Bitcoin Companies Who Reimburse Losses Stay Alive

[topiOleg]

1. why are they not securing customers funds in the same manner as their own reserves, for them to think customers funds could be lost but their reserves could not be

I would think the answer to this is pretty obvious, because they can't. They simply don't have the same amount of control over their customers' funds as they do over their own. Customers must be able to withdraw their funds whenever they choose, which unavoidably creates weaknesses. Their own reserves they can keep completely offline cut off from all access.

Your right, it is concept called hot wallet when you need the Bitcoins transactions to be send in real time. So the transactions signing is eighter on online computer, or not, but the result is the same - immediatelly signed transaction broadcasted over internet, which you can potentially exploit.

I dont know whether Xapo can have reserves to cover the potential loses though, the most often used Xapo service is just online wallet and it is completly free to their users.

[1713862009]

1713862009

[1713862009]

1713862009

[1713862009]

1713862009

[entrepmind23]

A recent blog post from Xapo called “What happens if Xapo gets hacked?” the company discusses the unfortunate Bitfinex heist that took place on August 2, 2016. Xapo says that if they were compromised the company would cover the losses from its own reserve. This is a glaring difference to the many exchanges that failed to reimburse their customers.

It will be interesting to see how Bitfinex fares after their losses as it was the biggest Bitcoin exchange heist since the demise of Mt Gox. It’s safe to say exchanges that don’t pay their customers back in full will discourage new users from entering the Bitcoin space.

https://news.bitcoin.com/bitcoin-reimburse-losses-stay-alive/

People will choose the company that they think there money will be safe. It would be the same case like in banks wherein the deposits are insured and any losses incurred by the bank will be their loss not their customers. So, in bitcoin companies, its their mistake or complacency so they should not let their customers bear the losses that they incurred. It's hard to earn back the customers trust after what happened and then they added more pain by letting the customers bear the loss so it would really hard for the company to earn back the people's trust again.

[~Bitcoin~]

Sooner or later true insurance companies will come. But I think that they are scared by the current carelessness and stealing hidden under so bad "hacks".
Xapo delivers nice words and I hope we will not get to see if they are true or not... But you can't argue that they found a good niche for some more advertising.

I don't think there is need of insurance companies for bitcoin projects. What making exchangers getting hacked is their own negligance over security systems and weak management of their reserves. And even insurance company can't be expected to be immutable towards hackers.

This words from Xapo may only remain as nice talk/statement, real test will be if they also go through similar hack as of other exchangers.

[MingLee]

Sooner or later true insurance companies will come. But I think that they are scared by the current carelessness and stealing hidden under so bad "hacks".
Xapo delivers nice words and I hope we will not get to see if they are true or not... But you can't argue that they found a good niche for some more advertising.

I don't think there is need of insurance companies for bitcoin projects. What making exchangers getting hacked is their own negligance over security systems and weak management of their reserves. And even insurance company can't be expected to be immutable towards hackers.

This words from Xapo may only remain as nice talk/statement, real test will be if they also go through similar hack as of other exchangers.

There is definitely no need for insurance companies, and even if there were there would be a ton of incredibly high rates just because of the risk of having to cover the losses of exchanges or whatever other business is just an insane undertaking and could become very costly very quickly.

[thejaytiesto]

Im sure there is an untapped market on this matter. Granted, the whole point of Bitcoin and its major strength is the fact that you control the asset and no body else can touch them, but a lot of people are scared of taking self responsibility so something like this will find its market eventually.

[NeuroticFish]

Sooner or later true insurance companies will come. But I think that they are scared by the current carelessness and stealing hidden under so bad "hacks".
Xapo delivers nice words and I hope we will not get to see if they are true or not... But you can't argue that they found a good niche for some more advertising.

I don't think there is need of insurance companies for bitcoin projects. What making exchangers getting hacked is their own negligance over security systems and weak management of their reserves. And even insurance company can't be expected to be immutable towards hackers.

