I just think it went up so fast because of all of the media attention...so I would expect it's only natural to see a major correction in the next week.
Also, would it be possible for say the US Government (or someone else) to buy all of the bitcoins they can since there are only around 6 million in existence and then they would become the market makers? I mean it would be great if someone did that because they wanted to embrace the technology...but if someone who wants to fight it/destroy it - does it...couldn't that be another risk?
Well, can you imagine what the last Bitcoin owner is going to charge for his last bitcoin? My point being, you can only buy Bitcoins if they are for sale. |
|
|
|
Before I say anything, let me get this straight: I do NOT accuse either site of being a scam or not being trustworthy. This is just a list of concerns I have regarding the two that may be worth looking into, and my own reasons as to why I am wary of these exchanges.
Also, please leave out the matter of countries that the exchanges originate from. It has no use to use statistics to determine whether an exchange is trustable or not, instead it would be a better idea to look at concrete information and facts.
So recently two new exchanges, Bitcoin7 and Tradehill, have popped up. A few things that are bothering me.
Tradehill:
1. * Seems to have copied the design (CSS / page structure) from Mt. Gox and modified it.
2. * Copypasted the FAQ from BitcoinExchange.cc (using Google Cache you can see a version of their FAQ where in one place it actually said "BitcoinExchange" instead of "Tradehill")
3. * Set up out of nowhere by what looks like an unknown member within "the community", yet immediately looks very polished.
4. * Has a stable, almost artificial looking, volume, while on other exchanges the volume fluctuates a lot more
5. * Has a refferal system that offers discounts
6. * Grows from nowhere to reasonable big (compared to other exchanges) in a matter of days.
I'm gonna respond to all your points here: 1. MtGox (Gox) barely has a page structure to begin with, the site is very simple with only a few links on the left. Once you login to TradeHill (TH) the site is wildly different than Gox 2. Not sure of this, however that dosent really make a difference. Most sites copy their competitors information 3. Being polished has nothing to do with being set up out of nowhere. TH has a team of excellent programmers based here in the United States. 4. Can't really answer this, they are a much smaller site although the second largest exchange. 5. Thats what made them grow. Its a pretty good marketing strategy actually. 6. I answered this above ^. They are growing fast because they have a good, American based team, they answer CS issues quickly, they have a nice site, and good business ethics. I think they will surpass Japanese based Gox in a few months forsure. I must point out that I know the TradeHill team personally so my response is a tad biased towards them. My point being, I trust TradeHill more than Gox. The only reason we all use Gox is because they were the first ones. 1. Whether they "barely have a page structure" or not has nothing to do with it. It looks similar enough in layout and visual characteristics, for it to be likely that it was just copied and modified CSS and HTML. That someone doesn't consider it "special enough" does not mean you can blindly copy it - Mt. Gox definitely has a distinct page style, even if it's 'minimalistic'. I haven't seen the "members area". 2. I don't know what kind of businesses you are talking about, but I don't know of any industry where copying text (and obviously not even really changing it except for a find-and-replace on the name) is standard practice - or acceptable, for that matter. 3. If they indeed have an actual team working on it, point taken. 5. I tend to get a bit itchy when I see referal systems, because in my experience this is mostly because said site can otherwise not grow for some reason, be it a bad business model, shady underlying business, or just because it's impossible to get into a monopolized market. I hope it's the latter, but I can't discount past experiences with other reasons for referal systems. 6. The "American based team" seems irrelevant to me. While I understand that some people might have an (in my opinion unjust) aversion against for example east-european countries (and businesses originating there), I don't see how "American based" would be considered any more trustable by someone than for example "West European based" or even "Japan based". As for the customer support, I have no experience with this, and the same goes for their business ethics (do you have any examples?). |
|
|
|
