Hacker News new | past | comments | ask | show | jobs | submit login

I am borderline speechless in the face of the incomprehensible carelessness. The lack of records is amazing. The lack of accounting is amazing. The lack of professional standards is amazing. The lack of common sense is amazing.

If you'll excuse me, I have to go to the bank. I just realized that I left a million dollars in the pockets of the jeans that I just washed. I suppose I should dry them out and deposit them, along with the $100,000 I just found fallen between then cushions of my couch.

This is why there is regulation of the finance sector, and exactly what happens when companies and individuals try to pretend the regulation doesn't apply to them.

If you want to start an online financial services business, the first thing to do is start researching the legal requirements for doing so, both where your business is located and where most of your likely customers will be. Not looking at them doesn't mean the rules don't apply, it's just grossly—potentially criminally—negligent.

In fact, that's the case for anyone starting almost any business. You need to examine the legal and regulatory environment in which you'll be operating as the very first step of your due diligence. Anything else is negligent.

A few weeks old but saw this earlier today via Brad DeLong:

Who’d have thought that there might be an incentive for operators in a totally unregulated market to take people’s assets and run? Or that self-regulation would be so lacking in a market that purposefully concocts information asymmetries that benefit money creators/the tech-savvy…. or that the Bitcoin system was only recreating and replicating all the bad incentives we know and love in our current system, which are now being curbed by intensified post-crisis regulation?

Irony of irony, Bitcoin Magazine concludes that since it is unfortunately the case that many bitcoin businesses must use escrow accounts to hold people’s bitcoin, the only solution to the problem is moving towards a quint-party agreement to manage unauthorised liability creation in the system...

But you mustn’t confuse this with some sort of recommendation to forge a Federal Bitcoin Reserve system. It’s a “Five Parties Model” system. Entirely different...

All in all, it would be NOTHING like the Federal Reserve System we have already arrived at thanks to decades of collective trial and error, and acquired wisdom from the countless bank collapses and system crises that have come before us.

Except, of course it would be exactly like the Fed. And where it wasn’t yet exactly like the Fed, it would soon be, because exactly the same human processes, incentives and behaviours would govern its evolution and development.

Proving the point yet again that there is nothing new under the sun, and that bitcoin is more of a replication of the old unregulated past, under a new technological order, which society collectively refined and regulated until it created the system-stabilising framework we know today, than a golden era of finance no-one had yet been smart enough to discover beforehand.


A: We've created a decentralized accounting system and currency that obviates the need for most of the standard accounting controls and fraud prevention measures, so long as you operate within that currency!

B: Oh yeah? Well look at all the shenanigans that happen at the re-entry points to the conventional financial system! Checkmate, hard-moneyists.

> A: We've created a decentralized accounting system and currency that obviates the need for most of the standard accounting controls and fraud prevention measures, so long as you operate within that currency!

I hear this a lot, but I think it's really only true with a massive asterix next to it. Can you explain how bitcoin will work, for instance, in a retail model? It seems like the transactions take a long (relatively) time to verify, which leaves two options:

1. The customer waits (not really a possibility - maybe for bar tabs it's sort of ok?)

2. The vendor purchases some level of security or risk management that allows transactions to occur instantly with a minimum amount of doublespend. And there's your transaction fee. Maybe it will be less than the credit card fee?

Am I wrong? I haven't been able to have anyone explain this to me.

It's been covered lots of times, but essentially, for all transactions whose value is an order of magnitude less than the current block reward, it is considered safe to complete the physical transaction as soon as the Bitcoin transaction arrives at the retailer's system through the Bitcoin network. This usually takes 5-15 seconds, so about the same amount of time as most credit card approvals take now.

This is considered safe because even though there are various tricks you can pull with no confirmations, the hashpower needed to do any of them is so great that you would make far more money turning that hashpower towards legitimate mining than by scamming retailers.

With Bitcoin value, block rewards, and hashrates as they are now, this means that anything less expensive then a car or a boat is okay to complete immediately. Waiting up to an hour for a couple of confirmations for a purchase of $10k or higher doesn't sound like too big of a deal.

Why does the order of magnitude/size of transaction matter in terms of knowing if a transaction is safe? Do larger transactions take more time to verify?

Thanks for answering, appreciate it - stuff like this is surprisingly difficult to google for.

All transactions take basically the same time to verify. The trick is more in the motivations of any potential attackers.

The heart of the Bitcoin system is the block confirmation system. Once a transaction has been accepted into a block and that block becomes part of the official blockchain, it becomes essentially impossible to perform any kind of scam or attack on that transaction, such as spending those coins somewhere else. Only one spend of a particular quantity of bitcoins can be in the blockchain at once, so any attempt to spend them again will be rejected.

The trouble is that this is relatively slow. Getting one confirmation on a transaction takes probably like 5 minutes on average, and could vary depending essentially on the luck of the mining network at that moment. Using 6 confirmation is the official recommendation, and this may be expected to take about 1hr.

