Odalv
Legendary
Offline
Activity: 1414
Merit: 1000
|
|
January 10, 2015, 12:04:05 AM |
|
They claim to use multisig now - can someone check if the deposit addresses start with 3 now?
If the not, then the hot wallet is not using multisig - and therefore not much has really changed security wise.
It seems they just migrated from cold storage to multisig for the cold wallet - which does not really improve security that much.
Bitcoin Deposit Send your bitcoins to this address: 3Jx ...
|
|
|
|
cr1776
Legendary
Offline
Activity: 4214
Merit: 1312
|
|
January 10, 2015, 03:20:42 AM |
|
... Amazon Web Services * Bitstamp is now running on Amazon’s world-class AWS cloud infrastructure, architected to be one of the most secure and reliable cloud computing environments available. ...
My main quibble with them is that they tout EC2/AWS as secure. It is certainly reliable, it is certainly backed by a company that needs security, BUT, it is a virtual environment using Xen as the hypervisor. There have been security issues there and with paravirtual hosts in general. It is kind of like private keys - if you don't have the keys, you don't own the coins, here, if you don't have the servers, you should be concerned about security. I do have a non-Bitcoin server there and have for about 8 years, but it is a web server not handling potentially millions of dollars and could be restored elsewhere quickly. It is quick, reliable, and not too expensive, but not rock bottom. Much would depend on the architecture and multi-sig will sure help, but I would always worry about VPS when handling big money figures. Hopefully they worry about it too.
|
|
|
|
tvbcof
Legendary
Offline
Activity: 4746
Merit: 1277
|
|
January 10, 2015, 04:43:14 AM |
|
... Amazon Web Services * Bitstamp is now running on Amazon’s world-class AWS cloud infrastructure, architected to be one of the most secure and reliable cloud computing environments available. ...
My main quibble with them is that they tout EC2/AWS as secure. It is certainly reliable, it is certainly backed by a company that needs security, BUT, it is a virtual environment using Xen as the hypervisor. There have been security issues there and with paravirtual hosts in general. It is kind of like private keys - if you don't have the keys, you don't own the coins, here, if you don't have the servers, you should be concerned about security. I do have a non-Bitcoin server there and have for about 8 years, but it is a web server not handling potentially millions of dollars and could be restored elsewhere quickly. It is quick, reliable, and not too expensive, but not rock bottom. Much would depend on the architecture and multi-sig will sure help, but I would always worry about VPS when handling big money figures. Hopefully they worry about it too. AWS does not necessarily imply EC2. They did also reference new physical hardware as well so one can infer that they keep their secrets to themselves (and, in some people's theory, their less-than-fully-trustworthy staff ) Even if it is EC2 that they are using, there are a ton of things one could use a VM for which don't involve super-sensitive information. Conversely, there are a lot of services besides EC2 that one could pass sensitive info through if the design sucks. I've used AWS for various things in the past, and very possibly will in the future. They are reliable, cheap, have got a large global footprint and are well peered. One needs to have a rational design to avoid any potential lose secrets, but that's just standard system design.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
premium_domainer
Legendary
Offline
Activity: 1764
Merit: 1012
|
|
January 10, 2015, 05:21:10 AM |
|
good to see with great updates & free trade fee in bitstamp.
|
|
|
|
Bit_Happy
Legendary
Offline
Activity: 2114
Merit: 1040
A Great Time to Start Something!
|
|
January 10, 2015, 06:33:18 AM |
|
Stamp is no Gox, and I'm really glad to see them coming back to life.
|
|
|
|
God Donut
|
|
January 10, 2015, 07:35:37 AM |
|
how is this multisig working? I mean sure you can safely keep your bitcoins on stamp and then withdraw em. But what if you'll want to trade? This will mean that every time you want to sell your bitcoins to some1 you would have to sign a transaction with the 2 keys. Or else the guy who bought bitcoins from you will be unable to use em as he needs the keys
|
|
|
|
rebuilder
Legendary
Offline
Activity: 1615
Merit: 1000
|
|
January 10, 2015, 09:40:16 AM |
|
Surely multisig is 2-of3? Bitstamp holds one key, bitgo has one, the user has one. Two of these are required to spend the coins. Bitstamp likely clears funds with BitGo either in real time or periodically.
