
BTC Stolen from Poloniex - tzs
https://bitcointalk.org/index.php?topic=499580
======
patio11
I made a comment on an earlier thread about the security properties of
hot/cold wallet and the security properties of separating the matching and
settlement systems.
([https://news.ycombinator.com/item?id=7340505](https://news.ycombinator.com/item?id=7340505))
This incident is an example of the Bitcoin community's best practices
"working." They lost 12.3% rather than 100%. That's actually a considerable
accomplishment in Bitcoin, but not a success condition for most people who
deal with money.

If they had the settlement processed asynchronously on a different system,
likely with human interaction, they'd be able to say "Hmm, it seems like
account #944325 has convinced us to schedule a withdraw of $250,000 more money
than he has on deposit. Well that would be a really bad idea, now wouldn't it.
Denied. Now I think I'll sip a cocoa while leisurely planning my review of our
withdraw scheduling code."

~~~
smacktoward
This is the most fascinating part of the Bitcoin story: watching a group of
people who are philosophically opposed to most elements of the modern economy
discover, one by one, why all those elements exist.

~~~
kot-behemoth
I wonder if perhaps a similar thing is going to happen to the meal replacement
products, such as Soylent and Ambro and others. Maybe in their attempt to
"hack" human nutrition they, too, will rediscover why human nutrition research
exists. Except perhaps with more serious consequences involving health issues.

~~~
jarek
I can't _wait_ for the marketing copy that will go out when Uber starts a
jitney or a city bus line.

------
jnbiche
I know everyone is gleefully using the failure of three poorly-coded Bitcoin
exchanges to crow about the many wonders of regulations.

However, has anyone stopped to ask _why_ so many exchanges are poorly-coded?
No, it's not because everyone in Bitcoin adores PHP. I've met some of the most
capable coders among cryptocurrency enthusiasts. Go check out Conformal's
btcd, or any of Jeff Garzik or Warren Togami's projects, or the amazing
talents of the Bitcoin core dev team. (If you decide to denigrate the
abilities of any of these Bitcoin/cryptocurrency developers in a response,
please be sure to include a link to your own github)

No, it's not because there's no talent. Rather, it's because nobody who is
competent in the Bitcoin world is willing to risk their hides or the welfare
of their families on something they know the authorities will eventually crack
down on. You see, competent people actually learn about the space, and the
relevant regulations before jumping in. And they understand that -- absent
several million in start-up funding -- there is no way to legally open an
exchange at this point.

So by process of elimination, the only ones left to open exchanges are either
scammers, or ignorant, incompetent coders who can barely code up a PHP site,
or a very few brave, mostly-competent individuals who have the money and
lawyers to at least (hopefully!) keep them out of jail when the inevitable
crackdown occurs.

I know personally of several extremely competent entrepreneur-developers who
have abandoned Bitcoin projects out of regulatory concerns. And I'm sure
that's just a small sample.

So that's the reason for the prevalence of poor coders among Bitcoin
exchanges. Your solution to this problem will of course be a function of your
worldview.

~~~
bunderbunder
My suspicion is that simply removing barriers to entry for more cautious folks
would not effectively resolve this sort of problem. Methodical people who take
their time in engineering ironclad software systems backed by rock-solid
accounting practices don't get first mover advantage, and they might not have
bottom lines capable of supporting the kind of fee structures that would allow
them to compete effectively with faster, sloppier businesses.

An unstated major premise of the "wonders of regulations" argument is that
regulations exist because sometimes the hand of government is needed to handle
situations where the invisible hand is a demonstrable failure.

~~~
jnbiche
Perhaps, in the case of the _most_ cautious developers. But right now, I'd be
happy with just _competent_ developers.

And to me, at least, it's pretty clear why competent, responsible developers
are not participating in this space -- we're too frightened by possible
government sanctions.

~~~
mpyne
> And to me, at least, it's pretty clear why competent, responsible developers
> are not participating in this space -- we're too frightened by possible
> government sanctions.

I don't think that's clear at all.

