This interface is great. Best in the business. Which bank(s) are you using? Dwolla support? Also I'm just going to paste the questions that Stephen Gornick usually asks new exchanges:
Thanks! Given Dwolla's history of screwing over Bitcoin exchanges, like our friends at TradeHill, we won't be supporting them. We'll announce our banking partner at the time we open the site up for real deposits.
- Does Kraken use cold storage (an offline wallet that cannot be accessed should the exchange's service become compromised)
Most definitely. A small percentage of the funds are kept in a hot wallet for withdrawals but the vast majority are kept in cold storage, offline.
If so, then there are other questions:
- Is there a target as to how much of customer's funds are kept in cold storage? (e.g., percent of total, or perhaps relative to recent withdrawal requirements)?
- Do new deposits go to cold storage? (if the hot wallet is compromised, new deposits made (e.g., automated payouts by mining pools) would still be secure)
- Does the offline wallet where the cold storage resides remain protected due to an "air gap" (no access to it electronically, not connected to the network)?
1. We don't have enough (any) experience here to give solid numbers. It's going to depend on our daily withdrawal requirements. My feeling is that if you need to withdraw a lot of BTC at once, you can probably wait a bit so it's better to sacrifice a little convenience for better security and only keep what is likely to be necessary in the hot wallet.
2. Yes, all new deposits go directly to cold storage, for exactly that reason.
3. Yes, cold storage is completely offline.
And I have other questions that I'd like to know the answers to:
- Does Kraken maintain full reserve? (i.e., Kraken controls bank accounts with all customer funds (fiat, USD, EUR, ?) and controls wallets with 100% of BTC funds. i.e., none of these amounts loaned out.)
- Does Kraken maintain offsite backups of its accounts and transactions? If for some reason the exchange's primary account database were lost due to a security breach, what information (and how recent) is still available from backup or archives?
- If there is a security breach and Kraken cannot meet withdrawal requests of its customers, what is the withdrawal preference that Kraken would follow? Various preferences are:
- - A.) All deposited funds are of equal standing with bitcoins being valued at their market rate at the time of the loss,
- - B.) Withdrawals of USD funds, if not impacted by the breach, are made available to those customers who held a USD balance. in full.
- - Do customer deposits have preference over any other creditor claims? (i.e., a contract stating so such that they don't become unsecured creditors ending up in the same pool as the landlord for office space and hosting bill.)
- - or is there some other approach?
4. Yes, Kraken maintains full reserves. Customer funds reside in a bank account separate from our operations account and fees are pulled across on a daily basis. Payward does not borrow customer funds for operations and we do not lend customer funds, even for margin trading within our own exchange. Funds offered for margin are acquired from other sources.
5. At the moment, backups are onsite but unless a meteor destroys the data center, we should be ok. We'll expand to offsite shortly. Data is replicated in real time and backed up on a daily basis. If only the primary account database were lost, everything would still be available in backups.
6. Good questions. We just had a chat about this so please do not take this as the final word but here's what we're thinking:
A USD value would be assigned to all the losses and remaining balances. All deposited funds are of equal standing up to a cap and beyond the cap are distributed pro rata. So, if the cap were $100k and we had 10 users, 9 of which had $50k balances and 1 of which had a $1m balance ($1,450,000 total) and we lost $600k ($850k left), 9 guys would receive their $50k back and 1 guy would receive $400k back. If you want to keep some exorbitant amount of money on the exchange, you take the risk or maybe we can find a way to insure it (which we have not had luck with so far). This is if we are actually legally able to decide. It may very well be that all funds must be redistributed pro rata without any sort of cap. It may also be that funds held as USD have some extra legal protections that BTC do not. More research and consideration is required. We'd like to hear community thoughts on this matter.
As far as we understand, according to law and without the need to specify this (though we can to make our position clear), depositors would have preference over ordinary business debt. You have given us your money to hold for safe keeping on your behalf and that money never touches our operations account, which should be the only account up for grabs by non-depositor creditors--it's not our money to take. If for any reason Payward ever has less than full reserves, it should immediately transfer money from its operations account, even liquidate assets in order to return to full reserves. The question is what happens in some catastrophic hack where even after liquidating all the company's assets we are still not able to make the depositors whole and we also have some other business debt. The depositors would receive everything and the other creditors would be out of luck.
If there are other security-related details that are relevant that you would be will to share (e.g., physicall security, staff background checks, dead man's switch for wallet, etc.) feel free to do so.
I hope you'll understand that we don't want to give too much away here. If an intruder breaches our security, it'd be better for us (and you) if they did not know what to expect.
We've spent over $150k on our own hardware. Our servers reside in locked racks in a private cage in an expensive top tier data center with armed guards, retina scans, video surveillance, etc.
Staff have all been thoroughly reviewed and for anything dangerous, multiple signatures are required.
Data is encrypted wherever possible and systems are both redundant and isolated from each other such that if someone were to gain access to one machine, they would likely not gain anything useful.
Customer service and verification systems are modeled somewhat after PCI compliance standards. The office is wired on separate networks for separate purposes. The systems that agents access your uploaded verification docs on cannot do anything but access those docs. They'd use a different system for answering tickets.
The user interface takes better security over better UX in many instances, not giving you any error messages that might allow you to find accounts, emails, etc.
Two factor authentication is available with more advanced security features to come.
The API allows for two-factor on keys and quite granular permissions.
