Bitcoin Forum
April 20, 2014, 05:42:36 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: 1 [2]  All
  Print  
Author Topic: Open letter to online exchanges and wallets: store coins offline!  (Read 2954 times)
weex
Hero Member
*****
Offline Offline

Activity: 793


Give me your tired, your poor, your huddled...


View Profile WWW

Ignore
August 03, 2011, 06:36:22 PM
 #21

Today, the Bitcoin world is a lot like the initial web.  Anyone with a little skill can create an online service.  Since Bitcoin is so new, its very hard for the consumer to tell who has acumen to provide lasting, reliable service.

ExchB takes its responsibility to its customers seriously.  We look at the recent issue of securing wallet.dat files as just a facet of providing reliable service.  Our staff has over two decades of experience in providing Internet services which includes dealing with computer security, the design, implementation, execution, and support of systems with enterprise level reliability and scalability, and to cover the business side of things we have very experienced executive management.

We strive to show a pattern of excellent service:

Our terms of service are clearly stated.  Additionally, for customers looking for a US-based service, the jurisdiction for legal disputes is California.

ExchB provides a telephone contact number.

ExchB was the first Bitcoin exchange to not only cut off Dwolla deposits but also Dwolla withdrawals.  We are currently working on adding Paxum support, but we feel their current agreements are not yet to the level needed by Bitcoin exchanges.  Even after coming to an agreement with Paxum, we plan to exercise due caution with our customer funds held with them.

Yesterday ExchB added free two-factor authentication.  We deliberately chose a solution that has instant setup and does not involve a 3rd party service or a bunch of confusing options.  Looking forward, we are planning on further enhancing this service.

As for our wallet.dat, at ExchB, we do only keep a fraction of our Bitcoin deposits available for immediate withdrawal. From there we have offline wallets secured by encryption and physically. It's a balance to find the right amount to keep available for transfers but as our deposits have been growing we've only had to do a reverse transfer once so we think we're doing the split fairly optimally.

In terms of further wallet and site security, we run multiple geographically-redundant encrypted backups and test them regularly.

We do have plans for many wallet features including a visible wallet which will allow customers to be able to verify their balance using block explorer and an offline wallet service which will only allow delayed access to funds.

I hope this addresses your wallet.dat concerns and some of the larger concerns you may have about ExchB and Bitcoin exchanges in general.

Find a Bitcoin ATM location near you for cash exchange.
Buy eBooks, music, graphics, videos and more at CoinDL: https://www.coindl.com - Github: https://github.com/weex
Unbeatable Service & Product Support
Grab Your Miners at GAWMiners.com
Order Before April 25th to receive
Double your Hashing Power for 1 week!

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1397972556
Hero Member
*
Offline Offline

Posts: 1397972556

View Profile Personal Message (Offline)

Ignore
1397972556
Reply with quote  #2

1397972556
Report to moderator
1397972556
Hero Member
*
Offline Offline

Posts: 1397972556

View Profile Personal Message (Offline)

Ignore
1397972556
Reply with quote  #2

1397972556
Report to moderator
1397972556
Hero Member
*
Offline Offline

Posts: 1397972556

View Profile Personal Message (Offline)

Ignore
1397972556
Reply with quote  #2

1397972556
Report to moderator
1397972556
Hero Member
*
Offline Offline

Posts: 1397972556

View Profile Personal Message (Offline)

Ignore
1397972556
Reply with quote  #2

1397972556
Report to moderator
bizzy
Jr. Member
*
Offline Offline

Activity: 53


View Profile

Ignore
August 03, 2011, 07:22:31 PM
 #22

I don't think fractional reserve is an accurate name for this. What we're discussing here is more like storing the funds in a high security vault in the back of the bank than the fractional reserve systems used for physical cash.

dacoinminster
Hero Member
*****
Offline Offline

Activity: 896


Rational Exuberance


View Profile WWW

Ignore
August 03, 2011, 07:27:23 PM
 #23

I don't think fractional reserve is an accurate name for this. What we're discussing here is more like storing the funds in a high security vault in the back of the bank than the fractional reserve systems used for physical cash.