In fact I think bunderbunder has it right. Those who make the best products
will require a large enough expense for formal design, implementation, secure
hardware acquisition, physical security (i.e. no simply running your exchange
on someone else's cloud without a lot of oversight), the _works_. This
requires tons of _time_ and _resource investment_.

Because if any part of that chain is improperly coded, designed, implemented,
etc. it will eventually be exploited and you'll be no better than the Poloniex
type exchanges of the world.

In the meantime there will be those "incompetent" developers you mention with
a shipping product already on the market. And theirs will be much cheaper as
they don't need to devote "Space Shuttle computer software" levels of
development design and implementation effort. So you'll be both late to market
and more expensive.

If you're talking about financial security here then you effectively need to
be building a Bentley instead of a Pinto. But you'll be competing in that
unregulated market with Pintos with a consumer base full of people willing to
take the risk of driving in a Pinto instead of a Bentley they can't afford
anyways.

And this has nothing to do with the government yet, either sanctions or
regulations.

In fact this type of "tragedy of the commons" is exactly why there is
government regulation. They help ameliorate the inevitable "race to the
bottom" by artificially limiting where the bottom may be.

But government regulation probably won't help too much here since you can
always run your exchange out of a country that doesn't care and people can
make their transactions with whatever identity they wish.

Who knows, maybe the industry will self-create and self-adopt appropriate
regulation as a market differentiator. But that still would open the question
of who does the enforcement; if competitors discover their competition isn't
actually following the regs then they'd be forced to "streamline" themselves
and then the whole thing goes to pot again.

~~~
jnbiche
But here's where I disagree with you: it costs literally millions of dollars
to get the needed state money licenses to legally operate a Bitcoin
exchange[1]. FinCEN has been very explicit that they consider Bitcoin
exchanges to be money transmitters.

So those millions are money that could go toward building the infrastructure
you describe. Bitcoin companies like Coinbase who have finished their Series A
have to spend their runway on licenses instead of developers or
infrastructure.

It's a huge problem, whether or not people are willing to admit it.

But thank you for arguing in a rational and non-bullying/non-contemptuous
manner.

1\. [http://payment-systems.quora.com/The-Money-Transmitter-
Licen...](http://payment-systems.quora.com/The-Money-Transmitter-License-
Dilemma)

~~~
mpyne
Well as long as the cost is fairly applied to new entrants then I don't see
that as being problematic per se (as after all, any new entrant will have to
deal with the same selectivity). In fact that's practically the point, to
ensure that the "fly by night" Bitcoin exchange shops that couldn't survive a
theft of 50 Bitcoins without going under don't actually make it into legit
business.

Yes, this is unfortunate for those devs out there who could solve the problem
of making a good Bitcoin exchange if only the cost-of-entry were cheaper, but
that happens in tons of other industries too (and not always due to the
government), and it already has an answer.

------
fiatmoney
"the auditing and security features were not explicitly looking for negative
balances".

WTF, who are these clowns that purport to be running the equivalent of a bank?

It's like everyone running a BTC exchange either is corrupt or slept through
the part of Databases 101 where they explained "this is why transactions are
important, here is banking as an example". Seems likely both.

~~~
rayiner
I think it's just the rush to be first on the scene and capture the perceived
network advantages that arise from being first. These are MVP's.

~~~
bunderbunder
I think we're seeing now that they're actually just MPs.

~~~
jamesaguilar
If the V stands for "good enough to get people to pay you," then you have to
admit that this product had it.

------
jballanc
Gosh, it would be nice to have some sort of assurance that the group holding
on to my monetary reserves met some sort of minimum level of competency in
dealing with quantities of currency. Or, lacking competency, some guarantee
that any bank screw-up wouldn't result in loss of funds from my account...I
wonder why no one has thought of this before?

Oh, wait...

Seriously, if I was an economics or law professor today, I don't think I could
come up with a better classroom to teach financial regulation than the mess
that is the Bitcoin economy.

