Yeah Due Diligence failure on my part.  I just assumed and I guess so did everyone else.  Had it come to light that there was no coldwallet I would have stopped using the site. Not shifting blame just genuinely surprised about this security failure AND my own failure to ensure the exchanged lived up to my own personal standards.

It is the difference between offering a security/asset/investment/ponzi and promoting it.

All the promoters were lying.  The "knew" Pirate could make this, they had insider "info" on that.  They were willing to call those even bringing up the chance it was a ponzi every insult possible.   They hyped it up, made jokes about how much the "team ponzi" was losing in profits, mocked people who couldn't "figure it out".   They staked their reps on Pirate being legit.

Pirate didn't need to give them some secret cut. The entire PPT system was the cut.  None of them passed through 100% of the interest from Pirate.  Take a PPT which paid out 5% on 40,000 BTC.  Pirate pays 7% on 40K BTC the PPT pays out 5%.  The difference is 800 BTC per week ($32,000 per month is a decent cut to lie your ass off promoting worthless paper).  All the PPT had a direct profit motive to bring in as many suckers as possible.

I would also point out that was real profit not paper profits.  The PPT operator could just rake that profit each weak until everything blew up without risking a single bitcent.

All of the PPT operators both promoted and profited off a ponzi through the use of deception, misleading statemented, and outright lies.

None of this absolves the suckers from their personal responsibility but nobody should consider the PPT operators blameless.

What makes you think that.

"repaying BTC losses using the proceeds from fees".

This I would be willing to donate towards a fund for the victims if detailed information on the attack as well as post-attack analysis and mitigating steps were provided.   I hope I am not the only one.  It could improve the security of other exchanges and service providers.

Potatoes aren't a digital construct thinly traded only on unregulated exchanges which hasn't yet been defined by FinCEN or any other regulatory body.  I do agree that Bitcoin will need to be regulated eventually.  It simply can't co-exist with fiat currencies under existing laws without regulation and definition.

Still I think this is a case of people wanting to have their cake and eat it to.  Either Bitcoin is outside of regulation and statutes or it isn't.  It can't be "kinda" under the law.  If it is regulated that means tight AML, trade reporting to IRS, regulatory requirements for handling Bitcoins, licensing (VA requires a $500K bond to be a money transmitter for example), etc.

It can't be under the law when you want something and then outside regulation all the other times.  It is all or nothing baby.

Personally like it or not, I think on a long enough time line we will be in the "all" category.

MtGox does this (I hate to encourage more centralization of trading activity but it is the reality).  IIRC something like 80%+ of coins on deposit are in offline cold storage.   Sadly I was impressed by shtylman's other security measures and I assumed he used a cold wallet for at least a portion of the funds.   Expensive mistake on my part.

This.  I would also point out there isn't a single precedent that a judge could rely on so the judge would be essentially writing new law (something most judges don't like doing).  It is likely that a judge would look for regulation of Bitcoin (and exchanges) before accepting they have value as deposits under US Bankruptcy law.

Why?  Well otherwise the potential for abuse is huge.

Well he didn't mean that but yes a cold wallet with batch processing is another option.  I would point out that even if a hot wallet is needed, if the hot wallet wallet had say 10% of total funds then 90% of the BTC would still remain right now.  The attacker would have stolen ~2,500 BTC not 25,000.  If using a split wallet like that occassional the hot wallet can run out of funds and clients will experience a delay.

There is no single solution which meets the needs of every single service provider.  That being said having a hotwallet with 100% of the funds is simply inexcusable.   More than anything else it is sad.   Bitfloor was growing rapidly and was a great source of liquidity outside of MtGox (which is important IMHO).  It is destroyed now and honestly shtylman is better than that.

They should be returned as even if bitfloor opens it obviously will be at some point in the future.  Client funds should be escrowed from company funds.  Clients shouldn't be turned into unwilling "investors" simply because they had funds on the wrong site at the wrong time.

I am still confident that shtylman will do the right thing.

1nject0r,

The grown ups are talking please STFU!  The nonsensical ramblings of a 2bit warez seller are not welcome or needed.

This. 

Based on the OP I assumed (incorrectly) that the attacker "only" got 100% of the hot wallet.

Oh well that is worse by the description above I thought only the hot wallet funds were lost.  So there was an online plaintext copy of the cold wallet?

So ~30K of ~30K in BTC has been lost?

Please quantify the amount of BTC lost as well as the total BTC owed.
What % of BTC were lost?

From the tx it looks like 30K BTC in outputs (although one involved two large outputs so it is unclear what is going on there).

Was there a loss of any USD funds?

The above assumes you can out mine the entire rest of the bitcoin network.