|
Selling out to advertisers shows you respect neither yourself nor the rest of us. --------------------------------------------------------------- Too many low-quality posts? Mods not keeping things clean enough? Self-moderated threads let you keep signature spammers and trolls out!
|
|
|
|
Dexter770221
Legendary
Offline
Activity: 1029
Merit: 1000
|
|
January 10, 2015, 10:28:12 AM |
|
This multisig thing means that coins are stored on hot wallet all the time? Becuse Bitstamp can't move it? Or in private wallets of user? And every time they make a transaction user must provide third key?
|
Under development Modular UPGRADEABLE Miner (MUM). Looking for investors. Changing one PCB with screwdriver and you have brand new miner in hand... Plug&Play, scalable from one module to thousands.
|
|
|
freebit13
|
|
January 10, 2015, 10:46:09 AM |
|
Surely multisig is 2-of3? Bitstamp holds one key, bitgo has one, the user has one. Two of these are required to spend the coins. Bitstamp likely clears funds with BitGo either in real time or periodically.
I'm not up to scratch on how they have implemented multi-sig on their side (still reading up), but the bitgo website says: "BitGo can never access your keys or Bitcoin". Edit: oh I see now that it says bitgo does hold one of the 3 keys and you hold 2 and each transaction requires 2/3 keys... not sure how that will work in conjunction with Bitstamp though and who would hold how many keys...
|
Decentralize EVERYTHING!
|
|
|
asdlolciterquit
|
|
January 10, 2015, 10:49:02 AM |
|
Bitstamp is open, now with multisig. Here's the interesting bit of a message from bitstamp's boss. https://www.bitstamp.net/article/bitstamp-is-open-for-business-better-than-ever/What’s new? Our team has been working day and night to rebuild and restore security to the Bitstamp site so customers can resume transacting with us quickly, safely, and confidently. Bitstamp is now fully operational with a number of key improvements: Multi-sig* With the integration of BitGo multi-sig technology, Bitstamp is now the first and only major bitcoin exchange to incorporate the industry's best security practices available today. Completely new hardware infrastructure * The Bitstamp systems are running on 100% new hardware deployed from a completely secure backup of our code and data. Amazon Web Services * Bitstamp is now running on Amazon’s world-class AWS cloud infrastructure, architected to be one of the most secure and reliable cloud computing environments available. Commission-free trading * As a note of thanks to our loyal customers, all transactions conducted on Bitstamp through the end of the North American Bitcoin Conference -- January 17th (at 11:59pm UTC) -- will be commission-free. We appreciate your patience and understanding during this disruption of services. Since 2011, we’ve worked hard to be one of the largest and most trusted bitcoin exchanges in the world. While this is a time of challenge for our company, we expect to emerge from this experience having set an even higher bar than before for trust and confidence in our services. On a personal note, I’d like to thank the incredible teams at Bitstamp and at our lead investor Pantera Capital who have worked around-the-clock from multiple time zones in the last few days. I’m incredibly proud of the herculean work of this extended team, and grateful to the phenomenal show of support from customers, friends, and partners in the bitcoin community. We look forward to serving you! For additional information, please refer to our customer FAQ or contact our support team at support@bitstamp.net. Thank you, Nejc Kodrič CEO of Bitstamp great news! i've put right my trust in you! I keep going to use your site!
