Bitcoin Forum
November 13, 2024, 03:00:39 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: BTC exchanges must tap the minds of community for ideas on preventing DDOS/manip  (Read 1256 times)
Luckybit (OP)
Hero Member
*****
Offline Offline

Activity: 714
Merit: 510



View Profile
April 11, 2013, 11:01:34 PM
 #1

Big mtGox has far too much power. Centralized power is an obvious weakness.

My proposal is that this community has many security experts within it, who probably could come up with a list of ways or methods of preventing DDOS and market manipulation. So how about we help BTC exchanges out and offer a list of ideas or advice on how to prevent DDOS and market manipulation?

My list which of course could be updated if I have more info.

1. Greater decentralization, there is no reason why we need this much centralization around mtGox yet for mining it's all about being decentralized for security? We need to stick with decentralization whenever possible.
     (b) Redundancy, cloud computing, virtual machine based infrastructure so there is little to no down time.
2. Multi-factor authentication must be the defacto standard for all exchange sites and sites which don't offer this should be flagged by the community as high risk.
     (b) Google authenticator, Yubikey, or whatever.
3. The community and the exchanges must determine best practices and follow them relentlessly. What allows these kinds of attacks and what kind of best practices could prevent them?
4. Provide incentives or rewards or adjust the incentive structure to discourage market manipulation. If the manipulators can't make any money or perhaps risk losing something then according to game theory they'll not want to take that decision.
justusranvier
Legendary
*
Offline Offline

Activity: 1400
Merit: 1013



View Profile
April 11, 2013, 11:41:17 PM
 #2

The problem is getting fiat in to an exchange, and rapidly transferring it between exchanges.

Ripple is supposed to fix that. If all the exchanges became gateways then users could deposit fiat anywhere, and trade with it anywhere, and cash out anywhere. The exchanges could use periodic wire transfers between themselves to settle accounts.

If Bitinstant ever gets their debit card going, and if they accepted USD deposits via Ripple then people would be more willing to keep more of, or possibly all of, their dollars in the system because they could spend it instantly. This would make a large amount of dollar liquidity available to all the order books.
Luckybit (OP)
Hero Member
*****
Offline Offline

Activity: 714
Merit: 510



View Profile
April 11, 2013, 11:44:12 PM
 #3

Where is the whitepaper on Ripple?

And how long are they going to take to implement this? I don't have much faith in Bitinstant. They took my money and never gave me coins in over a week now.
Bitmeat
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
April 11, 2013, 11:50:16 PM
 #4

As far as stopping DDOS that's easy, you just have to use an exchange with a well designed server infrastructure, not a crappy system set up to trade game cards. What MtGox calls a DDOS, a traditional exchange would call high volume.

As far as stopping manipulation, that's harder. With traditional commodities you can lower the risk of manipulation by having very high liquidity. That wont happen until people start actually using BTC as a currency and not some fancy virtual gold substitute.

Did you buy drugs online or pay someone for services in BTC in the last couple months? If not, you're part of the problem.
klmist
Newbie
*
Offline Offline

Activity: 35
Merit: 0


View Profile
April 11, 2013, 11:56:38 PM
 #5

Big mtGox has far too much power. Centralized power is an obvious weakness.

My proposal is that this community has many security experts within it, who probably could come up with a list of ways or methods of preventing DDOS and market manipulation. So how about we help BTC exchanges out and offer a list of ideas or advice on how to prevent DDOS and market manipulation?

My list which of course could be updated if I have more info.

1. Greater decentralization, there is no reason why we need this much centralization around mtGox yet for mining it's all about being decentralized for security? We need to stick with decentralization whenever possible.
     (b) Redundancy, cloud computing, virtual machine based infrastructure so there is little to no down time.
2. Multi-factor authentication must be the defacto standard for all exchange sites and sites which don't offer this should be flagged by the community as high risk.
     (b) Google authenticator, Yubikey, or whatever.
3. The community and the exchanges must determine best practices and follow them relentlessly. What allows these kinds of attacks and what kind of best practices could prevent them?
4. Provide incentives or rewards or adjust the incentive structure to discourage market manipulation. If the manipulators can't make any money or perhaps risk losing something then according to game theory they'll not want to take that decision.

One thing that occurred to me is that the bitcoin exchanges could perhaps whitelist traffic coming from bitcoin vpn providers.. that way anyone with a bitcoin vpn wouldn't be affected.. of course the attackers could then turn to attacking the vpn providers but there are a few of them and it might at least spread the problem out a bit more.
Luckybit (OP)
Hero Member
*****
Offline Offline

Activity: 714
Merit: 510



View Profile
April 12, 2013, 12:17:15 AM
 #6

That is a very interesting idea.
mr-sk
Member
**
Offline Offline

Activity: 117
Merit: 10


View Profile
April 12, 2013, 02:03:22 AM
 #7

Look at any capital market exchange - they have solved this problem.

However, it introduces tons of other issues like HF, front-running, etc, etc.
It'll never be solved, get used to it. Eventually, only the super rich will be manipulating the market, just like in capital markets ...

Telegram
Stunna
Legendary
*
Offline Offline

Activity: 3192
Merit: 1279


Primedice.com, Stake.com


View Profile
April 12, 2013, 02:38:20 AM
 #8

Ddos and manip are killing bitcoins. Mtgox etc need better ddos protection.

Stake.com Fastest growing crypto casino & sportsbook
Primedice.com The original bitcoin instant dice game
securityguy
Newbie
*
Offline Offline

Activity: 35
Merit: 0


View Profile
April 12, 2013, 04:07:28 AM
 #9

We just need more exchanges and for MtGox's market share to lower.

Once the bitcoin market volume is much bigger, a decentralised exchange approach will be possible with Over the Counter trading.  This will only be possible when you can go to your neighbour and trade FIAT or some other commodity for BTC, until then we are stuck with centralized exchanges.
lemonginger
Full Member
***
Offline Offline

Activity: 210
Merit: 100


firstbits: 121vnq


View Profile
April 12, 2013, 04:39:55 AM
 #10

At the moment they could implement temporary higher trading limits (even up to .1BTC), get rid of their APIs temporarily, and implement some sort of verify/captcha front-end step. That would solve the problem enough to trade I believe.

Sage
Hero Member
*****
Offline Offline

Activity: 632
Merit: 500


View Profile
April 12, 2013, 04:55:08 AM
 #11

No central exchange will solve this. 

Let's not go down the wrong road.

Decentralized exchange is the only road to go down here. 
gollum
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250


In Hashrate We Trust!


View Profile
April 12, 2013, 05:03:09 AM
 #12

Look at any capital market exchange - they have solved this problem.

However, it introduces tons of other issues like HF, front-running, etc, etc.
It'll never be solved, get used to it. Eventually, only the super rich will be manipulating the market, just like in capital markets ...

It is easy to screw the HFT-algos:
-match orders once every 10 seconds
-dont apply queue system for orders at same price, process them at random order.
-HFT algos cannot make the advantage of being physically close to the exchange since the exchange is decentralized
Bitcoinm
Member
**
Offline Offline

Activity: 87
Merit: 10



View Profile
April 12, 2013, 04:31:41 PM
 #13

There should be a splash page on another server that waits 5 seconds before you can get on the exchange.  There should also be a 5 second limit between placing orders; this would be a vast improvement over hour long trade lag.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!