bitfloor needs your help!

[padrino]

Interesting.  After we saw hacks and/or incompetent management from MtGox, Bitomat, Bitconica (x2), etc, exchanges are still getting hacked.  Probably best to leave matters to the professionals with 24/7 monitoring of both hardware and software involved in the project.

This is exactly right. Banking website have to comply with countless rules and regulations. BitCoin websites are setup by people with no practical experience of building secure sites and those people always miss things.

What's interesting is how all of these activities tend to drive the community toward the kinds of rules and regulations that many tend to despise.. I know the answer will be that "we can do it better" but ultimately I think it will drive down the same path because the community as a whole isn't much different, ultimately purists aren't driving the value of bitcoins, the same types that play in other financial markets are.

[1714217070]

1714217070

[1714217070]

1714217070

[1714217070]

1714217070

[1714217070]

1714217070

[Kris]

 

[giszmo]

If ever I'm putting any service public (I have a Facebook wallet), I will have my cold storage on an air gaped computer and not hold more in hot storage than I can afford to loose as I would get hacked like all the others. If that service doesn't make money to hire people to charge the hot wallet, this would mean the service might perform much worse when I'm on vacation but I would never loose money to a hacker exceeding what I can afford to loose.

(Ok, if the hacker manages to send out payments that look legit over an extended period of time without my users reporting anything, this could kill me but so far, all hacks went in one go and frankly I can't believe all these stories of being hacked.)

[drrussellshane]

It's simply not believable that anyone involved enough with Bitcoin to make such a site, who has undoubtedly heard about all the other large-scale hacks, would simply leave an unencrypted wallet file worth a quarter mil lying around waiting to be hacked.

Right now, the owner should be desperately trying to convince us he didn't steal the money himself.

I have but a tiny percentage of the wealth of that wallet, and I am not smart enough to run such an exchange website, but I know enough to encrypt my fucking wallet .

I like Roman and Bitfloor, but I agree with barbarousrelic.

[Phinnaeus Gage]

I go to the site and it reads this (which it still reads)

Bitfloor Website
Is currently offline.
It will be back shortly.
I check back later and its up. So I sent 136 coin to my deposit address.
Anyone else think the message on the site should read
DO NOT SEND ANY COIN TO US WE HAVE BEEN HACKED!!!!!
or something of that nature. I only keep my money in coin for less than 24 hours before converting it and got screwed. Guess I stop taking bitcoin cause its too risky.

Speaking like a true Junior.

Imagine how Bitfloor feels right now.

Speaking of Junior League: looking through Google's cache of bitfloor, and maybe I'm just missing something obvious here, but I don't see TOS at all. Did bitfloor users agree to a specific TOS via email, or some form of messaging, or… what?

This is the closest I could find: http://webcache.googleusercontent.com/search?q=cache:sm6wAI8jZJYJ:https://bitfloor.com/docs/+&cd=1&hl=en&ct=clnk&gl=us

Somebody else may desire to copy and paste what's available.

~Bruno~

[Rassah]

I don't think selling ownership of the company is a good idea. Loans or bonds may be a better way to go. Running the numbers, to borrow $260k for 15 years at 5% interest will cost $2,056 per month (extra $20k to get the infrastructure and security rebuilt). If Roman can't borrow that from a bank, it may be prudent to sell long-term bonds that pay out a dividends the sum of which equal to that monthly amount. Now, in bitcoinworld, a paltry 5% a year dividend may seem like crap, especially compared to 7% a week ponzis, AND there's a huge risk that this business may not survive for very long anyway (using personal bank accounts for deposits?), but the benefits are:

1) All the money needed to cover stolen BTC are raised immediately
2) Roman still takes a hit (punishment) by working for zero profit for a few months, until revenues exceed the dividend payouts.
3) Roman still retains ownership of the company, and has incentive in keeping it going, because
4) While the volume continues to grow, and Bitcoin continues to increase in value, the fixed ~$2,000 monthly payments remain the same, and become easier and easier to pay off, and once the business is established enough, Roman can start buying the bonds back early (though he may not have the incentive to do so).

Again, it's important to keep in mind that this business itself is risky, with plenty of competition and regulatory traps, and it's dealing with a risky currency, so 15 years (even with the hope that once Bitfloor revenues improve, it may turn into 2 to 5 years) may be hard for people to swallow. Especially since this is in computer years. We were using dial-up and Windows 95 15 years ago. Who knows where Bitcoin and our tech will be 15 years from now. But, if run well, a 5% a year bond is still a damn good investment in the real world.

[Rassah]

Also, I trust MtGox because it was previously hacked, and was forced to review its security procedures. Someone new may not care until they got hurt badly. Should it come back, I would trust Bitfloor more than other new exchanges (assuming their security policies we're also publicly scrutinized), because, like MtGox, they were forced to learn from mistakes and the owner knows just now much stupid oversights can cost him.

[peasant]

Interestingly, Mt.Gox is down also it seems.

[davecoin]

Interestingly, Mt.Gox is down also it seems.

False.  Good one though.

[peasant]

It was for at least an hour, but it started working right after i posted. 

[SgtSpike]

Also, I trust MtGox because it was previously hacked, and was forced to review its security procedures. Someone new may not care until they got hurt badly. Should it come back, I would trust Bitfloor more than other new exchanges (assuming their security policies we're also publicly scrutinized), because, like MtGox, they were forced to learn from mistakes and the owner knows just now much stupid oversights can cost him.

+1 to this.  If Bitfloor comes back, I would trust it a lot more than any new exchange that might come to take its place, because I know Bitfloor has learned its lesson the hard way already, and hopefully won't have to learn it again.  A new guy will probably fall into the same "oh, it won't happen to ME" trap that Roman did.