EDIT: If you cannot access your account and your e-mail address on your account has been changed, please post here as well with as much information as you have.EDIT2: Added a question about password reuse, please update your postsOk, so I've seen a lot of topics appearing about Mt. Gox accounts getting compromised, and had it happen to myself as well - and I'm wondering what the scale of this is. First, a few things: My Mt. Gox account got broken into, what do I do?First of all, do a virus scan, there are plenty of free antivirus applications that work fine - for example, Avast, Antivir/Avira, and AVG. If you are tech-savvy or know someone who is, and you are on Windows, use applications like TCPView, Wireshark, and Security Task Manager to determine whether any suspicious network activity is taking place, or whether there are any suspicious processes running. Also check your Services for suspicious services. Change your password. It should be: * At least 12 characters long, more is better * Contain letters (both lower and upper case), numbers, and if possible special characters * Not have any dictionary words, names, or dates in it. The best password is a seemingly random password * MOST IMPORTANTLY, not a password that you use somewhere else! * Make sure your new password has a different length than your old one!After you changed your password, check in your Mt. Gox account if your e-mail address is still correct. Make sure that your password is NOT saved in your browsers "password manager"! If your browser asks you whether it should remember your password, choose No. Be sure to read this post to the end!How could this happen? Is Mt. Gox safe?Right now it appears to be unclear on where this "attack" is coming from. At least some accounts had complex and/or long passwords, so bruteforcing seems unlikely, but it's possible. If you had a short password and use an outdated browser (or Internet Explorer, or another browser that does not have this vulnerability patches), it is possible you got hit by the so called "CSS History Sniffer" vulnerability. Get an up-to-date browser that has this vulnerability patched - I believe at least Chrome and Firefox 3 are safe from this - and use a longer password. While Mt. Gox being compromised is a possibility, there is no proof for it, and it's best NOT to assume that is the case - this may be an attempt at spreading fear and getting people to leave Mt. Gox. It's best to wait for a response from MagicalTux on this. Personally I normally don't leave any funds in Mt. Gox (or any web wallet / exchange) any longer than necessary, exactly to avoid things like this. The only reason it happened now was because I was unable to access Mt. Gox at all for a long time, and thus didn't have the chance to withdraw my funds. And now?I personally think it's a good idea to collect as much data on what happened as possible. Please report in if you got hit as well, and answer the following questions: * How much funds did you lose? * To what address were your stolen funds sent? * What OS are you using (Windows, Linux, Mac OSX ...)? * How long was your old password? * Was your old password random? * Was your username the same on Mt. Gox as on the forum? * Did you use your Mt. Gox password somewhere else?* Did your old password contain lowercase letters, uppercase letters, special characters and numbers? * Have you used any Bitcoin-related software, and if yes, what software? Think about things like miners, wallet managers, etc. * Please also include a screenshot if possible so we know it's a real report. I'll start out with myself. Lost funds: about $200 Sent to: 16MHJtHA1dVJQZYcFf3iRAeF3dCFQeqTCiOS: Windows 7 Home Premium Password length: 20 characters Random: Yes Username the same: Yes Password reused: No Characters: uppercase, lowercase, and numbers. Software: used Diablo Miner and pocblm Screenshot: 
|
|
|
|
first: I hope I reach allinvain, which got stolen 25.000 BC...this forum anti-spam is annoying, I can not even write him a PM. ok: so, what I would do if I got robbed of my bitcoins: 1. Persistently trace the transactions of my stolen BC through blockchain (should be possible) 2. Publish a list of these transactions every day publically, especially here on the forum 3. Sue everyone that I can get hold of for concealment of stolen goods. (You can always know who got your stolen coins through blockchain) Point three especially applies to money exchanges like MtGox. E.g.: Someone cashes out any of my stolen coins at MtGox => If MtGox cashes out, sue them for concealment of stolen goods and claim the BCs invovled. Fortunately I donīt own any BC, so that is one concern less.  And how do you know your bitcoins don't get mixed with others so that someone who has "tainted" coins doesn't actually know they were stolen at one point? I recall something about "every dollar has touched cocaine at some point". |
|
|
|
|
That something skyrockets does not mean it's automatically a bubble. While the rate of new Bitcoins flowing into the system stays the same, the massive media attention lately has caused a lot of "newcomers", of which a large part will probably at least stick around to some degree. It's only natural for the value to shoot up. Stable supply + skyrocketing demand = skyrocketing value.
|
|
|
|
|
Another one:
If an IP logs on to at least two or three different accounts that all had a different IP "linked" to it before, you can be 99,99% sure it's not the owner of the account, in which case it would be a good idea to freeze all accounts he logged in to, block the IP, and log it.
|
|
|
|
@mtgox victims: I think mtgox hacks are dictionary attacks: No captcha to prevent them.