It isn't necessary to use the official recommendation, though. It's always hard to attack the system, and the 6 confirmation point is where it becomes essentially impossible for even major governments to attack the system, but such strong security is not necessary on all transactions. So the question becomes, how hard do we need to make it for a particular transaction?

To guess at that, we have to look at attacks. I mentioned earlier completing the physical transaction after the initial arrival of a Bitcoin transaction through the P2P Bitcoin network, before any blocks confirming it come in. To do a double-spend in that scenario, you would put 2 transactions spending the same coins on the network, and arrange for one to hit the vendor's system, while the other went out to the rest of the network and would be included in the next block. That's tough to arrange though - who knows what nodes the vendor is connected to, and it's impossible to know which miner will produce the next block. To have a solid chance at pulling this attack off, you would have to run a very powerful miner yourself, solve a block with a transaction spending some of your coins before another miner solved a block, then hold back that block, and perform your transaction at the target vendor between when you solved that block that you are holding and when another miner does.

That's a window of a could of minutes, maybe, and it could take days or weeks or longer for your miner to solve a block that puts you in the position to do this. The timing is very tough to pull off at a physical store, then. And to do all of this, you have to be running your own independent miner, which is powerful enough to have a reasonable chance at solving a block in the next couple of weeks. But just running that miner as a normal miner means you're likely to get the mined block reward, currently 25 bitcoins, currently worth $12,500, just for solving that block. Why pull the funny business with transactions for, say, a $10 sandwich when you just made over 1000 times that money by doing nothing?

So because of this, completing physical transactions after only a receipt of the Bitcoin transaction is a risk, but given the high difficulty and low reward to the attacker, and low loss amount to the business, it seems like a very acceptable risk to make the purchase process more convenient to the normal customers.

Thanks, that was a really clear and helpful explanation!

Thanks! I've made enough posts like this that I was thinking of writing up some 'bitcoin nuts and bolts for coders' blog posts.

Perhaps you are not aware that actually settling credit card payments, i.e. the time it takes for the money to actually end up in the merchant's bank account may take several days, even weeks.

As for bitcoin, to my knowledge this is pretty much analoguous to "transaction confirmation", which typically happens in 10 minutes. So it's actually much much faster than credit card payments.

You just hand-waved away the fact that the trust necessary for an independent retailer to accept an "untrusted" credit-card has been aggregated in Visa and MasterCard and codified through tort law and agreements with the aforementioned credit-card companies.

What are you going to do, provide a detailed transaction history to the retailer proving that "your bitcoin transactions always are legit?" Kind of removes the last of the "anonymity" afforded by Bitcoin.

It's normally a matter of seconds until other clients can see a bitcoin transaction that you've posted for the network. The only way that will end up not being legit is if you've double-spent the funds - that won't happen if you're a legit user using a regular client, and for the most part even for a nefarious user it would require significant computing resources (e.g. you've already mined a block spending those coins but won't release it until you walk out of the store).

So the idea is that if you're a regular retail store, accepting unconfirmed transactions is fine. Unless a big exploit becomes known, any fraud you might happen to see certianly won't any higher than the credit card chargebacks you're getting now. If you're selling your house, you probably want to wait for a few block confirmations.

Not to mention there are other crypto-currencies with significantly faster block clearing times, and cryptocoin to cryptocoin exchanges are significantly easier to run than bitcoin to fiat exchanges.

So it really seems like all of this is only a minor inconvenience for bitcoin if anything. And there's certainly no reason to ever have to trust someone because "they've been legit in the past", that's an approximation of trust that previous systems have had to rely on but exactly what bitcoin avoids.

You outlined a couple of scenarios where a transaction can be fraudulent, which is more than the 0 acceptable to a small business where margins are razor-thin already.

You really expect every mom and pop store to accept Bitcoins when they have to be as technically literate as the posters of HN?

>You outlined a couple of scenarios where a transaction can be fraudulent, which is more than the 0 acceptable to a small business where margins are razor-thin already

What? You really think a small business has zero credit card fraud? You're wrong. Not to mention when you get hit with a chargeback, you get charged a fee that is usually higher than the amount stolen from you to begin with.

The credit card companies push fraud liability down to the merchant in the current system.

Bitcoin probably is less susceptible to PoS fraud than credit cards are, from a merchant standpoint. Consumer of course is a different story.

> which is more than the 0 acceptable to a small business where margins are razor-thin already.

I see you've never run a small business that accepts credit cards before. They are far more than 0 risk.

I am well aware of the risks, and it was some hyperbole. Why would a small business adopt a new revenue stream that is riskier than credit cards?

It's not riskier first off, it's less risky, by far. Bitcoin is cash, it can't be charged back and it doesn't incur the fees cards do. To say it's riskier shows you don't know what you're talking about.