[dreamwatcher]

Also, I trust MtGox because it was previously hacked, and was forced to review its security procedures. Someone new may not care until they got hurt badly. Should it come back, I would trust Bitfloor more than other new exchanges (assuming their security policies we're also publicly scrutinized), because, like MtGox, they were forced to learn from mistakes and the owner knows just now much stupid oversights can cost him.

Do not forget about the LR hack that BTC-E went through in July. BTC-E covered all the users losses through a rollback and was up and running about a day later with most of the customers funds back in place.

I now trust them equally to  GOX and more than any of the others, but GOX can be so difficult and slow to withdrawal USD.

I had the unfortunate luck of transferring some 60 BTC to Bitfloor that I wanted to cash out the night Bitfloor got hacked......

[mufa23]

Interestingly, Mt.Gox is down also it seems.

False.  Good one though.

I was having a lot of trouble with it last night. Very slow loading, sometimes would just time out. Works fine now.

[Rygon]

Also, I trust MtGox because it was previously hacked, and was forced to review its security procedures. Someone new may not care until they got hurt badly. Should it come back, I would trust Bitfloor more than other new exchanges (assuming their security policies we're also publicly scrutinized), because, like MtGox, they were forced to learn from mistakes and the owner knows just now much stupid oversights can cost him.

+1 to this.  If Bitfloor comes back, I would trust it a lot more than any new exchange that might come to take its place, because I know Bitfloor has learned its lesson the hard way already, and hopefully won't have to learn it again.  A new guy will probably fall into the same "oh, it won't happen to ME" trap that Roman did.

Any bussiness that has to learn all the lessons the hard way instead of avoiding the mistakes of predecessors is going to have a tough time being competitive. That goes for life too.

[sd]

+1 to this.  If Bitfloor comes back, I would trust it a lot more than any new exchange that might come to take its place, because I know Bitfloor has learned its lesson the hard way already, and hopefully won't have to learn it again.  A new guy will probably fall into the same "oh, it won't happen to ME" trap that Roman did.

Sorry, but that's flawed reasoning. You are saying you trust people more because they have proved they are not trustworthy. By that reasoning you should trust bitcoinica with everything you have.

[Rassah]

+1 to this.  If Bitfloor comes back, I would trust it a lot more than any new exchange that might come to take its place, because I know Bitfloor has learned its lesson the hard way already, and hopefully won't have to learn it again.  A new guy will probably fall into the same "oh, it won't happen to ME" trap that Roman did.

Sorry, but that's flawed reasoning. You are saying you trust people more because they have proved they are not trustworthy. By that reasoning you should trust bitcoinica with everything you have.

If I understand what happened correctly, the issue was not as much security related as just a dumb, careless mistake. I.e. this may have happened even on a very well secured system (though not to this extent if cold storage was used). Having this happen to an operator instills some really healthy paranoia, and changes their operating procedures, i.e. the human factor of security. Despite MtGox having vastly improved their technical security, we still don't really know if they have standard procedures that everyone must follow, and if they might not accidentally copy a wallet someplace unsafe while upgrading as well.

I do understand your point though, and mine does seem counterintuitive.

[ErebusBat]

1) All the money needed to cover stolen BTC are raised immediately

Did you account for slippage in your calculation?  I have not ran the numbers but highly doubt that you could acquire that many coins all at once for one price point.

[JoelKatz]

Sorry, but that's flawed reasoning. You are saying you trust people more because they have proved they are not trustworthy. By that reasoning you should trust bitcoinica with everything you have.

+1, unfortunately. My life experience suggests that people actually don't learn lessons and instead repeat prior behavior if they can get away with it. (This is not a personal judgment about any particular person.)

[SgtSpike]

+1 to this.  If Bitfloor comes back, I would trust it a lot more than any new exchange that might come to take its place, because I know Bitfloor has learned its lesson the hard way already, and hopefully won't have to learn it again.  A new guy will probably fall into the same "oh, it won't happen to ME" trap that Roman did.

Sorry, but that's flawed reasoning. You are saying you trust people more because they have proved they are not trustworthy. By that reasoning you should trust bitcoinica with everything you have.

No, I am saying I trust people more who have "learned their lesson" already vs people who haven't.  I trust someone who has been through the hell of losing $200k of customer funds more than someone who hasn't, because they're going to do everything in their power to make sure it doesn't happen again.  They will have better security practices, procedures, and knowledge the second time around.

Of course, that's not a statement that stands entirely on its own.  Obviously, I will do my own due diligence to make sure that they actually have implemented better security measures, and that I am satisfied with the way they have resolved the prior security breach, etc.

It's like riding a bike up a hill.  Some people may try to ride straight up the hill, but it is too steep to do it - they will fail.  Others will take the longer path that winds around the hill.  Now, I don't know who is taking the path and who is trying to ride straight up, but I know that if someone DOES try to ride straight up, and fails, they're unlikely to try it again.  Therefore, anyone who fails is more likely to take the longer path that winds around than anyone who hasn't failed yet.

[barbarousrelic]

Sorry, but that's flawed reasoning. You are saying you trust people more because they have proved they are not trustworthy. By that reasoning you should trust bitcoinica with everything you have.

+1, unfortunately. My life experience suggests that people actually don't learn lessons and instead repeat prior behavior if they can get away with it. (This is not a personal judgment about any particular person.)

The operators of Bitfloor should have learned their lesson from the hacks of all the other Bitcoin exchanges. That they did not points to either gross negligence or criminal intent, neither of which should instill confidence in anyone.