
Frozen Funds - moe
https://vircurex.com/welcome/ann_reserved.html
======
nwh
They were compromised in Janurary 2013 and made this comment:

> Before the wild speculations beginn, the service will be recovered and we
> pay the losses out of our own pockets.[0]

From the forums it looks like they lost funds again in May 2013 due to the RoR
code execution bug (CVE-2013-0156):

> After investigating the security breach we have to come to the conclusion
> that the attacker has been able to get root access to the systems.

By the sounds of things they've been insolvent for over a year after both
breaches and at this time just happened to get more withdraws than deposits.

Terrifyingly in January, they "cleaned up" the server and kept on using it
afterwards[2].

[0]:
[https://bitcointalk.org/index.php?topic=135919.msg1448056#ms...](https://bitcointalk.org/index.php?topic=135919.msg1448056#msg1448056)

[1]:
[https://bitcointalk.org/index.php?topic=49383.msg2102708#msg...](https://bitcointalk.org/index.php?topic=49383.msg2102708#msg2102708)

[2]:
[https://bitcointalk.org/index.php?topic=135919.msg1448204#ms...](https://bitcointalk.org/index.php?topic=135919.msg1448204#msg1448204)

~~~
xdocommer
Blame ruby... Blame malleability Blame ...

I wish a real security expert would publish good practices for using crypto
wallets

~~~
RyanZAG
Getting a real security expert and swapping from Ruby to Haskell or something
is not the solution - you can still have bugs. Most security bugs come from
misunderstanding some layer of abstraction or failing to check permissions in
all possible branches, etc. These bugs are usually small logic errors and are
completely independent of the technology used to transfer algorithm to machine
code.

There is no silver bullet. The only secure software is software that has been
used by millions of people in millions of ways and been slowly but surely
improved. This software will still have bugs to be found, but far less than
something newly written.

EDIT: And unit tests are not the solution either - do you have a unit test to
check for a timing vulnerability? I thought not... (Counting off one of the
many ways I've heard to make secure software)

~~~
xdocommer
Like I said blaming software is not a legitimate excuse. And there is no
silver bullet but there must be procedures and good practices that make it too
demanding and hard where time + effort will be way greater then the reward.

~~~
RyanZAG
If you have 100KLOC in a complex system, it takes 1 line to destroy the
security of the entire application. Unless your procedures and good practices
include each line being meticulously checked for security vulnerabilities then
you're going to have security bugs. Generally the only way this happens is if
the software is used by millions of people and can afford to have this kind of
verification done. Random bitcoin exchange put up over the duration of 3 weeks
is so far from this level that you can't even begin to define procedures and
good practices.

Just don't trust random websites with your money unless you have some form of
insurance. It's not a hard concept.

~~~
tinco
Except that a trade api should never be 100kloc. The key to securing services
like this is to drastically reduce attack surfaces. A lot can be gained just
from splitting the API up into multiple services and multiple levels.

The HTTP api that's accessible over the internet would not be able to connect
to the database, instead it would perform its actions by making requests to
multiple services, every service having the absolute minimum api endpoints
required. A user creation service. A user details service. An authentication
service. A trade submission service. A trades reading service. Each of these
servers would run on different VM's, if the money is there, make that
different hardware.

Where possible the data would be split into different databases, a trade
database, a users database, a wallets database.

The different services would have their own login credentials to those
databases, would not be able to even connect to databases they don't need, and
their credentials on those databases would only allow them to execute the
queries that they need to do. (If a database you use does not allow for fine
enough access control the service would access the database through a
middleware that does.)

If that seems like a lot of work, I bet you there are security professionals
reading this laughing at it knowing this is just a sane basic architecture,
and that I'm a rookie and they'd do a dozen more stuff.

My point is just: Even if there's a 100kloc in your system, it doesn't mean
it's impossible to secure. Even a 100kloc system will have a limited attack
surface that can be divided, and controlled.

