Regardless of how exactly it happened, I think the big thing is that anything that operates as "just an exchange" has the potential to operate as a fractional reserve bank instead (IE, just operate with enough money to cover day-to-day transactions and not-have/use-for-something the remaining funds people think you have in your vault).
So basically, trusting any unregulated entity that claims to have stuff in its vaults is an inherently dangerous thing since such entities inherently tend to fail all at once when they fail (because they can mask either a series of small failures or a failure large enough to bankrupt the company but still not large enough to clean out the customers - yet).
This, of course, raises the questions of "who insures the Bitcoin insurance company" and "how do the insurance companies protect their Bitcoin now that they are a target?"
E&O insurance is surprisingly simple to understand. You fill out a 5ish page application, which asks you about the character of your business, your tech infrastructure, and your procedures/policies/etc regarding particular risks. The underwriter reads your application then asks some drilldown questions. The two I got were "Confirm Mr. McKenzie has 5+ years of professional experience in system administration" and "Confirm that the use of Appointment Reminder in a hospital is for the hospital's business administration or the convenience of patients, rather than for treatment/diagnosis/etc of a medical condition." (Translation: If it breaks, does anyone die? If so, we will probably not write this policy.)
If this theory is true, presumably Karpeles would not have done this after the 2011 hack, because that would be insurance fraud (falsely obtaining insurance on the theft of coins that have already been stolen). It's possible that it would have been more difficult at that point because of Bitcoin being less mature.
Obviously, it was burnt to ashes the next day, and Lloyd's paid out. One wonders, if somebody was funding Lloyd's, because this was practically guaranteed to happen given the circumstances. Today in the free market, you can freely choose between Altera (San Jose, California, U.S.) and Xilinx (San Jose, CA, USA).
> Hungary had even less success with integrated circuits in the Soviet Era. Hungarian IC production was initiated in
> 1985 under licenses from the Soviet Union and East Germany,
> but the factory burned down the following year, destroying all the equipment.
Why is it likely? There are many private companies controlling amounts of money comparable with amounts of money controlled by some governments. I'm not talking US government of course but there are many smaller ones. Such companies are usually multinational corporations carrying much less local political risks and less prone to engaging in stupid things like trying to build communism or invade neighboring country to steal their supply of goats.
>>> If the government doesn't collapse, everyone gets made (more or less) whole again.
That is certainly not so, since unless you are controlling world reserve currency (read: US government) your resources are limited unless your deposits are nominated in your local currency. If you have monetary crisis, local currency quickly becomes worthless. Thus, you have very limited resources for making your citizens whole. On the contrary, big multinational corp would usually have balanced deposits in many major currencies - and usually good political ties with US and EU governments - which would ensure any local currency risk would be survivable for it. Thus, for a private corporation it would be much easier to make everyone whole - unless we're talking about US government.
So, for most governments out there which are smaller than US government, it is not true that their form of insurance is preferable for those reasons. The only reason it may be preferable is that the government has monopoly on violence (at least until overthrown) and thus can extract money by coercion, which private corporation usually can't. But if your government has to resort to robbery, are you sure it's a good insurance?
You assume complete rule of law is maintained in the absence of government, which is a non-trivial assumption. To exercise control of said money, especially in times of turmoil, you need an underwriter, usually in the form of police and/or army, which usually require the government to be functional.
> But if your government has to resort to robbery, are you sure it's a good insurance?
It's a game of semantics. Some people consider any taxation "robbery at gunpoint". Most people would consider that only about "unjust taxation". However, the number of definitions of "unjust taxation" is close to the number of voters.
You seem to operate under impression there's only one government. That is not so - in fact, there are many different governments and many different ways to store money, which allows to hedge the risks.
>>> It's a game of semantics.
It's not. There's a point when failing government resorts to actions which go beyond regular taxation - such as hyperinflation, confiscations, defaults, etc. In such cases governmental insurance is no good as there's much more chance it will hurt you than benefit you. For the private company, the minimum you get is zero, but for the government it can get way worse than that.
