|
March 04, 2014, 07:33:10 PM |
|
In light of the MtGox debacle and all the hacks, scams, attacks and robberies that've taken place in regards to various bitcoin services.
It seems like common sense, but here's what I think any operator experiencing a breach should do.
1. Provide copy of police report. 2. Be honest about the breach and provide elaborate details about the line of events leading to the loss of bitcoins. If you cannot do this, please elaborately explain why. 3. Make a plan to reimburse customers - I'm sure many customers could wait a while, as long as they got back what they are owed. If you run a profitable business, use future income to paying off the outstanding debt to customers. 4. Do audits of your system, even though a security audit is costly and cumbersome, the result of doing nothing might lead to further bitcoin losses down the line, and to the complete closure of your business. 5. Communicate with the customer base. Don't bullshit them, be honest, and make frequent updates. While nobody expects you to write every hour what you do, at the very least do daily, semi-weekly or weekly updates. Having customer request just pile up makes customers angry. If you're overloaded and swamped with requests, update your webpage or otherwise inform the customers about the situation. Don't let customers hanging without knowing anything. If they see that there's 4500 pending customer requests, they will understand they will have to wait.. 6. Prove your solvency if there are serious doubts in regards to this. The longer you wait when you have internal problems, the uglier the final crash will be. 7. As long as the users feel they are respected, they will be much more forgiving.
|