~~~
spindritf
A percent of every card transaction goes to cover system's losses on fraud.
There's value in the costs being predictable, stated up front, etc, but it's
not fundamentally different.

~~~
mikeash
IMO that predictability makes it fundamentally different. I can handle a
regular 2% fee, but I can't really handle a sizable chance that I'll be
completely wiped out.

~~~
jballanc
Exactly! I know how to fire a gun, tie a tourniquet, extinguish a structure
fire, and set aside an emergency fund. I also know that paying someone else to
relieve me of having to worry about these things is money well spent. You call
it regulation, I call it peace of mind.

------
al2o3cr
"We fucked up, so we're deducting the losses from everybody's accounts so that
people don't immediately withdraw all their money."

If my bank sent me this notice, the FIRST thing I'd do is withdraw all my
money - there's every chance it may be "an absolute necessity" to steal more
of it at any time...

~~~
gatehouse
Happens all the time
[http://en.wikipedia.org/wiki/2012%E2%80%9313_Cypriot_financi...](http://en.wikipedia.org/wiki/2012%E2%80%9313_Cypriot_financial_crisis)

~~~
anigbrowl
Those things are called crises because they actually happen quite rarely. When
such episodes become a regular occurrence people tend to abandon the system in
question.

I keep seeing this attitude among Bitcoin fans. Of course, there have been
many financial crises with regular currencies and banking systems. But that
doesn't mean they're the norm. When you look at the number of crisis against
the number of different financial systems and years-without-a-crisis it's
obvious that they're exceptional. Sadly, the number of Bitcoin shocks seems to
be increasing linearly with scale.

I don't think this is inherent so much as a problem of overconfidence and
magical thinking. Right now Bitcoin service providers (in the aggregate) are
like builders whose structures catch fire distressingly frequently, but who
excuse this by pointing to famous fires of the past. The fact that fires have
historically been a problem doesn't mean fire codes are useless; quite the
opposite, in fact.

~~~
gatehouse
I agree that most Bitcoin service providers are total bullshit. Satoshi does
backflips to create a decentralized system, and the first thing these idiots
do it to try to centralize it in all sorts of ways. If the people doing the
transaction can agree on a trusted 3rd party, then you don't need Bitcoin. But
credit card fraud happens every day, large bankruptcies happen every year, and
sovereign default happens every decade, because _people_ are unreliable.

~~~
anigbrowl
You're quite right, but we should view the incidence of fraud, bankruptcy, and
default in the context of the economy within which they take place. Like there
may be thousands of credit card fraud attempts every day within the US, but
the number is fairly insignificant compared to the number of legitimate
transactions by honest users. Likewise there are a few bank failures every
month, but institutional failures where large chunks of depositors' money
disappears are fortunately quite rare).

------
eloff
Sounds like somebody used an eventually consistent nosql database to handle
monetary transactions and discovered why that's a bad idea...

~~~
ephemeralgomi
Sounds more like he forgot to wrap multiple mutually dependent queries in a
transaction. It doesn't require advanced technology to make a mistake.

------
wikwocket
_> If you have 2 BTC, withdraw 10 BTC, and are left with -8 BTC, the software
would see that you deposited 2, withdrew 10, and have exactly what you should:
-8._

Nice, I wish my bank was so chill about having a negative balance. :)

This reminds me of the early Amazon bug, where you could add negative numbers
of items to your cart, and it would credit your account, and then wait for you
to ship them the book. ;)

~~~
viraptor
My bank is completely OK with that. Most banks probably are. The problem is
that then they charge me even more money for it rather than going bankrupt
themselves. Talk about a bad response...