For the omnipresent omnipotent investor, that might be true , but probably is not true even for that investor -- e.g. the US government can and does have a wealth tax in the form of inflation, that applies to every single asset class anywhere in the world, enforced through FATCA/FBAR; You have no legal way to protect your assets against inflation+taxation).
If you're in Cyprus, and you need money usable in Cyprus, you are dependent on a functional Cypriot government, one that did not employ capital controls (But they did...)
Furthermore, a lot of people here are unaware, but for at least 3 months, there was more than one currency called "Euro": The Greek Euro, and the non-greek Euro. Banks in Germany would NOT accept greek Euro, or remit non-greeo Euro to a greek bank without collateral or other guarantees. All fiat money is fungible.
>> It's not. There's a point when failing government resorts to actions which go beyond regular taxation -
Your statement is ironic. Who gets to define what "regular taxation" is? The US had, at times, 80% taxation. Is that regular? The US government has been running a much higher than reported inflation for years. Is that regular?
The first point that's not quite understood is that this generally stops the bank run because people don't feel worried about their money anymore (or not all given existing state insurance).
The second point is that the "inflation of funds" actually didn't happen at the point when government printed money but at the point when the private institution multiplied the perceived amount of money in the system. Think about it, people that are withdrawing their money during a bank run don't suddenly feel richer.
The third point is that banks can and have operated fractional reserve systems using gold just as MtGox seems to have done with bitcoin. 19th century US banks printed their own gold certificates and failed on a regular basis.
J.K. Galbraith refers to this as the "bezzle" in The Great Crash: 1929. It's the monetary surplus created by fraudulent transactions, and, he notes, nobody has a problem with it until reality asserts her presence.
Update: More on the bezzle, found an online reference.
In many ways the effect of the crash on embezzlement was more significant than on suicide. To the economist embezzlement is the most interesting of crimes. Alone among the various forms of larceny it has a time parameter. Weeks, months, or years may elapse between the commission of the crime and its discovery. (This is a period, incidentally, when the embezzler has his gain and the man who has been embezzled, oddly enough, feels no loss. There is a net increase in psychic wealth.) At any given time there exists an inventory of undiscovered embezzlement in — or more precisely not in — the country’s businesses and banks. This inventory — it should perhaps be called the bezzle — amounts at any moment to many millions of dollars. It also varies in size with the business cycle. In good times people are relaxed, trusting, and money is plentiful. But even though money is plentiful, there are always many people who need more. Under these circumstances the rate of embezzlement grows, the rate of discovery falls off, and the bezzle increases rapidly. In depression all this is reversed. Money is watched with a narrow, suspicious eye. The man who handles it is assumed to be dishonest until he proves himself otherwise. Audits are penetrating and meticulous. Commercial morality is enormously improved. The bezzle shrinks...
Just as the boom accelerated the rate of growth, so the crash enormously advanced the rate of discovery. Within a few days, something close to a universal trust turned into something akin to universal suspicion. Audits were ordered. Strained or preoccupied behavior was noticed. Most important, the collapse in stock values made irredeemable the position of the employee who had embezzled to play the market. He now confessed.
J.K. Galbraith, The Great Crash: 1929, pp 132-133.
And the association between Galbraith's bezzle and Bitcoin / Mt. Gox has already been made:
For now, though, Bitcoin, like innumerable speculative vehicles before it, appears to be falling victim to what John Kenneth Galbraith, in his book on the 1929 stock market crash, referred to as “the bezzle.” In any economy, Galbraith noted, crookery and theft are present. But, particularly when money is plentiful and financial markets are rising, “the rate of embezzlement grows, the rate of discovery falls off and the bezzle increases rapidly.” It is only after the market falls and “audits are penetrating and meticulous” that much of this chicanery is uncovered.
I'd just note the money effect doesn't have to be fraudulent (though I'm sure it helps).
Just the simple effect of banks being able to loan the funds under their care creates an effect where people have access to more money, even if it isn't there and they act accordingly (and certainly adds to the pure embezzlement as well).