Secondly, why would a business turn down any means by which a customer wants to pay? Have you ever run a business? Do you typically turn down cash payments? Bitcoin is cash.

that won't happen if you're a legit user using a regular client, and for the most part even for a nefarious user it would require significant computing resources (e.g. you've already mined a block spending those coins but won't release it until you walk out of the store).

Just in case he's not making it clear from the description of what actually doing that would involve, mining a block is a big deal. You're talking about winning the lottery in competition with 35 million other gigahash/sec worth of mining power. If the worst you want to do with that block is defraud a mom and pop store that accepts bitcoin you're positing a scenario something on the order of a multimillion dollar operation in order to undertake such an attempt. If you're going to do that, you're not going to try to defraud the corner store for a snickers bar.

Also, if that's genuinely not enough;

Not to mention there are other crypto-currencies with significantly faster block clearing times, and cryptocoin to cryptocoin exchanges are significantly easier to run than bitcoin to fiat exchanges.

Plenty of 60 second block confirm altcoin chains out there, no reason to use bitcoin if you absolutely insist on some way to address the double spend "problem".

So having a miner in your pocket is certainly one way to execute a double spend. That's a Finney attack.[0]

The other and less costly way is all about node connectivity.[1] If you are going to execute a double spend all you 'need' to do is broadcast two txs spending the same output at the same time--one going to the merchant the other spending it back to yourself--and cross your fingers and hope the double spend gets put in a block. Now, you can increase the probability (e.g. shielding the merchant's node from your double spend) of success but it's not a sure bet. And the higher the node connectivity of the network (i.e. how many nodes are each node connected to) the harder this attack becomes.

There has been some work in this area, especially in pursuit of the efficacy of double spend attacks in light of some minor changes to the protocol which (I think) were rolled into core with the most release 0.9.0.[2] It's about .09% probability of success.




>settling credit card payments ... may take several days, even weeks.

But there is a trusted 3rd party (the issuing bank) that gives an instant reply as to whether the purchaser's account has enough funds (or credit) to make the purchase, and assumes much of the risk if they are wrong and the purchaser is uncollectible.

Maybe they don't need to take 2-5% of each transaction to provide this service, but it does seem like a pure, anonymous bitcoin transaction can not provide this service to a retailer.

There is no need for this service with Bitcoin - the balance controlled by every address in the network is known to everyone.

I was referring to the fact that credit card companies prevent (or at least take responsibility for) double-spending.

> "...which typically happens in 10 minutes..."

Which is too long when waiting at a counter in a retail scenario. Imagine if every customer had to wait around for 10 minutes to verify the transaction, it would be chaos in a busy retail situation (even 1 minute is way too long), which is the point being raised by the GP comment.

The merchant might have to wait weeks to actually receive payment from a credit card company, but at least they know they will eventually get paid, as Visa or whoever is a trusted entity. Bitcoin is 'trustless', so if the customer can leave as soon as they like, the merchant might confirm the transaction in 10 minutes, or they might not get paid at all.

Try buying something with bitcoin. The first confirmation is all that is needed and it happens in a matter of seconds. It won't be fully confirmed for ~10 minutes but that is fine for the vast majority of cases.

the wont get paid by Visa if there is a chargeback, indeed they will owe some percentage extra as a processing fee.

What makes you think it's only exchange providers that are incompetent and/or crooked? Exchange providers tend to hold the largest balances, that makes them targets, but anyone else with a big sack of bitcoins and security by "my cousin knows Linux" is vulnerable too.

The analogy I give people is you lock the doors of your house, but it isn't really secure. Anyone can kick down the door or break a window, very easily and very quickly. Your real security for your house comes from the environment which makes it difficult for people to run around ransacking neighborhoods, e.g. your local police force.

With bitcoin, you actually have to use real security to secure your possessions. There is no local police force preventing a break in or a credit card company which will absorb fraudulent charges, or a bank that will flag and freeze questionable withdraws. In a crypto currency world, the wealth will have a tendency to flow not to the most business savy or politically connected but to the most secure (in some dimensions we see that the same thing happens with global wealth, both in terms of countries and currencies.)

The flip side of that is, stolen bitcoins may fall under a legal classification of stolen property and be retrievable through legal systems -- or at the least blacklisted and non spendable through sources that fall under those jurisdictions. That outcome, I think, is the most important thing to watch, above any other hypothetical bitcoin regulation or banning. If I was an active bitcoin startup I would build a system to identify and classify bitcoins as safe, stolen, unknown, or questionable.

Think of the current implementation of bitcoin as crypto currency alpha build 2 or 3. It is slightly amusing that people would risk so much of their own capital to participate in an alpha test, but also necessary in order to truly stress test the system.

