Bitcoin Forum
November 24, 2017, 09:58:02 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Vault of Satoshi Launches Full Proof of Solvency (Not Just an Audit)  (Read 2021 times)
AdamSC1
Jr. Member
*
Offline Offline

Activity: 34


View Profile
April 21, 2014, 06:52:19 PM
 #1

At Vault of Satoshi we have always tried to embody the mantra of being an open, honest and transparent exchange. We feel it's our duty to do so when you make the decision to place your funds in our hands.

For this reason we have long sought after a way to prove our reserves to the public in a safe and reliable manner, while most exchanges issue a third-party audit, we felt that simply wasn't open enough - so today at Vault of Satoshi we are proud to announce full proof of solvency and the publication of our cold wallet!

Users can self validate both their balance and the overall reserves of the exchange by navigating to our security center and selecting "BTC Proof of Solvency". From there, load the partial tree list, select "online tools" and copy paste in the relevant information to validate the holdings.

Note: While our secured cold wallet is listed and public, we have decided to not publish the hot wallet address for security reasons, and so the total value may have a discrepancy of up to 5-6%.

We at Vault of Satoshi want to thank you for your trust and your continued patronage. We will continue to take steps to be transparent and promote honest, customer oriented practices in the Cryptocurrency market.


All the best,
Adam Cochran
Director of Marketing
Vault of Satoshi

Original: http://www.reddit.com/r/vos/comments/23lxho/vault_of_satoshi_launches_full_proof_of_solvency/
You can see the statistics of your reports to moderators on the "Report to moderator" pages.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511517482
Hero Member
*
Offline Offline

Posts: 1511517482

View Profile Personal Message (Offline)

Ignore
1511517482
Reply with quote  #2

1511517482
Report to moderator
1511517482
Hero Member
*
Offline Offline

Posts: 1511517482

View Profile Personal Message (Offline)

Ignore
1511517482
Reply with quote  #2

1511517482
Report to moderator
1511517482
Hero Member
*
Offline Offline

Posts: 1511517482

View Profile Personal Message (Offline)

Ignore
1511517482
Reply with quote  #2

1511517482
Report to moderator
coiner8
Member
**
Offline Offline

Activity: 65


View Profile
April 21, 2014, 07:33:10 PM
 #2

proof of solvency and the publication of our cold wallet!

we have decided to not publish the hot wallet address for security reasons

This makes it sound like you have only one cold wallet and one hot wallet.  Surely that is not the case.  I hope?
MrWDunne
Sr. Member
****
Offline Offline

Activity: 322


View Profile
April 21, 2014, 07:37:26 PM
 #3

proof of solvency and the publication of our cold wallet!

we have decided to not publish the hot wallet address for security reasons

This makes it sound like you have only one cold wallet and one hot wallet.  Surely that is not the case.  I hope?

The amount of addresses they use has very little relevance for security.

Bit_Happy
Legendary
*
Offline Offline

Activity: 1638


A Great Time to Start Something!


View Profile
April 21, 2014, 07:38:50 PM
 #4

Congrats on attempting to provide a better, safer service.
FYI: This thread probably belongs in "Service Discussion".

feverpitch
Full Member
***
Offline Offline

Activity: 131


View Profile
April 21, 2014, 07:42:54 PM
 #5

This is great.  Should be standard protocol for ALL exchanges.
coiner8
Member
**
Offline Offline

Activity: 65


View Profile
April 21, 2014, 07:56:26 PM
 #6

proof of solvency and the publication of our cold wallet!

we have decided to not publish the hot wallet address for security reasons

This makes it sound like you have only one cold wallet and one hot wallet.  Surely that is not the case.  I hope?

The amount of addresses they use has very little relevance for security.

Of course it does.

1 cold wallet = Only takes one security incident, one private key stolen, all funds gone.
10 cold wallets = Needs 10 security incidents to lose everything, otherwise one breach only loses 10%.

Naturally the 10 cold wallets need to be stored separately and in different manners in order to be effective.

