Taint checker list

[sebastian]

I got a suggestion to remedy the "stolen coin problem".

Make like a list in the bitcoin client, that you can freely fill and delete with bitcoin adresses.
This list could be linked to a file on your harddrive that autoupdates the list. (so you could automagically update the taint list by removing or adding entires by writing to a file on your harddrive, like taintlist.txt , so you can update it with a scheduled task or cron script at regular intervals, or have a "report stolen coin" feature on your webshop that populates the receiving end on your webshop taintlist.txt with the adress in question)

Everytime a payment is received, bitcoin checks the whole trace (blockchain) for the whole chain of the coin until it reach the coinbase.
If a adress on your list is found, the payment is rejected by sending it back to the sender in complete, without involving any change, thus it does not taint your adress.
Also, any event that would indicate that you received payment, would not fire. (so any webshop script would still wait for payment).
If this becomes too computationally intensive for the clients, the taint list could have some sort of "depth" option that allows the taint list owner to set how deep it will check for taints, and -1 would then mean "to the coinbase".
The depth could be set per address tainted, so you can select a depth depending on how "dangerous" the address in question is. (but it will always search deep as the address on taint list with highest depth).
So adding addresses with a depth of 0 would make these addresses blacklisted, so money coming direct from these adresses are sent back, but not if they passed a untainted address before reaching you.
depth=3 would mean the latest 4 adresses the coin passed may not match the entry in taint list.

Note that this is a feature that everyone would be free to use or not use. Keeping the list blank would make the bitcoin client behave as usual.
This does not change the network at all, since it would be the users themselves that elect to download taint lists and populate their lists with. Simply, the taint lists is "I DONT want to receive ANY coins that have been touched these adresses:"


Then MtGox and other people, such as companies that get their funds stolen, can publish lists of coins they will groan upon, and then ordinary bitcoin users could download these lists and populate their taint lists with. MtGox and such can select to keep "stolen" money for the purpose of recovering it to original owner, by not using taintlist feature at all, thus accepting all payments.

The taint list could simply have so you can even "add" a list to the list, and "remove" a list from the list.
"add" a list to the list, would simply add all adresses in the selected text file, checking for duplicates, to the taint list, keeping any records already in taint list.
"remove" a list from the list, would simply remove all entires found in taint list, that match all entires in a selected text file. (This is good if a trusted web site says these coins have been recovered).

Also "addtaint <address> <depth>" and "removetaint <address>" could be added as RPC calls.

Also a new event could be added, like "checktaint <receiveaddress>" that will return you with a list for your backend system that someone attempted to send you tainted coins that matched <taintedaddress> on your taint list, and coming from <senderaddress>, that was sent back.

If you own a private key that correspond to a adress on your taint list, the client will never use those coins as inputs. All coins contained in that adress would be consideded tainted. The balance would show the balance excluding coins in any tainted adress, and those adresses will be highlighted in some way in taintlist, so you can easly remove these adresses from your taint list.
Same would apply if you own any tainted coins, but only those coins would be tainted, not the whole adress you own that the coins belong into. (and the adress that "triggered" tainting of the coins you already own would get highlighted in your taintlist with another color)

Taintlist would simply be for ordinary people to not get stolen coins into their account and then get their account locked at MtGox and such.

[1713239353]

1713239353

[1713239353]

1713239353

[1713239353]

1713239353

[1713239353]

1713239353

[1713239353]

1713239353

[CIYAM]

I think one problem with this would be the tx fee (although perhaps not much of a problem now but certainly down the track) as it is quite possible you may have to pay a tx fee in order to "return" the tainted coins (this of course would depend upon the miners).

[sebastian]

Since the return transactions are always 1:1 (1 input, 1 output), I dont think they will cause a tx fee so often because the transactions will be small in regards of "byte size", compared to the money value.
And in the cases they would cause transaction fees,  the coins could be simply locked (like you owned the coins at the time at when you added it to taint list) instead of sent back. Then the node operator can force a sendback at his own expense. This can also be accomplished by a rpc command: "CleanTainted" which will send back all coins that are currently tainted and owned by you. (not including any untainted coins in a tainted adress owned by you)
This can then be precalculated, so it knows in advance if the transaction requires a fee, and then lock the coins instead of auto-sending them back.

Coins can be sent back at the first adress in the transaction spending the tainted coins to you.

