I’m starting to appreciate the government enforced protections a traditional bank account provides.
Buy a hardware wallet (e.g. Trezor in my example) note down the 24 words that are basically your privatekey. But enable the passphrase (25th word/phrase) which you type yourself and could keep just in your mind.
You have the safety of multiple backups for the 24 words and the extra security from burglars and others with the 25th passphrase.
It also serves as a plausible deniability because when you input your passphrase it will never say it's incorrect, it will merely open a different wallet (generate a different private key).
Helps with the $5 wrench attack. You could setup a "fake" wallet with some activity and a low amount of Bitcoins, and have a different passphrase for the real wallet with the big amount.
BYOB, freedom comes at a price.
I won't say it's impossible for the vault to get robbed, but with a proper security setup, such a heist would be unprecedented. It could even garner some respect on this forum (toward both the attacker and the victim), rather than shame. The online wallet could get hacked, but it would be a smaller fraction of the funds lost, rather than the entire farm. Of course, if you have a decent security team, they'll also be taking other measures to lower the likelihood of that happening. And unless you pissed the wrong people off, you'd be very unlikely to be sunk due to a random hacking. You would be too difficult of a target for it to be worth even trying.
Disclaimer: I'm not a security specialist, so don't take this as real security advice. However, was technical lead for payments system of a non-crypto fintech company (this doesn't imply that that company's security is or isn't set up in this way).
That's one of the core values for me, however I can see that people are used to or just fine with their current bank relationships. Thinking that it's either the one or the other that work for everyone is naive.
I can login to my online Bank of America account now and transfer money to most anyone I know in about 100 countries. I can do the same from my bank account in A foreign bank account.
Freedom = I don’t want the government to know. I don’t have anything to hide and I am perfectly fine with the government seeing to whom I send/receive my money.
But bitcoin’s utility of it being a mechanism for transactions is over. It has become a mechanism to hoard wealth. The same way Tulips were used to hold wealth. The bulb will burst and it will lose that mechanism as well.
That said I think crypto currencies are the future...I just don’t think it’s bitcoin...
I doubt you can define or explain those words, but you're welcome to try.
Crypto currency accounts have some massive accounts now, not sure those would be covered much in those cases even with FDIC protection though it would be nice.
If there truly was a banking crash where more banks went down than in the Great Recession, I wonder how FDIC would hold up based on how many over leveraged games were being played that led to that implosion. Crypto currency is probably a reaction to that as well, trust in banking is immensely low in history.
If you have a substantive point to make, make it thoughtfully; if you don't, please don't comment until you do.
When you finally do need to withdraw some bitcoins you just set up clean linux system, download the file, decrypt it, make a transfer, encrypt it again and upload (if you don't withdraw often you can skip that because such offline wallet (at least the one generated by bitcoin core client) can handle few dozens outgoing transfers before you need to update it).
Then you don't have to worry about burglars, fires or hackers. You just need to worry about remembering your password. And about the portion of bitcoins you keep elsewhere to pay for things or trade.
> Then you don't have to worry about burglars, fires or hackers. You just need to worry about remembering your password. And about the portion of bitcoins you keep elsewhere to pay for things or trade.
This accounts for confidentiality but does not preserve the integrity or availability of the wallet and for those reasons is far less secure than you believe.
The bank operates its own wallets, you transfer your Bitcoin to theirs (or just buy it from them.) Keeping the Bitcoin safe is their responsibility. If you want to spend the Bitcoin, you can transfer it back to your own wallet, or directly to the payee. You pay them some fee to do this.
Now, it has obvious downsides. Less privacy. Easier for the government to confiscate your Bitcoin. The bank could go bankrupt. But, a person might rationally reason that those possibilities are less likely than them stuffing up a wallet maintained by themselves. Especially if it was a major bank that they might reason is unlikely to go broke. Obviously the Bitcoin account would not be government insured so if the bank goes bankrupt you might lose it all.
If criminals break into your account and steal your Bitcoin – if it is due to a problem at your end, e.g. a key-logger on your machine, the bank shouldn't owe you anything. If it is because the bank screwed up, they should be liable to compensate you for the loss.