I can't see how a randomly generated password is hit by a dictionary attack. As far as I know, Mt. Gox has a system that locks out an IP after a certain amount of failed login attempts, but NOT a system that freezes an account after a lot of failed attempts from a lot of IPs. This would make it crackable by a botnet (through bruteforce even, provided the botnet is large enough). It wouldn't surprise me if the "DDoS" is actually bots trying to bruteforce accounts - although, this is purely speculation and I have no facts to support it with, except for what it looks like. |
|
|
|
|
1. Always using POST requests for logging in (Mt. Gox apparently still uses GET requests, which is very dangerous)
2. *Always* an email/SMS verification for moving money out of an account, regardless of amount (you should not be able to turn this off, or people will go the "easy route"), like withdrawing to BTC address / bank account / sending to another exchange account.
3. Optionally a verification email/SMS for every action (trade, withdraw, deposit, etc).
4. For withdrawal forms etc, use CSRF tokens (Bitcoin7 has/had a CSRF vulnerability where you could steal bitcoins).
5. Blocking an IP from logging in after 3-5 failed attempts, freeze an account after 10 failed attempts regardless of IP (this will stop distributed bruteforcing), and only allow login after SMS(/email) verification.
You could even make an option to require SMS verification for every login.
6. Login captchas. This also helps in preventing "freezing attacks" where someone repeatedly makes failed attempts on purpose to freeze the victims account.
7. API keys for the API. Seriously, it is a REALLY bad idea to let someone send his main account login with every API request. API keys, API keys, API keys.
Also, an open codebase would definitely be a good idea - especially when the site itself encourages users to audit the code.
|
|
|
|
I recall a thread where people were trying to figure out what was on the address and ended up on an address with some shady businesses registered, and no real name to be found. But I might be wrong. Also as they claim to operate other game money exchanges, they probably took a template they already had and just copy-pasted it to fit "Bitcoin".
Possible. Also making claims that someone is operating "illegally" is quite easy - especially with BTC there's not that much regulated or available, as it is a relatively new field of operations. It's very often not sure for example if BTC are "money", "goods" or anything else.
This claim was in regards to the various non-Bitcoin currencies that were used. Again I can't recall in exactly what thread it was (and the forum is too slow now for me to go look for it), but someone pointed out that under their jurisdiction they would be operation illegally because of the other currencies, not because of Bitcoin. I wonder why you trust the former "Magic the Gathering online exchange" more, especially as it provides a very large single point of failure for whole Bitcoin (many miners will stop mining if they can't get USD for mining - there are NOT many idealists in the network, rather a lot of kids who use the chance to get a free GPU!).
I am aware of issues with Mt. Gox and I definitely do not blindly trust it (especially not with the recent happenings and the security that is in my opinion seriously lacking), but at least it's clear who runs it, and it's not just a name - there is communication to the outside world and even to the press. It can't just vanish overnight without anyone having any clue where they went. |
|
|
|
You'll have to think freely, without boundaries set by previous events or knowledge, to find truly revolutionary concepts. So what you are saying is that we should entertain flat-earthists as possible visionaries on the sole basis they go against the current, despite lacking basic knowledge of astronomy, physics or history ? School is good. It's sometimes wrong. If you want to find the wrong parts, it helps to know them. If you want to convince other people, you'd better have expert knowledge of the status-quo of the field. Otherwise you are just a quack who skipped some classes. No, I am saying you should not assume that something you learned in school is correct, and the ultimate and absolute truth. |
|
|
|
Mining applications are opensource. Just check the code if you have a doubt. I skimmed through the code of poclbm and phoenix : very clean and standard python without a track of suspicious logic. When the average mining app is a mere thousand lines of code long, it doesn't make much sense to try to find statistically something that can be found deterministically by checking the code. Which doesn't exactly go for a miner written in Python that was made into an .exe by py2exe, and used on Windows. If you used a premade .exe it might have had something that is not in the source. |
|
|
|
It would probably be very expensive to design and construct an entire city from scratch. However, there is another option. We could wait for some government to collapse, and then take over one of their cities. The way we could do this is as follows. We find an unstable city, and then establish ourselves in one of their neighborhoods, or create a new neighborhood nearby. We will establish services and try to be as independent as possible. When the government collapses, chaos will reign everywhere except in our neighborhood. If we are successful, we would be able to expand our neighborhood until we encompass the entire city.