A's premise is faulty. The accounting/fraud measures are not obviated. You have slow cash with a transaction log, that's it.

shenanigans that happen at the re-entry points to the conventional financial system

Those shenanigans aren't exclusive to exchanges. Exchanges are currently the epicenter of shenanigans because they're just high volume and operate on bitcoin as if it wasn't just a different asset in the conventional financial system.

People that are neither true believers nor in a specifically bitcoin focused business operate as normal. Bitcoin is just internet fun bucks that have to be liquidated. So the Bitcoin transactions get treated the same as any other transaction, as a result they carry the benefits of the processes created around conventional transactions.

Tell me again how either of these arguments help the folks who lost their money to MtGox's sloppiness? How is the MtGox debacle (or the other recent BitCoin exchange failures) an example of the lack of need for "standard accounting controls" or "fraud prevention measures"? They are the opposite.

The e-mail I just sent to the author of that post:

"Ms. Kaminska,

In your recent post (http://ftalphaville.ft.com/2014/03/03/1787992/magic-the-unde...), which I found via Brad DeLong’s web site, you described Bitcoin as "totally unregulated" and "completely unregulated" a number of times. Such characterizations are completely erroneous, and you should probably correct your post.

Unfortunately, many people are under the impression that Bitcoin is unregulated because its various proponents (such as Marc Andreessen, the Bitcoin Foundation, etc.) have done an excellent job convincing the world that it’s so new and supposedly novel that no regulations could possibly apply. That’s not even close to true. In the United States, numerous Bank Secrecy Act statutes, 18 U.S.C. § 1960, and a state money transmission framework involving 47 different state laws all apply. The problem is that the state laws are hugely problematic, the regulators are bumbling fools, the entrepreneurs and their venture capitalist backers are exceptionally cunning in their efforts to evade regulatory scrutiny, while the press utterly refuses to write about what is actually going on. My company is the plaintiff in two federal lawsuits over the issue, one of which has set the record for the most-delayed, non-stayed motion to dismiss in California federal judicial history (764 days and counting):



If you’re interested in the issues, I would suggest that you read my recent comment letter to the Consumer Financial Protection Bureau, which can be found here:


You may also find this article on my personal web site about Mt. Gox specifically and the role of Iowa’s state regulators of interest:


Feel free to let me know if you have any questions.


While you may take issue with coinbase, or MtGox, can you accept that a cryptographic proof-of-work solution to the byzantine general's problem, that implements a general consensus ledger of forth-like script applications, is not a "currency" per se, but a mechanism in which currencies can be implemented upon?

I.E. Regulate the companies that are engaging in currency like transactions on top of the bitcoin ledger, but don't be too quick to attempt to regulate bitcoin itself.

can you accept that a cryptographic proof-of-work solution to the byzantine general's problem, that implements a general consensus ledger of forth-like script applications, is not a "currency" per se, but a mechanism in which currencies can be implemented upon?


As far as regulation goes what does one have to do with the other? I would answer yes to your question and also answer yes if someone asked if I could accept that a printing press that could be used to print currency should not be regulated as a currency. However as soon as you use the currency making tools to make currency then that currency should be regulated as a currency.

You're correct; "a cryptographic proof-of-work solution to the byzantine general's problem, that implements a general consensus ledger of forth-like script applications" becomes of legal interest when people start founding legal contracts upon the basis of "as consideration for X, party Y will ensure that a specifically crafted entry is created in this particular general consensus ledger of forth-like script applications based upon cryptographic proofs-of-work". Contracts are always going to be regulated.

no one wants your regulation. people took a risk with their money and they lost. they were affected, i wasnt. good for me, time to move on. no need to waste everyone's time and tax dollars coming up with regulations, etc.

please don't rebut with a public good argument.

>please don't rebut with a public good argument.

Since you anticipate one, why not preemptively respond to the best examples of one that you can think of rather than begging internet strangers to be nice to you?

You can, provided you can convince the judge.


Aaron you come across so angry and prickly that even people that may agree with you do so begrudgingly. In this case you're simply wrong to not even agree and cannot expound beyond a simple "No", like a 2 year old that doesn't want to share their drink box. The fact is he's right, there's nothing about bitcoin and the technology itself that should fall under scrutiny until it's used in monetary transactions. It's almost as if you didn't even read that questions because your answer is just flat wrong. I respect what you've done to disseminate the information regarding the complete failure of government to clarify and enforce laws around finance but you may want to reconsider your tone because it's not going to help you to further that cause.

So first of all, you have to keep in mind that I'm in the middle of litigation related to these issues. I am careful about what I say.

Second of all, the question posed here was both presumptuous and awfully vague. I'm not about to go on the record in response to that kind of question other than to reject it. I'm sorry if that makes me come off as prickly--I have to put other considerations ahead of public perception.

He's a legal troll a parasite on innovation not to different from patent trolls, don't entertain him.

You have it backwards.

>because your answer is just flat wrong

His answer to "Can we agree?" is wrong?

