Bitcoin Forum
November 17, 2024, 04:37:27 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Open letter to online exchanges and wallets: store coins offline!  (Read 4977 times)
dacoinminster (OP)
Legendary
*
Offline Offline

Activity: 1260
Merit: 1031


Rational Exuberance


View Profile WWW
August 03, 2011, 03:26:23 PM
Last edit: August 04, 2011, 02:06:24 PM by dacoinminster
 #1

Every exchange and wallet services (or actually anyone running a service with lots of coins) should only keep only a fraction of their bitcoin reserves available for immediate withdrawal - just enough to provide day-to-day liquidity.

The bulk of coins should be stored in multiple encrypted offline wallets (with multiple backups and a nice big gap of air between these wallets and the internet). These offline coins would not be available for immediate withdrawal, but they would be safe!

Coins could be sent to the offline wallets any time, and coins could be returned to the pool of available coins manually as needed. The concept is analogous to a bank vault. Most of the cash at your bank is not sitting in the till in front of the teller, but is securely stored in a vault which can only be accessed at certain times under heavy security.

Perhaps you think this doesn't need to be said, but some services have already lost all their coins by not doing this!

I also think that users of any such site should also have the option of storing a fraction of their coins in such an offline wallet. You could even give each user their own "offline address" where they could securely store coins for the long term, and they could see the coins in block explorer. Bringing the coins back online would require extra verification steps and built-in delays. This is analogous to a safety deposit box, and you could even call it that.

I'm sending PMs to the exchange and wallet reps, asking them to comment on this thread.

MagicalTux
VIP
Hero Member
*
Offline Offline

Activity: 608
Merit: 501


-


View Profile
August 03, 2011, 03:36:49 PM
 #2

Well, I guess it's obvious enough, but yes, we do already keep a large part of the bitcoins in offline wallets, and also have fake offline wallets stored in various places which I would not disclose (each one is encrypted too, of course, but let's avoid useless troubles).

The good thing is we can add bitcoins to those wallets without accessing them, we just keep a list of addresses (signed) and send only when needed.
dacoinminster (OP)
Legendary
*
Offline Offline

Activity: 1260
Merit: 1031


Rational Exuberance


View Profile WWW
August 03, 2011, 03:50:30 PM
 #3

Well, I guess it's obvious enough . . .

It SHOULD be obvious I suppose, but from what I understand that Polish exchange (bitomat) lost everything! Some of that loss could have been avoided with a strategy like this.

Obviously this doesn't help if the bitcoin service is fraudulent (MyBitcoin?), but any bitcoin wallet service who wants some degree of legitimacy needs to be doing this.

MagicalTux: Any plans to allow individual users to move their coins offline as described above?

MagicalTux
VIP
Hero Member
*
Offline Offline

Activity: 608
Merit: 501


-


View Profile
August 03, 2011, 04:10:43 PM
 #4

MagicalTux: Any plans to allow individual users to move their coins offline as described above?

That would be a pain, both to explain to users, and to implement. Plus actually, we can say that about 98% of all funds deposited by users are put offline. We have a handful of very big depositors who know they cannot withdraw their full balance in one go as we don't keep that much online.

Anyway we always keep only 2% of the balance online, which means that even in the case something happens to the online coins we could still guarantee 98% of users funds (we intend to write our ToS with this in mind, however it's not easy to put together). Of course we are doing everything possible to avoid this to ever happen.
hugolp
Legendary
*
Offline Offline

Activity: 1148
Merit: 1001


Radix-The Decentralized Finance Protocol


View Profile
August 03, 2011, 04:13:59 PM
 #5

This seem to me like a good idea. Its just that it is no fractional reserve, its just having two accounts.


               ▄████████▄
               ██▀▀▀▀▀▀▀▀
              ██▀
             ███
▄▄▄▄▄       ███
██████     ███
    ▀██▄  ▄██
     ▀██▄▄██▀
       ████▀
        ▀█▀
The Radix DeFi Protocol is
R A D I X

███████████████████████████████████

The Decentralized

Finance Protocol
Scalable
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
██▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀██
██                   ██
██                   ██
████████████████     ██
██            ██     ██
██            ██     ██
██▄▄▄▄▄▄      ██     ██
██▀▀▀▀██      ██     ██
██    ██      ██     
██    ██      ██
███████████████████████