~~~
tinco
A cool way of introducing some additional proofing of your system is to do
what big-science researchers do. Have two teams develop the same services,
preferably in different languages. Then have a middleware in front of your
database that requires for every action the request be sent from both
services, and that the request be identical. As a side benefit your service
would be quicker to reveal bugs in production as well.

~~~
shabble
[https://en.wikipedia.org/wiki/N-version_programming](https://en.wikipedia.org/wiki/N-version_programming)

------
hibikir
Regulation will not help, because the problem that causes this kind of stuff
is embedded in bitcoin, but called a feature: Transactions are not reversible,
and nobody can make transactions on a wallet other than the owner.

So in a system built around this, any hack, from good old Mitnick-style social
engineering attacks, to something purely technica, will cause irreparable
loss. Any computer , network, or even individual that has control of enough
coins will have a huge target planted on their heads, because all thefts are
final.

The security systems on a regular bank do not put fraud avoidance as their
number one priority: That's just number two. What they really care about is
fraud detection, because for most forms of fraud, and especially the ones that
could ruin a bank, early detection allows them to undo the damage. If I could
take a billion from Bank of America, and there was nothing that could be done
about it after the fact, there would be millions of people working on finding
ways to do just that. The payoff would be too great for it not to happen
multiple times a year.

So the best the Bitcoin fanatics can hope for is for the major thefts to be
rare. Still, they will happen, it's just unavoidable when the stakes are that
high, and the rules so in favor of the thief.

~~~
sigil
"Stop Saying Bitcoin Transactions Aren't Reversible"
[http://elidourado.com/blog/bitcoin-
arbitration/](http://elidourado.com/blog/bitcoin-arbitration/)

Other commenters here have mentioned n-of-m multisignature transactions. This
article describes how multisig works, and how it can be used to implement
better arbitration than what's been possible with traditional payment systems.

Unfortunately we're in the early days of Bitcoin here: support for multisig
isn't common, and neither is the awareness of just how important it is for
large transactions. We'll get there though.

~~~
yetfeo
Wouldn't multisig on an exchange prevent the use of cold wallets? It wouldn't
be possible to move funds to/from hot and cold without a signature from the
depositor.

It would also make trades a little more difficult in that users that are slow
in signing off a transaction slows the trade down. The buyer has to wait until
the seller has performed an action. Could you DoS an exchange with multiple
buy/sells that you don't release?

~~~
sigil
I was mostly responding to the claim that Bitcoin transactions aren't
reversible.

To your point: I suspect multisig doesn't help solve the problems we keep
seeing with exchanges. An exchange converts between currencies, and wants to
make transactions easy. A bank keeps your money safe, and wants to make
transactions more difficult to that end. Unless you're a currency day trader,
I don't see a reason to conflate the two.

Personally, I'm appalled by the fact that we've built a system that makes it
easy for individuals to secure their own funds, and yet we're using it to
entrust funds to third parties who don't have a clue. All in good time I
suppose.

------
aegiso
I won't speak to this particular case, but look at the incentives for any
service that stores people's coins:

-You can cash out (steal) an arbitrary amount of people's coins, blaming it on a "hack". If technically competent you can make it look as legitimate as you like, even giving a detailed post-mortem.

-This will probably tarnish your operation and possibly your internet rep if the Google juice flows that way.

So how much is your internet reputation worth? Personally, there's probably a
number that would sway me.

Until these incentives are changed somehow, with regulation or otherwise, it
will happen.

~~~
DennisP
Instead of changing incentives, we could remove the technical ability for
services to do this.

One solution is m-of-n transactions, which Bitcoin already implements. Set
things up so that any two of three keys can sign a transaction and spend your
coins. The online service gets one key, you keep another on your computer, and
a third goes in your safe deposit box.

Normally, you spend by signing a transaction from your computer and asking the
service to do the same. The service can't spend coins without hacking your
computer. If the service goes away, you pull the third key out of your safe
deposit.