I have to agree with kovacs. Simply saying "No" does not count as a reasonable answer to a reasonable question (and I agree in the fact that it sounds petulant).

If you disagree with the points put forth disemminate them and offer a rebuttal. Do you think that the presented cryptographic solution is one that is equivalent to money? if so why? I'm sure if I wanted to argue so I could think of some parallels or arguments to illustrate the point (possibly using the example of the current credit or financial systems, though I think I would personally disagree with those arguments). If not and you take exception to some other point raised state what that is.

Your response as it is provides 1 bit of information and that is only as to your opinion on a matter and is thus semantically useless.

Is this a good synopsis of your lawsuits?


How does the suit relate to your experience with FaceCash?

Regulation enables this kind of thing systemically. Let this happen a few times without regulation and the market will demand trustworthy solutions, not some politician waving a magic wand and declaring something safe. As we've seen recently that system doesn't work too well.

Everyone who lost money in this knew the risks. Nobody is calling for accountability beyond the guy that actually is accountable. How refreshing is that? How refreshing is it to actually have a name of the person who fucked up, instead of a stream of pseudonymous apologetic soundbites from banks/regulators/politicians?

Not to mention the fact this whole problem is completely self contained. There is no talk of rescuing MtGox with tax money, or the need for a "national debate" on how to run this shit in the future. If you didn't run MtGox or have money in MtGox or don't outright choose to be involve yourself in some other way then you can go to bed at night and sleep well knowing it is absolutely not your problem.

This, friends, is one example of the many long forgotten benefits of private trade.

There's no talk of rescuing MtGox with tax money because the size of MtGox is small enough that the losses are pocket change in the great scale of things. There's no risk of a new global recession over MtGox.

I think you'd find the debate would have been entirely different if the scale of it wasn't such that most people, if asked, would go "MtGox? What's that?"

>This is why there is regulation of the finance sector

This is why there are bailouts of the finance sector. A bank loses this kind of money, they get it back for free.

Except that taken as a whole, the bailout money was already been paid back in full, with interest over 2 years ago.

But that doesn't stop this old sore being rolled out regularly. Who need the truth when you've got Truthiness on your side, eh?


sympathy for the devil.

as already stated, the economic impacts were larger than the money owed, and the abstract impacts are untold and likely substantial.

the 'too big to fail' paradigm was novel, and a clear abuse of their position. Most of us are upset at the fact that corporations literally held the idea of 'global financial well-being' hostage.

"Save us, if not only to save yourselves." is not anything that any corporation should ever or ever be able to say, especially to the government of an entire nation.

The banks may have paid back the cash they borrowed, but the negative impact of their behavior and the 2008 crisis is still being felt (and paid for) around the world.

>Except that taken as a whole, the bailout money was already been paid back in full, with interest over 2 years ago.

This sounds very truthy, but there was no market rate on the interest on loans to insolvent banks that was less than infinity%. The reason the government loaned them money was because they were completely uncreditworthy, and at those rates, they could have (and did) just invest the money in treasuries and take the favorable difference in the interest rate as a gift.

Simultaneously, we started a massive program of buying all of their shit debt at par.

Paying it back is great and all, but it shouldn't have had to be done in the first place.

It shouldn't have. But the pain the economy would have felt would have been 10X worse.

Banks supply capital to firms, the government bailed them out (and the automakers) because no one else was willing to supply capital to get the economy rolling.

Sure. When are the automakers going to pay back their bailouts?

> Of the $466 billion distributed, about $245.2 billion have gone to banks, both national and local

Where did he other half go? Not mentioned in the article. Also, that investment was paid back in grossly inflated dollars, thanks to QE.

Inflation has been super low the last five years. Can you back up your claim of gross inflation? Almost all economists would disagree with you.

What do the bailouts have to do with the regulation of banks?

In the US, banks are regulated by the Federal Reserve. They have the authority to close and liquidate a bank. They have no authority to bailout a bank. That authority is the responsibility of Congress.

I'm pretty sure it's the same in other countries with a regulated banking sector. The UK parliament decided to bailout their banks, the German senate chose not to.

In the US, banks are regulated by the Federal Reserve.

That's way too simple a statement for the US banking system. Banks in the US are regulated by the Federal Reserve, by the Federal Deposit Insurance Corporation, by the Office of Foreign Assets Control and a few others.

"Banks" is a catchall for a place to deposit or get money. Not all banks are under the regulations of FDIC, like GS, but all banks are under the regulations of the Reserve.

Only commercial banks are under the regulatory authority of the Fed. Until they converted to a bank holding company, Goldmann Sachs was not regulated by the Fed. As an "ivesemt bank" (which is not actually a bank at all), they were regulated by a mishmash of other authorities including the SEC and FTC. That was a major contributing factor to the financial crisis in the first place, and the reason Dodd-Frank expanded the authority of the Fed and FDIC to cover "systemically important financial institutions"--even if they are not banks.