This words from Xapo may only remain as nice talk/statement, real test will be if they also go through similar hack as of other exchangers.

There is definitely no need for insurance companies, and even if there were there would be a ton of incredibly high rates just because of the risk of having to cover the losses of exchanges or whatever other business is just an insane undertaking and could become very costly very quickly.

Insurance would increase Bitcoin's credibility, because whether you agree or not, old businessmen read about hacks and see there's no insurance, though we know that most of the hacks are negligence or inside job.
And insurance companies will have to enforce some rules to exchanges and so on to reduce the change of "hack" as much as possible, else they'll go bankrupt quick.

[yayayo]

Talk is cheap.

That sums it up pretty neatly. Xapo just wants to absorb as much of the disappointed user base of Bitfinex as possible. What's interesting is that Xapo implicitly admits a difference between the funds stored by its users and its own reserves. The security seems to be weaker for the former...

Apparently, Xapo uses a hot / cold wallet method or something comparable. As we have seen in the past, this is no guarantee for the security of reserves if the associated (human) security architecture is weak. After all, Bitfinex incurred massive losses, because the funds were stolen (internally?) from a multisig-setup that was meant to improve security.

You can't reimburse users from "reserves" if your reserves have been stolen.

ya.ya.yo!

[European Central Bank]

xapo cold stores for some monster whales so if they're hacked it really, really ain't gonna be pretty. I assume they must be hyper anal about this stuff and bitfinex will up that even more.

we all know what it takes to be completely secure. there's no reason for a guy being super protective over his 0.1 btc to be secured better than a giant corporation.

[ImHash]

No sane person would guarantee safety for your funds unless they take a considerable percentage as insurance payment.
So bitcoin/crypto currencies or anything at all if you want to be sure it's safe they take money and only if time comes and they get robbed they will then refund you 100% otherwise it's a risk you have to accept when you enter.

[Jannn]

if xapo would cover losses of a hack with their own reserve. then i have 2 questions

1. why are they not securing customers funds in the same manner as their own reserves, for them to think customers funds could be lost but their reserves could not be

2. why if customers funds are just as secure as their reserves, would xapo think that their reserves would not also be taken, ni which case there are no funds left to cover customer losses.

Exactly.
Without answering these questions it is just advertising, Nothing more.

[sipher]

if xapo would cover losses of a hack with their own reserve. then i have 2 questions

1. why are they not securing customers funds in the same manner as their own reserves, for them to think customers funds could be lost but their reserves could not be

2. why if customers funds are just as secure as their reserves, would xapo think that their reserves would not also be taken, ni which case there are no funds left to cover customer losses.

Exactly.
Without answering these questions it is just advertising, Nothing more.

Because the exchange must be able to process withdraw request. The reserves are not hot (and should be stored offline).

[franky1]

1. why are they not securing customers funds in the same manner as their own reserves, for them to think customers funds could be lost but their reserves could not be

I would think the answer to this is pretty obvious, because they can't. They simply don't have the same amount of control over their customers' funds as they do over their own. Customers must be able to withdraw their funds whenever they choose, which unavoidably creates weaknesses. Their own reserves they can keep completely offline cut off from all access.

you do realise that ANYONE can have one server that holds NO private keys but instead has a database
this database just stores requests.
EG
USER12345 requests 0.01 to 1Ar4nd0mAdDress verification: adjsfhskfhjfhljkhasfhlsakjdfhsalkjf

then on a separate system unknown to the server. because the server not making an outbound API call to any known destination.. or doing anything requiring logging the other system.. this separate system can look in. and read this database and process the requests as and when it sees new request.. by looking in remotely. rather then a web server pushing data out. things get a little more secure.

we no longer live in the 1980's where reading a database takes minutes. but milliseconds. so the difference between having the keys on a server, and having the keys on a separate system is about a few miliseconds in actually moving funds when a customer requests it. which those miliseconds are meaningless in regards to block times of ~10minutes anyway.