Also, this highlights to me the contrast between '29 and 2008. In 2008, the problems up past a certain were covered up, effectively insolvent banks were supported and whole industries were bailed out. So one presumes the position of the embezzlers has been different, though some certainly were caught. Indeed, I would imagine that today's embezzler is trying to steal as much as possible as quickly as possible so as to get into and remain in the too-big-to-fail mafia.
You're pretty much precisely inverting Galbraith's insight.
First: the whole point of the bezzle is that it is fraudulent. It's that during the period before you realize this, everything looks hunky-dory. It's Wile E. Coyote running off the edge of the cliff, before looking down and realizing he's suspended in the air.
The other is that an expansion in the money supply, in the short run, leads to consequences generally seen as favorable: those whose apparent financial wealth is increased suddenly have the ability to make claims on (purchase) resources they wouldn't have been able to previously. There's a model of money as exchange particles, and the concept of virtual particles which can be created under certain circumstances, which I'm finding increasingly compelling. The problem is when the wavefront collapses -- that's when misery sets in.
As for '29 and '07: yes, individual institutions were allowed to fail (mostly) during the Great Crash. Again, Galbraith goes into detail on this, I recommend his book. Where addressing the situation failed was in not creating liquidity elsewhere in the system to make up for this resulting in tremendous deadweight losses as the economy simply tanked.
In 2007, an institution was allowed to fail (Lehmann Brothers), but the consequences were so severe that politicians stepped in to staunch the collapse. The manner in which they did this was both useful (the liquidity was absolutely needed) and utterly flawed (the very individuals and institutions which had, in large part, assisted in creating the problem were greatly enriched by the intervention). And yes, getting into a business in which profits are privatized and losses socialized is very much the modern mantra.
And if they print so much money that it becomes worthless, then that'll have a similar impact on lenders than if they just default, which is the government's first option and everyone else's only option. The government's only option, too, if the debt is denominated in someone else's currency.
To that extent, governments having the option to print money to satisfy debts is a good thing. As soon as there are two evils to choose from, it becomes possible to select the lesser of them.
In other words, don't think of lending money to a government in a currency it can't debase as if it were somehow less risky. There's still plenty of risk, it's just that it comes entirely in the form of default risk rather than as a mix of default risk and exchange rate risk.
I'm not sure why you raise this issue considering it's effective meaninglessness.
There are a raft of private insurance entities for things like pension funds and stock brokers (there used to be ones for state level "Thrift" banks. There used a mortgage bond insurance company too - it became insolvent in 2008. The pension and stock broker ones stay solvent by not necessarily fully guaranteeing any entity, etc).
None of the finance institution insurers are going to be large enough to actually insure against systemic failure. Essentially, these entity also, in supreme irony, operate with the fractional reserves principle. They only insure against a small failure every once and a while. Only the state, with it ability to print money, can provide real insurance for things that operate like a bank. So private financial failure insurance is a fancy fig leaf, it gave no comfort during 2008 crisis, etc.
And fricken really insure bitcoin exchanges? They would have to have enough dollars just sitting around doing nothing to do that and no one would provide these dollars. At best, all you're doing is asking for someone to sue if things go bad (OK, that's something but not much).
I think you're taking the example of a systemic failure to mean that all such insurance is a waste of time. But most failures aren't systemic or massive.
It seems implausible that systemic failures for bitcoin in particular are going to be generational.
Insurance for entities subject to systemic failure is about having many hands looking the process and having the appearance of solidness. Appearance really is as important as reality for keeping such entities afloat.
You gotta admit "Insurance works most of the time" is kind of like a tight rope walker saying "that net that's there to catch me works most of the time, meaning that it definitely works when I don't fall and it makes people happier".
And my main point would be that state regulation and guarantees are the more serious measures and private insurance is not nothing but fairly weak affair. I'd trust regulation on a financial entity much more than I'd trust insurance on such an entity.
The problem for a lot of Bitcoin service providers is that once the cost of regulatory compliance and even limited insurance (up to $5000 or something) is factored in, they won't seem especially competitive with other financial vehicles. Maybe the smart thing to do would be set up a bitcoin insurance firm first and make money out of the exchanges...
