BitPay Business Solutions
|
|
September 04, 2012, 07:30:20 PM |
|
There is no single solution which meets the needs of every single service provider. That being said having a hotwallet with 100% of the funds is simply inexcusable. More than anything else it is sad. Bitfloor was growing rapidly and was a great source of liquidity outside of MtGox (which is important IMHO). It is destroyed now and honestly shtylman is better than that.
Agreed. If Roman really learns as much as possible from this, let others review his security procedures, he can build the most secure exchange out there. Large withdrawals may not be instant, who cares, at least they are safe. If I deposit 1000 BTC with him, I want to trade it, not withdraw it back out immediately.
|
BitPay : The World Leader in Bitcoin Business Solutions https://bitpay.comDoes your website accept bitcoins?
|
|
|
DigitalHermit
Full Member
Offline
Activity: 150
Merit: 100
Thank you! Thank you! ...
|
|
September 04, 2012, 07:31:16 PM |
|
Disbursing funds to some customers and not others would be a criminal act under those.
I believe a court order (injunction) should be filed to help ensure the exchange operator proceeds as prescribed by law.
Bitcoins were stolen, not cash. That cash is not Bitfloors to distribute to other customers. It's mine. You assume that Bitfloor is under the same regulations as a brokerage requiring segregation of customer funds. I don't believe that is the case here, and even if it was, that is of little protection as we have seen recently with supposedly segregated funds in the MF Global and PFGBest collapses. In this case I suppose it will come down to whether the Bankruptcy Judge finds that the Bitcoins stolen at the time were of value too (and must be replaced at their market value in USD) or not.
|
|
|
|
Severian
|
|
September 04, 2012, 07:32:42 PM |
|
It's very human at least.
I give shtylman props for being upfront about the theft rather than dither about it as some places have.
|
|
|
|
Vladimir
|
|
September 04, 2012, 07:33:57 PM |
|
Few questions:
Where your servers VPS?
Who hosted your servers?
from whois Name Servers: ns1.linode.com ns2.linode.com ns3.linode.com ns4.linode.com unbelievable! I suppose 10$/month is something that kills common sense outright.
|
-
|
|
|
ErebusBat
|
|
September 04, 2012, 07:36:37 PM |
|
There is no single solution which meets the needs of every single service provider. That being said having a hotwallet with 100% of the funds is simply inexcusable. More than anything else it is sad. Bitfloor was growing rapidly and was a great source of liquidity outside of MtGox (which is important IMHO). It is destroyed now and honestly shtylman is better than that.
Agreed. If Roman really learns as much as possible from this, let others review his security procedures, he can build the most secure exchange out there. Large withdrawals may not be instant, who cares, at least they are safe. If I deposit 1000 BTC with him, I want to trade it, not withdraw it back out immediately. That +1000. I t baffles me why larger sites have not implemented that yet. Hell they could even make it a user option.
|
|
|
|
ErebusBat
|
|
September 04, 2012, 07:37:12 PM |
|
Like taking that 5% fee and paying someone who knows something about security to have a look at your stuff and point out obvious weaknesses like "unencrypted copy of the wallet keys" lying around on "supposedly non-public-facing" servers with open connections to public facing servers.
Or maybe one should be responsible for one's own money and btc and not leave them sitting on other peoples' servers for extended periods? Would you leave your wallet and house keys next to someone on the subway to watch for you? You gave him five bucks. He said he'll do his best. Obviously you don't trade alot. If you want to take advantage of the swings then you must hold a balance on the exchanges.
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
September 04, 2012, 07:37:33 PM |
|
I give shtylman props for being upfront about the theft rather than dither about it as some places have.
He sent out an e-mail less than 24 hours ago about API keys being compromised, and asserted that "No accounts were compromised financially nor was there any access to coins or any funds." - http://bitcointalk.org/index.php?topic=105079.msg1159003#msg1159003That could have been an initial attempt to communicate based on a misunderstanding of the actual situation but there was no further communication until this announcement.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
September 04, 2012, 07:38:25 PM |
|
In this case I suppose it will come down to whether the Bankruptcy Judge finds that the Bitcoins stolen at the time were of value too (and must be replaced at their market value in USD) or not. This. I would also point out there isn't a single precedent that a judge could rely on so the judge would be essentially writing new law (something most judges don't like doing). It is likely that a judge would look for regulation of Bitcoin (and exchanges) before accepting they have value as deposits under US Bankruptcy law. Why? Well otherwise the potential for abuse is huge.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
September 04, 2012, 07:40:38 PM |
|
That +1000. I t baffles me why larger sites have not implemented that yet. Hell they could even make it a user option.
MtGox does this (I hate to encourage more centralization of trading activity but it is the reality). IIRC something like 80%+ of coins on deposit are in offline cold storage. Sadly I was impressed by shtylman's other security measures and I assumed he used a cold wallet for at least a portion of the funds. Expensive mistake on my part.
|
|
|
|
Vladimir
|
|
September 04, 2012, 07:40:45 PM |
|
Replace word "bitcoins" by "potatoes" and any judge will figure out on the spot what to do.
|
-
|
|
|
shtylman (OP)
|
|
September 04, 2012, 07:42:21 PM |
|
I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.