as for securing the database, like i said by not communicating out(no outgoing API call), the server does not reveal the IP address that has the keys. also by adding a few basic security things you can sense if the database is being tampered with from within this could signal to the host to do something
where requests requires a verification code that can only be signed by the users sessionID(not a bitcoin private key) or some other crypto proof the intended users made the request. amungst other things can all reduce weak points.
well nothing is fool proof but if you add enough layers you can slow down a hacker long enough to spot him.
but either way its alot better then stupidly having a basic script that stores the private keys on the webserver and immediately processes withdrawals without checks

[sipher]

1. why are they not securing customers funds in the same manner as their own reserves, for them to think customers funds could be lost but their reserves could not be

I would think the answer to this is pretty obvious, because they can't. They simply don't have the same amount of control over their customers' funds as they do over their own. Customers must be able to withdraw their funds whenever they choose, which unavoidably creates weaknesses. Their own reserves they can keep completely offline cut off from all access.

you do realise that ANYONE can have one server that holds NO private keys but instead has a database
this database just stores requests.
EG
USER12345 requests 0.01 to 1Ar4nd0mAdDress verification: adjsfhskfhjfhljkhasfhlsakjdfhsalkjf

then on a separate system unknown to the server. because the server not making an outbound API call to any known destination.. or doing anything requiring logging the other system.. this separate system can look in. and read this database and process the requests as and when it sees new request.. by looking in remotely. rather then a web server pushing data out. things get a little more secure.

we no longer live in the 1980's where reading a database takes minutes. but milliseconds. so the difference between having the keys on a server, and having the keys on a separate system is about a few miliseconds in actually moving funds when a customer requests it. which those miliseconds are meaningless in regards to block times of ~10minutes anyway.

as for securing the database, like i said by not communicating out(no outgoing API call), the server does not reveal the IP address that has the keys. also by adding a few basic security things you can sense if the database is being tampered with from within this could signal to the host to do something
where requests requires a verification code that can only be signed by the users sessionID(not a bitcoin private key) or some other crypto proof the intended users made the request. amungst other things can all reduce weak points.
well nothing is fool proof but if you add enough layers you can slow down a hacker long enough to spot him.
but either way its alot better then stupidly having a basic script that stores the private keys on the webserver and immediately processes withdrawals without checks

This configuration still allows for the hot wallet to be depleted (there is still a connection to the wallet via database). You don't need the keys to steal the funds at that point.

[whanethewhip]

It's one thing to make a statement in media about reimbursing losses due to heists. It's another to make the claim official by including it as part of their terms of service or as part of an insurance statement. When Xapo makes this part of their official policy and as a guarantee to those using their services, then the claim will have merit. Until then, it's just something to garner some attention.

[franky1]

This configuration still allows for the hot wallet to be depleted (there is still a connection to the wallet via database). You don't need the keys to steal the funds at that point.

compared to private keys stored on the webserver. which can be a 5 second copy and paste hack.
having to tweak a request database. compare users to funds, add a fake request and also add a valid verification request is more layers of security.

the web server doesnt even need the public sessionid(or other cryptographic id) of the user validation because the web server does nothing.

the separate system can verify balances check signatures of the user validation(by this i dont mean a bitcoin private key, but some other cryptographiic id). so the hacker cannot really fake a request either.

even things like 2factor authentication where the "answer" is not saved on the web server.
and its the hidden server that pushes a 2FA to the customer and then reads the database again to see some response.

like i said. nothing is ever perfect. but adding layers and not having everything stored on one "honeypot" web server is just grossly negligent

[sipher]

This configuration still allows for the hot wallet to be depleted (there is still a connection to the wallet via database). You don't need the keys to steal the funds at that point.

compared to private keys stored on the webserver. which can be a 5 second copy and paste hack.
having to tweak a request database. compare users to funds, add a fake request and also add a valid verification request is more layers of security.

the web server doesnt even need the public sessionid(or other cryptographic id) of the user validation because the web server does nothing.

the separate system can verify balances check signatures of the user validation(by this i dont mean a bitcoin private key, but some other cryptographiic id). so the hacker cannot really fake a request either.

even things like 2factor authentication where the "answer" is not saved on the web server.
and its the hidden server that pushes a 2FA to the customer and then reads the database again to see some response.

like i said. nothing is ever perfect. but adding layers and not having everything stored on one "honeypot" web server is just grossly negligent

Agreed.

two factor is out the window if the web server is hacked.