~~~
kiba
Which will shift the burden to individuals to secure their safetyboxes and
safe, and backup their computers. However, it's a hell lot better than losing
everyone's coins in one fell swoop.

------
ndarilek
Maybe naive, but here's what I wonder. Why doesn't someone write an exchange,
open source the code, and build transparency in from the beginning? Publish
every wallet address with no associated info so users can watch transactions
on the blockchain. Publish cold wallet addresses too and automatically route,
say, 90% of deposited BTC into those. With such a system, you could transfer
in BTC and watch 90% of it go to an address the exchange claimed was a cold
wallet (I don't know how to verify that other than by trust, but this level of
transparency is at least more than what we have today.)

Just to be clear on what I'm _not_ saying, I _don 't_ claim this will solve
all problems. I also _don 't_ claim that it is preferable to keep a
significant amount of one's currency in a remote account. But people are going
to do it anyway, angry/snarky/intelligently-worded arguments not withstanding.
Why not embrace the transparency these platforms offer to buoy user
confidence?

Even if you could start your own exchange using this codebase more easily,
most of the value from such a service comes from professionally maintaining
quality infrastructure, providing trustable guarantees on security, etc. The
alternative is a series of crappily-coded exchanges that will continue failing
due to poor code and lack of transparency. I don't know how to solve the
problem of nefarious parties starting exchanges with this code, but solving
that problem isn't my intent.

------
panarky
Once again, statements from an exchange are vague and inconsistent.

    
    
      large fund withdrawals in the last weeks which have lead to a
      complete depletion of our cold wallet balance
    

versus

    
    
      We'll take the current available cold storage balance and distribute
      it based on the below described distribution logic
    

Is the cold wallet completely depleted or isn't it?

And why choose such a cockamaime distribution scheme? 50% to the largest
accounts and 50% to the smallest accounts?

Why not pro rata based on each account's balance?

So the largest accounts will enjoy 100% recovery while those in the middle get
less, or even zero? This gives preference to certain accounts while providing
the illusion of fairness.

Yet again, there's no disclosure of a balance sheet, no visibility to total
assets and liabilities.

Why do people continue to trust their funds to incompetents and fraudsters?

~~~
tlrobinson
_And why choose such a cockamaime distribution scheme?_

Perhaps to hide outright theft by Vircurex.

If you don't receive funds, you might conclude your account balances fell
somewhere in the middle... or perhaps they didn't distribute any funds at all.

There's no way for users to know how large their account balances are relative
to others.

------
raverbashing
"Distribution logic

50% of the amount will be distributed top down and the other 50% will be
distributed bottom up. "

This seems, even by their own example, awful! It penalizes the holders with an
average number of coins

What could be better: for example, take 50% and pay at least X BTC to the
holders. If the user has less than X BTC they receive their balance.

Then, from the other 50% pay proportional to the value. For example, 1BTC for
each BTC in balance (minus what was payed in the first step)

~~~
notahacker
You assume honest intent.

This is the ideal scheme if you wish to selectively repay a few shills whilst
advising others that they will just have to wait.

------
e3pi
"So following their academic study, Moore and Christin calculate a 1/3 failure
rate for Bitcoin exchanges."

"Just one year ago, a study by Computer scientists Tyler Moore Southern
Methodist University in Dallas, Texas) and Nicolas Christin (of Carnegie
Mellon University) found 40 exchanges offering bitcoin services. Of those 40,
18 went out of business — 13 without warning, including five that collapsed
instantly following cyber attacks. Almost all of the exchanges that collapsed
took their investors funds with them. They estimated that: “Exchanges handling
275 Bitcoins’ worth of transactions each day have a 20 percent chance of being
breached, exchanges handling 5570 Bitcoins have a 70 percent chance of
failure” It was calculated that in 2013 the median lifespan of any Bitcoin
exchange is 381 days, with a 29.9 percent chance that a new exchange will
close within a year of opening. So following their academic study, Moore and
Christin calculate a 1/3 failure rate for Bitcoin exchanges…"

[http://www.cryptocoinsnews.com/2014/03/22/bitcoin-
foundation...](http://www.cryptocoinsnews.com/2014/03/22/bitcoin-foundation-
time-step/)

------
taylorwc
> The freezing of the balances is a one-time action, it does not affect future
> deposits in any ways.