BitcoinBank holds your bitcoin. Keeping the bitcoin safe is their responsibility. They get hacked and someone takes the bitcoin from them. They're liable to compensate you for the loss, but they don't have the money to compensate you with - someone stole it all.
Is the difference that a bank like Bank of America would have non-bitcoin assets to compensate you with? That is to say, the hypothetical BitcoinBank gets $65M of bitcoin stolen and that's 100% of their assets so you're out of luck. BitcoinBank owes you money, but doesn't have any. However, if Bank of America had $65M stolen, you could expect them to have other assets to cover that loss and make you whole.
I think the issue is that would cost a lot of money. Would you be willing to pay 2% of your bitcoin per year for this insurance?
I think one of the reasons that our current financial system works well against fraud is the ability to undo many transactions and detect fraud in addition to swallowing losses. If you try to spend $10M, that's likely to cause fraud alerts. If you're shipping goods to someone else and they're expensive, you'll again get fraud alerts. If you're transferring money between banks, it can have certain fraud-protection oversight and has a certain ability to be undone. A lot of this comes from lack of anonymity and limitations. A $5 transaction isn't suspicious and doesn't carry the same risk as a $5M transaction. Most bank to bank transfer systems have daily and monthly limits on them. The banks know who owns the accounts and can confirm if it's the same person. Banks generally have some latitude to undo transactions. Banks can see where you purchase things and determine whether it's suspicious. Banks have centralized places where they determine whether to permit a transaction.
That's exactly my point. Asking some cryptocurrency startup to look after your bitcoin, if they get hacked, they'll probably go out of business and you will lose everything. A major bank, with billions (or even trillions) of dollars of non-cryptocurrency assets, they will survive the theft of a few million (or billion) dollars worth of bitcoin, and have plenty left to compensate you with.
> I think the issue is that would cost a lot of money. Would you be willing to pay 2% of your bitcoin per year for this insurance?
Some people will probably say yes. If you expect bitcoin to go up by substantially more than 2% pa, 2% might be a reasonable amount to pay to reduce the risk of holding it yourself.
> Banks generally have some latitude to undo transactions.
I don't expect banks would apply the same rules to cryptocurrencies given the inability to reverse. For example, if you make a typo in the target account for a bank transfer, with normal currency the bank will probably just reverse it for you if you call them, with bitcoin you've lost your money. The threshold for compensation would be much higher. But still, if the bank loses your bitcoin due to their own negligence (as opposed to your own negligence), they'd be liable for that.
Is the margin of 2% sufficient to cover costs + risk?
Incidentally - when a bank account gets hack the bank compensates a single person worth of $. However every bitcoin system seems to revolve around keeping all of their eggs in a single basket for some reason. Surely the complexity cost is worth the additional security?
I'm one of many people kicking myself that I didn't buy Bitcoin years ago when I first heard about it. And now I'm wondering if I should buy some now, because there is a decent chance it will continue to go up (in the long run). But if I could pay a modest fee for someone I trust (like a very big bank) to look after those Bitcoins for me, I might consider it.
Once people believed bitcoin could be a currency, a medium of exchange that could be used for the ordinary transactions people used ordinary cash for. Now, it's an "investment vehicle" hurdling down the road that gold, natural gas futures and similar things went gone after 2008 when the Fed began QE in earnest.
And sure, "it's different thing time."
I'm one of those who looks at the 2013 spike and 2014 crash, and wonders what's different this time around.
This is completely antithetical to bitcoin. Upon reading that sentence, I thought surely this is a joke.
Not only is a bank account for bitcoins completely antithetical to the very notion of bitcoin, but it eliminates any need for bitcoin's central innovation, a distributed, unified verification system in the form of a 'blockchain,' generated by a clever utilization of P and NP.
Money is fungible, it doesn't really matter if I have dollars, or pesos, or yen in my bank account. The only reason you want a bank account for bitcoin is because you want a bank account with magic internet money that magically, irrationally increases in value until it doesn't. And you don't want the headache of worrying about all the potential missteps when messing about with your magic internet money.
If you make a mistake or fall victim to an attack that lets someone steal the encrypted file containing your key, there's a good chance the attacker will also be able to install a keylogger and get your passphrase.
I don't think offline storage is necessary as long as you're certain your system is clean, which a clean linux install helps.