Also to make this clear, there is 4 states a coin can have regarding tainting:

1: Untainted coin in a untainted adress: The coins have never touched a adress that matches a condition in the taint list. The adress that the coin is placed, is not on taint list. Those coins MAY be used as inputs.
***In other words, the coins are completely clean***
CleanTainted will NOT send back these coins.

2: Untainted coin in a tainted adress: The coins have never before touched a adress that matches a condition in taint list. But your adress that currently are storing the coins are tainted. ANY coins in this adress will NOT be used as input.
This means that anyone that receives coins from this adress from you (if you manually remove the adress from YOUR taint list and then resend coins), and also have downloaded the same taint list, (lets say "MtGoxTaintList.txt") will reject your coins.
***In other words, you have added one of your own addresses to your taint list, but the coins themselves are clean***
This can happen if you download a taint list from somebody and this taint list contains one of your adresses.
CleanTainted will NOT send back these coins.


3: Tainted coin in a untainted adress. The coins have touched a tainted adress, but your adress is not tainted. This means this specific coin will NOT be used as input, but any other coin in this adress MAY be used as input as long as it not tainted.
***In other words, the coins have touched a taint-listed adress***
CleanTainted WILL send back these coins.

4: Tainted coin in a tainted adress. The coins has touched a tainted adress, AND the adress currently storing the coins are tainted too. No coins from that specific adress will be used as input.
***In other words, the coins come from a taint-listed adress, also, one of your own adresses are listed too***
CleanTainted WILL send back these tainted coins. (not untainted coins, see case 2)



Such a tainting system, will allow people to create and publish taint lists. Think taint list like these URL Blacklists and lists of malware-infected sites out there. You can hand-pick the best lists of tainted adresses, you can download them all and then auto-update taintlist, or you can modify the taint lists, for example removing (whitelisting) entires before importing the taint list.
Or you can create your own taint lists.

Its up to each end user how they use the taint list feature.

Also, taint list will not only list "bad" adresses. Taint lists can for example list all adresses that have been published on the internet (like those DNSRBL's that list every end customer that is not expected to have a mail server) or whatever. Its up to each user which taint list they download and use.

[kjj]

A lack of fees doesn't invalidate a transaction, it merely delays it.  Assuming that something like this catches on (and I pray it won't, but fear it will), a no-fee return will loiter on the network until someone includes it for free.  Some miners will probably even make a point of including them as a public service.

Speaking of fees, how will you handle that?  If I spend some "tainted" coins and include a fee, will the coinbase of the block including that transaction be tainted?  All of it, or just part?  And which part?

(In case anyone is wondering what I mean by that last part, pay attention:  coinbases are atomic.)

[sebastian]

Nope. Coinbase will never be tainted, since mtGox and such does not consider them tainted. Its possible for to example MtGox to dig deeper into such blocks and check the taint, but that would punish the miner because the miner cannot help that he got a tainted coinbase as reward.

I don't think exchanges like MtGox and such would lock accounts belongning to miners that mined a stolen TX fee. That would be counterproductive for the BitCoin network since it discourages mining. Miners can also not say no to a TX fee, the reward (50BTC current) and TX fee are melted together and cannot be separated without tainting both coins if we were for checking tainted TX fees.

So I agree with you, no taint checking on fee's.

[kjj]

Nope. Coinbase will never be tainted, since mtGox and such does not consider them tainted. Its possible for to example MtGox to dig deeper into such blocks and check the taint, but that would punish the miner because the miner cannot help that he got a tainted coinbase as reward.

I don't think exchanges like MtGox and such would lock accounts belongning to miners that mined a stolen TX fee. That would be counterproductive for the BitCoin network since it discourages mining. Miners can also not say no to a TX fee, the reward (50BTC current) and TX fee are melted together and cannot be separated without tainting both coins if we were for checking tainted TX fees.

So I agree with you, no taint checking on fee's.

So...  All I need to do is modify my mining rigs to launder all of my taunted coins by including (but not broadcasting) transactions spending the tainted coins, but with generous fees.  That was sure easy to bypass.

[dooglus]

Miners can also not say no to a TX fee, the reward (50BTC current) and TX fee are melted together and cannot be separated without tainting both coins if we were for checking tainted TX fees.

So I agree with you, no taint checking on fee's.