------
minimax
The comments on the bitcointalk thread are interesting. Here you have a bunch
of people who have just lost 12% of their funds _and most of them are totally
ok with that_. If you are looking for evidence that bitcoin supporters are
driven more by ideological reasons than economical ones, here is a pretty good
example.

~~~
danielweber
Eh, there's a lot to be suspicious of, but people have gotten locked out of a
_portion_ of their funds, with a promise by this guy who they previously
trusted to make it up.

Apparently it's only $50,000 ("only"), meaning no individual lost tens of
thousands of dollars.

It's unfortunate that this guy being upfront with everyone puts him above
average, but it does, so his business will probably continue, such as it is.

------
drakaal
If BTC is going to survive there needs to be insurance against loss. An FDIC
for Crypto.

The exchanges take a cut on every transaction, so Poloniex should have self
insured for the first 3% (or what ever their transaction fee is). After all
they made that money on the transaction.

They should carry insurance for the rest.

The 12.3% deducted from everyone's account is "wrong" in my view because
Poloniex absorbed none of the loss, and kept its cut of the transaction.

The "right" thing in my eyes is for Poloniex to adjust minus their transaction
fees.

-Brandon Wirtz (Not a Poloniex customer)

~~~
spiralpolitik
A better solution would be for the Bitcoin Foundation (or some other entity)
to certify exchanges and online wallets as being compliant with a well defined
code of practice and audit them regularly.

Consumers could look for the mark as indicating that the exchange is a well
run outfit rather than a bunch of cowboys.

~~~
eropple
That doesn't solve the problem, though: how do you trust that they're able to
do a good audit?

(I don't have to trust that my bank can, because my accounts are insured by
something that rhymes with "duvvermint".)

------
tptacek
Look: every startup gets owned up somehow in its first year or so. If you
think your company hasn't, I have an adage about the sucker at the poker table
for you. I'm not sure how many people on HN really understand this, because
every thread I read about Bitcoin companies having security problems features
highly-voted comments expressing shock at how bad their security must have
been. No: this problem is universal.

The difference between Bitcoin companies and cat sharing companies isn't fly-
by-night operational practices (although in some cases, sure).

The difference is that when a cat sharing company gets owned up, you don't
hear about it. Only a small subset of security compromises involve password
hashes dumped to pastebin. A quiet security incident at a cat sharing company
doesn't end that company; they patch the bug, (hopefully) reimage their
servers, and get on with their lives.

Even payment companies have incidents. But (perhaps counterintuitively)
incidents at payment companies aren't company-ending events. Payment companies
don't hold bearer-bonds, for magic cards or anything else, on their servers.
Attackers might get a few thousand credit cards out of the rolling transaction
feed of a payment company. Why bother? Those attackers can just acquire
massive dumps of credit card numbers from major retail compromises. Attackers
report flaws to payment companies! They're better off trying to score a $500
payday from a bug bounty than trying to monetize those breakins illegally.

Not so at a Bitcoin company. When Bitcoin companies get owned up, whatever
"hot" assets they have get taken. Bitcoin companies aren't stepping stones for
attackers the way cat sharing companies sometimes are; they're the intended
target.

It bothers me when people caution that Bitcoin companies are scary because
they're "targets", because I think the people saying that only grok 75% of
what's happening. It's not that Bitcoin companies get owned up because
attackers spend more effort targeting them. No. Attackers expend effort on
everyone's companies, _and are usually successful_. The difference is what
happens after the attacker succeeds.

People considering starting (or funding) Bitcoin companies need to understand
this. I feel like there may be a memetic belief that competent security teams
can reliably stave off security flaws if they're just careful with two-factor
auth and parameterized SQL queries. That meme is false. When you start a new
software service, you need to build it on the assumption that you are going to
get owned up, if not by a stupid password compromise than by a memory
corruption bug deep in V8 or MRI or CPython or nginx that only a few dozen
people in the world know about. It is going to happen. If you give custody of
cash-equivalents to a startup, you should be doing it with that in mind.

~~~
anigbrowl
_cat sharing companies_

Off-topic, but as someone with too many cats I would like this idea to take
off pronto. I could use a full night's sleep.

I'll show myself out.

~~~
ivraatiems
Snapcat: A whole new way to share your cats.

YC '14, here I come.

~~~
xivzgrev
Catsmolo: A social network to share your cat with your local neighbors. Mobile
app enables you to browse current inventory or list your cat. Members can up
and downvote cats, based on cuteness or difficulty.