It's on a USB stick in our fire safe, and also in our safe deposit box along with a passphrase hint that my wife or daughter would understand, but is not obvious to an outsider.
1. Store the keys on your own device, and also write them down on paper as a backup.
2. Store the keys on a dedicated piece of hardware, and also write them down on paper.
3. Encrypt the keys with a username/password and back that up to the cloud.
Option 2 protects against all kinds of malware, including keyloggers. The device has its own screen and buttons, so you can see the backup keys and verify the destination of the funds without trusting you PC.
For the paper backups in options 1 and 2, there are fireproof options like cryptosteel.
Option 3 gives a really nice UX, since it's feels like a standard username/password login. This is what Lastpass does for passwords, but applied to Bitcoin. Keyloggers are still a threat, and if your password is weak, someone might brute-force it in a database breach situation. Depending on your use-case, this may be worth the tradeoff.
The company I work for, Airbitz, implements option 3. In our experience, far more people lose funds accidentally than due to hackers (at least with self-managed keys). Therefore, a familiar UX is crucial to helping users retain control of their funds. Plus, most people aren't willing to invest in specialized hardware, at least at first. If crypto-currencies are ever going to go mainstream, there needs to be a software-only on-ramp.
Like it’s not as complicated as people pretend heck encrypt it again so the wallet file cannot be profiled and store it on a cloud service.
Full disclosure: I am biased; a US citizen.
"All males are human" doesn't imply that "all humans are male."
That's ... an incredible amount of coin to be stored on the service. I would never have thought NiceHash had that much usage. Not that I thought NiceHash's usage was low, but ... well let's put this into perspective.
Only 1,800 BTC are mined on Bitcoin per day. Now, NiceHash is _not_ a Bitcoin mining pool; they just pay out in Bitcoin. But that should give some perspective as to the magnitude of funds NiceHash was playing with.
I've seen some people mention cold storage, etc. NiceHash isn't a service for storing coin. The intended usage is to only keep your (the user) profits on there long enough that it exceeds their minimum withdrawal limits. I'm sure some people leave coins on there for a bit longer, to reduce the % of their profits consumed by TX fees. But, for most intents and purposes, the funds on NiceHash are 100% hot funds.
So we're talking about 4,000 BTC of _hot_ funds. It's hard to fathom what their user base must be. It'd be like walking into a department store and finding out they have $56 million in their cash registers; not for any other reason than that they have enough business to justify it.
I'm guessing there were a lot of users like this.
I ask because they're saying on their reddit thread that they are working towards "solving this issue". What does that mean here?
So I actually kinda hope for their sake it was an inside job, because that would be a lot less stupid.
The first address they send the hacked coins to (a1) will most likely be black listed by some exchanges. However, the hackers could create thousands of new addresses and transfer the coins from a1 to the new addresses. Then do that again. All exchanges would have to monitor all addresses that a1 ever sent coins to. They could do this, but I'm not sure how many exchanges would actually do this. All it takes is one exchange to accept the hacked coins then the hacker can sell the BTC for something like ETH.
Another option would be OTC trades, but that would take a really long time to sell 4000 BTC.
I would say the best way to go would be to using bitcoin mixing services, but then the attacker would open themselves upto a huge risk of getting caught if the mixing wasn't perfectly secure, when they eventually go to an exchange.
But they just got hacked for $52million...
You sell computing power for $x/hr, and you get paid $x-%/hr, as two completely unlinked things.
At this price rate, the ~4000 BTC could be 1 or 2 days of rental fee for a couple hundred transactions. No idea about their volume of transactions or cash flow.
I didn't lose a penny of cash as a seller, but hash buyers did.
Glad I didn't trust them to use their wallet system - those are the ones who'd really get burned by this, if NH can't recover.
They really need to lower the minimum payout limit, or set that you can pay out e.g. every two weeks.
How is this not a simple task?
I heard he taught as an assistant at the CS school I went to some time ago.
That should be easy to find via the transactions. Are they still in your wallet? What's the address? If they are still in there, then use a backup key to move the BTC now. Do you have a backup of the keys?
Being that it is connected to a payment system, it's surely the hot-wallet. No mention of a cold-wallet makes it seem they've been completely wiped.
Multi-edit: Stream of consciousness
4,736.42 BTC transferred.