Yes, I intentionally chose a thread title that sacrificed some accuracy in favor of being controversial and getting more people to read the thread. It's a bad habit of mine. One of many.

In order to make the title a teensy bit less misleading, I added quotes around "fractional reserve" in post #1.

indio007
Full Member
***
Offline Offline

Activity: 210


View Profile

Ignore
August 03, 2011, 08:37:57 PM
 #24

Now that Mtgox has confessed to keep the coins offline (not necessarily a bad thing) what are you continuity of operations plans? What happens if you die or are jailed? How is someone going to restore those funds in the event you can't?

Unfortunately I cannot provide this kind of information without creating useless risks for the stored coins. As we grow we will create more ways of ensuring continuity on which we will be able to communicate openly.

i didn't really want details of what the plans are . I just want to make sure they exist. It would be very bad if only a few people had access and they all die in a plane crash or something.

As long as you can confirm there is a in fact a plan , that is good enough.
WiseOldOwl
Full Member
***
Offline Offline

Activity: 224



View Profile

Ignore
August 03, 2011, 09:01:31 PM
 #25

Not much more to say right now, other then I sit and look at my terminal of WalletBit.com all day.

Lol, +1.

http://cryptoswap.com
XRP/BTC/LTC/BTE
thufir
Newbie
*
Offline Offline

Activity: 14


View Profile

Ignore
August 03, 2011, 11:13:46 PM
 #26

Hi There,

In response to a request I received via email asking Vekja.net to respond on this thread, here is our response:

We maintain the bulk of the deposited funds in an offline account. We always have. I am personally the most security conscious person, by orders of magnitude, that I know of. The ratio of how much is offline is manually maintained by an administrator. In the event a 'run' occurs, the user gets an error message and the transaction immediately is marked as failed. We receive an email. An administrator then investigates to see if nothing is amiss, and if so, I can top up the online funds from one of the offline wallets we maintain.

The offline 'wallets' are stored off-site and encrypted. They are backed up (encrypted) in multiple geographical locations as well. They are never connected to the internet, and the wallets are never fed into a bitcoind that is connected to the internet -- just in case a vulnerability exists in the official bitcoin client.

Thufir
BitVapes
Full Member
***
Offline Offline

Activity: 140


BitVapes.com


View Profile WWW

Ignore
August 03, 2011, 11:31:31 PM
 #27

Well, I guess it's obvious enough, but yes, we do already keep a large part of the bitcoins in offline wallets, and also have fake offline wallets stored in various places which I would not disclose (each one is encrypted too, of course, but let's avoid useless troubles).

Just curious, what would happen if you were to get hit by a bus? I'm not being cruel or insensitive here, but I'd be reassured if there are procedures and people in place to keep the site operational or at least allow everyone to withdraw if something where to happen to you personally.  would the secret hiding places and encryption keys of all the bitcoin offline wallets would be lost forever?  Would someone in your family inherit all our bitcoin deposits and we'd be left high and dry like mybitcoin.com customers?

Anyone ever watched the show "Dragon's Den" in CA/UK or "Shark Tank" in the US?  This 'what if you get hit by a bus' factor is an important thing to consider before investing in a company for the venture capitalists on that show, and I think it applies to bitcoin businesses especially so.   


Buy Electronic Cigarettes with Bitcoin @ http://bitvapes.com
Jered Kenna (TradeHill)
Sr. Member
****
Offline Offline

Activity: 420



View Profile WWW

Ignore
August 04, 2011, 04:19:10 AM
 #28

I don't think fractional reserve is an accurate name for this. What we're discussing here is more like storing the funds in a high security vault in the back of the bank than the fractional reserve systems used for physical cash.