This is laughable. No effect on future deposits? Who in their right mind would
continue to use them after this?

~~~
rsynnott
People were still pumping money into MtGox after all withdrawals ended. The
bitcoin community tends to be... trusting. Very, very trusting.

~~~
vertis
The bitcoin community tends to be...greedy. Very, very greedy.

------
ColinDabritz
Why the odd distribution? This means some users get everything back now, and
some get nothing? Perhaps it's an attempt to keep some customers happy ("well,
I got everything back so I guess its alright") so that exchange will keep
running?

How can they justify anything but equally sharing the burden of the loss? "We
owe X total and have Y available, so all accounts will get Y/X of their owed
funds unfrozen, and the rest remain frozen."? I'm really not following the
logic.

~~~
kordless
Minimization of impact to a larger group of customers which then serves the
purpose of keeping the exchange running so it can make money to pay off the
others. If you incrementally pay out to all customers, a large number will
refuse to continue using the service. It's a trust issue, really.

------
Bootvis
My largest fear with cryptocurrency is that my luck will run out (nothing bad
has ever happened to my holdings) and I will lose a significant chunk of
money. Most of my holdings are in cold wallets but news like this makes me
shiver and makes me realize cryptocurrency needs more grown ups fast.

~~~
dcc1
The problem is the gateways between fiat and crypto, where centralisation
occurs and due to AML/KYC policies and banking regulations all of the worst
aspects of banking can affect users

bitcoin itself as the protocol/platform has proven to be quite solid

the trick is to not keep coins in exchanges unless you are into trading, but
then you know that you are taking a risk

~~~
_delirium
You have considerable risk keeping the wallet locally, just of a different
kind. The most common way people have lost money locally thus far is probably
just losing the wallet file without having backups. A worm or trojan whose
payload steals people's bitcoins is also plausible, though afaik there haven't
been any yet.

~~~
Bootvis
Which indeed is my #1 fear, something nasty can be one `pip install` away.

~~~
maxerickson
If you have enough money tied up in it to make you uneasy it would seem
sensible to be using dedicated hardware for your coin management (with only
the bare necessities of software installed on it).

~~~
Bootvis
Thanks for the tip, motivated me to dust off the old Pentium 4 I have here and
install OpenBSD on it.

------
macspoofing
Urgh. They are insolvent, but in denial. Who in their right mind would even
think to trade on this exchange now.

------
Alex3917
If you store your money in an unregulated exchange then you deserve whatever
happens to you. This is basically no different than when people who don't back
up their hard drive complain about losing all their stuff.

If you want to make a trade then sure, put a couple hundred bucks in or
whatever, but realize that whatever you have in the exchange could disappear
at any time.

------
nraynaud
Sometimes I get confused. Am I reading Argentina's banking history or am I
reading bitcoin stories?

I guess that's it for all the technologists giving simplistic lessons to some
States about how they should manage their economies/banking systems.

------
cryptolect
I'm so glad I moved on from them a few months ago. Now, to make sure I only
have my minimum funds on the current exchanges I use...

I suppose I should also delete my Vircurex api library while at it.

------
3pt14159
Bitcoin wallets shouldn't be accessible from the exchange's code base. When a
user wants to transfer funds out there should be a small fee and a human
should process it from an secured computer. The verification step should
include signing either with a cryptographic key, logging on with a hard to
hack account, like gmail, or by sms verification. None of this passport /
utility bill bullshit.