|
|
|
|
God Donut
|
|
January 10, 2015, 11:09:29 AM |
|
Bitstamp is open, now with multisig. Here's the interesting bit of a message from bitstamp's boss. https://www.bitstamp.net/article/bitstamp-is-open-for-business-better-than-ever/What’s new? Our team has been working day and night to rebuild and restore security to the Bitstamp site so customers can resume transacting with us quickly, safely, and confidently. Bitstamp is now fully operational with a number of key improvements: Multi-sig* With the integration of BitGo multi-sig technology, Bitstamp is now the first and only major bitcoin exchange to incorporate the industry's best security practices available today. Completely new hardware infrastructure * The Bitstamp systems are running on 100% new hardware deployed from a completely secure backup of our code and data. Amazon Web Services * Bitstamp is now running on Amazon’s world-class AWS cloud infrastructure, architected to be one of the most secure and reliable cloud computing environments available. Commission-free trading * As a note of thanks to our loyal customers, all transactions conducted on Bitstamp through the end of the North American Bitcoin Conference -- January 17th (at 11:59pm UTC) -- will be commission-free. We appreciate your patience and understanding during this disruption of services. Since 2011, we’ve worked hard to be one of the largest and most trusted bitcoin exchanges in the world. While this is a time of challenge for our company, we expect to emerge from this experience having set an even higher bar than before for trust and confidence in our services. On a personal note, I’d like to thank the incredible teams at Bitstamp and at our lead investor Pantera Capital who have worked around-the-clock from multiple time zones in the last few days. I’m incredibly proud of the herculean work of this extended team, and grateful to the phenomenal show of support from customers, friends, and partners in the bitcoin community. We look forward to serving you! For additional information, please refer to our customer FAQ or contact our support team at support@bitstamp.net. Thank you, Nejc Kodrič CEO of Bitstamp great news! i've put right my trust in you! I keep going to use your site! not a word about 19k btc they've lost are they going to refund em back somehow or we just supposed to forget about it?
|
|
|
|
Q7
|
|
January 10, 2015, 11:16:05 AM |
|
I just wonder why the multi-sig wasn't being implemented in the first place and only after the hack took place. Also the 1btc tips at twitter seems to suggest that they are sending a message telling that the hack was simply nothing and they are fully recovered?
|
|
|
|
leen93
|
|
January 10, 2015, 11:23:24 AM |
|
and my withdrawal is taking ages...
|
|
|
|
freebit13
|
|
January 10, 2015, 11:37:20 AM |
|
not a word about 19k btc they've lost are they going to refund em back somehow or we just supposed to forget about it?
Have you checked your account? Are you missing coins?
|
Decentralize EVERYTHING!
|
|
|
sase007
|
|
January 10, 2015, 02:25:01 PM |
|
They had around 35k$ daily from fees so I think, that they wont have a problem with refunding people, who lost coins.
|
|
|
|
NotLambchop
|
|
January 10, 2015, 02:32:18 PM |
|
They had around 35k$ daily from fees so I think, that they wont have a problem with refunding people, who lost coins.
And since everyone will never withdraw all their coins at once, no one will ever miss those BTC. Fractional reserve FTW!
|
|
|
|
|
tvbcof
Legendary
Offline
Activity: 4746
Merit: 1277
|
|
January 10, 2015, 04:44:42 PM |
|
I just wonder why the multi-sig wasn't being implemented in the first place and only after the hack took place. ...
The fact that multi-sig is being implemented as part of the re-start tells me that it was pretty much developed and ready to go. Seems plausible that this was the reality that caused someone to pull the trigger and take their payout while it was still relatively easy to do. Indeed, most of these 'hacks' seem to be oddly well timed. I'd guess that even the real hacks (if there even have been any real ones in bitcoinland amongst the staged events) leveraged exploits that had been in place and known to the attacker for a while.
|
sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
|
|
|
BitCoinNutJob
Legendary
Offline
Activity: 1316
Merit: 1000
|
|
January 10, 2015, 09:04:26 PM |
|
looks like the volume went well back over finex in the last 24 hours, should imagine many people panicked and bought BTC to withdraw, expecting them to lose volume next few weeks.
|
|
|
|
|