Miners can decide which transactions to include in their blocks.  It's well within their power to refuse to mine transactions with 'tainted' inputs.  Then they don't end up with tainted mining fees.

Not that I think anyone should care.  It's hard to know whether the person sending the tainted coins had anything to do with the alleged theft.  We can't always know for sure whether there even was a theft.

[sebastian]

dooglus: Yes, but we still need to have incentive for mining, regardless of if the funds are stolen or not. And yes, you can send your coins to null and put the whole coin as fee, but then it would be random if you get the coins or not. Another miner might be lucky and "pick" up your coins.

I still think that MtGox wouln't "care" about stolen TX fees. They just track everything until their coinbase transaction, and not going any further. Since of the nature of TX fees, you cannot know which part of the coinbase that is stolen.

The proposed taint checker list is for ordinary people that want to avoid ending up with thier exchange account locked and/or confiscated due to stolen coins.

[hashman]

T'aint a good idea. 

Who decides if a coin was stolen?  Who really knows exactly what happened?  The best answer is "nobody".   Do you trust somebody you don't know to tell you if some other people or transactions you didn't know were in the right or wrong?  Maybe you do, maybe you don't.  The point is, the network shouldn't care. 

After all, the coin was never stolen: only the private key may have been.  The coin is right there in the block chain where it always was.  Coins can be marked, and tracked, but they are still coins.  The marking is just that, a mark (a unique history of public keys), and it is up to you to interpret that.     

If you want to analyze the block chain to follow transactions and track down an enemy, go ahead.  However if you ask me to keep a list of coins you like or don't like, I'm gonna say no thanks. 

   
 

[FreeMoney]

If you take a withdrawal from Seals and don't like the coins you can send them back to the address they came from and you will not get credit to your account for them or you can send them to a deposit address and you will get credit for them. I imagine this will be how most sites work, so be careful.

Likewise if a friend sends you coins from a webwallet and you return them to the sending address neither of you will have the coins anymore.

[kjj]

Likewise if a friend sends you coins from a webwallet and you return them to the sending address neither of you will have the coins anymore.

This.

We need a form letter for these threads.  Something like this, but customized for bitcoin.

[DeathAndTaxes]

Tainted Coins bullshit = death of Bitcoin.  Period.

Bitcoin is already more complex than most users have the patience for.  Adding a whole level of complexity trying to make irrevocable coins revocable is just pointless and stupid.

1) How do you prove theft? Lets say hypothetically that Bitcoinica was lying and they were never robbed.  Oops you just started tainting coins based on a lie.

2) If you base tainted coin database on investigations who does the investigations?  A central agency?  Great concept for a decentralize currency.  If it is just based on hearsay then those who wish to do Bitcoin harm can simply make up thefts and report them adding noise to an already noisy system.

3) You have also created the ability to create the ability to generate revocable irrevocable transactions.  I send you coins, you send me product I decide I don't like the price/quality/your attitude so I say "give me a 10% refund" or I claim the coins in transaction xyz were stolen.  So you refuse I claim coins are stolen and now tada you lose 100% instead of 10%.  Maybe next guy decide 10% blackmail is cheaper than 100% loss.  Irreovacability is a cornerstone of Bitcoin.  It is a selling point to merchants.  Saying unlike Paypal payments are irrevocable (except when they aren't due to theft fraud and blackmail) is hardly a selling point anymore.

4) What happens when a naive user accepts tainted coins?  They just are just fucked?  Thief gets the money and sucker is holding a bag of worthless coins  When that start happening in mass (and yes it will be the naive and new who feel the brunt) they will leave, bad mouth Bitcoin and the currency becomes less accepted and more fringe. Try explaining to potential users that scenario and how it isn't Bitcoin's fault and they just need to be sure to check this database (or set of databases) and they are safe as long as the theft isn't in database yet in which case they still might lose even if it isn't there fault.  Potential user says "fuck that" and uses Paypal.

5) If transaction fees are always free from taint well I will take my stolen coins and launder them through blocks I mine (or blocks I pay other people to mine).  Nobody thought of that aircraft hanger sized loophole?  I create bogus transaction from x to y w/ generous transaction fee.  I never broadcast it to the network but I include it in a block I am mining (along w/ other transactions for camouflage).  Over time all the stolen coins will slowly be converted into transaction fees.  Tada all taint-free!

