every exchange will be hacked?

[escrowguy]

mtgox, coinex.pw, vircurex, cryptorush 
Whats next?

[zzojar]

What makes you think every exchange will be hacked?

[irrational]

mtgox, coinex.pw, vircurex, cryptorush 
Whats next?

This is why Coinbase hired the Facebook security directory.

[wo4baba]

every exchange will steal btc, that's almost for sure, unless those suckers will be put a price on their heads by all community victims, otherwise, better buy and send it your private pc wallet

[escrowguy]

every exchange will steal btc, that's almost for sure, unless those suckers will be put a price on their heads by all community victims, otherwise, better buy and send it your private pc wallet

0.5 Bounty for cryptorush hackers!

[durrrr]

i think that eventually things will stop getting hacked and things will calm down. people have to be working on fixing these things daily ya know.

[TheButterZone]

Add Bitfloor to OP

[Satosh¡ Slot]

I think the incentives to claim they're hacked and run with the money is just to big, considering that it's impossible to prove that the hacking were inside jobs.

MtGox is not the first exchange were owners claimed they were robbed, ran with the money and later gave the victims part of the money back:

According to an anonymous high-profile source, the first and original bitcoin scam was the online coin wallet Mybitcoin.com. People would deposit hundreds of thousands of coins there, as the currency was new and hundreds of thousands of coins weren’t yet worth a lot.

Then, on July 29, 2011, the site went blank, just like the Gox website did. People panicked and gradually accepted a catastrophic loss of funds.

On August 11, 14 days later, the site came back online and declared – just like Gox – that they “had been hacked”, had filed for bankruptcy protection, just like Gox, but “had managed to recover” 49% of the funds. People could fill out claim forms to recover these funds – 49% of their original balance. As this was enough time for most people to internalize the loss, they were happy again at the sudden windfall; things suddenly weren’t as bad as they had seemed. In the meantime, the anonymous person who ran mybitcoin.com disappeared with a huge amount of money, according to the source.

In other words, the scam cynically exploited people’s loss and grief to actually make them happy when they got something back. Most “hacks” of bitcoin sites since then have actually been copycat scams of mybitcoin.com, again according to this source. - See more at: http://www.dailytech.com/Bitcoin+King+Pt+II+Mt+Goxs+Dictator+Karpels+Proves+Tragically+Flawed/article34452.htm#sthash.upwWVHJk.dpuf

[DeathAndTaxes]

You could just use an exchange which never holds a single satoshi belonging to users.  Kinda hard to steal (or "steal") what isn't there.

[Satosh¡ Slot]

You could just use an exchange which never holds a single satoshi belonging to users.  Kinda hard to steal (or "steal") what isn't there.

There's a reason today's exchanges are off the blockchain. They talked about it today on the CoinSummit. I'm not saying that an exchange that works on the blockchain is impossible, but it would be quite a complicated thing to pull off, and fita holdning would still be subject to fractional banking — Just like was the case with MtGox! (They blaimed fiat delays on the banks but in reality were probably using other customer's funds to fill Bitcoin withdrawals)

[BitEscrow]

 Yeah, it's because people here have no fucking clue what is a scam and what isn't. If you retards didn't trust everything you read we wouldn't be hearing about this.

[jubalix]

I am kind of coming to this conclusion for conventional exchanges. But its not fatal

you just have a very short small exposure on any exchange at any time, so you can afford to loose that amount during the hack

get in and out of the exchange quickly with small amounts.

Cyprto P2P exchanges are on the way eg nxt.

also checksums that allow total BTC holding of an exchange will become the norm. Eg every person that send in BTC and withdraws will go through a set clearing addresses, so you can keep track of how much the exchange has.

This ensures you can tell if they have fractional reserve going on....though it does still not stop them from running off with an internal address, though it would make the claim that they have been hacked harder as you could see where the BTC was, they would have to convince you they had lost the private key.

A bitcoin tech based exchange will be much safer imho, and is the next step, even though they are no real P2P until they get the fiat side in as well.

[DeathAndTaxes]

You could just use an exchange which never holds a single satoshi belonging to users.  Kinda hard to steal (or "steal") what isn't there.

There's a reason today's exchanges are off the blockchain. They talked about it today on the CoinSummit. I'm not saying that an exchange that works on the blockchain is impossible, but it would be quite a complicated thing to pull off, and fita holdning would still be subject to fractional banking — Just like was the case with MtGox! (They blaimed fiat delays on the banks but in reality were probably using other customer's funds to fill Bitcoin withdrawals)

I guess I should be less subtle.  BitSimple never hold any customer bitcoins.  Your coins stay in your wallet, under your control, where they belong IMHO.

[Amitabh S]

yes ... sooner or later.

[monsterer]

I guess I should be less subtle.  BitSimple never hold any customer bitcoins.  Your coins stay in your wallet, under your control, where they belong IMHO.

"BitSimple isn't an exchange, it is a direct broker for bitcoins."

Presumably meaning you're selling OTC, which means you have no need to hold customer's funds anyway. An exchange must work differently, as I'm sure you're well aware.

[Icardi09]

the hacker was from inside exchanger, i'm sure about it 
they will run with your BTC

[ning]

There's a possible solution to this: pull all the funds off-line and ask customers to digitally sign all the actions (buy orders, sell orders, and order cancellations, etc.), and perform manual withdrawal.

[monsterer]

There's a possible solution to this: pull all the funds off-line and ask customers to digitally sign all the actions (buy orders, sell orders, and order cancellations, etc.), and perform manual withdrawal.

Having everything on chain? Yes, this is indeed a solution of a kind, but it poses problems:

* Atomicity of trades (you can no longer rely on your database to help you here)
* High per-trade fees (standard coin transaction fees)
* Bloated blockchains

Cheers, Paul.

[dave111223]

Crypto-exchange is a constant tug of war between convenience and safety.

For every convenience to the users there is a security trade off, example:

Customers want instant withdraws = Automated withdraws = not checked by human eyes = more risky

Customers want large amount of funds available quickly = Large hot wallet = more risky

Customers want more ways to deposit money = exchange start using questionable funding sources or countries = more risky

Those exchanges which lean too far over onto the side of convenience inevitably end up getting cleaned out.


You may be thinking "Yay my deposits hit my balance in 1 confirmation, and my withdrawals hit the blockchain in 5 seconds"....instead you should be worried.

[escrowguy]

I found this when I searched for the new heartbleed bug
http://pastebin.com/Zaaun8kz
Hope It's not true.