If one thinks long and hard about this, one might conclude that the entity insuring such exchanges needs an entire agency of men in black, a standing army, some nuclear missile subs, and hundreds of billions, if not trillions, in reserves. Or, it could be another kind of organization of comparable power.
If I were the leader of an oil-rich state, I'd look into a system of bearer bonds based on cryptocurrency. Some alliance of nations might be able to become the virtual Switzerland of the 21st century, not with mountains to protect it, but complete dispersion and redundancy of its financial resources instead.
Actually, the entity best suited to back, insure, and police a cryptocurrency is the United States. A hybrid fiat/cryptocurrency with those kind of resources behind it would be invulnerable. However, this would just increase the hegemony of the US. (Ironic, that the US could further cement world domination by losing control of individual transactions.)
I mean, we might not see exactly the number of things we expect, but if it's holding over 95% of the value expected (through those mechanisms), and shows a successful trend of having increases when it claims and decreases when it claims, then it seems relatively trustworthy.
For the exchanges crypto-currency reserves, a trusted third party isn't even necessarly. The exchange can use gmaxwell's "prove how (non)-fractional your Bitcoin reserves are” scheme , which allows them to cryptographically prove they are not fractional reserve.
The Mt. Gox bankruptcy will have positive long-term repercussions on the bitcoin community, because it will pressure honest exchanges to do the above to prove they have the funds to cover their deposits. Coinbase has already done this for their bitcoin reserves , albeit through a trusted third party rather than the cryptographic way.
(I am not an expert on anything.)
Dollars are held in bank accounts that can be verified.
Bitcoins are not held in bank accounts. They are long strings of numbers in essence and "storing" bitcoins involve putting these numbers on a hard disk that isn't connected to anything.
I don't know enough about the bitcoin protocol to say this is possible but if an exchange could exhibit the public keys of their bitcoins without exposing the private keys, they could at least prove that either they or no one owns bitcoins of a given value.
The other approach is publish a list of your public keys along with predictions of future transactions. Assuming you actually control the public keys you claim to, you should be able to make those transactions successfully.
Both of these approaches will run into some difficulty with a robbery or loss of keys kept in cold storage. Because your keys are (supposedly) in cold storage, it is not suspicious that you cannot prove control of them. However, if you were to suffer a harddrive failure (and not have backups), then you could simply claim that those keys were still in cold storage.
A mandatory vacation sure would have put a stop to "Brian Molony"'s systemic theft from CIBC much earlier. iyww Biran Molony was the real life person behing the movie "Owning Mahowny".
One example that springs to mind from Australia was a branch staffer who had managed to rack up A$5 million dollars in fake mortgages. Went on holiday, the stand-in noticed dozens of mortgages to the same PO Box, did some digging...
One of many plausible explanations. It's going to be really interesting seeing how this actually plays out.
He had a bit of a running disagreement with Von Mises over it: http://www.garynorth.com/public/9714.cfm
It sounds like the writer has not heard of Rothbard's proposed anarchocapitalist systems, polycentric laws and competitive arbitration and enforcement organisations.
> Mises openly rejected the idea that government should have any role in setting a specific percentage of gold and silver or other assets, including bank deposits, in relation to their issuance of what he called fiduciary media, but which hard money advocates refer to as fiat money. In contrast, Rothbard called for 100% reserves.
Summary: Police arrest 4 separate suspects and get confessions from 2 for having a virus on their computer.
Poor internal controls, greed, arrogance, and snowballing losses that lead to greater and greater risks. And then disaster, at least in the cases we hear about.
Granted it's being being turned into a narrative but the history is spot on. I wouldn't have bothered putting in sources if I were him either, it's time consuming and those who know the history of the events wouldn't need it.
It's like when HN goes offline. It's an observable fact. Writing what you "think" happened to explain this fact is the speculation part.
Usually the catalyst in those days was some sort of financial stress at moment of weakness for the bank. In the 19th century, Typically this was in the fall before the receipts from the harvest came in. Small banks would have minimal reserves, and failures could easily cascade.