It's fucking amateur hour here.

~~~
eropple
If there was such a fee, nobody would use your exchange.

That's the beauty of this whole thing. The users self-select exchanges that
are insecure because they're easy.

~~~
FootballMuse
Vircurex does charge a withdrawal fee.

[https://vircurex.com/welcome/help?locale=en](https://vircurex.com/welcome/help?locale=en)

~~~
eropple
Wow. Sorry, then: that's just indefensible.

~~~
yetfeo
Exchanges usually charge a withdrawal fee to cover transaction fees. BTC-e
also charge a fee for example. Bitcoin software doesn't provide (an easy if
possible at all) means to compute the fee up front to pass on to the receiver.
So exchanges charge a fee that to cover the average cost per transaction.

------
pearjuice
Bitcoin is the future! No regulation needed! Get your unsecured wallet here!

Can't wait for this currency to completely fade into obscurity - that's where
it belongs because surely it has proved to not be a viable currency at all.

------
tlrobinson
FYI, it appears you can still exchange the frozen currencies (BTC, LTC, TRC,
FTC) for unfrozen ones (DOGE, etc) and withdrawal that way.

Naturally there's about a 25% premium for DOGE on Vircurex over other
exchanges right now.

------
zvanness
Anyone here use Bitcoinity? The creator of the site, Kacper, has asked the
bitcoin community to put pressure on the exchanges to:

TL;DR exchanges can prove that:

    
    
      -they own specific amount of bitcoins
      -and that your bitcoins on their exchange are included in this amount
    

[https://bitcointalk.org/index.php?topic=22929.msg5286474#msg...](https://bitcointalk.org/index.php?topic=22929.msg5286474#msg5286474)

These stories are a bit alarming and can have some of us wondering if the
exchanges we are using actually have the amount of coins they claim to have...

~~~
jackgavigan
I don't understand why Bitcoin businesses don't simply exercise full
transparency about their holdings through the blockchain.

~~~
foobarqux
How do you do that without bringing cold wallets online regularly?

~~~
jackgavigan
A wallet doesn't need to be online for to be identifiable and its balance
verifiable through the blockchain.

~~~
foobarqux
It needs to come online to prove that you haven't lost the keys.

~~~
jackgavigan
Or you could use the key to digitally sign a message (that contains something
like a newspaper headline or football scoreline) periodically?

Besides, I don't think losing the keys is the root cause of many exchanges'
solvency issues.

------
brianmcdonough
Where there are banks, there will always be bank robbers. This will never
cease to be the case and the banks will always lose money this way. It's
inevitable.

So, the problem becomes one of scale. For example, a bank can survive a small
unauthorized withdrawal, but large thefts are what kills the business. Limit
the withdrawal sizes and shut down everything at a core level when that
security is breached.

The ability to move massive amounts around securely is a pipe dream.

~~~
xdocommer
Excellent Ideas. Delays on large withdrawals, daily limits, monthly limits
etc.

------
LeonM
That's a shame, I actually quite liked Vircurex for automated trading
purposes. Luckily for me I've only got like .3 BTC currently on Vircurex,
still sucks to see your own money "frozen" on some website not being able to
get it back.

The whole problem here looks to me as a flaw in the design of current crypto
currencies, because transfers take that long to complete you will always need
escrow type services to make it useful.

------
jowiar
So tonight I'm gonna party like it's 1929...

Most US Financial regulation stemmed from Depression-era screwups. Thankfully,
people-who-say-fiat are in their own little world that I can mostly ignore,
but in the real, we're not doing much better with regards to forgetting the
lessons of the depression. The 1999 Glass-Steagall repeal, for instance, was a
major cause of the issues of the past decade.