I'm not sure you mean otherwise, but part of the bailout process in 2008 was to allow Goldman Sachs and Merrill Lynch (now part of Bank of America) to become bank holding companies. The major reason was so they could shore up their balance sheets with cheap and safe FDIC insured accounts.

>so they could shore up their balance sheets with cheap and safe FDIC insured accounts.

FDIC insured accounts are liabilities on a bank's balance sheet.

You are right, they did it to access a lending facility that was only available to them if they switched their structure.

(I made the mistake of talking when I shouldn't have, I wasn't trying to mislead)

> They have no authority to bailout a bank.

Is the understanding of the financial crisis really this poor? Paulson literally forced the banks to take TARP. The CEO of BofA and other banks that didn't need it spent a lot of time in the media complaining about it.

He also forced the retail banks to merge with and absorb the losses of the investment banks.

He wasn't able to do this because of direct permission, but because the Fed has so much power that everybody just has to listen to what they say.

>Is the understanding of the financial crisis really this poor?

Yes. One of the great tricks of this disaster (as in most financial crises) is that the powers that be were able to convince to public that there was some single enemy that caused this problem, in this case the "banks", completely ignoring the banks' customers and clients (businesses small and large, mortgage brokers, house-flippers, home-buyers, honest investors, fraudsters, sovereign nations) or the fact that the banks consists of hundreds of thousands of actors working and thinking independently.

This crisis was so much more complicated than "The banks were too greedy". But that's as deep as most people care to get.

Paulson was Secretary of the Treasury; the bailout was a government program, not Federal Reserve.

That said, the quantitative easing programs are basically bailouts, just not as overt as opening up the public treasury.

It was Paulson who lead it, but Bernanke and Blair were right there next to him during the TARP ultimatum meeting. The implicit threat was that if they turned it down, the regulators would force it upon them.

The meeting minutes came out in an FOIA request and lawsuit[0]:

> Ben, Sheila, John, Tim and I have asked you here ..

> If a capital fusion is not appealing, you should be aware that your regulator will require it in any circumstance.

[0] http://www.judicialwatch.org/press-room/press-releases/judic...

In the US, banks are regulated by the Federal Reserve

I hope you know that the FED is not a independent institution, but owned by the banks themselves?

Just because the regulation and political system failed doesn't mean they must fail. Iceland did pretty well for itself in the aftermath, even having let the bad behavior slip past them. And Canada apparently never let the bad behavior begin in the first place.

Another thing to keep in mind, the people who got the bailouts are a subset of the people who claim unfettered capitalism will cure all ills.

Just because MtGox failed doesn't mean unregulated Bitcoin businesses must fail. Iceland is a pretty poor posterboy for your point: their banks failed even more spectacularly than other countries', their cleanup effort was just much more ruthless. Essentially your argument in favour of regulation is that we now sort-of know how to clean up after it fails spectacularly.

Indeed, other exchanges and other Bitcoin businesses don't appear to suffer from the gross incompetence that brought down MtGox.

> Another thing to keep in mind, the people who got the bailouts are a subset of the people who claim unfettered capitalism will cure all ills.

Is that so? In that case they are paying the same kind of lip service to that point as a kleptocratic dictator on his private jet is to socialism.

>Iceland did pretty well for itself in the aftermath, even having let the bad behavior slip past them. And Canada apparently never let the bad behavior begin in the first place.

Iceland did it by stiffing creditors. That's a short-run gain, long-term pain solution.

With regards to Canada, there are specific laws that have inhibited a housing crisis, but we don't know if we have avoided anything yet. Our housing in major centres is as frothy as the peaks of almost anywhere else in the world who suffered a bust. It's too early to say.

Sure, in America. Just because you guys are bad at regulating banks doesn't mean it's impossible.

The now-defunct FSA in the UK was pretty bad at regulating our banks too, mind.

> A bank loses this kind of money, they get it back for free.

Customers lose that kind of money, they get it back for free. Socialising losses is an annoyingly common theme in ‘capitalist’ countries; unfortunately, it is politically infeasible not to bail out failed banks.

Let's not forget that in neither case is it 'free'. The public foots the bill in both cases.

Silence infidel, pro state circle jerk in progress.

>If you want to start an online financial services business, the first thing to do is start researching the legal requirements for doing business...

This is a bit naive isn't it? Imagine contacting FINCEN, or whatever other appropriate regulatory agencies at the time of MtGox's founding when Bitcoin was a novelty and worth practically nothing. Imagine trying to explain to them what a "Bitcoin" is. Imagine being thrown out of their offices "Go away kid. Grown-ups are working here." Even if you did find some reasonable solution, compliance would have probably made the proposition unprofitable. Bitcoin might never have got off the ground if your advice were followed rigorously.