You can make it harder and hope to detect malicious behaviour, but you're in serious trouble if someone's on the web server.

[franky1]

Agreed.

two factor is out the window if the web server is hacked.

You can make it harder and hope to detect malicious behaviour, but you're in serious trouble if someone's on the web server.

but you mitigate the "trouble" by decreasing the valuable information stored on the web server.
basically just making the web server a GUI.. and a hidden remote system is the engine
then its not "serious trouble" but just "potential trouble", which good security and many layers (as ive said several times) makes trying to hack the webserver near usely and timely to attempt.

[BitMaxz]

A recent blog post from Xapo called “What happens if Xapo gets hacked?” the company discusses the unfortunate Bitfinex heist that took place on August 2, 2016. Xapo says that if they were compromised the company would cover the losses from its own reserve. This is a glaring difference to the many exchanges that failed to reimburse their customers.

It will be interesting to see how Bitfinex fares after their losses as it was the biggest Bitcoin exchange heist since the demise of Mt Gox. It’s safe to say exchanges that don’t pay their customers back in full will discourage new users from entering the Bitcoin space.

https://news.bitcoin.com/bitcoin-reimburse-losses-stay-alive/

if this happen with xapo, then they are really want to cover it? i just don't sure about this, because bitfinex that had been hacked would not covers all the funds. but i hope xapo will prove their word if someday they got hacked.

If thats the case that they can reimburse their custumer its a great company that can pay loses from other company.. 
Honestly xapo right is not good wallet i have old wallet there and i know the password and pins but the problem the receive codes or pi is always incorrect.
So i will never trust their world that they can reimburse to their costumers..

[SmartIphone]

It depends on how much bitcoins do they leave in the hot wallet or in the 'cold' wallet because recovering tens of millions of dollars is not easy and can not be recovered in a short period of time.
I don't like to see this kind of statements from big companies but if they say that have a huge reserve capital then lucky them and lucky their users.

[franky1]

It depends on how much bitcoins do they leave in the hot wallet or in the 'cold' wallet because recovering tens of millions of dollars is not easy and can not be recovered in a short period of time.
I don't like to see this kind of statements from big companies but if they say that have a huge reserve capital then lucky them and lucky their users.

if the recovery plan is based on trading fee's recouping losses.. then lets take bitfinex for instance
they have done $4.5m in volume today based on https://coinmarketcap.com/exchanges/bitfinex/
which at a 0.3% fee (0.1% take 0.2%make) works out at $13.5k in fee's
even if they ploughed every penny of the fees into making everyone whole. its still 5,300+ days (upto 15 years at current volume) to actually make people whole again

so bitfinex for example better have some reserves. or can buy the debt back at pennies to the dollar as a settlement agreement with their creditors/debtee's(customers) or they are in for a world of hurt

after all
lets pretend they never needed to spend any money on wages, offices, servers, etc over the last 2 years, just so they could build up a reserve.
checking* they had an average $6million trade volume a day* ($20k fee) it would have still taken them 10 years to rake in enough reserves to have $72m.
*2 year average from stats

knowing they actually were spending fee's on business costs over the last couple years. there is no way they have reserves to cover the loss and no way they can make anyone whole again in the next couple years using future fee income either.

not unless some numpty buys the business valued at (-)72mill for a single $1. and puts in the other 72m to make customers whole again.
.. knowing that at their best years (prior to hack) it would take 10 years to just get 72m in fee's before business cost deductions. i cannot see any numpty investing 72m to make customers whole..
or as i said not unless they can settle with their creditors/debtees(customers) with a pennies on the dollar settlement.