
Bitcoin exchange Youbit shuts after second hack attack - AndrewDucker
http://www.bbc.co.uk/news/technology-42409815
======
AndrewDucker
At some point Bitcoin exchanges will have to realise that they need to be as
secure as a bank is. For exactly the same reason.

And that this is expensive.

~~~
philfrasty
you mean like only allowing 6-digit passwords without symbols?

~~~
throwawayReply
If the consequence of my account being compromised is the bank adjusting the
numbers in the ledger back then the bank are welcome to enforce such rules.

If a bank said that customers were responsible for the money stored in the
bank and that the bank could not undo transactions (from the POV of the
genuine client) then we'd be demanding much stronger banking passwords.

~~~
bfuller
The exchanges can just change a couple numbers in their database and reverse
the hack... r-right?

~~~
throwawayReply
Yes, if people accept fractional reserve banking for bitcoin. I'd actually
assume that's how most exchanges operate under the hood but many people who
buy into bitcoin for ideological reasons won't accept that.

A consequence of making that formal is that the total owned amount of bitcoin
would be more than 21m, because the hacker would own bitcoin and the users
would own bitcoin on the exchange.

As long as there isn't a bank run, that discrepancy would not be a problem,
but it would deflate the currency, also seen as unacceptable to bitcoin
purists.

edit: access -> accept.

------
alborzmassah
Should I be worried about having my cryptocurrency assets on an exchange?

~~~
raverbashing
Yes

Unless your local security is worse than that of an exchange

~~~
herman5
Echoing this - for long term storage, they should be kept on a hardware
wallet.

~~~
joosters
For long term storage, that sounds a terrible idea. Do you really want to
trust your savings to $20 of electronic components that aren't designed to
last more than a few years?

~~~
fokinsean
The wallets can be regenerated using your seed phrase. So your argument should
really be, "Do you really want to trust a $0.02 piece of paper" :)

~~~
joosters
Exactly. The hardware wallet is pointless.

------
1ba9115454
If I was building an exchange for crypto here's what I would do.

1\. Encrypt you users private keys client side with a password only they know.
Now I just hold encrypted keys my side.

2\. When the user wishes to make an exchange I would create the transaction
client side let them sign it and do the exchange.

This way funds are now encrypted by default at rest and if compromise occurs
the thief gets encrypted private keys only. Hopefully the users chose
passwords secure enough to avoid compromise.

It's not perfect, but can we finally move away from the hot wallet model.

p.s. If you want to build this, and require advice and backing let me know.

~~~
notyourday
That does not solve exchange take over and transaction reversibility/clawback
until the settlement X days in the future which is basic tenet of risk
mitigation.

The reason you cannot electronically rob Ameritrade is because NOTHING can be
done immediately outside Ameritrade. Since the settlement is at _least_ T+3
there's no such thing as "Obtain control in 30 seconds and be out of there 3
minutes later with the loot"

~~~
thisisit
this is exactly the reason Coinbase has been delaying transactions but somehow
people think it's a bad thing and keeping them away from their money.

~~~
notyourday
Delay for risk mitigation on exchanges are _known_. You transaction _will_
settle on a 3rd business day.

After a wire is authorized by a broker (i.e. passed authentication and the
person making a request is authorized to make it and the margin is satisfied
and there's no block on the fed level), it _will_ be posted by your bank on
the same fed business day if the wire is authorized before fed cut off time.

Coinbase is a VC-funded shady co if it does not operate based on strict and
_known_ confines. Banks and brokers spell out the confines (new account
rules/withdrawal rules/funds availability rules) at the opening of a new
account.

------
dagaci
Almost all crypto operate by requiring only one actor authorise create a valid
transaction. You loose your one-single-point-of-failure-private-key and its
over, what's needed is a more sophisticated system at the protocol level which
requires secondary authorisation.

~~~
SEMW
[https://en.bitcoin.it/wiki/Multisignature](https://en.bitcoin.it/wiki/Multisignature)

~~~
KitDuncan
Back when I held bitcoin this is what I did. I had two ledger nanos holding a
private key and one private key managed by an online wallet, that shut down
since. It was a really comfortable way of accessing my coins and it felt quite
secure.

------
adamnemecek
Confused it with yobit for a second.

------
rafiki6
Hmm, I wonder if a centrally trusted third party could have prevented
something like this? Maybe, just maybe, anonymous currency systems (i.e. cash
and all equivalents), just aren't inherently secure so there's no real point
in replicating them? Just maybe...