SOMOLO FTW

------
highace
Seems to be a recurring theme recently. Evidently too many developers
inexperienced in proper security are building these things. You would have
thought after everything that has happened so far that people would take a
long hard look at their security measures.

~~~
PeterisP
My (completely pulled out of thin air) opinion is that there is no way that
startups populated by young, hip developers can build a proper system for
handling money. You need to have a baggage of a thousand bizarre things how
these systems can be violated, unless you want to repeat the same mistakes -
and that comes with time and experience.

There are literally at least hundred thousand developers who have worked for
20+ years on financial systems - the industry employs a lot of them. If you're
going to be storing money of other people, picking up a random such guy - even
completely mediocre, boring one - would at least bring up the many issues that
are taken for granted in 'that world' but nonobvious if you're not from the
financial industry.

~~~
dscrd
Moreover, these things should be built upon the certainty that somebody
smarter than you, the coder, might be interested in free money, and that the
software _will_ be broken.

Only with that mindset can one build a system that doesn't screw over every
legit customer when it happens.

~~~
PeterisP
Ahh, the default finance mindset is a bit different - first, assume that your
own employees, managers, sysadmins and developers would be interested in free
money. Design the system, processes, checks and audits according to that - and
it covers most of the precautions against outside hackers as a natural
consequence.

If you start a BTC exchange, write half of the initial code yourself, have
access to the servers and own the company - then you should ask a simple
question: could I myself steal funds undetected? If you're an investor, could
the CEO/founder steal funds undetected? If the answer is yes, you have work to
do.

There are some theft options by privileged people that can't be realistically
prevented, but you can make sure that those scenarios would be detected within
a day, and thus those privileged people simply wouldn't do it to avoid jail.

~~~
dscrd
Even better.

------
brudgers
The missing link for bitcoin is coverage under something like the Uniform
Commercial Code- a system that specifies general principles governing
transactions and the framework for their completion and resolution of
conflicting claims. Caveat emptor is not a foundation for a currency.In
practice bitcoin's very anonymity makes it a more attractive target for theft-
bitcoins come pre-fenced. As Patio points out, the bitcoin community is
inclined to build magic bullet software that assumes theft can be prevented
and policies whereby the victims of theft are shit out of luck as in this case
and Mt Gox. For an ordinary good citizen bitcoin is a bet that the people
holding the funds are not only honest but the smartest people in the world or
at least smarter than all the criminals.

Saying that a company has the most secure bitcoin system in the industry, even
after proof it was the case, doesn't change the fundamental design tradeoff in
bitcoin. Bitcoin offers anonymous possession in exchange for risk. Because the
risk is high relative to normal forms of commercial exchange, bitcoin attracts
rational actors for whom the rewards outweigh the risks and the distribution
curve of interested parties has a tail that skews criminal.

The missing link for bitcoin is coverage under something like the Uniform
Commercial Code- a system that specifies general principles governing
transactions and the framework for their completion and resolution of
conflicting claims. Caveat emptor is not a solid foundation for a banking
system..

~~~
rmc
_In practice bitcoin 's very anonymity makes it a more attractive target for
theft_

Also the fact that the people making software seem incompetant when it comes
to technology.

~~~
danielweber
Eh, I'm not sure they are incompetent. They are, however, swimming in a sea
where the slightest mistake is lethal.

Some people see these stories and think "ha, I could do better than that!"
Other people see these stories and think "can I really be sure that I haven't
made even one fatal mistake?"