OTOH, it is certainly unforgivable for Kerpales to have continued in shooting from the hip after becoming a millionaire; and after MtGox was raking in the kind of fees that would have supported hiring legal staff, building a robust trading engine, and implementing some sane practices for data protection.

> This is a bit naive isn't it? Imagine contacting FINCEN, or whatever other appropriate regulatory agencies at the time of MtGox's founding when Bitcoin was a novelty and worth practically nothing. Imagine trying to explain to them what a "Bitcoin" is.

Much of the financial regulation that exists that would apply to MtGox has nothing to do with Bitcoin per se, it has to do with keeping customer accounts denominated in fiat currency and disbursing funds at customer direction from those accounts to accounts of other customers.

If we can build a P2P decentralized exchanges (which we will soon), all of that "regulation" (at least from the government side) won't be needed.

MF Global.

This seems like complete BS to me. I wonder how it's going to show up in the blockchain. I suspect Kerpeles has somehow shuffled a few 10,000 BTCs to a private account, considering the lack of records.

I lost over $5000 USD (in fiat) on Mt. Gox and I want my money. Seeing stories like this just raise more questions that I wish didn't have to be asked.

Check the bitcoin reddit. Everybody knows about that 200k btc for weeks. There is evidence they have about 300k more.

Remember that Reddit is frequently completely wrong with it's guesswork, only a fool would rely on that communities information when preparing for a witch hunt.

For what it's worth (which isn't necessarily very much, since I've been very wrong about bitcoin before) I've been monitoring the situation pretty closely, and the Redditors have been doing a thorough and fairly scientific job of concluding what is or isn't possible. There are some crazies in the threads of course, but they get downvoted or called out on their speculation. Since there's no concrete evidence, what rises to the top of the threads are statements like "Here's what we know. Here are possible theories as to why these facts are present." It feels very much like the opposite of a witch hunt.

The "analysis" is frequently totally incorrect, I've looked at it before and I wasn't impressed. They mostly hinge on the assumption that if 1x sends to 1y then 1y is owned by 1x, which is obviously complete nonsense. Once you get past a single hop there's usually no way of knowing if the transaction is an internal move or one to an external party. Unless there is cryptographic evidence in chains of transactions that prove ownership, nobody can really claim Gox owns anything past what they have just announced.

Someone transferring huge sums of money right before they shut down and claim the money is missing is pretty suspicious.

Perhaps but the 200k in question was last transferred in 2011 (until they found it and moved it very recently).

At least the reddit discussions I've been directed to have been very unscientific— more pseudo-scientific in that they dump a bunch of data and throw around some technical terms. Though there may be some selection bias since people are probably more likely to ask me for my opinion on the more questionable work.

Ah. Thank you for correcting me. For what it's worth, your explanations are what I had in mind when talking about the scientificness of the investigations. I probably should have said "nullc has been doing a great job of making sure people don't get carried away with unfounded speculation" and left it at that though.

Until otherwise proven, it's coincidence. Assuming just complicates things.

People "assumed" about that 200k wallet over a month ago. "Proven" is subjective and a rhetoric that has agenda on its own.

My education was in math, and in general I find being wrong helps me get to the truth a lot quicker than not moving forward until it's 100%. None of us knows the truth yet, but slowly we're knocking out things that aren't.

Honestly, same goes for HN. It's just that it has more stricter laws once you are ghost-banned you would never know why. Basically both the communities are full of bs, HN does it with suave and accepted sophistication.

This in itself is a crime. At the very least, it doesn't make them any less guilty, and moving around indescriminate amount of bitcoins where we do not know from whence they came to plug a huge financial hole in an insolvent company would raise a thousand eyebrows from those paying attention.

Total novice. Clearly didn't talk to his lawyer first.

A question: given the financial risk, why did you trust Mt. Gox with your private keys?

I began trading on Mt. Gox in mid 2011. Having most of my coins on there meant that I could make trades immediately based on market trends. I wasn't aware of all the negative reviews of Mt. Gox, because most of my "bitcoin experience" was visiting mtgox.com every few weeks. As soon as something clearly nefarious was going on, I was lucky enough to get 1.3 BTC out of my account in January. The remaining value of my account was $5000+ USD. I had sent in a photocopy of my passport last November, which they "processed" in February (already aware of the insolvency). This really pissed me off because I was finally "approved" to withdraw USD from my account but I didn't have the ability to do so on the website.

> $5000 USD (in fiat)

Did we expect more?

there's one hell of a difference between a large financial organisation or an exchange and some half arsed startup who hacked up a web site in PHP that just happens to handle something that represents a currency. The former at least probably has a QA team, knows industry regulations and best practices and designs their architecture properly. Oh and they have cumulative experience and a designated location you can visit with burning torches and pitchforks when they steal your money. I'm ignoring regulation as I've worked in the compliance industry and it's entirely about working around it.