Of course, the point is not to coerce people or use violence in any way. We would take over the city because we were better, not because we were more manipulative.
Please, by all means go ahead and do that. Someone must have failed their junior sociology class... I personally find it very closed-minded when people go "you must have failed a class" when someone presents an unusual idea. If every idea was shot down and abandoned like that, because "school said it's not possible", we would probably not be anywhere near the level of technological advancement we are at now. To pull out the old analogy, flat earth vs. round earth. You'll have to think freely, without boundaries set by previous events or knowledge, to find truly revolutionary concepts. |
|
|
|
Bitcoin7:
* Hard to track down who is behind it
just wondering do you know who is behind mtgox or btcex? Mt. Gox is run by Tibanne Co. in Japan, MagicalTux being Mark Karpeles according to an article by Reuters. No idea about btcex, but wasn't that the Russian exchange that caused controversy here? I'm not saying that I personally trust every single exchange on BitcoinCharts for example, I have just looked at Bitcoin7 and Tradehill, and decided to make a topic about my concerns. That doesn't mean I automatically vouch for all other exchanges  |
|
|
|
|
While it wasn't a mining pool account, my Mt. Gox got broken into. Although I haven't been able to find anything suspicious on my system, I'll post nevertheless.
Phoenix:02----Guiminer:01----Poclbm:02----CpuMiner:01----Ufasoft:01----SseMiner:01----Other[please specify]:00
|
|
|
|
|
Did you download a Bitcoin miner?
|
|
|
|
|
Before I say anything, let me get this straight: I do NOT accuse either site of being a scam or not being trustworthy. This is just a list of concerns I have regarding the two that may be worth looking into, and my own reasons as to why I am wary of these exchanges.
Also, please leave out the matter of countries that the exchanges originate from. It has no use to use statistics to determine whether an exchange is trustable or not, instead it would be a better idea to look at concrete information and facts.
So recently two new exchanges, Bitcoin7 and Tradehill, have popped up. A few things that are bothering me.
Tradehill:
* Seems to have copied the design (CSS / page structure) from Mt. Gox and modified it.
* Copypasted the FAQ from BitcoinExchange.cc (using Google Cache you can see a version of their FAQ where in one place it actually said "BitcoinExchange" instead of "Tradehill")
* Set up out of nowhere by what looks like an unknown member within "the community", yet immediately looks very polished.
* Has a stable, almost artificial looking, volume, while on other exchanges the volume fluctuates a lot more
* Has a refferal system that offers discounts
* Grows from nowhere to reasonable big (compared to other exchanges) in a matter of days.
Bitcoin7:
* Allegedly (?) copypasted things from Tradehill
* Offers monetary incentive for established member(s) to promote their site - and where it is claimed there was no monetary incentive, positive posts look a lot like fake "hosting reviews"
* Hard to track down who is behind it
* Set up out of nowhere by what looks like an unknown member within "the community", yet immediately looks very polished.
* Appears to be operating unlicensed and therefore illegally (in their jurisdiction)
Does anyone have any clarification about any of this? I've seen Bitcoin getting attacked from all sides in the past few days, and the above things really do make me wonder whether they are legitimate exchanges.
|
|
|
|
|
Show Posts
