Bitcoin Forum

Many of you might think I'm just trolling based on previous posts, but no sadly I'm not. I'm just bringing up some very serious issues that should be dealt with NOW rather than later.

An exchange uses a database to store everyones information, such as the amount of BTC you have. Say the exchange has 1000 BTC total from a spread of 100 users. Someone hacks the database (or the site/owner changes the database) and adds a user and sets his BTC amount to 1000 BTC -- even though those BTC don't actually exist.

This user can now proceed to sell, buy, cashout ect. -- All without being noticed as long as more and more users use the site. Now, if one day the user base becomes too low or everyone decides they need to cash out -- IT WILL NOT BE POSSIBLE.

A system in place needs to be acted upon on all the exchanges ASAP. I call upon them to do this for the safely of BTC and its users.

=====

When a user registers an account, they need to be assigned a permanent bitcoin address that the user can send BTCs to, and request to withdraw BTCs from.

This prevents a database to become compromised with BTC amount because the bitcoin address can be looked up at any time on blockexplorer to see the amount of BTC that address carries.

When users buy and sell BTC, information on every transaction needs to include the bitcoin address of the user those bitcoins were bought from -- again so anyone can verify they are legit.

The above basically creates a system anyone can verify is legit.

The next problem is verifying if they actually have all the cash. I can't really think up a good solution for this than to have trusted 3rd party check the financial information -- which is much needed.

I think you bring up very valid points worth investigating. What you are essentially describing is what is called "counter-party risk" - which means you are at risk of the other party not honoring their obligation to you. This is one more reason to hold and store your bitcoin in your own "bank" (wallet) where no one owes you and no one can default on you.

This is a good idea.  I think the exchanges should implement this right away.

When Mt gox was on The bitcoin show they briefly described the ultimate solution to this very problem. Simply put "Decentralized Exchange" working on the same principle as bitcoin. this solution would eliminate the need to trust an organization. i hope mt gox will be able to achieve such a trading system.

In the meanwhile, it would be wise NOT to leave your coins in the exchange longer than necessary.

AFAIK there is no way, with the current bitcoin client, to request BTC's be withdrawn from a particular address.

Actually, the title of your post is incorrect. "Any virtual bitcoin storage can act like a bank" would be more accurate.

• Example of an online storage that's not an exchange and still presents the same risk as you describe: mybitcoin.com.
• Example of exchange that's only partially an online storage and thus partially presents the risks: bitmarket.eu. They don't store fiat currency (the buyer pays directly to the seller), and it's easy and free to cash bitcoins in and out.

The advantage of bitcoin is that anyone can (and should) store their bitcoins locally and thus be their own bank. Keeping the same old behaviour of having someone store big amounts of money will always induce the same problem, whatever the currency. If you don't own a computer or trust yourself to keep them secure, ask a friend to store them for you. I'm actually storing bitcoins for a friend of mine, who didn't want to rely on a service like mybitcoin.com.

Exactly. I encourage people to only store the amount they're likely to trade on the exchange. That goes for TradeHill, Mt Gox or anywhere else.
In the future if we offer features that make use of the BTC stored on the exchange that might change but at this point I don't encourage it.
If you're not sure how to secure your wallet and feel safer with someone else holding your coins that's another story.
-Jered

And how exactly would a "decentralized exchange" work? I don't see how this computes with the need for a bank account to accept fiat currency.

Are you saying that someone could lie? This is big news. Can anyone lie or just certain people? Should we trust everyone without thinking? Please tell us more.

only banksters are allowed to lie in this world of ours.

This is trivially done.  Check the total of BTC in the DB and compare it to the exchanges BTC wallet(s). Perhaps before each withdrawal.
It's most likely the exchanges have many such checks already in their code.

Are you  suggesting the exchange should operate directly by depositing BTC as trades occur?  I guess you can't be - because that would be utterly impractical due to the slowness - and would mean that if things were hacked/glitched - there'd be no repair possible via rollback.
(reverted trades do occur on standard exchanges - happened on NASDAQ earlier this year due to glitch apparently)

I'm not clear on how the addresses you talk about allow us to verify things are legit - to me it sounds unlikely to be useful.  Please give an example of a previously empty exchange followed by a single trade between two users, and what is where in your scenario.

Explain how your going to know the amount of bitcoins each person actually has with my simple solution to the problem.

until the exchanges start handing out loans and interest rates they are not banks- fees and interest are two different things

Exactly, it's simple to compare how many BTC are actually there to how many should be.
If any of the other exchanges aren't doing that I'll be surprised and disappointed.
-Jered

The point is allow customers to verify their account BTC balances independently of the exchange. This can be done by assigning each
customer a single wallet address. The customer can check their balance using block explorer. If money in the wallet doesn't match the customers accounting, then
a) their account has been hacked, or
b) the exchange is using a fractional reserve

If everyone knows the exchange has a fractional reserve it's not a bad thing.
If they're doing it without saying so that's another issue.