Not joking and I'm sure that this is going to stand on a few toes but some of the stuff I've seen on HN is verging on criminal. So many immature poorly thought out and damn right dangerous products being thrown out. Lots of people are sitting on ticking bombs like this.

Large financial organisations can be surprisingly criminal and incompetent when it comes to IT - you don't have to look far. Knight Capital, NatWest, HSBC... just a few names that pop into my head. The big guys spend large amounts of time and money convincing regulators and the public that they're clean and clever. It's public confidence that counts.

Sure, but the regulations worked. NatWest and HSBC were brought to book.

Nobody is saying that traditional financial institutions are perfect, but at least they are regulated and at least there are checks and balances in place. By and large the examples people roll out of these institutions behaving badly are examples of the regulators and legal frameworks working the way they are supposed to.

Knight capital were in a risky business and they blew it. It happens. But they're the exception, not the rule. In the wonderful world of Bitcoin, the goings on at MtGox looks like the rule, not the exception.

"But they're the exception, not the rule."

Excuse me, you must have forgotten about a certain global financial meltdown in 2008?

They're pretty fine to be honest. They have mitigation and FCA oversight which means you're not in the shit as a customer (usually).

Knight capital was a cock up in a high risk trading env. They paid for that.

HSBC was money laundering which is basically the entire purpose of a bank.

NatWest was a process cock up.

However no money went "oops we lost it" and was never seen again. At most, even with HSBC consumer withdrawal limits it's a minor inconvenience for a couple of days.

Much like mobile phone networks, people expect 100% uptime but that's unrealistic in practice. Always keep £200 rolled up in your mattress.

HSBC was money laundering which is basically the entire purpose of a bank.

This is a very strong statement.

Do you mind backing it up, or is this just meant as a glib throwaway quip?

I'm not the OP, but I think I can see what he means, and I think he means it in a non-pejorative way too.

One of the functions of banks is indeed to hide the source and destination of your money. My grocer doesn't get to know who employs me; my employer doesn't see where I spend my money.

Yes, you can achieve that with cash, without directly involving a bank. But the money is still issued by a bank.

I'm not saying that it's impossible to achieve this level of information hiding without banks, but I can see where the GP is coming from in his argument.

I suppose that was a throwaway quip directed at HSBC who seems to have managed to get away with laundering on a large scale with some slapped wrists.

And yet you still see banking security that insists on alphanumeric password only and no 2FA.

Seriously, that's screwed up. That being said, banks have insurance and all that jazz. So even though the state of security is not that great, it seems that you are less likely to get screwed incase of a screwup.

Not seen that in Europe for a long time. In fact all four UK bank accounts I have use two-factor auth.

My UK bank account (Bank of Scotland) does not have two-factor auth, and there's no stated plans to implement it, as far as I can tell.

My RBS and Natwest accounts both have CAP devices:


Edit: apparently I don't need them any more.

HSBC does still require it though.

They used to offer 2 factor authentication to some personal account holders but they have removed that and it only appears to be available for business accounts:


That's news to me - not that I've logged into my accounts for a few months! :)

Million dollars? I think you're missing two zeros.

I love it when I find $120MM under the couch. It really makes my day.

I found 5 bucks in my car yesterday.

Think about how much scalability they got from being "eventually consistent". It's only a matter of time before the other half-billion dollars shows up!

It really highlights the current state of Bitcoin. The promise is having an all-digital method of transferring value peer to peer, without the need for banks, or other central authorities.

The reality however, is that it's just not all that easy to cut out the middleman. People follow the path of least resistance, and educating yourself on cold storage and paper wallets and the like just isn't that easy compared to simply trusting a third party to do it all for you. Unfortunately, in doing so you give up all the benefits of bitcoin, AND all the benefits of traditional banking with it's oversight and FDIC coverage, etc. Literally the worst of both worlds.

Another explanation is that such carelessness was a form of willful blindness. If Gox had cratered (relatively) silently then perhaps the coins would not have been 'found' until much of the fracas passed. But because legal process has been invoked (bankruptcy, IL class action) the penalties for not doing a clean-up now go beyond negligence and could result in contempt or a loss of liberty. So there's additional incentive to look harder at this stage.

my faith in someone else handling my wallet has diminished considerably.

That's probably not a bad thing. What gave you faith to begin with?

"Hey! That's not the wallet inspector!"


Why on earth would you have faith in handing out your cryptocurrencies' private key?

Is this just a symptom of the wrong-headed thinking around cloud SaaS, where data and continuity are considered to be of such low value that they can be entrusted to any number of external parties?

Because people have faith in handing out their money, which is much the same thing. The concept of a bank or exchange literally running away with your money is not a thing which happens to most people.

Except deposits are insured up to a cap that most people never exceed. MtGox offered nothing remotely comparable.

Long established / regulated vs didn't exist a year ago / wild west.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact