How does MtGox or other services defend against this? Paper wallet? Faraday Cage? Can anyone from Mt. Gox comment on this?
Here was a recent post:
- Does [MtGox] use cold storage (an offline wallet that cannot be accessed should the exchange's service become compromised)
Yes.
- Is there a target as to how much of customer's funds are kept in cold storage? (e.g., percent of total, or perhaps relative to recent withdrawal requirements)?
On average 98% of customer bitcoins are held in cold storage, with possible variations on large bitcoin moves (large deposits or customers asking for large withdrawals).
- Does the offline wallet where the cold storage resides remain protected due to an "air gap" (no access to it electronically, not connected to the network)?
Offline wallets are generated from an offline system and kept in paper format in three separate locations, using a technology based on raid. It will likely be changed to use Shamir's Secret-Sharing method in the future, and all existing offline wallets will be converted to this.
- Does [MtGox] maintain offsite backups of its accounts and transactions? If for some reason the exchange's primary account database were lost due to a security breach, what information (and how recent) is still available from backup or archives?
We have realtime onsite backups on a separate system, and offsite backups at regular intervals. We are working on modifying the system to have a multi-site cluster working (working with people from Percona to reach the best system on this) - which would allow us to have a node of the cluster used to make backups way more often