If you had outstanding orders they have all been cancelled.
Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.
|
|
|
|
Severian
|
|
September 04, 2012, 07:42:54 PM |
|
Obviously you don't trade alot. If you want to take advantage of the swings then you must hold a balance on the exchanges.
No, I don't. I'm buy and hold. Bitfloor isn't so much an exchange as a bitcoin "store", which is a much needed service.
|
|
|
|
DeathAndTaxes
Donator
Legendary
Offline
Activity: 1218
Merit: 1079
Gerald Davis
|
|
September 04, 2012, 07:43:10 PM |
|
Replace word "bitcoins" by "potatoes" and any judge will figure out on the spot what to do.
Potatoes aren't a digital construct thinly traded only on unregulated exchanges which hasn't yet been defined by FinCEN or any other regulatory body. I do agree that Bitcoin will need to be regulated eventually. It simply can't co-exist with fiat currencies under existing laws without regulation and definition. Still I think this is a case of people wanting to have their cake and eat it to. Either Bitcoin is outside of regulation and statutes or it isn't. It can't be "kinda" under the law. If it is regulated that means tight AML, trade reporting to IRS, regulatory requirements for handling Bitcoins, licensing (VA requires a $500K bond to be a money transmitter for example), etc. It can't be under the law when you want something and then outside regulation all the other times. It is all or nothing baby. Personally like it or not, I think on a long enough time line we will be in the "all" category.
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
September 04, 2012, 07:43:33 PM |
|
I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.
If you had outstanding orders they have all been cancelled.
Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.
Who will cooperate in filing an injunction? shtylman, where physically are you for service of process?
|
|
|
|
ErebusBat
|
|
September 04, 2012, 07:43:36 PM |
|
New withdrawals are currently on hold while I work through the future of the exchange.
That is unacceptable. Regardless of the future of the exchange you have an obligation to disburse funds to the ACH account on record. You previously handled requests by email. USD funds by depositors are the property of the depositor and not an investment. You have no legal standing to hold those funds pending "anything". I agree with TangibleCryptography. In your own words: I know exactly how much each user currently has in their account for both USD and BTC. No records were lost in this attack.
Unless you have gotten legal advice to the contrary (if you have please let us know), I would advise processing ACH withdrawals on a as needed basis.
|
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
September 04, 2012, 07:47:12 PM |
|
Unless you have gotten legal advice to the contrary (if you have please let us know), I would advise processing ACH withdrawals on a as needed basis.
If BitFloor is insolvent, unable to meet all withdrawal request of all customers, then disbursing even one penny is a criminal act.
|
|
|
|
ErebusBat
|
|
September 04, 2012, 07:49:00 PM |
|
shtylman, where physically are you for service of process?
https://bitfloor.com/aboutMailing Address Bitfloor Inc. 27-29 W 60th St. #21053 New York, NY 10023
|
|
|
|
SgtSpike
Legendary
Offline
Activity: 1400
Merit: 1005
|
|
September 04, 2012, 07:49:51 PM |
|
I have put the website back online for users who have USD to request a withdrawal via ACH. If you choose to leave your USD funds in the account they will be available for trading once it resumes. I hope to resume trading later in the week.
If you had outstanding orders they have all been cancelled.
Once trading resumes, I hope to be able to start repaying BTC losses using the proceeds from fees. More information about this will be provided later.
So basically, BTC withdrawals will be delayed until you have the funds to pay for them? Or both BTC and USD withdrawals (after you allow whoever wants to withdraw via ACH to do so)? What if I trade for USD (once you re-enable trading), then request an ACH withdrawal?
|
|
|
|
Vladimir
|
|
September 04, 2012, 07:49:55 PM |
|
Replace word "bitcoins" by "potatoes" and any judge will figure out on the spot what to do.
Potatoes aren't a digital construct thinly traded only on unregulated exchanges. I do agree that Bitcoin will need to be regulated eventually. It simply can't co-exist with fiat currencies without definition. However that day isn't today. Of course. However, potatoes have value, they can be stolen too. Imagine a commodity exchange where you can deposit bags of potatoes that you and other customers have "farmed". Those potatoes can be sent to the exchange as well as fiat money (legal tender btw). Someone have stolen all the potatoes, exchange goes BK... Effectively a judge has only two choices: 1. Distribute all fiat back to depositors and leave potato sellers to hold the bag (an empty potato bag no less). 2. Value all the lost potato deposits in fiat, distribute whatever fiat left proportionally. I bet it will be 2.
|
-
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
September 04, 2012, 07:52:48 PM |
|
shtylman, where physically are you for service of process?
https://bitfloor.com/aboutMailing Address Bitfloor Inc. 27-29 W 60th St. #21053 New York, NY 10023
Roman recently had traveled or moved possibly out of the country (London ?).
|
|
|
|
|