
Coinbase (YC S12), First Crowd Funded Bitcoin Company, Raises Over $600K - rasengan
https://www.privateinternetaccess.com/blog/2012/09/coinbase-first-crowd-funded-bitcoin-company-raises-over-600k/
======
jboggan
I think the first and most expensive hire should be a top-notch security
expert. There have been too many screw-ups in the Bitcoin space and a hack at
this level of prominence would be disastrous for the community.

~~~
Greynum
I don't think bitcoin related sites have less security than other sites that
claim to be secure, it just that they are such a high value target and attract
the attention of nearly all criminal hackers.

Also nearly all of the thefts that occurred where a result of a compromised
email account which eventually led to root level access of the server through
a virtual server console. Not as a result of bad programming that led to an
exploit.

~~~
hnolable
All the incidents to date except the first Bitcoinica heist were due to bad
security practices one way or another. Even that one could be considered bad
security practices by trusting that Linode was secure.

That said, I expect we will see some really hardcore Bitcoin security
incidents in the future that rival state sponsored hacking.

Stealing Bitcoin requires no additional effort to profit. Since Bitcoin is
money and easily made anonymous, stealing Bitcoin == profit. Therefore there
exists an arbitrage opportunity between the cost of buying 0-day exploits and
the Bitcoins that can be stolen by use of those exploits. I expect as Bitcoin
goes up in value so will the cost of a certain class of exploit.

What kind of software stack would you run if you were operating a Bitcoin bank
that held a large amount of funds?

~~~
mey
This is the downside of Bitcoin's operating in a cash like nature. There is no
FDIC for these "banks", the bank walls are digital and porous in ways unknown,
and the bank can be robbed across international boundaries. What these
companies need is insurance, but that insurance would be very hard/impossible
to obtain.

~~~
Dylan16807
On the plus side, the way transactions work, the vault never needs to be
connected to any networks at all. Hot storage is risky but cold storage is
extremely safe.

~~~
jlgreco
I think this could be _fairly_ easily harnessed in a semi-scalable manner too.

Two computers, A is trusted and B is untrusted. B is networked and hooked up
with the rest of your system, A is in a vault and completely air-gapped. A has
your wallets.

Give both a printer and webcam/scanner to both. B prints a transaction encoded
as a QR Code (or something custom, if those don't hold enough data?) as well
as key details (transaction amount say) in giant black bold capitalized
English.

The human operator checks the english description for sanity, then gives it to
computer A. Computer A reads the QR code, does OCR to confirm the key details
(or lets the operator confirm them on the screen) and the QR code match, and
preforms the transaction.

This could work at a "local bank branch scale" I think, but getting it up to
"website scale" would be... improbable.

Not sure if I would trust this with my money, but it would be fun to
implement.

( _technically_ A wouldn't be air-gapped, it would just be operating over a
QR-code sneakernet.. Should be reasonable though I think.)

~~~
rmc
_The human operator checks the english description for sanity_

There's a flaw in your system right there.

Lots of industrial accidents and accidents with computers have been from
stupid operators (rather than buggy code per se).

~~~
jlgreco
Of course. But is it worse the flaws with than any business that handles cash?
The idea is to use bitcoin's 'offline' functionality to bring it up to about
the same security of regular cash.

------
andrewljohnson
I just bought 20 bit coins yesterday, in a wallet at CoinBase.

I saw YC funding for CoinBase as a fairly strong signal, and I feel buy and
hold might be a good investment. The more liquid bitcoins become, the more
they will be worth, and they aren't even remotely liquid yet.

~~~
sgornick
You bought them and sent them to your CoinBase wallet, or did you actually buy
them from CoinBase? (I didn't think that had started selling coins themselves
yet.)

~~~
andrewljohnson
Bought them elsewhere - a friend of mine who started a local BitCoin drink-up
did the buying for me.

<http://www.meetup.com/BitCoin-Drinkup/>

------
dreamdu5t
The problem to solve isn't a nice UI for managing bitcoins... it's how to buy
bitcoin with my VISA without it being treated as a trade on an exchange.

------
alexbosworth
They should use that money to buy blockchain.info - i've used both and
blockchain.info really knows their stuff

------
Paul_S
The best thing about bitcoin is that it's decentralised and under your
control. And what all these companies are trying to do is make it centralised
and externalised from the users. Despite such wallets being stolen repeatedly
people don't seem to get deterred.

Bitcoin is safe because it's distributed. Safe from manipulation because no
single entity has control over it, and safe from thieves because they'd have
to go after each person individually. By centralising it you are making it
more vulnerable.

Apparently convenience is more important than anything else.

------
adrianwaj
Other positive news, Gavin Andresen, Lead Core Bitcoin Developer - "I'm
pleased to announce the launch of the Bitcoin Foundation: standardizes,
protects and promotes the use of Bitcoin cryptographic money for the benefit
of users worldwide. The Bitcoin Foundation is modeled on the Linux
Foundation."

<https://bitcointalk.org/index.php?topic=113400.0>
<https://www.bitcoinfoundation.org/>

------
opendomain
Coinbase bent the rules to do this - they had a fundraising, but failed to
achieve their target before their deadline. So they just added a few weeks.
And failed to reach their target again. I guess the third time is the charm.
IANAL so changing the dates for crowdfunding may not be illegal but is not a
company I want to trust my money to. See
<http://nosql.com/2012/08/23/crowdfunding-cheating/> for the full story

------
npguy
Was the 600K deposited as bitcoins? :-)

