it?

~~~
hellbanner
Start here. [http://keithclark.co.uk/articles/pure-css-parallax-
websites/](http://keithclark.co.uk/articles/pure-css-parallax-websites/)
[http://keithclark.co.uk/articles/pure-css-parallax-
websites/...](http://keithclark.co.uk/articles/pure-css-parallax-
websites/demo3/)

..
[http://lmgtfy.com/?q=vertical+parralax+css+template](http://lmgtfy.com/?q=vertical+parralax+css+template)

------
joshu
ha, "gemini", get it?

~~~
colordrops
No, what's the joke?

~~~
kylecrum
Gemini = Twins. The Winklevoss brothers are twins.

------
howdoipython
What is the best way to get bitcoin without associating it with your identity
(credit cards, debt cards, etc).

Accepting pre-paid cards is fine too

~~~
2mur
Localbitcoin has sellers who accept cash-purchased gift card codes. You're
going to pay above market rate.

------
dabernathy89
Not operational in Texas yet, apparently.

~~~
cmiles74
Nor in Massachusetts.

------
lemiffe
What a beautiful, fast website.

~~~
smoreilly
Honestly when banks have crappy websites it makes me really feel like the
engineers doing the backend work are terrible. I know this is a horrible bias
but still if you can't spend the time to make a good website who says they
didn't cut corners on security?

~~~
Zelphyr
A local Credit Union had CAPTCHA's like, "4n1m4l" and (believe it or not)
"b4nK3r". When I complained they snidely remarked that they were pretty sure
they knew how to handle security.

That may be, but they no longer have my money.

Though, for what its worth, the biggest reason I left them is because they
wanted to charge me a fee to deposit cash that my kids had saved up. "Because
that's what Loomis Fargo charges us." So? Cost of doing business.

The irony that they were CHARGING ME TO GIVE THEM MONEY was completely lost on
that particular teller.

------
Demeisen
How does this not create a conflicting trademark with ISE Gemini?

------
bduerst
Kind of annoying that they try to push the Authy app install first, then let
you authenticate without it.

Love the interface, but would even greater if they would let you short
somehow.

------
teekert
"Thank you! We will notify you when Gemini has launched in Netherlands."

Bleh.

------
bitJericho
This is the perfect opportunity to hawk my own exchange because we should all
have alternatives.
[http://bitcoinsexchange.itmustbetrue.com](http://bitcoinsexchange.itmustbetrue.com)

~~~
chillwaves
Why would anyone want to have a sex change for their bit coins?

------
jonknee
So now when does Mark Zuckerberg launch his Bitcoin exchange?

~~~
6stringmerc
When he moves to a new neighborhood and wants to cloak the source of funds
that buy up all the adjacent properties?

~~~
lingben
That's why lawyers and LLC's exist.

------
hellbanner
So, Winklevoss + Bitcoins + HN. Who's found vulns?

