I know Gox takes the cake, but these guys aren't that far off. I’ll be taking (what’s left of) my money, once I can wrest it back from them, and heading over to Bitstamp or Coinbase.
(As an aside, anyone have any bad experience with bitstamp’s handling of international wire transfers?)
The Bitstamp price is very attractive. Now 15% less than on Gox. Wow!
But I have no doubt in the Bitstamp security. No Yubikey, no mTAN and
the API seems to be a high a security risk.
It is very pathetic to offer only the Google Authenticator. I send no larger amounts when I can not even use a hardware token. Maybe that is the reason why on Bitstamp never much more than a million can be seen in the order book. I'm watching this for months now. Bitstamp has become a "trade and rund" service. Is there anyone who deposited money on Bitstamp for a long time (longer than three months)? Even on such a minor user2user marketplace like
bitcoin.de I can use a Yubikey meanwhile to protect my coins. I do not understand why Bitstamp offers no Yubikey 2FA. It's very inexpensive and safe.
Personally, is not quite clear to me what you can do with the API by bypassing the 2FA. I don't see any limits with the Bitstamp API. Pretty risky, isn't it? On Mt. Gox you must first generate an API key (you have to use the YubiKey for this). Then you grant the required rights for your API key. For example, you can have an api key for trading only, so you (or even an attacker) can't make any withdrawals with your (trading) api key.
I'm afraid it's very easy to take over a Bitstamp account by there API if you occupy a PC which is used to access this Bitstamp account. Most computers nowadays are very easy to occupy. Especially when it comes to Windows boxes. A malicious banner in a bitcoin forum is sufficient for this already.
I would not recommend you to access your Bitstamp account with the same PC which you use for your normal surfing. You should at least use a separate browser to prevent XSS.