All software engineers write bugs. All software engineers write security
holes. For most of us, the fatal flaw doesn't irrevocably wipe out a bunch of
people's life savings.

~~~
unclebucknasty
> _Eh, I 'm not sure they are incompetent._

Some of these guys are indisputably incompetent with regard to the software
and services they are building. While it's true that all software can have
bugs, these are extraordinarily unsophisticated attacks that any non-hacker
can exploit by, say, refreshing his browser in rapid succession.

That is, there is a sliding scale with regard to the level of competence
imputed to, say, a certain _type_ of bug. And, this wasn't a simple coding
error (which, can be more easily forgiven). This was a fundamental oversight
in the overall approach to the software, with regard to a critical operation.
And it involves such basic concepts as transactions and race conditions. While
eliminating the latter can be difficult to get right, it appears that they
didn't even consider the fact that they could occur.

I am one of the guys in your group who thinks "have I considered everything?"
In fact, I would be inclined to believe that I haven't. Perhaps that's
pessimism or just realism, given what I've seen from determined hackers
attacking my business over the years. So, I can certainly give a pass to
oversights or errors. But, at a certain point, the nature of some oversights
or errors are indicative of the fact that the developer(s) are not competent,
at least with regard to the domain.

------
Cless
X-Powered-By:PHP/5.5.9-1+sury.org~precise+1

Mt. Gox, Flexcoin, and Poloniex. What do they all have in common? It's not
what you think. (:

~~~
Yver
What they have in common: they deal in Bitcoins, they're not banks, they have
a "o" and an "x" in their name.

Now if you're trying to bash PHP (or Ubuntu?) for banking software that does
not take an exclusive lock on rows it reads then modifies and a daemon that
does not check balances on withdrawal, try again.

~~~
pessimizer
What if you're trying to bash the likely competence of people who, when
deciding to write a bank, decide that PHP is the best tool for the job.

To make that decision requires that you be insane, or don't know any other
tools.

~~~
krapp
There's nothing wrong with that decision up to the point where you start
handling the money - beyond that point I agree with you.

Setting up a _website_ which is secure and not vulnerable to SQL injection or
basic BS is quite doable in PHP.

------
danielweber
_The hacker discovered that if you place several withdrawals all in
practically the same instant, they will get processed at more or less the same
time. This will result in a negative balance, but valid insertions into the
database, which then get picked up by the withdrawal daemon._

When I was a kid I imagined that banks were incredibly vulnerable to this.

Later I discovered transactions and thought my kid-self was just silly.

I've learned that my kid-self understood things pretty well, sometimes.

------
NKCSS
It's the same kind of exploit that plagued many web games in the past; it's
just something most programmers do wrong, because it's not a requirement in
most cases.

------
unclebucknasty
It's good that these guys appear to be very transparent and accept full
responsibility for their error.

But, this is an outlandishly amateurish oversight. Race conditions and
atomicity where balance-affecting transactions are concerned would seem to be
one of the first considerations that pops to mind. That, along with sanity
checks just before final execution of the transaction.

It's clear that there are a lot of people building exchanges with little to no
experience in the financial/transactional software field. But, I am beginning
to wonder how much experience they have building _any_ software.

------
cognivore
Who in the heck is writing this stuff? Are they just hacking together crappy
sites in an effort to get things running as soon as possible?

Bitcoin isn't going anywhere until the people who trade in it approach
competence.

------
revelation
Let's not suggest this is just a race condition. Sure, it's a race condition,
but whats the maximum damage you can do? c * your current balance, where c is
a low number (10 is a very optimistic guess), since at some point the race
concludes and you can't exploit it further.

But apparently they didn't even check or put a proper constraint into the
database that your balance should be positive (and if you do find a negative
balance, shut the system and investigate). Now that's not a "pretty stupid
race condition", it's reckless.

------
ck2
Dang it people. Race conditions. Security.

