Why do exchanges need a hot wallet on their server?

[picobit]

After yet another exchange being hacked, I can't help asking myself: Why do exchanges need a hot wallet on the server at all?
All the server needs is to know the clients' balances in BTC and in USD/EUR/...

Only when the client wants to withdraw BTC is a wallet needed - but then it does not have to be on the exchanger server.  The USD are stored in a bank, not on the server.  When a client needs to withdraw money, the exchange server contacts a backend server, where the hot wallet is kept.  This could even be done through TOR with the backend as a hidden service,  making it hard for the hackers to find the backend server.  They can still inject false payments into the system if they hack the frontend, but if you require users to register their bitcoin payment address in advance (and perhaps block payments for 24 h when it is changed), then it becomes very difficult indeed for the hacker to run away with the money.

It would still be necessary to keep most of the BTC in a cold, offline wallet, since it is not 100% impossible to first break into the server, and then hack the backend through the TOR network.  So perhaps there should also be a limitation of how many BCT any given user can withdraw without incurring a 24h waiting period.  Waiting periods are annoying, but less annoying than loosing everything.

Just my 5 mBTC.

[flower1024]

bitcoinica had their hotwallet on another server but it doesn't help them

every (unencrypted) wallet which resides on an online server (vps is even worse) is vulnerable.

hotwallets are unencrypted because they need to be accessed.

i would love to see exchanges where you request a widthdrawal and have to wait.
that way the owner could manually send out funds.

^^ much more secure

[SpontaneousDisorder]

How about an option "Send my BTC to cold storage", then you can choose between safety and instant access.

[scintill]

This could even be done through TOR with the backend as a hidden service,  making it hard for the hackers to find the backend server.

Exchange hacks have been caused by credential disclosure, unencrypted wallets, VPS compromises, etc.  Tor doesn't magically fix those sorts of problems.  Unless you literally mean hackers are going to find the server's physical location, breach the hosting center holding it, and dump its keys, I don't see any reason to use Tor for this.  Has anyone hacked an exchange by gaining physical access to the servers?

[dissipate]

This could even be done through TOR with the backend as a hidden service,  making it hard for the hackers to find the backend server.

Exchange hacks have been caused by credential disclosure, unencrypted wallets, VPS compromises, etc.  Tor doesn't magically fix those sorts of problems.  Unless you literally mean hackers are going to find the server's physical location, breach the hosting center holding it, and dump its keys, I don't see any reason to use Tor for this.  Has anyone hacked an exchange by gaining physical access to the servers?

The details are sketchy but the Bitfloor hack sounds like it could have been done through physical access, or at least access via Bitfloor's LAN. Supposedly it was done by accessing 'non-public facing machines'.

[flower1024]

How about an option "Send my BTC to cold storage", then you can choose between safety and instant access.

+1

i LOVE this idea
but: if they are in cold storage how could you trade them?

image two users:

A: 100USD 10BTC (option set to instant access)
B: 1000BTC (option set to cold storage)

now B trades 10BTC to A and A wants to withdraw 20BTC immedtialy.
how to handle this situation?

btw: if i where user B i would not have 1000BTC sitting in an exchange without an open order. so i am essentially my own cold-storage.

[Traktion]

Surely, a client on a machine without a dedicated IP address could do the actual transacting?

From the client, you could then poll the server to see what transactions have been requested, before completing the process. The hot wallet would then be completely detached from the server and could either be supervised (manual confirmation) or unsupervised ('hot').

Ofc, it wouldn't stop someone hacking the process to create spurious transaction requests, but a secure protocol would make that very difficult. However, it would prevent attacks which focus on the stealing of wallets on the server and so forth.

[Stephen Gornick]

After yet another exchange being hacked

There are solutions that were already available that would have prevented this latest specific instance (cold wallet storage, 100% air gap).

There are solutions being made easier to use (multisig):

 - http://bitcointalk.org/index.php?topic=94959.0


There are solutions nearing completion - Open Transactions for exchanges:

 - http://bitcointalk.org/index.php?topic=96391.0
 - http://bitcointalk.org/index.php?topic=95745.0

[optimator]

hotwallets are unencrypted because they need to be accessed.

Is that correct? Can't you encrypt the wallet and then use a pass phrase to access it? The pass phrase being stored encrypted on the server?

[HostFat]

@flower1024
I think that the easier way is just make the trade "virtually", and I think that many are already doing this way.
All Bitcoin will remain in the cold storage, trades will only be executed virtually on another database.
The cold storage will be used only to withdraw bitcoin.

[scintill]

hotwallets are unencrypted because they need to be accessed.

Is that correct? Can't you encrypt the wallet and then use a pass phrase to access it? The pass phrase being stored encrypted on the server?

Yes, a server needs to be able to read a wallet to use it.  With your suggestion, what's going to decrypt the encrypted passphrase?  If the key to that is on the server, hackers will find it and it's now an unencrypted wallet.  If not, you're back to an encrypted wallet that needs outside intervention (inputting decryption key from an isolated system, human, etc.)

If automated transactions are desired, unencrypted hotwallets* are necessary, however there are precautions that should be taken, like NOT storing most of your bitcoins in hotwallets.  (*Well, they could be encrypted on-disk to help prevent certain types of attacks, but at some point, somehow, the system needs to be able to decrypt them to do automatic transactions.)

[picobit]

This could even be done through TOR with the backend as a hidden service,  making it hard for the hackers to find the backend server.

Exchange hacks have been caused by credential disclosure, unencrypted wallets, VPS compromises, etc.  Tor doesn't magically fix those sorts of problems.  Unless you literally mean hackers are going to find the server's physical location, breach the hosting center holding it, and dump its keys, I don't see any reason to use Tor for this.  Has anyone hacked an exchange by gaining physical access to the servers?

TOR will not solve anything magically, of course.  But the hacker will need to first hack the exchange server, and then (since he cannot get the IP of the backend server) will have to hack the TOR hidden service.  Not knowing the IP will certainly reduce the attach surface.  But of course not eliminate it.

Thanks to you all for your comments!