|
Title: Cold Storage: How much is too much or too little? Post by: crazy_rabbit on February 05, 2013, 03:14:46 PM I'm putting together an online wallet, and I'm implementing cold-storage for obvious security reasons. A question I have though is how many coins should be kept offline. Does anyone have any suggestions about how to manage/calculate how many coins should be kept offline? Or when the wallet should be replenished?
Title: Re: Cold Storage: How much is too much or too little? Post by: casascius on February 05, 2013, 03:23:31 PM This isn't something you should calculate, it's something you should think about, since it's based on your personal needs.
Can you afford the inconvenience of storing 80% of your coins offline, or can you think of any reason you'll need to spend them so quickly that restoring them is an unacceptable burden? Title: Re: Cold Storage: How much is too much or too little? Post by: DeathAndTaxes on February 05, 2013, 03:26:23 PM There is no hard fast rule I would lean towards more conservative to start. The smaller the hotwallet the less funds lost in a breach however the more likely it will go empty and you will need to halt withdrawals until reloaded.
Once your site is up and running you will get a better idea of what % of total funds are withdrawn daily, hourly, etc. I would recommend incoming funds go directly to the cold wallet: User Deposit -> [Cold Wallet] -> (Admin reload of hot wallet) -> [Hot Wallet] -> User Withdraw As you start getting more transaction data you could decide to process withdraws over x BTC directly from the Cold Wallet manually to avoid a single large transaction from depleting the hot wallet. As for what %? Really depends on the site, how long funds sit there, how often you are willing to reload it, etc. If you are looking for a total guess something in the ballpark of 10% to 25% for the hotwallet should be a good starting point. For a site like MtGox (my guess) is that they can get by with a very tiny % of total coins held in hot wallet. People keep larger BTC balances there and many may keep them for days and weeks. A gambling site on the other hand may need a much larger hot wallet as a % because users may not keep much balance on the site preferring to withdraw everything and then deposit again the next time they play. If you find for example you reload the hot wallet roughly 3 times a day and in any 8 hour period 95% of the time less than 500 BTC are withdrawn then 500 BTC is probably a good number even if that ends up being a smaller %. Obviously you will need to adjust this as your site grows. Too little and you constantly are having to halt withdrawals and reload, too much and you are risking coins for no benefit. TL/DR: Start small (say 10% or less "hot"). Better to be safe then fast. Ask bitfloor if they would rather owe clients 25,000 BTC or 2,500 BTC. Title: Re: Cold Storage: How much is too much or too little? Post by: Walter Rothbard on February 05, 2013, 03:41:23 PM You've probably already seen this, but here is a coinbase blog post about their cold storage:
http://blog.coinbase.com/post/33197656699/coinbase-now-storing-87-of-customer-funds-offline At the time they posted (3 months ago), they were storing 87% offline. I'm not sure if a more recent figure is available or not, but I find this statement intriguing: "As deposits continue to grow it may be possible to store 95% or even 99% of funds offline." 99% :o I guess they are pretty certain of their ability to cover and do a reload as needed, in a timely manner. |