|
Luckybit (OP)
|
 |
April 11, 2013, 11:01:34 PM |
|
Big mtGox has far too much power. Centralized power is an obvious weakness.
My proposal is that this community has many security experts within it, who probably could come up with a list of ways or methods of preventing DDOS and market manipulation. So how about we help BTC exchanges out and offer a list of ideas or advice on how to prevent DDOS and market manipulation?
My list which of course could be updated if I have more info.
1. Greater decentralization, there is no reason why we need this much centralization around mtGox yet for mining it's all about being decentralized for security? We need to stick with decentralization whenever possible.
(b) Redundancy, cloud computing, virtual machine based infrastructure so there is little to no down time.
2. Multi-factor authentication must be the defacto standard for all exchange sites and sites which don't offer this should be flagged by the community as high risk.
(b) Google authenticator, Yubikey, or whatever.
3. The community and the exchanges must determine best practices and follow them relentlessly. What allows these kinds of attacks and what kind of best practices could prevent them?
4. Provide incentives or rewards or adjust the incentive structure to discourage market manipulation. If the manipulators can't make any money or perhaps risk losing something then according to game theory they'll not want to take that decision.
|
|
|
|
|
justusranvier
Legendary
 Offline
Activity: 1400
Merit: 1013
|
|
April 11, 2013, 11:41:17 PM |
|
The problem is getting fiat in to an exchange, and rapidly transferring it between exchanges.
Ripple is supposed to fix that. If all the exchanges became gateways then users could deposit fiat anywhere, and trade with it anywhere, and cash out anywhere. The exchanges could use periodic wire transfers between themselves to settle accounts.
If Bitinstant ever gets their debit card going, and if they accepted USD deposits via Ripple then people would be more willing to keep more of, or possibly all of, their dollars in the system because they could spend it instantly. This would make a large amount of dollar liquidity available to all the order books.
|
|
|
|
|
|
Luckybit (OP)
|
|
April 11, 2013, 11:44:12 PM |
|
Where is the whitepaper on Ripple?
And how long are they going to take to implement this? I don't have much faith in Bitinstant. They took my money and never gave me coins in over a week now.
|
|
|
|
|
Bitmeat
Newbie
Offline
Activity: 28
Merit: 0
|
|
April 11, 2013, 11:50:16 PM |
|
As far as stopping DDOS that's easy, you just have to use an exchange with a well designed server infrastructure, not a crappy system set up to trade game cards. What MtGox calls a DDOS, a traditional exchange would call high volume.
As far as stopping manipulation, that's harder. With traditional commodities you can lower the risk of manipulation by having very high liquidity. That wont happen until people start actually using BTC as a currency and not some fancy virtual gold substitute.
Did you buy drugs online or pay someone for services in BTC in the last couple months? If not, you're part of the problem.
|
|
|
|
|
klmist
Newbie
Offline
Activity: 35
Merit: 0
|
|
April 11, 2013, 11:56:38 PM |
|
Big mtGox has far too much power. Centralized power is an obvious weakness.
My proposal is that this community has many security experts within it, who probably could come up with a list of ways or methods of preventing DDOS and market manipulation. So how about we help BTC exchanges out and offer a list of ideas or advice on how to prevent DDOS and market manipulation?
My list which of course could be updated if I have more info.
1. Greater decentralization, there is no reason why we need this much centralization around mtGox yet for mining it's all about being decentralized for security? We need to stick with decentralization whenever possible.
(b) Redundancy, cloud computing, virtual machine based infrastructure so there is little to no down time.
2. Multi-factor authentication must be the defacto standard for all exchange sites and sites which don't offer this should be flagged by the community as high risk.
(b) Google authenticator, Yubikey, or whatever.
3. The community and the exchanges must determine best practices and follow them relentlessly. What allows these kinds of attacks and what kind of best practices could prevent them?
4. Provide incentives or rewards or adjust the incentive structure to discourage market manipulation. If the manipulators can't make any money or perhaps risk losing something then according to game theory they'll not want to take that decision.
One thing that occurred to me is that the bitcoin exchanges could perhaps whitelist traffic coming from bitcoin vpn providers.. that way anyone with a bitcoin vpn wouldn't be affected.. of course the attackers could then turn to attacking the vpn providers but there are a few of them and it might at least spread the problem out a bit more. |
|
|
|
|
|
Luckybit (OP)
|
|
April 12, 2013, 12:17:15 AM |
|
That is a very interesting idea.
|
|
|
|
|
mr-sk
Member
Offline
Activity: 117
Merit: 10
|
|
April 12, 2013, 02:03:22 AM |
|
Look at any capital market exchange - they have solved this problem.
However, it introduces tons of other issues like HF, front-running, etc, etc.
It'll never be solved, get used to it. Eventually, only the super rich will be manipulating the market, just like in capital markets ...
|
Telegram
|
|
|
Stunna
Legendary
Offline
Activity: 3192
Merit: 1279
Primedice.com, Stake.com
|
|
April 12, 2013, 02:38:20 AM |
|
Ddos and manip are killing bitcoins. Mtgox etc need better ddos protection.
|
|
|
|
securityguy
Newbie
Offline
Activity: 35
Merit: 0
|
|
April 12, 2013, 04:07:28 AM |
|
We just need more exchanges and for MtGox's market share to lower.
Once the bitcoin market volume is much bigger, a decentralised exchange approach will be possible with Over the Counter trading. This will only be possible when you can go to your neighbour and trade FIAT or some other commodity for BTC, until then we are stuck with centralized exchanges.
|
|
|
|
|
lemonginger
Full Member
Offline
Activity: 210
Merit: 100
firstbits: 121vnq
|
|
April 12, 2013, 04:39:55 AM |
|
At the moment they could implement temporary higher trading limits (even up to .1BTC), get rid of their APIs temporarily, and implement some sort of verify/captcha front-end step. That would solve the problem enough to trade I believe.
|
|
|
|
|
|
Sage
|
|
April 12, 2013, 04:55:08 AM |
|
No central exchange will solve this.
Let's not go down the wrong road.
Decentralized exchange is the only road to go down here.
|
|
|
|
|
gollum
Sr. Member
Offline
Activity: 434
Merit: 250
In Hashrate We Trust!
|
|
April 12, 2013, 05:03:09 AM |
|
Look at any capital market exchange - they have solved this problem.
However, it introduces tons of other issues like HF, front-running, etc, etc.
It'll never be solved, get used to it. Eventually, only the super rich will be manipulating the market, just like in capital markets ...
It is easy to screw the HFT-algos: -match orders once every 10 seconds -dont apply queue system for orders at same price, process them at random order. -HFT algos cannot make the advantage of being physically close to the exchange since the exchange is decentralized |
|
|
|
|
Bitcoinm
Member
Offline
Activity: 87
Merit: 10
|
|
April 12, 2013, 04:31:41 PM |
|
There should be a splash page on another server that waits 5 seconds before you can get on the exchange. There should also be a 5 second limit between placing orders; this would be a vast improvement over hour long trade lag.
|
|
|
|
|
|