███
Secure
      ▄▄▄▄▄
    █████████
   ██▀     ▀██
  ███       ███

▄▄███▄▄▄▄▄▄▄███▄▄
██▀▀▀▀▀▀▀▀▀▀▀▀▀██
██             ██
██             ██
██             ██
██             ██
██             ██
██    ███████████

███
Community Driven
      ▄█   ▄▄
      ██ ██████▄▄
      ▀▀▄█▀   ▀▀██▄
     ▄▄ ██       ▀███▄▄██
    ██ ██▀          ▀▀██▀
    ██ ██▄            ██
   ██ ██████▄▄       ██▀
  ▄██       ▀██▄     ██
  ██▀         ▀███▄▄██▀
 ▄██             ▀▀▀▀
 ██▀
▄██
▄▄
██
███▄
▀███▄
 ▀███▄
  ▀████
    ████
     ████▄
      ▀███▄
       ▀███▄
        ▀████
          ███
           ██
           ▀▀

███
Radix is using our significant technology
innovations to be the first layer 1 protocol
specifically built to serve the rapidly growing DeFi.
Radix is the future of DeFi
█████████████████████████████████████

   ▄▄█████
  ▄████▀▀▀
  █████
█████████▀
▀▀█████▀▀
  ████
  ████
  ████

Facebook

███

             ▄▄
       ▄▄▄█████
  ▄▄▄███▀▀▄███
▀▀███▀ ▄██████
    █ ███████
     ██▀▀▀███
           ▀▀

Telegram

███

▄      ▄███▄▄
██▄▄▄ ██████▀
████████████
 ██████████▀
   ███████▀
 ▄█████▀▀

Twitter

██████

...Get Tokens...
the founder
Sr. Member
****
Offline Offline

Activity: 448
Merit: 251


Bitcoin


View Profile WWW
August 03, 2011, 04:22:14 PM
 #6

MagicalTux: Any plans to allow individual users to move their coins offline as described above?

That would be a pain, both to explain to users, and to implement. Plus actually, we can say that about 98% of all funds deposited by users are put offline. We have a handful of very big depositors who know they cannot withdraw their full balance in one go as we don't keep that much online.

Anyway we always keep only 2% of the balance online, which means that even in the case something happens to the online coins we could still guarantee 98% of users funds (we intend to write our ToS with this in mind, however it's not easy to put together). Of course we are doing everything possible to avoid this to ever happen.


We can't keep any percentage of coins offline like that..   We can't allow for a bank run ..    

We'll have to think about this as it does make sense, but can be a nightmare to the end users if one or two of them have large numbers of coins and want to withdraw...  it could "lock up the whole system" for a while...  but at the same time I do see it's security benefits.  .  Thanks for the advice.




Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
WiseOldOwl
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
August 03, 2011, 04:29:57 PM
Last edit: August 03, 2011, 04:44:09 PM by WiseOldOwl
 #7

Hello all,
That is awesome that MtGox does the offline storage, and 98%...sweet. We do the same thing and exercise the ability to send to wallets offline. At dacoinminster's request, I will throw my 2 Bit's,
1. It's not actually fractional reserve, It is a delayed withdraw as a result of security measures.
2. Our exchange uses MtGox regularly, and we have different security concerns because the nature of our businesses is truly different.
3. We all see the future of BitcoinBanking involving a set withdraw time window for someone to withdraw from a otherwise offline wallet. Meaning we keep it offline, You request a withdraw, We have to make it available online and we will do so for X amount of time before we take it back down.
4. If any exchanges are really keeping all there "eggs" in one basket still... I wouldn't use those exchanges just as a statement (and obviously because I want my coins protected).
5. Our system actually requires to keep most funds in USD spread among a lot of accounts and in hand. I keep a couple hundred BTC in my wallet and MtGox etc.  just to avoid waiting for more than 1 confirmation when dealing with my regulars. But I do have The offline wallets on a Nice, tough, external HD. '
Our Banking system that is in the works basically has been planned around the safety deposit box theory you posted above. Easy to deposit to your offline wallets but you must schedule a withdraw time window, and has a little LR$ mixed in in that you can have a accessible wallet with just the funds needed always online mitigating your risk for hack.

Again I want to clarify that My Exchange isn't Person2Person and we are required to hold cash rather than Bitcoins, so these issues arent as relevant to my particular exchange.