I'm surprised with all of the rhetoric about fiat money that nobody figured this out sooner.
My experience has been that goldbugs usually just don't want to be told about or think about this, so I'd expect things to be the same among Bitcoin supporters. And presumably a number of the clever boys will quietly reason that even if, later on, Bitcoin goes the way of all money, the people who were in on the ground floor will still have made their killing.
Edit: I should also add that Mark in particular has not proven himself smart enough in my eyes to pull something like this off. In terms of technical skill, yes, but this requires a very human approach to deception which I, based on the conversations I've seen him have, do not think he possesses.
Honestly I'm not even sure how many other technical employees they had. I would assume only a few.
This would explain why.
I know this first hand because I was on #mtgox at the time speaking to support staff trying to get some of my own coin out, which I eventually did get. I personally think that at this point they themselves were "wtf is going on?" about the issue and couldn't really explain what went wrong.
Between that time and now they surely must have understood the problem well enough to either use it as a "feature" or try and fix it, which they didn't.
RealBTC is what you got when you finally got it out of them, to spend elsewhere.
Perhaps my background in hardware systems leads me to solutions that use physics to solve certain security problems, but to me, sending bitcoins to an unconnected computer over a unidirectional link seems trivial.
User owns a key protected by his password and your server never knows it. Another key is stored unencrypted on the web server (like in "hot" wallet). Third key is stored with your staff, encrypted by their personal password (like in "cold" wallet).
Normal withdrawal: user key and web server's key sign the transaction and it's instantly available.
1. User forgot their password: he contacts staff that uses their key + web server's key to move funds to new destination.
2. Hackers have taken the web server: they see the key, but it's not enough to move anyone's funds.
3. Staff lost their keys: users still can access their funds if they still remember their passwords.
4. Hackers stole user's computer: they may instantly withdraw some amount up to an arbitrary daily limit. (Withdrawal can also be protected by 2-factor authentication.)
5. Hackers stole staff's keys (e.g. from a personal computer): they still need to break into web server. When staff realizes that keys are compromised, all funds must be moved immediately to new keys.
In other words, users have a hard proof of ownership of specific coins. All coins, no exception, are protected by two differently stored keys. So no need for hot/cold wallet difference.
If you want to block some BTC for trading, webserver will implement that easily: when you withdraw coins, it will move blocked portion to someone else's address.
The transaction history, and thus the ballance of an address is held in the blockchain, in the ether.
To spend the coins, you must have at hand:
* the current blockchain
* the private key
* a connection to the network.
What is considered risky is spending only a fraction of the paper wallet, for the following reasons:
- you just used the private key for creating a transaction, so the chances of it being compromised increases
- the client you used might have sent the change to another address while you're thinking the remaining coins are still in the paper wallet
But if it's done well, yes, it's possible to spend a fraction of a paper wallet.
If I wanted to take it further, the "secure" machine could print that wallet onto paper or could robotically insert flash drives into a USB port (in such a way that removed keys were dropped into a bin the robot couldn't reach into.
This is only one of many ways I can think of that would allow the automatic creation of cold wallets ... the only way to attack such a system is to gain physical access.
TL;dr version: anything that is connected to the outside world, no matter how small, is an attack target.
Is it that 'Everything is a Ponzi scheme until it isn't' or is it that 'Nothing is a Ponzi scheme until it is'?
I had some doubts (and other interests) so didn't bother getting into bitcoins.
Now we find out that bitcoin definitely isn't secure, and fraud by central authorities is just as possible as with any complex system of representing monetary value.
I really think it's a universal Law - let there be any kind of central body involved in a system where there are profits to be made by dishonesty, and there WILL be dishonesty.
MtGox turns out to be no different to the FED and any other fiat money authority. No different to the bullion markets, and their empty gold vaults (gold stolen, due to fractional reserve fraud.)
I think I'll stick to keeping gold and silver pieces in an old sock. The only true value store is in-your-hand allodial, and never, ever abstracted to ones and zeros (or paper.)