We've talked about doing something along those lines (the wallets).
I don't write the code so I'm not sure how difficult it would be to have individual wallets.
I would be interested in any solutions people can come up with though.

-Jered
 

This is my point exactly, you also get the TRANSACTIONS when you buy bitcoins they will list everyones wallet that you bought from.

Saying just to look at their wallet is stupid. Obviously when you take BTC some will come out, but you don't really know what the database says they have.

The system is useful because it provides transparency. The question of whether fractional reserves are desirable is not relevant.
Transparency is useful with a fractional reserve too.

E.g.
Suppose that the exchange promises to hold a minimum of 30% as a BTC reserve against all its bitcoin liabilities. Each customer is assigned a unique block explorer address that holds exactly 30% of their account balance.

If this account is not at exactly 30% of the account balance, then the customer will know that either:
a) the exchange has been hacked, or
b) the exchange is not holding a 30% BTC reserve.

Again, customers should be able to audit exchanges using block explorer. That is what the technology is there for.

Your turning an exchange into a bank, which isn't what we want, though with this you can also do what your saying as well.

Not sure if that's directed at me or cunicula. We're holding 100% and if we move away from that we'll make it very clear with enough time to pull out if you want.
Currently that isn't in the plans.

ok - so now I think I understand that you are suggesting the exchange manage an exchange-side wallet per trader.

This would be fine - except for transaction speed.
Traders can theoretically do multiple trades per second - especially if controlling via an API.

Perhaps it could be done if these server-side wallets were updated with the balance due to trading.. on say an hourly basis. (and upon withdrawal/deposit by trader)

I'm coming round to the idea in that case.  
It wouldn't stop a hack of the system in between wallet-update-ticks  - but may give people long term confidence that the exchange is solid.
The previously mentioned database total compared to wallet total checks would still need to be done anyway.

That's good to hear. Would be nice if you could also prove it though, not saying I don't trust you guys, just that transparency would be really good for the community.

Mt. Gox and Tradehill are performing the functions of an exchange, a broker, a non-bank depository institution, a clearing house, and a stock custodian. In the real world, those functions are usually separated.  (Sometimes they're not. See Bernard Madoff (http://en.wikipedia.org/wiki/Bernard_Madoff). That didn't end well.)

A completely distributed exchange is quite possible. You first need some way to do an atomic transaction in two commodities between two untrusted parties. One approach is to split transactions into tiny ones, each one being done separately and completed before the next one starts. That way, any rip-off is limited to the size of one transaction.

Once you can do that, you just need a way to broadcast "buy" orders. Only one side needs to be broadcast, although it's useful to broadcast both. Orders can't be anonymous, since you have to know who the other party is to deal with them.  If you see a buy order you like, your client contacts their client and does a deal. First client to get through wins.

There are some problems. Transactions cannot be undone, except by mutual consent of the parties. There can be no "rollbacks". Any gains from market manipulation stand. (So you had better have enough cash reserves to handle a mistake now and then.)

A party can broadcast buy orders but not respond to matching sell offers.  Since orders are not anonymous, this behavior is detectable. You need a reputation system to kick out traders who do that. (Which is exactly how live commodity trading floors dealt with it.)

Lag is a problem. Network transit time and local processing delay affects your trading profitability. (This is a problem in real-world trading. Look into "high frequency trading" and the efforts made to cut lag to microseconds.)

It's not as orderly a market as a system with centralized processing of limit orders, but that's the price of a distributed, mutually mistrustful system. 

I agree with that and as I said before a distributed currency needs a new distributed exchanges.

Don't multiple independent exchanges count as 'distributed'?

Though I agree a common API with automatic order routing would be nice.

More than happy to do it if we can agree on a relatively simple and accurate way to do it.
Blockexplorer showing our wallets would only work if you knew how many our users are supposed to have and you'd need to trust us on that.
I don't see individual wallets being easy to pull off but I'll look in to it. Listing user balances and totaling it presents privacy issues and once again you might have to trust us.
There should be a way to get it done though.

Open to suggestions.
-Jered

Not when the "exchange" holds your funds and can stall on releasing them. You can't pick any exchange for your next transaction.

This is a very interesting analysis IMHO, thank you. The forum is a frustrating place to throw good ideas at, because they get forgotten very quickly, but you should start a wiki page for a decentralized exchange brainstorming/proposal. I have seen other neat ideas floating here and there (e.g. from grondilu, IIRC).

Please someone get those great ideas together. I can't do it myself because I suck at trading, but I do think we have an important matter here.