To the post above, I/m pretty sure it would only "lock the system" for about 6 confirmations. So people wont freak out I dont think. Again it's not actually Fractional Reserve because they are keeping all the coins, It is just a delayed withdraw system/
Keyur @ Camp BX
Sr. Member
****
Offline Offline

Activity: 299
Merit: 250



View Profile WWW
August 03, 2011, 04:32:04 PM
 #8

Am I crazy? Well, yes, but that is beside the point.

By fractional reserve, I don't mean that they should start making loans or other investments. Rather, they should only keep only a fraction of their bitcoin reserves available for immediate withdrawal - enough to provide day-to-day liquidity.

The bulk of coins should be stored in multiple encrypted offline wallets (with multiple backups and a nice big gap of air between these wallets and the internet). These offline coins would not be available for immediate withdrawal, but they would be safe!

Coins could be sent to the offline wallets any time, and coins could be returned to the pool of available coins manually as needed. The concept is analogous to a bank vault. Most of the cash at your bank is not sitting in the till in front of the teller, but is securely stored in a vault which can only be accessed at certain times under heavy security.

Users of any such site should also have the option of storing a fraction of their coins in such an offline wallet. You could even give each user their own "offline address" where they could securely store coins for the long term, and they could see the coins in block explorer. Bringing the coins back online would require extra verification steps and built-in delays. This is analogous to a safety deposit box, and you could even call it that.

I'm sending PMs to the exchange reps, asking them to comment on this thread.


DCM,
      Very good point, but for newer exchanges our wallets see a lot of activity day-to-day.  For MT.Gox 2% of the wallet is sufficient to cover daily activity, for us it is more like >30%.  
As we move forward, this will of course be a top priority.

In the meantime, to stay ahead of natural / man-made disasters and hackers we have following measures in place:

1) Secure data center designed to survive Cat 5 hurricanes
2) Connectivity to three telco backbones
3) Redundant power with 2 Caterpillar diesel generators to support the data center power
4) Physical security for servers
5) Well defined chain of command and separate ownership for Database and Wallet
6) Multiple, offsite backups
7) Nightly security audits
Cool Daily D-Dos simulations
9) Scheduled White-hat penetration tests


Hope this helps,
     Keyur


Please stay tuned to our news and announcements feeds at:
Twitter: https://twitter.com/CampBX
Facebook: https://facebook.com/CampBX
WiseOldOwl
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
August 03, 2011, 04:35:17 PM
 #9

Hey CampBX,
Are your servers on shore? or off shore?
Sounds like a nice facility, if it's offshore I would love to use their services.
indio007
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
August 03, 2011, 04:36:24 PM
 #10

Now that Mtgox has confessed to keep the coins offline (not necessarily a bad thing) what are you continuity of operations plans? What happens if you die or are jailed? How is someone going to restore those funds in the event you can't?
Ruxum
Newbie
*
Offline Offline

Activity: 39
Merit: 0


View Profile
August 03, 2011, 04:40:01 PM
 #11

We have several strategies to ensure protection of our user's Bitcoin and other assets.  

- multiple encrypted offline wallets
- online wallets are backed up at least hourly
- backups are encrypted and on separate physical servers
- backups are stored in at least two other different physical locations
- backups are stored in different legal jurisdictions (countries)
- ACL and other internal security policies


MagicalTux
VIP
Hero Member
*
Offline Offline

Activity: 608
Merit: 501


-


View Profile
August 03, 2011, 04:43:59 PM
 #12

Now that Mtgox has confessed to keep the coins offline (not necessarily a bad thing) what are you continuity of operations plans? What happens if you die or are jailed? How is someone going to restore those funds in the event you can't?

Unfortunately I cannot provide this kind of information without creating useless risks for the stored coins. As we grow we will create more ways of ensuring continuity on which we will be able to communicate openly.
the founder
Sr. Member
****
Offline Offline

Activity: 448
Merit: 251


Bitcoin


View Profile WWW
August 03, 2011, 04:47:39 PM
 #13

I have to agree with Magical Tux...  we have a process in place as well to provide continuance... but there is no way that it would make sense to publish them ... 




Bitcoin RSS App / Bitcoin Android App / Bitcoin Webapp http://www.ounce.me  Say thank you here:  1HByHZQ44LUCxxpnqtXDuJVmrSdrGK6Q2f
jav
Sr. Member
****
Offline Offline

Activity: 249
Merit: 251


View Profile
August 03, 2011, 04:58:16 PM
 #14

Instawallet uses offline storage as well (about 75 % of all funds are currently offline). Most people follow the "not a bank, just spare change" rule so it's not much to begin with, which is how it should be. Just to reiterate: Instawallet is a spare time project of mine, does not offer high security and is more a show-case platform to make Bitcoin more convenient. If there ever is a "bank run" on Instawallet, then it might take a day or two until I move things out of offline storage.