6) What happens if a theft isn't discovered right away.  Say Bitcoinica didn't notice the theft until 3 days later.  Thief sells the coins to third party (who diligently checks the stupid "Tainted coin database" and they show as clean.  Thief gets cash/blow/hookers/gold and 3rd party gets stolen coins.  When 3rd party tries to transfer them Bitcoinica (as an example) detects theft and reports it.  Coins becomes blacklisted but theif has already escaped.  Thief = 100% profit, Bitcoinica = 100% loss AND 3rd party = 100% loss.  The flip side of that is what if the the "3rd party" is the thief just using the delay to create plausible deniability.  How many times does that have to happen before someone doesn't trust Bitcoin.  Say a major gold exchange accepted Bitcoin and found out 4 days after a $200K irrevocable transaction that the coins are worthless.  Oops?  Think they are going to endorse bitcoin?

7) You will have to pay a fee to return the coins because the age of coins reset to 0 after a transaction.  Miners don't include free spam transactions for a reason.  Your transaction will be indistinguishable from spam.  Miners who foolish allow these transactions without fee will also allow the network to be attacked with terabytes of spam.  

8 ) The coins being blacklisted will simply create an opportunity to sell coins back to the owner.  Say thief couldn't transfer coins (unlikely given #1 to #7 above but lets pretend),  thief could contact Bitcoinica and offer to sell them the tainted coins for 30% on face value.  This simply makes Bitcoin like any other stolen property.  Thieves rarely get face value for anything from hub cabs to priceless works of art.  If Bitcoinica accepts they still lose 30%, thief is still profitable and the incentive for theft exists.  If Bitcoinica says no they lose 100%.

TL/DR
Keeping uniform accurate accounting of reported thefts, lies, blackmail, etc is simply impossible in an anonymous decentralized network.  At best it will still be based on incomplete information and inconsistent.  Thus those advocating for a tainted coin database are advocating centralized control using verifiable identities.    If I need to prove each transactions, show my identity and get it cleared through a central agency why am I using Bitcoin again?

When people lose confidence a currency has the value they think it has as the time of the transaction it ceases to be a currency.

[sebastian]

DeathAndTaxes: I think you misunderstand now.

The idea of the Taint list is not to have some central authority.

Anyone can host a taint list, like those DNSRBLs. I can host a anti-spam DNSRBL. You can host a DNSRBL.
Then everyone is free to use the DNSRBL or not. So you can select to use for example my DNSRBL in your mailserver, and reject mails to your server based on my criterias.

Same with taint list, you select which taint lists you want to use, and you reject coins to your account (=all adresses your bitcoin client recognize as yours) based on these lists.
And taint list does not only need to include stolen coins, it can be "bad" coins in other ways.

The *each end user* decides if they want to use taint list or not, and downloads the taint list they want.


"Who decides if a coin was stolen?"
You decide. Taint list is a tool that lets you reject depoist in your account that have been in touch with a specific adress.
You decide if you want to download a taint list from Bitcoinica listing addresses that Bitcoinica had their coins stolen to.
You decide if you want to download a taint list from me where I list adresses where coins were stolen from me.
You decide if you want to download a taint list from MtGox which MtGox list addresses they deem contain "stolen coins" and not accept any exchanges for.


About TX fees: How long do you need to wait for a small 1:1 transaction to be admissable on the network without fee? Maybe the taint list feature could wait so long.

[DeathAndTaxes]

DeathAndTaxes: I think you misunderstand now.

The idea of the Taint list is not to have some central authority.

Anyone can host a taint list, like those DNSRBLs. I can host a anti-spam DNSRBL. You can host a DNSRBL.
Then everyone is free to use the DNSRBL or not. So you can select to use for example my DNSRBL in your mailserver, and reject mails to your server based on my criterias.

Same with taint list, you select which taint lists you want to use, and you reject coins to your account based on these lists.
And taint list does not only need to include stolen coins, it can be "bad" coins in other ways.

The *each end user* decides if they want to use taint list or not, and downloads the taint list they want.


"Who decides if a coin was stolen?"
You decide. Taint list is a tool that lets you reject depoist in your account that have been in touch with a specific adress.
You decide if you want to download a taint list from Bitcoinica listing addresses that Bitcoinica had their coins stolen to.
You decide if you want to download a taint list from me where I list adresses where coins were stolen from me.

