I think the first and most expensive hire should be a top-notch security expert. There have been too many screw-ups in the Bitcoin space and a hack at this level of prominence would be disastrous for the community.
It's incredibly stringent stuff and banks get fined hard when they fuck it up.
By contrast, one of the recent Bitcoin heists was made possible because the hackers requested a password reset for the exchange's Rackspace account. Seriously.
Agreed. Aside from the obvious "companies dealing with money need much better security", bitcoin itself has a bad rep, being security amateur hour. They need to fight this head on, and show they aren't idiots.
Yes but the big problem really boils down to "What % of the total bitcoin deposits are in the hot wallet at any given time?" To me bitcoin security should first be concerned with minimizing this number in any way possible. Hacks will happen; the companies involved need to make sure it's never worth their time.
If you want to be taken seriously as an online wallet then do what every other currency depository does - tell the public about your 3rd party deposit insurance, and tell your insurer about your security. Anyone unable or unwilling to secure insurance has essentially made their advertising slogan "we might as well rob you ourselves"
...and last I heard, coinbase keeps most coins hot! They need to fix this. Brian (ceo) doesn't recommend keeping lots of money there yet for this reason.
I don't think bitcoin related sites have less security than other sites that claim to be secure, it just that they are such a high value target and attract the attention of nearly all criminal hackers.
Also nearly all of the thefts that occurred where a result of a compromised email account which eventually led to root level access of the server through a virtual server console. Not as a result of bad programming that led to an exploit.
All the incidents to date except the first Bitcoinica heist were due to bad security practices one way or another. Even that one could be considered bad security practices by trusting that Linode was secure.
That said, I expect we will see some really hardcore Bitcoin security incidents in the future that rival state sponsored hacking.
Stealing Bitcoin requires no additional effort to profit. Since Bitcoin is money and easily made anonymous, stealing Bitcoin == profit. Therefore there exists an arbitrage opportunity between the cost of buying 0-day exploits and the Bitcoins that can be stolen by use of those exploits. I expect as Bitcoin goes up in value so will the cost of a certain class of exploit.
What kind of software stack would you run if you were operating a Bitcoin bank that held a large amount of funds?
This is the downside of Bitcoin's operating in a cash like nature. There is no FDIC for these "banks", the bank walls are digital and porous in ways unknown, and the bank can be robbed across international boundaries. What these companies need is insurance, but that insurance would be very hard/impossible to obtain.
On the plus side, the way transactions work, the vault never needs to be connected to any networks at all. Hot storage is risky but cold storage is extremely safe.
I think this could be fairly easily harnessed in a semi-scalable manner too.
Two computers, A is trusted and B is untrusted. B is networked and hooked up with the rest of your system, A is in a vault and completely air-gapped. A has your wallets.
Give both a printer and webcam/scanner to both. B prints a transaction encoded as a QR Code (or something custom, if those don't hold enough data?) as well as key details (transaction amount say) in giant black bold capitalized English.
The human operator checks the english description for sanity, then gives it to computer A. Computer A reads the QR code, does OCR to confirm the key details (or lets the operator confirm them on the screen) and the QR code match, and preforms the transaction.
This could work at a "local bank branch scale" I think, but getting it up to "website scale" would be... improbable.
Not sure if I would trust this with my money, but it would be fun to implement.
(technically A wouldn't be air-gapped, it would just be operating over a QR-code sneakernet.. Should be reasonable though I think.)
Of course. But is it worse the flaws with than any business that handles cash? The idea is to use bitcoin's 'offline' functionality to bring it up to about the same security of regular cash.
What kind of regulations? There are already plenty that affect a company's accounting no matter if it uses dollars or pesos or gold or bitcoins or pokemon cards.
I expect we will see some really hardcore Bitcoin security incidents in the future that rival state sponsored hacking.
It depends if Bitcoin becomes big and popular. If so, then yes, there will be lots of hacking attempts. If these security flaws with bitcoin sites keep appearing, then it will never get beyond 'toy' status.
The first design rule would be not to have the wallet file on the same server as whichever stack was used.
Secondly the client facing stack can not interact with the server holding the wallet file directly. It would have to go through a third server which would run sanity checks on any transaction requests.
"security" is not just programming, but the whole methods & procedures. They might have good 'programming', but they had bad policies and bad security. If there's an email account of a founder, that when compromised, leads to the entire contents of your bank vaults being robbed clean, then you have bad security.
It should not be possible for there to be a virtual machine console, or for one compromised email account to give you that much power. That's how you do security.
There are plenty of high value targets e.g. Amazon, Apple Store, eBay, banks just to name a few. So to claim that Bitcoin services are unique in any way is just ridiculous.
And just because you get root access to a server does not mean that it should be trivial to gain access to the bitcoins. And why are they being hosted on VPS in the first place ?
The point is still valid that a true PROFESSIONAL is desperately needed.
The difference here is that storing Bitcoins is like having cash sitting on the server that thieves can pick up and run away with. If you steal from Amazon the Apple store, an ACH or credit card chargeback will set everything straight.
If a burglar has the choice between a car worth $50,000 retail or $10,000 cash, what would he rather take? A stolen car is a lot harder to turn into something usable.
Bitcoin services are unique in the fact that it is very easy to send the money to yourself, be in your control, with out having it be attached to you identity in anyway. This seems unique to me, if there are other cyber crimes that make this just as easy I am interested in hearing about them.
Why did you swap out 'the server' with 'a server'? Of course a server doesn't mean you get bitcoins. But the server, the server with the wallet, there is no realistic way to stop root from grabbing the encryption keys.
I just bought 20 bit coins yesterday, in a wallet at CoinBase.
I saw YC funding for CoinBase as a fairly strong signal, and I feel buy and hold might be a good investment. The more liquid bitcoins become, the more they will be worth, and they aren't even remotely liquid yet.
You bought them and sent them to your CoinBase wallet, or did you actually buy them from CoinBase? (I didn't think that had started selling coins themselves yet.)
The best thing about bitcoin is that it's decentralised and under your control. And what all these companies are trying to do is make it centralised and externalised from the users. Despite such wallets being stolen repeatedly people don't seem to get deterred.
Bitcoin is safe because it's distributed. Safe from manipulation because no single entity has control over it, and safe from thieves because they'd have to go after each person individually. By centralising it you are making it more vulnerable.
Apparently convenience is more important than anything else.
Other positive news, Gavin Andresen, Lead Core Bitcoin Developer - "I'm pleased to announce the launch of the Bitcoin Foundation: standardizes, protects and promotes the use of Bitcoin cryptographic money for the benefit of users worldwide. The Bitcoin Foundation is modeled on the Linux Foundation."
Coinbase bent the rules to do this - they had a fundraising, but failed to achieve their target before their deadline. So they just added a few weeks. And failed to reach their target again. I guess the third time is the charm. IANAL so changing the dates for crowdfunding may not be illegal but is not a company I want to trust my money to.
See http://nosql.com/2012/08/23/crowdfunding-cheating/ for the full story