How much hashing power you have? 0.1% of the network?  Your chances are 0.1%.  In reality your chances are even less because while Quantum computer can solve problems magnitudes after the time is still not zero.  That time delay counterfeits some of the hashing power.  If the avg solution time is 5 minutes then the odds of success (find private key, create double spend, solve block first) are more like 0.05%.

I don't think using a pool will work for more than a token number of attacks.  The attack is very obvious (much like a 51%) and you would see miners leave in droves.  Even greedy, selfish miners would leave under the fear that you could just as easily steal their funds.

Still you are right, a private miner with a huge amount of hashing power AND a hugely expensive quantum computer with a couple thousand qubits could pull it off.   Of course "security brokers" would defeat all the sunk cost and breaking tx into multiple smaller tx would lower the reward on that cost (at the expense of more blockchain size).

Still my guess (just a guess) is even those kinds of countermeasures probably won't be necessary unless some massive quantum computing breakthrough catches the entire world by surprise.  The bitcoin protocol could be extended to support new address types based on "post-quantum" encryption algorithms.

http://en.wikipedia.org/wiki/Post-quantum_cryptography

The term is merged mining.  You will be able to mine any system which uses SHA-256 as its mining algorithm and supports merged mining.  

Currently namecoin and a bunch or nearly worthless alt-coins.  

Well the crappy thing about the IRS is they don't need to know anything.  YOU need to prove everything.  There is no innocent until proven guilty. That being said if you don't report it you probably won't get caught.  Then again lots of people don't report lots of income (even income in dollars <gasp>) and don't get caught.


As I said fraud (tax evasion) is possible but it doesn't change how much taxes are due and how they are calculated.  If Bitcoin ever became large enough the IRS would simply require exchanges to file with the IRS just like brokerages are required to do.

Maybe because he is a scumbag?  He has a half dozen lawsuits, criminal charges, and foreclosures.  I mean this isn't coming out of left field.  

He probably isn't acting now, this is Tredon Shavers.  The friendly Pirate was the act but that only lasted while you had something he wanted.  Now he has your coins there is no need for that anymore. Twisting the knife is just payback for all the times he had to be nice and patient to the marks.  Hint: you aren't an investor, you aren't a creditor, you are the mark.  It would be like asking why the guy who mugged you wasn't more cordial.

So how would this attack happen?  We can simulate that you have a perfect quantum computer which can break 256 bit public/private keypairs at negigible cost by me simply giving you the private key.  Say we experimented with a scenario where I submit a tx to the network and 1 second later give you the private key.  While you could attempt a race the fact that my tx has a headstart would mean your chance of inclusion in a block is very unlikely.  If you were delayed by more than a few seconds the chance of inclusion in a block drops to essentially zero.

If "quantum key snooping" became a problem there are plenty of countermeasures.   One option would be to implement new addresses which are quantum resistant but that likely would take some time.  Another option would be larger keysize (i.e. going to 512 bit private keys would make those 256bit quantum computers completely useless). An interim solution could be the use of "security brokers".  I submit an encrypted transaction to a security broker who decrypts it, ensures his fee is included, and re-encrypts it with the public keys of miners who subscribe to this broker's service.  The broker them simultaneously transmits it to all miners. Before someone decries "centralization" there is no real barrier to entry so one could imagine multiple competing security brokers.  Also it is unlikely this would be needed on low value (sum of all outputs including change) transactions.  The opportunity cost of a 256 qubit quantum computer is a little to high to be stealing $20 txs.

Now where quantum computing "could" (and we likely are decades away) be useful is in mining.  However even if quantum computers large enough to be useful in mining could be built it still remains unknown if they would be cost effective.

Bruce Schneier estimate on energy required to brute force 256 bit keys (one I have quoted extensively) refers to "classical" computing. Schneier didn't state that quantum computing using Grover or Shor algorithms would violate the laws of thermno-dynamics.  The reason why is that it effectively reduces the effective keyspace by the square of the key size and those smaller keys can (at least in theory) be searched.

I would point out that:
a) 2^128 is still an incredibly large keyspace so it isn't like Quantum computing is an "auto-win" for instantly stealing all the coinz.
b) It is unknown if quantum computers will ever be able COST EFFECTIVELY attack 256 bit keys.
c) It is far cheaper to use larger keys than it is to build larger quantum computers.
d) If the risk of Quantum computing becomes large enough the protocol could be extend to incorporate new address types.

We can say a classical brute force of 256 bit number is impossible (based on our current understanding of physics).  However while quantum computing attack on Bitcoin in the near term is highly unlikely it isn't impossible from a thermodynamic point of view.

Some information would be nice shtylman!  Especially given your recent email about potential compromise of the API.  

Even if it is a quick one liner some communication would be reassuring for those of us with funds on your exchange.