That doesn't solve the problems listed and only compounds the complexity (and user unfriendlyness).  Can you not see that? Person can use coin A with merchant 1 & 2, but not 3 & 4 and coin C with all merchants except 4 and Coin B with only merchant A and nobody takes coin D.  Each sale would require the buyer to check with merchant determine which taint list they are using, ensure they have latest list, scan their coins to find acceptable coins and send them.

Yeah new users looking to buy a game on steam, some weed from SR, or play some online poker are going to go through all that bullshit.  New user who is savy enough to check 9 tainted lists only to find out his coins are rejected on 9 more lists he didn't even know exist is unlikely to be holding coins he can't spend WHERE he wants to spend.

Have you ever heard of: http://en.wikipedia.org/wiki/Fungibility

If a coin is accepted by less than 100% of the community it has less value.  How much value depends but it will never be face value.  So some coins are worth 1 BTC and some <1 BTC.  Someone agree upon a trade for 10 BTC only to find out the 10 BTC he got other people consider "bad" and thus are only worth <10 BTC IF he can find someone willing to trade them for "good coins" is not viable for a currency (any currency).

HELLO FUNGIBILITY IS THE CORNERSTONE OF ANY CURRENCY OR COMMODITY.  
No fungibility = no currency.
No fungibility = no commodity.

I am going to put you on ignore so I won't see any responses.  It isn't you it is me, this kind of short sighted "do something" just burns me up.   The wish to block tainted coins reminds me of people after 9/11 pushing to do something and we are stuck with the fucked to all hell Patriot act.   Maybe take a step back and look at how you are acting from a place of fear and what you are proposing would kill Bitcoin.   If that happens any successor will be built to make tracking impossible.  Now the good news is that if we are lucky taint databases won't go further than you can throw them but that doesn't make the idea any less dangerous or stupid.


My promise:
If tainted databases do exist I will be buying tainted coins for the sole purpose of spamming them to people who use tainted coins databases and let them rack up massive fees in trying to return them.  The bad news is that means I might have to deal with filth like coinexchanger to get my spam currency.  (shudder)

[sebastian]

But what should we do? MtGox and such exchanges are locking the accounts of people who use "stolen coins".

We need to have something so people can avoid any coins that for example MtGox has deemed as "stolen".
If this feature would be included, most merchants would have a "stolen coins we don't accept" list on their website.

Its the same as IRL. When there has been a big robbery (and with big I really mean BIG robbery), the bank publish a list of serial numbers that is "blacklisted" and merchats are told not to accept these notes/bills (Often in the form "Do not accept a 500 SEK bill that is beginning on 4567 or 8723"). And if they accept, the bank will refuse to cash in their notes/bills to their company account.

[sebastian]

Holiday: You would notice if there was such a "blacklist" of certain notes. We have had some in a suburban area here in sweden. The bank putted up notes on windows to shops telling people "Not to trade with any 500SEK bills beginning on digits XXXXXX" and the note had a image of a 500SEK bill with its first digits of the serial number circled.

Probably a robbery in the local bank so they made sure to recover the money by "blacklisting" it.


Hollyday: I don't understand? Why boycott MtGox? Its not their fault that people hack other merchants/echanges and steal their coins/private keys.

[RaggedMonk]

D&T's post is spot on.  There are too many unsolvable problems that taint tracking introduces: it will hurt honest actors more than thieves.

[jancsika]

DeathAndTaxes: I think you misunderstand now.

The idea of the Taint list is not to have some central authority.

Anyone can host a taint list, like those DNSRBLs. I can host a anti-spam DNSRBL. You can host a DNSRBL.
Then everyone is free to use the DNSRBL or not. So you can select to use for example my DNSRBL in your mailserver, and reject mails to your server based on my criterias.

Same with taint list, you select which taint lists you want to use, and you reject coins to your account based on these lists.
And taint list does not only need to include stolen coins, it can be "bad" coins in other ways.

The *each end user* decides if they want to use taint list or not, and downloads the taint list they want.


"Who decides if a coin was stolen?"
You decide. Taint list is a tool that lets you reject depoist in your account that have been in touch with a specific adress.
You decide if you want to download a taint list from Bitcoinica listing addresses that Bitcoinica had their coins stolen to.
You decide if you want to download a taint list from me where I list adresses where coins were stolen from me.

