we are evaluating different proposals and ideas, but at the end of the day if we implement a system it must make sense.
To prove we have access to a certain amount of coins doesn't mean anything.
How can each of you be sure about the total number of coins we say we have on behalf of our customers?
Every customer just knows how many coins he has, but can never be sure of what is the total we claim.
Is seems easier than what it really is.....
Any suggestion is as usual more than welcome
1) Prove you have access to X number of coins and USD. For USD, maybe a letter from the Bank.
2) Publish a list of who has how many coins. Lots of options on "who"
a) List by Deposit Address (use BTC or LTC deposit address for USD).
b) List by "Code" that is Bitfinex generated. User can request new "code", so their public name changes as often as they want.
c) Whatever other way makes sense to you. Each account could have more than 1 code per deposit type, and the total amount is randomly spread between the codes with each posting.
3) Regular audit (at least quarterly) by a Well Respected accounting firm. Post Audit letter.
4) Segregate cold wallets with a 3rd party Trustee. Ideally, all customer deposits held with a 3rd party Trustee.
5) No person/entity with a relationship with Bitfinex (owner, employee, accounting firm, trustee, someone with access to exchange info, etc) could have a customer account with Bitfinex.
Doing #1 and #2 allows users to confirm their own balance, and the lack of anyone complaining is passive confirmation that the information is legitimate.
Doing #1 and #2 does mean that Bifinex could cook the books to the extent that it fakes information for dormant users (shows their balances lower than actual). That only works until one dormant user posts a complaint - Looses passive confirmation.
Adding #3 gives the most assurance that balances are legitimate. #3 could be done without #1 and #2. But, IMHO, would be stronger with #1 and #2. Also, #3 protects Bitfinex from what supposedly happened at MtGox. The maleability loss happened over time. Regular audits would have caught the problem early.
#4 would not be that expensive for "cold" wallets. Minimal transactions with the cold wallets would keep the fees low. This would make it harder for Bitfinex to use customer deposits for its own purposes, or disappear with all customer funds overnight.
#4 would also be great for handling deposits and withdrawals of USD. Transaction fees for deposits/withdrawals could fully cover the Trustee's per transaction cost. Performance standards could be published (How soon deposits are credited, and withdrawals processed). This should be with a bank that has a worldwide Corporate Trust reputation. Know Your Customer and other money laundering rules would apply for USD transactions. If Customer wanted full anonymity, they would have to limit themselves to BTC/LTC deposits and withdrawals. A Trustee would also be able to easily process non-USD transactions with a typical 1% currency conversion fee. Because of the fees, I would not use it for small amounts, but knowing that I could quickly move $100,000 USD for a nominal Trustee transaction expense would give me a lot of confidence to use Bitfinex. Maybe the ability to pay an extra fee for 1 business day processing.
#5 limits insider trading. One potential exception would be Designated Market Makers - As long as they have the same obligations, responsibilities, and limitations of Market Makers in the USA - For example, they have an obligation to buy when the market is declining, and an obligation to sell when the market is climbing. They put their capital at risk for the rights and benefits of being a Market Maker.
I do not see the privacy problem with #2. It is already a privacy problem with BTC. Everyone can check the balance of any wallet address. Why is this any different? A user can change their Bitfinex Wallet address at any time, and divide them between accounts, just like they can do with real BTC addresses.
In theory, the gain in trust by customers will result in increased transaction fees earned by Bitfinex. Those increased fees would more than offset the additional cost of Audits and Trustee fees. If Bitfinex were the first exchange to adopt the standard, that could be huge for you, and possibly make it the top exchange. Even though Bitstamp is "headquartered" in London, their use of a Slovenia banks makes me really wonder about them.