Hive, a beautiful wallet with an app platform for Mac OS X, Android and Mobile Web. Translators wanted! iOS and OS X devs see BitcoinKit. Tweets @hivewallet. Donations appreciated at 1HLRg9C1GsfEVH555hgcjzDeas14jen2Cn.
Rassah
Legendary
*
Offline Offline

Activity: 1680
Merit: 1035



View Profile WWW
August 03, 2011, 05:08:44 PM
 #15

How possible is it to have each account holder's coins associated with a single, separate address/key? (I'm sure it'll be a PITA, but is it technically feasible?) This way, once someone opens an account, you can mail (encrypted file attachment, or mailed on paper) then the private key associated with their account, with instructions to make copies and back it up. Should anything happen to the system (crash, hack, government raid, zombie attack, whatever), users will still be able to manually import their private keys and get their coins off the block chain. Your businesses will still be able to continue operating and providing the same services they do now (easily-accessible secure banking, exchange, whatever).
Likewise, this will shift some of the liability onto the users, in case you are worried about insurance or legal issues.
WiseOldOwl
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
August 03, 2011, 05:21:51 PM
 #16

How possible is it to have each account holder's coins associated with a single, separate address/key? (I'm sure it'll be a PITA, but is it technically feasible?) This way, once someone opens an account, you can mail (encrypted file attachment, or mailed on paper) then the private key associated with their account, with instructions to make copies and back it up. Should anything happen to the system (crash, hack, government raid, zombie attack, whatever), users will still be able to manually import their private keys and get their coins off the block chain. Your businesses will still be able to continue operating and providing the same services they do now (easily-accessible secure banking, exchange, whatever).
Likewise, this will shift some of the liability onto the users, in case you are worried about insurance or legal issues.

This is a good jumping point,
but I was thinking what if they pull the coins early and blame us for whatever reason?
genjix
Legendary
*
Offline Offline

Activity: 1232
Merit: 1076


View Profile
August 03, 2011, 05:43:36 PM
 #17

OP pointed me to this thread, but if you would check our sourcecode (which is online BTW), then you can see that we already do this,

(if on line 40)
https://gitorious.org/intersango/intersango/blobs/master/cron/verify_withdrawals_bitcoin.php

Keeping all your funds online is insane. Keeping your backups on the same server is absurd.
dacoinminster (OP)
Legendary
*
Offline Offline

Activity: 1260
Merit: 1031


Rational Exuberance


View Profile WWW
August 03, 2011, 05:49:40 PM
 #18

OP pointed me to this thread, but if you would check our sourcecode (which is online BTW), then you can see that we already do this,

(if on line 40)
https://gitorious.org/intersango/intersango/blobs/master/cron/verify_withdrawals_bitcoin.php

Keeping all your funds online is insane. Keeping your backups on the same server is absurd.

Do you mind disclosing what % of britcoin/intersango funds are offline?

Rassah
Legendary
*
Offline Offline

Activity: 1680
Merit: 1035



View Profile WWW
August 03, 2011, 06:01:59 PM
 #19

How possible is it to have each account holder's coins associated with a single, separate address/key? (I'm sure it'll be a PITA, but is it technically feasible?) This way, once someone opens an account, you can mail (encrypted file attachment, or mailed on paper) then the private key associated with their account, with instructions to make copies and back it up. Should anything happen to the system (crash, hack, government raid, zombie attack, whatever), users will still be able to manually import their private keys and get their coins off the block chain. Your businesses will still be able to continue operating and providing the same services they do now (easily-accessible secure banking, exchange, whatever).
Likewise, this will shift some of the liability onto the users, in case you are worried about insurance or legal issues.

This is a good jumping point,
but I was thinking what if they pull the coins early and blame us for whatever reason?

Damn, good point. Will have to think about how to mitigate that...
genjix
Legendary
*
Offline Offline

Activity: 1232
Merit: 1076


View Profile
August 03, 2011, 06:04:07 PM
 #20

We project withdrawals and it changes based on our projection. Usually around 90%
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!