Bitcoin Forum
November 02, 2024, 07:01:14 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: How does a hot wallet empty a cold wallet?  (Read 2119 times)
Bit_Happy (OP)
Legendary
*
Offline Offline

Activity: 2114
Merit: 1040


A Great Time to Start Something!


View Profile
February 28, 2014, 02:42:27 AM
 #1

Assume for a moment Gox might be telling the truth (Ya right, hahaha)
The purpose of a cold wallet is security and the hot wallet(s) don't have access.
The "crisis document" is clearly a lie, or am I missing something about the cold wallet?

Frankie
Full Member
***
Offline Offline

Activity: 206
Merit: 100



View Profile
February 28, 2014, 03:27:00 AM
Last edit: February 28, 2014, 12:07:04 PM by Frankie
 #2

Has Gox actually said this? Doesn't seem clear who the author is.

Whatever the supposed mechanism is, it doesn't make any sense.

You should be able to calculate how many bitcoins your wallets control. Maybe there were some fees you didn't take into account, but it should be close. Then you see how many your wallets actually control. If the total is way off, you investigate, same as any other business that checks its cash register at the end of the day.

This document suggests that no one made that simple comparison for years. It's preposterous.

It would be like McDonald's declaring they ran out of assets because the cashiers kept giving out money due to an error in their protocol, and this lost cash was continually replenished from McDonald's corporate bank account. That's what the document purports.
Bit_Happy (OP)
Legendary
*
Offline Offline

Activity: 2114
Merit: 1040


A Great Time to Start Something!


View Profile
February 28, 2014, 03:49:04 AM
 #3

Has Gox actually said this? Doesn't seem clear who the author is...

Agreed, it was supposedly "leaked".


...It's preposterous....
It's preposterous, yes.
The "crisis document" is being widely quoted and it has this Huge, glaring flaw.
You helped verify my basic understanding of a cold wallet, thanks





usabitcoinbuyer
Newbie
*
Offline Offline

Activity: 57
Merit: 0


View Profile
February 28, 2014, 04:27:02 AM
 #4

It shouldn't, if done right.  Withdrawing from a cold wallet should take some kind of conscious manual intervention.

If we assume that the wording in the crisis draft isn't literally accurate, then the following thread and article suggest one of the more believable theories I've seen about what might have happened:

https://bitcointalk.org/index.php?topic=489813.0
http://letstalkbitcoin.com/somethings-not-right-at-gox/

The TL;DR version:

A successful Transaction Malleability exploit emptied their withdrawal hot wallet for the first time in a long time.  Gox goes to refill the wallet during the initial BTC withdrawal freeze and ... uh oh... the cold wallet private key is lost/corrupted/not working.  It might have gone undetected because deposits and watching the wallet balance wouldn't evidence the broken private key.

(Edited for clarification)
JoelKatz
Legendary
*
Offline Offline

Activity: 1596
Merit: 1012


Democracy is vulnerable to a 51% attack.


View Profile WWW
February 28, 2014, 04:30:59 AM
 #5

Assume for a moment Gox might be telling the truth (Ya right, hahaha)
The purpose of a cold wallet is security and the hot wallet(s) don't have access.
The "crisis document" is clearly a lie, or am I missing something about the cold wallet?
A hot wallet empties a cold wallet if you refill the hot wallet from the cold wallet every time it gets low. If the rule is "when the hot wallet is low, refill it from the cold wallet" and you keep applying that rule, a leak in the hot wallet drains the cold wallet eventually.

How do you get a leak in the how wallet? Easy. You have a rule like: "if the customer complains that their withdrawal didn't process, and it has been at least 24 hours, check the transaction ID in our database. If it didn't confirm, process another withdrawal from the hot wallet."

Do you have to be a complete idiot with no audits and no controls to allow defects like these to cause you lose 99% of customer funds over years? The answer to that question is left as an exercise for the reader.

Quote from: Join_Statement
Bitcoin operators, whether they be exchanges, wallet services or payment providers, play a critical custodial role over the bitcoin they hold as assets for their customers.  Acting as a custodian should require a high-bar, including appropriate security safeguards that are independently audited and tested on a regular basis, adequate balance sheets and reserves as commercial entities, transparent and accountable customer disclosures, and clear policies to not use customer assets for proprietary trading or for margin loans in leveraged trading.  It does not appear to any of us that MtGox followed any these essential requirements as a financial services provider.

I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
moni3z
Hero Member
*****
Offline Offline

Activity: 899
Merit: 1002



View Profile
February 28, 2014, 04:35:48 AM
 #6

Karpales rolled his own wallet(s) using the Bitcoin raw protocol and of course is totally inept at everything so fucked it up. If he had just used the regular bitcoin client but kept it offline, or used Armory offline wallet there would be no problems. Read his personal blog sometime. He makes insecure crypto libraries using Php and then immediately uses them in production without even realizing he's created a big bag of shit.
LarryLiu
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
February 28, 2014, 05:03:54 AM
 #7

It happens when the cold storage is warm. If the cold wallet passphrase or the private keys were not printed on paper and were accessible to a networked computer in any fashion then it would not be considered as a cold wallet to me.
Frankie
Full Member
***
Offline Offline

Activity: 206
Merit: 100



View Profile
February 28, 2014, 12:11:03 PM
 #8

It happens when the cold storage is warm. If the cold wallet passphrase or the private keys were not printed on paper and were accessible to a networked computer in any fashion then it would not be considered as a cold wallet to me.
I suppose that could be. It's not really a cold wallet if scripts from networked machines automatically pay "hotter" wallets when they run low.
thelema93
Sr. Member
****
Offline Offline

Activity: 339
Merit: 250


View Profile
February 28, 2014, 01:00:11 PM
 #9

Assume for a moment Gox might be telling the truth (Ya right, hahaha)
The purpose of a cold wallet is security and the hot wallet(s) don't have access.
The "crisis document" is clearly a lie, or am I missing something about the cold wallet?

Something hot leaked out of Mark Krapeles pants after he drank too much cold coffee

thelema93
Sr. Member
****
Offline Offline

Activity: 339
Merit: 250


View Profile
February 28, 2014, 01:01:33 PM
 #10

Karpales rolled his own wallet(s) using the Bitcoin raw protocol and of course is totally inept at everything so fucked it up. If he had just used the regular bitcoin client but kept it offline, or used Armory offline wallet there would be no problems. Read his personal blog sometime. He makes insecure crypto libraries using Php and then immediately uses them in production without even realizing he's created a big bag of shit.


I'm wondering if that's how maybe he got hacked? he puts all his code on github for everyone to see!

enno
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile
February 28, 2014, 02:32:01 PM
 #11

Read his personal blog sometime.

I'd love to. Where is it?
LarryLiu
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
February 28, 2014, 02:45:35 PM
 #12

It happens when the cold storage is warm. If the cold wallet passphrase or the private keys were not printed on paper and were accessible to a networked computer in any fashion then it would not be considered as a cold wallet to me.
I suppose that could be. It's not really a cold wallet if scripts from networked machines automatically pay "hotter" wallets when they run low.

Exactly, the keyword "automatically" demands programmatic access to the secrets, that effectively makes it just another hot wallet.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!