Same goes with the hot wallet.  One flaw in the app or servers and the entire thing could be drained.  Multiple hot wallets on separate servers with very different access methods will make it much more difficult for a hacker to take all of the hot balance.  More likely they'd go for the first one they could get and after that Vault would know and shut the rest down.
trout
Sr. Member
****
Offline Offline

Activity: 328


View Profile
April 21, 2014, 11:01:10 PM
 #7

would you mind elaborating what you mean by "full proof"?
That is, what information you provide and how can one verify its validity.

HeliKopterBen
Hero Member
*****
Offline Offline

Activity: 622



View Profile
April 21, 2014, 11:48:55 PM
 #8

Can customers audit the exchange in real time?

Counterfeit:  made in imitation of something else with intent to deceive:  merriam-webster
Light
Hero Member
*****
Offline Offline

Activity: 714



View Profile
April 22, 2014, 12:57:59 AM
 #9

Of course it does.

1 cold wallet = Only takes one security incident, one private key stolen, all funds gone.
10 cold wallets = Needs 10 security incidents to lose everything, otherwise one breach only loses 10%.

Naturally the 10 cold wallets need to be stored separately and in different manners in order to be effective.

Same goes with the hot wallet.  One flaw in the app or servers and the entire thing could be drained.  Multiple hot wallets on separate servers with very different access methods will make it much more difficult for a hacker to take all of the hot balance.  More likely they'd go for the first one they could get and after that Vault would know and shut the rest down.

The thing is - if it truly is an air gapped cold storage system it is extremely difficult for someone to actual get hold of the private keys. Setting up 10 different cold storage systems is a lot of effort and wouldn't really achieve that much as if you had a flaw in one you'd have that same flaw in all of them.

The whole purpose of a hot wallet is not to have all your coins in there so that if it is stolen it isn't such a big deal. Trust me - having many different hot wallets which different access methods is not exactly easy to manage nor is it that cost effective. Honestly, they'd be better off getting lots of pen-testing done and keeping admin accounts away rather than trying to split up their wallets.
AdamSC1
Jr. Member
*
Offline Offline

Activity: 34


View Profile
April 22, 2014, 03:00:11 PM
 #10

would you mind elaborating what you mean by "full proof"?
That is, what information you provide and how can one verify its validity.


You are able to check that we have all the BTC we claim we have, that your BTC are indeed included as a part of that and appropriately assigned to you and that our coldwallet exists on the blockchain and has the appropriate funds.

AdamSC1
Jr. Member
*
Offline Offline

Activity: 34


View Profile
April 22, 2014, 03:06:41 PM
 #11

Can customers audit the exchange in real time?

It's my understanding that the hashes are produced in a daily cron, and you can run an audit at anytime but you will get the values from that days cron!

If you have any further technical questions I can direct them to our software engineer who lead up that project!
HeliKopterBen
Hero Member
*****
Offline Offline

Activity: 622



View Profile
April 22, 2014, 06:55:17 PM
 #12

Can customers audit the exchange in real time?

It's my understanding that the hashes are produced in a daily cron, and you can run an audit at anytime but you will get the values from that days cron!

If you have any further technical questions I can direct them to our software engineer who lead up that project!

Thanks.  Daily is good enough vs traditional audits that can take several months.  Your exchange should gain in market share with the implementation of this new tool.

Counterfeit:  made in imitation of something else with intent to deceive:  merriam-webster
bg002h
Donator
Legendary
*
Offline Offline

Activity: 1358


I outlived my lifetime membership:)


View Profile WWW
April 22, 2014, 07:31:23 PM
 #13

Proof of solvency is a great step forward. Real world security audits are the flip side of the same coin, so to speak.

Hardfork aren't that hard.
1GCDzqmX2Cf513E8NeThNHxiYEivU1Chhe
AdamSC1
Jr. Member
*
Offline Offline

Activity: 34


View Profile
April 22, 2014, 08:47:24 PM
 #14

Can customers audit the exchange in real time?

It's my understanding that the hashes are produced in a daily cron, and you can run an audit at anytime but you will get the values from that days cron!

If you have any further technical questions I can direct them to our software engineer who lead up that project!

Thanks.  Daily is good enough vs traditional audits that can take several months.  Your exchange should gain in market share with the implementation of this new tool.

Regardless, we feel it is the right thing to do. Our users trust us with their assets and we should put that front and center and be as reliant, secure and transparent as we can afford. Our user's deserve every bit of effort to give them peace of mind!
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!