I know it's not easy but it is important to get it right.

~~~
curveship
Seriously. I thought this bit of code from the MtGox leak was interesting.
Sure looks like a potential double-spend race condition:

    
    
      $out = \DB::DAO('Money_Bitcoin_Block_Tx_Out')->searchOne(array('Hash' => $bean->Hash, 'N' => $bean->N));
      if ($out) {
          if ($out->Claimed == 'Y') {
              $bean->Available = 'N';
              $bean->commit();
              continue;
          }
      }
    

What if someone else claims $out between the read and commit? Is no one at BTC
exchanges really asking these kinds of questions?

------
fixermark
On the plus side, Bitcoin isn't regulated like a nation-state's currency, and
the vast bulk of fiduciary institution law that nations have doesn't apply (or
simply isn't applied) to Bitcoin exchanges. So when a mistake like this
happens, nobody has to go to jail.

On the minus side, $50,000 of innocent people's money just got stolen, and
nobody is going to jail.

------
rvbvcvn
I don't understand how so many people in that thread can be OK with this
happening. Saying "at least you didn't lie to us" when your money is stolen is
hilarious. I'd rather keep my money under my mattress than use bitcoin for
anything right now.

------
mathattack
_The major problem here is that the auditing and security features were not
explicitly looking for negative balances. They add deposits and withdrawals
and check that accounts are in balance. If you have 2 BTC, withdraw 10 BTC,
and are left with -8 BTC, the software would see that you deposited 2,
withdrew 10, and have exactly what you should: -8.

Another design flaw is that withdrawals should be queued at every step of the
way. This could not have happened if withdrawals requests were processed
sequentially instead of simultaneously._

Oops!

------
mildtrepidation
As some one who's almost entirely oblivious to the trappings of
cryptocurrency... is it not possible to trade on sites like this with a local
wallet? Or do you have to keep a balance with them separate from your wallet?

It's invalid logic to assume that because some bitcoin sites have been hacked,
all of them will be, but at this point it seems pretty clear the entire
community needs to be a little more careful. Until that happens I don't think
keeping a balance with a service like this makes sense.

~~~
mikeash
They need to have your money before they can execute a trade from you,
otherwise they're opening themselves up for significant fraud. If it's trade-
then-send, I could sell some bitcoin, then wait a few minutes to see whether
the price went up or down before I send them. If the price went up, just
refuse to send the bitcoin, and execute a new sale at the higher price.

You can certainly put money in right before you execute a trade, and pull it
back out right after. But that introduces significant lag, up to an hour for
bitcoin, depending on how many confirmations you wait for, and several days
for USD.

That said, I don't understand why people keep significant balances in these
places. Keep a small amount to trade with and save the rest yourself!

~~~
mildtrepidation
_That said, I don 't understand why people keep significant balances in these
places. Keep a small amount to trade with and save the rest yourself!_

Yeah, that's what I mean.

 _You can certainly put money in right before you execute a trade, and pull it
back out right after. But that introduces significant lag, up to an hour for
bitcoin, depending on how many confirmations you wait for, and several days
for USD._

Thanks, that's definitely something to consider. I can see it being very
inconvenient, though I still agree that the idea of keeping a balance larger
than your trade volume in a service like this is hard to fathom.

~~~
mikeash
I can only guess that people have become so used to solid financial
institutions that present little risk for deposited money. Even non-FDIC
institutions, like stock brokerages, usually have extremely low risk for
deposited cash. If you're thinking like that, why _not_ let them hold onto it?
It's less effort. Of course, we see the answer to "why not?" here.

------
carsonreinke
I am only so familiar with Bitcoin, but why not have an additional wallet per
user of the exchange? That way its not possible to exceed the funds of that
wallet.

~~~
wmf
Then each trade takes 10 minutes. Check out Coinkite if you like this kind of
architecture.

------
tlrobinson
Hold on, did anyone read their proposed "solution"?

"Right now, all markets and withdrawals are still frozen, and they will remain
that way until the _negative balance watcher is written and in place_ and
balance deductions are calculated."

A "negative balance watcher" sounds like a horrible idea. Isn't this a solved
problem? Atomic database transactions.

Does not inspire confidence.

------
asadlionpk
"not looking for negative balances." If this caused the problem here, this
shows that this is just the tip of the iceberg. Someone should start an open
source project for BTC Exchange's back-end.

~~~
zwily
Buttercoin did that. Then they decided to go closed source and do a
traditional exchange.

[https://github.com/buttercoin](https://github.com/buttercoin)

------
PleaseBeSerious
Can some of these exchanges get together and create an open source exchange
framework?

------
mrcharles
Someone's never heard of unit tests.