If anything is secure, then bitcoin is. That doesn't mean that it protects people from their own incompetence when it comes to security, there's no getting around that at this stage.
> and fraud by central authorities is just as possible as with any complex system of representing monetary value.
Only when you actually trust a centralised authority with the private keys in question, which people should not be doing in the case of businesses like mtgox which were obviously utterly incompetent right from the start. Plaintext passwords in http get queries embedded in plaintext emails? Come on, that would've twigged my "this is a really dumb idea" sense even before I started software development.
> MtGox turns out to be no different to the FED and any other fiat money authority.
Exactly, which is irrelevant to the security of bitcoin itself. It's like saying a currency itself has a security vulnerability because a security guard at a bank was incompetent, it doesn't work like that.
> I think I'll stick to keeping gold and silver pieces in an old sock.
Gold and silver are just as vulnerable to centralised betrayal when held by a third party, and bitcoin is just as invulnerable to centralised betrayal when you hold it yourself. Your analogy compares two entirely different situations in order to make one look better than the other.
It's actually less possible. It's just that the community lets the central authorities get away with it. With BTC, the exchanges can publically prove their assets. (Of course, if all of them got together to collude...)
If Bitcoin is not secure because an exchange got hacked, then bank accounts are not secure because phishing exists. Or cash is not secure because it can be stolen.
So, bitcoin is actually a hybrid fiat+cryptocurrency? Since there is little transparency, a significant fraction of the BTC market capital might actually exist as fiat!
Version 2 of a cryptocurrency protocol needs to protect against incompetently implemented exchanges as well.
EDIT: Apparently, there is a BTC scheme for proving solvency. Making this mandatory for exchanges would go a long way to improving things.
There is not only the MB money supply (total number of paper dollars that exist), there is also the M1 money supply (MB + number of Traveler's Checks, and other highly liquid bank inventions), and M2 (which includes deposits).
The true size of the monetary base can artificially grow and shrink in ways completely uncontrollable by the central-authority. This is true with both the USD and Bitcoins.
The ultimate reminder is... the US implementation of fractional reserve banking forces banks to do no worse than 10%. In unregulated markets, the "banks" (ie: MT. Gox) will tend to lie and cheat, and will have ratios at far far worse rates.
Anyway, I think from a "infrastructure" point of view, BTC is not good enough yet. I'm finding proof-of-stake systems (peercoin / NXTcoin) far more technically useful than BTC... in particular, the fact that they're "greener" and don't waste electricity like the current mining rigs do.
The ideal system probably would be a decentralized proof-of-stake cryptocoin with regulated exchanges.
/r/bitcoin thread with sources: http://www.reddit.com/r/Bitcoin/comments/1zifxf/why_is_the_a...
The religious messages thing is a strawman. Miners are allowed to include whatever they want in the coinbase. It's common among pools, and hardly considered "tampering". https://bitcointalk.org/index.php?topic=38007.0
Edit: more info: http://www.reddit.com/r/Bitcoin/comments/1zifxf/why_is_the_a...
all stories aside i believe that bitcoin is unsafe - and that this has been /blatantly/ obvious since i first encountered it as a suggested method to launder money and fund criminal activity.
don't buy unregulated 'currencies' with a strong history and incentive for money laundering and facilitating the black market. its violates the spirit of the law of pretty much every nation on earth.
whilst i genuinely believe that cryptocurrency is possibly the way forward - certainly a global currency which is independent of such whimsical things as nation states, politics and commodoties - i also think that it took a spectacular lack of common sense or 'street smarts' to actually spend money on bitcoins.
nice story... but i am indifferent to its truth - it doesn't negate the obvious risk of investing in bitcoin. but then many will say 'the greater the risk the greater the reward' and they are precisely correct.
NB: i barely trust the bank - i have a bank account 'under duress' as most of you probably have - that i would like to see my earnings from employment. how did that happen? why should banks have any involvement in my remuneration for work. /i would very much rather cash in hand that you can't fuck up for me because you are gambling it on the stock market under the pretense of running a business/. its not like we have self inflicted financial crises as a result or anything at all... :/