Yes, I intentionally chose a thread title that sacrificed some accuracy in favor of being controversial and getting more people to read the thread. It's a bad habit of mine. One of many.

In order to make the title a teensy bit less misleading, I added quotes around "fractional reserve" in post #1.

I actually ignored this thread because of the title until I was asked to post here. TradeHill stores a lot of coins offline in a wallet that's not connected to the net. As funds rise to a certain level we move them over. We also take a lot of other measures that we will be posting about soon. We've been doing this since the beginning. Bitcoin provides new vulnerabilities but at the same times provides opportunities for security that traditional institutions don't have. We should take advantage of those and use it to minimize the damage if something catastrophic does occur.

Jered

moneyandtech.com
@moneyandtech @jeredkenna
Bitcoin7.com
Newbie
*
Offline Offline

Activity: 29



View Profile WWW

Ignore
August 04, 2011, 08:53:00 AM
 #29

Hello,

We also keep reserves on different places (online and offline) distributing the risk evenly.
I support the other exchanges in not sharing additional detailed information as this question is directly towards security and any public details may very well compromise any security measures.

http://www.Bitcoin7.com (http://www.Bitcoin7.com)  - Trade Bitcoins online! Buy/Sell BTC for USD, EUR, PLN, SAR, BGN - lowest commission on the Internet!
dacoinminster
Hero Member
*****
Offline Offline

Activity: 896


Rational Exuberance


View Profile WWW

Ignore
August 04, 2011, 02:01:43 PM
 #30

Here is the official statement from VirWox. I guess now we know why they never post here.

Quote
---------- Forwarded message ----------
From: VirWoX Support <support@virwox.com>
Date: Thu, Aug 4, 2011 at 1:11 AM
Subject: AW: Offline Reserves
To: (dacoinminster)
Cc: support@virwox.com

Hello,

sorry, but we never post "official statements" on public web forums. If we have something that we want to tell the world, we use our website, or our facebook and twitter streams for that.

And in particular, we dont publicly discuss sensitive security-related issues.

Greetings,

VirWoX Support

I fully understand and appreciate why sites don't want to discuss their security measures in detail, but I think it's a great way to build trust to be as transparent as possible.

dacoinminster
Hero Member
*****
Offline Offline

Activity: 896


Rational Exuberance


View Profile WWW

Ignore
August 04, 2011, 02:09:06 PM
 #31

Quote from: Jered Kenna (TradeHill) link=topic=34011.msg426877#msg426877
I actually ignored this thread because of the title until I was asked to post here. TradeHill stores a lot of coins offline in a wallet that's not connected to the net. As funds rise to a certain level we move them over. We also take a lot of other measures that we will be posting about soon. We've been doing this since the beginning. Bitcoin provides new vulnerabilities but at the same times provides opportunities for security that traditional institutions don't have. We should take advantage of those and use it to minimize the damage if something catastrophic does occur.

Jered

Thanks. I think I've gleaned enough hits on this thread by trickery. New thread title is:

"Open letter to online exchanges and wallets: store coins offline!"

WiseOldOwl
Full Member
***
Offline Offline

Activity: 224



View Profile

Ignore
August 04, 2011, 03:00:13 PM
 #32

Wondering how VirWox can accept
1. Paypal, which isn't even a form of payment anymore.
2. PaySafeCard, Which takes roughly 40% of the total transaction cost.

http://cryptoswap.com
XRP/BTC/LTC/BTE
Rassah
Hero Member
*****
Offline Offline

Activity: 1064


Director of Bitcoin100


View Profile

Ignore
August 04, 2011, 03:45:53 PM
 #33

Wondering how VirWox can accept
1. Paypal, which isn't even a form of payment anymore.
2. PaySafeCard, Which takes roughly 40% of the total transaction cost.


Probably by charging the CRAZY HIGH fees they do. The one time I used them, I spent $20.18 worth of Linden Dollars to buy ~$16 worth of Bitcoin Sad

Pages: 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!