------
troels
I don't know much about the whole BTC protocol, but why aren't there any
exchanges where funds are kept in the individual account holders wallets and
the exchange only touches the money in a split second while transferring the
funds? Or if this is already possible on some exchanges, why doesn't it happen
more?

~~~
josephagoss
If the exchange can automatically move money from an address, the hackers can
get to those keys if they gain the same type of access that they are gaining
in these hacks.

The only way would be to use multisig, and have a trusted third party allow
the coins to be moved if it was not suspicious.

------
jgalt212
It's downright amazing to me how these exchange thefts/hacks have made barely
a dent in the price of bitcoin. Or maybe the converse is true, if there were
none of these massive swindles, would the price of bitcoin be much higher than
it is right now? 2000 USD? 4000?

------
nilnullzip
Their example distribution is buggy. Users 3-6 all have the same 3BTC balance,
yet they receive different distributions (users 3&4 get zero, user 5 gets
2BTC, and user 6 get 3BTC.)

------
bschwab
Sold BTC for DOGE, then withdrew

------
thinkcomp
Until we get regulatory reform on a federal level, this will keep happening.

[http://www.plainsite.org/issues/index.html?id=2](http://www.plainsite.org/issues/index.html?id=2)

~~~
pdq
Nonsense. Regulatory reform does not prevent bank thefts, in the same way as
it will not prevent digital thefts due to security vulnerabilities. Also note
that banks are legally allowed to run as fractional reserves. This means your
$100 deposit is only backed by a minimum of $10 in the vault at any time.

Companies will be (and already are) getting smarter, by hiring security
experts to audit software and detect vulnerabilities, and more transparent, by
providing public accounting of funds to prove they are not running Ponzi
schemes or fractional reserves.

~~~
jellicle
> Regulatory reform does not prevent bank thefts

Of course it does. Not 100%; but mostly. Your bank has multiple people
handling all cash transactions, mandatory account balancing on at least a
daily basis, all sorts of controls on its operations that you have no idea
exist because the system facing you doesn't show them to you. It has these
because they are required by law. Your bitcoin exchange has none of these.

~~~
pdq
Do you think regulators protect Etrade from security vulnerabilities?

Do you think government is required to provide insurance?

If the consumers demand these of their merchants, it will happen in the long
term on their own accord, and government is not necessary to make it happen.

~~~
matwood
_Do you think government is required to provide insurance?_

You mean like the FDIC or SIPC?

~~~
pdq
You misunderstood the question. Do you think that only the government can
provide this insurance?

~~~
smtddr
Who else commands that kind of money to be able to ensure a bunch of exchanges
and other bitcoin-holding businesses? Just MtGox alone needs somewhere around
400 million USD right now. I guess if someone like Google, or Donald Trump,
decides to start a bitcoin insurance company... but that sounds unlikely.

The 2nd problem and more serious problem is insurance fraud. You cannot be
sure the people claiming to lose the coins actually lost them. In fact, forget
my first point. The insurance fraud aspect renders any hope for bitcoin
insurance void. If someone has any ideas how to even begin to run an FDIC-type
thing on bitcoin, I'd love to hear how one would deal with insurance fraud.

~~~
icebraining
_Who else commands that kind of money to be able to ensure a bunch of
exchanges and other bitcoin-holding businesses?_

Insurance companies. Where do you think that consumer insurances companies
insure themselves? Companies like Lloyd's and Munich RE have dozens of
billions of dollars in insured amounts.

~~~
notahacker
Someone else posted a study suggesting the average Bitcoin exchange lasted 381
days before disappearing with most of their users' money. The notional dollar-
denominated value of Bitcoin lurches all over the place on a daily basis.

Insurance companies are generally quite conservative and regulated
institutions and like to make a profit. Sure, they'll insure some crazy things
like satellite launches where one launch vehicle explosion means the space
insurance industry as a whole makes a loss that year, but they'll only do that
because of enormous premiums.

Tack those enormous premiums onto Bitcoin exchanges' costs of doing business
and suddenly Western Union money transfers would look cheap.