That doesn't solve the problems listed and only compounds the complexity (and user unfriendlyness).  Can you not see that? Person can use coin A with merchant 1 & 2, but not 3 & 4 and coin C with all merchants except 4 and Coin B with only merchant A and nobody takes coin D.  Each sale would require the buyer to check with merchant determine which taint list they are using, ensure they have latest list, scan their coins to find acceptable coins and send them.

Yeah new users looking to buy a game on steam, some weed from SR, or play some online poker are going to go through all that bullshit.  New user who is savy enough to check 9 tainted lists only to find out his coins are rejected on 9 more lists he didn't even know exist is unlikely to be holding coins he can't spend WHERE he wants to spend.

Have you ever heard of: http://en.wikipedia.org/wiki/Fungibility

If a coin is accepted by less than 100% of the community it has less value.  How much value depends but it will never be face value.  So some coins are worth 1 BTC and some <1 BTC.  Someone agree upon a trade for 10 BTC only to find out the 10 BTC he got other people consider "bad" and thus are only worth <10 BTC IF he can find someone willing to trade them for "good coins" is not viable for a currency (any currency).

HELLO FUNGIBILITY IS THE CORNERSTONE OF ANY CURRENCY OR COMMODITY.  
No fungibility = no currency.
No fungibility = no commodity.

I am going to put you on ignore so I won't see any responses.  It isn't you it is me, this kind of short sighted "do something" just burns me up.   The wish to block tainted coins reminds me of people after 9/11 pushing to do something and we are stuck with the fucked to all hell Patriot act.   Maybe take a step back and look at how you are acting from a place of fear and what you are proposing would kill Bitcoin.   If that happens any successor will be built to make tracking impossible.  Now the good news is that if we are lucky taint databases won't go further than you can throw them but that doesn't make the idea any less dangerous or stupid.


My promise:
If tainted databases do exist I will be buying tainted coins for the sole purpose of spamming them to people who use tainted coins databases and let them rack up massive fees in trying to return them.  The bad news is that means I might have to deal with filth like coinexchanger to get my spam currency.  (shudder)

That's a waste of time.  The only way to combat this problem is to increase the cost of coin-stealing attacks-- namely, by decreasing the cost of implementing decent security for coins that are stored online.  Otherwise you'll continue to see hair-brained coin-taint tracking schemes pop up.

Irreversibility without freely accessible (and easily implemented) security will always be seen as a bug.

[Kettenmonster]

My promise:
If tainted databases do exist I will be buying tainted coins for the sole purpose of spamming them to people who use tainted coins databases and let them rack up massive fees in trying to return them.  The bad news is that means I might have to deal with filth like coinexchanger to get my spam currency.  (shudder)

A solid perfect argumentation as much as I can see.

Plus the good news is: You do not have to deal with the filth. Let the rest of the world accomplish this task.
My promise: They will! They have no choice.

[sebastian]

I understand the problems. Thats why the taint list should be entirely optional, and that theres not a central authority of taint list, instead each other uses any taint lists they want to use (like DNSRBL's).

The problem we need to solve is that exchanges start locking accounts because the money come from a stolen source, like paypal does.

This will hurt bitcoin webshops, that have delivered the goods but have got worthless money they can't do something with, because nobody wants it, altso the webshops gets their other money locked too. Look at the person who got 7BTC stolen money into his MtGox account and his whole account was locked, even with all other bitcoins.

Thats why we need some easy feature, that indivuals can use to reject any "stolen" money. I saw a handshake idea in the forum that prevents sending money to somebody that does not want it, that would be a good idea, then the money can be rejected before it even are transferred.


What about whitelist then? Same feature, but instead you whitelist trusted senders and nobody else can send money to you.


Try to brainstorm about this, it must be some solution there that prevents peoplr from getting their exchange account locked because the money was stolen.

Now im not talking about that single piecie of stolen money when talking about locking the account. Think of 1BTC that was stolen, and I depoist it in my 1000BTC MtGox account. Now 1001BTC is confiscated if I don't have a good explaining of why I got 1BTC of stolen bitcoins. Thats why we need taint list.

So people receiving stolen money can prevent it from being used, and webshops can prevent getting stolen money into their webshop wallets, because even 1BTC of stolen money can lock the webshop's MtGox account with tousands of BTCs, even if the webshop would happily return that 1BTC to the rightful owner.