We have reason to believe that one of Bitstamp’s operational wallets was compromised on January 4th, 2015.
As a security precaution against compromises Bitstamp only maintains a small fraction of customer bitcoins in online systems. Bitstamp maintains more than enough offline reserves to cover the compromised bitcoins.
IN THE MEANTIME, PLEASE DO NOT MAKE DEPOSITS TO PREVIOUSLY ISSUED BITCOIN DEPOSIT ADDRESSES. THEY CANNOT BE HONORED!
Customer deposits made prior to January 5th, 2015 9:00 UTC are fully covered by Bitstamp’s reserves. Deposits made to newly issued addresses provided after January 5th, 2015 9:00 UTC can be honored.
Bitstamp takes our security and soundness very seriously. In an excess of caution, we are suspending service as we continue to investigate. We will return to service and amend our security measures as appropriate.
"IN THE MEANTIME, PLEASE DO NOT MAKE DEPOSITS TO PREVIOUSLY ISSUED BITCOIN DEPOSIT ADDRESSES. THEY CANNOT BE HONORED!"
Shouldn't deposits go directly to cold storage addresses for exactly this reason, and in case someone makes a large deposit that exceeds their desired hot/cold wallet ratio?
Each user needs their own deposit address, for bookkeeping. If the cold storage is really offline, you'd have to manually create a new address for each new user.
"Hierarchical deterministic wallets" (BIP0032) support parallel generation of public and private keys on different systems.
The bookkeeping system can generate an unlimited number of addresses from the public "seed" that corresponds to the private keys that will eventually be generated using the private key seed stored in the cold wallet.
However, I didn't consider that the hot wallet needs to be replenished as people withdrawal, which would require a steady flow of bitcoins from cold to hot storage. I think it would make sense to have a "warm" wallet for all deposits, then immediately send deposits to hot or cold wallets depending on withdrawal demand.
This sort of bad PR for Bitcoin and crypto in general could all be avoided if decentralized exchanges became a bit more fashionable.
I posted a link to http://bitshares.org earlier but now realise that there isn't that much information immediately obvious there on how the decentralised BitShares exchange works.
This episode from BitShares.tv provides a bit more information than the homepage on the main website:
Bitstamp Service Temporarily Suspended
We have reason to believe that one of Bitstamp’s operational wallets was compromised on January 4th, 2015.
As a security precaution against compromises Bitstamp only maintains a small fraction of customer bitcoins in online systems. Bitstamp maintains more than enough offline reserves to cover the compromised bitcoins.
IN THE MEANTIME, PLEASE DO NOT MAKE DEPOSITS TO PREVIOUSLY ISSUED BITCOIN DEPOSIT ADDRESSES. THEY CANNOT BE HONORED!
Customer deposits made prior to January 5th, 2015 9:00 UTC are fully covered by Bitstamp’s reserves. Deposits made to newly issued addresses provided after January 5th, 2015 9:00 UTC can be honored.
Bitstamp takes our security and soundness very seriously. In an excess of caution, we are suspending service as we continue to investigate. We will return to service and amend our security measures as appropriate.
Bitstamp Team