Bitcoin Forum
November 21, 2017, 08:50:32 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3]  All
  Print  
Author Topic: A Bitcoin Security Paradox?  (Read 3933 times)
ebliever
Legendary
*
Offline Offline

Activity: 1358


View Profile
March 17, 2015, 01:00:21 AM
 #41

http://www.coindesk.com/bitgo-update-expands-security-controls-for-consumers/

Multi-sig for individual users with BitGo. While regular folks may be slow to adopt it, I predict 2015 will see a marked drop in BTC losses among companies/exchanges/organizations as they migrate to multi-sig.

Couldn't happen too soon; an exchange I used up until a few weeks ago (Allcrypt) just announced their BTC wallet was emptied over the weekend. That's eerie because that's the 2nd time I've left an exchange shortly before it collapsed (Mintpal). And for that matter, I was able to profit in the chaos surrounding Cryptorush's end as well (lost $20 when it shut down, but profited several times that amount in the final day as people struggled to extract funds.)

There should be a more secure 2fa on withdrawals and account activity for platforms. Phishing and other issues will result in a lot of users getting hacked potentially even with insurance, it costs the business significant amounts. Google 2fa/sms/authy are all text based and generated on a time seed which is vulnerable to multiple attack vectors, any time you use a text based 2fa it's like typing a private key in. I wish more exchanges would use clef... public/private key crypto with anti-phishing.

http://sakurity.com/blog/2015/03/15/authy_bypass.html/

 Anyways, multi-sig should really be ubiquitous and I still don't understand why companies choose to keep all funds in one "hot wallet". It costs almost nothing to split funds amongst multiple wallets, and have distributed multi-sig keys. Sorry to hear you lost funds, I think this mass incompetence of putting all eggs in one basket with one key is ridiculous.

The main issue is that waiting for a withdrawal on an exchange is annoying and makes users worry. Without this mass hot wallet with direct access from the platform means wallets have to be cycled and requires more complex architecture. Simply put the small players don't have the staff or development to protect customers in the same manner, a wallet provider adding this feature is per user, and separate while an exchange is one wallet or a few wallets for everyone Sad

Well, I dodged a number of bullets and only have the indirect hits (I call it shrapnel) from all the various scandals and thefts and altcoin scheming and so forth. I figure by most veteran's standards I've gotten off easy thus far. I picture the security situation at traditional institutions like banks is like a bucolic picture of a peaceful castle with tall walls and guards posted, with a few bandits lurking in the shadows of the forest in the backgrounds. With bitcoin the security situation is more like.... well, have you seen the movie The Two Towers? Remember the Battle of Helms Deep?  Roll Eyes

I think we'll get things locked down. I really am optimistic. For one thing, people can negate 99%-99.9% of the risk now by employing prudent safeguards without much fuss or reliance on anyone else. This thread has been very helpful in that regard.

Luke 12:15-21

Ephesians 2:8-9
Join ICO Now Coinlancer is Disrupting the Freelance marketplace!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511254232
Hero Member
*
Offline Offline

Posts: 1511254232

View Profile Personal Message (Offline)

Ignore
1511254232
Reply with quote  #2

1511254232
Report to moderator
CreationLayer
Member
**
Offline Offline

Activity: 101


View Profile
March 17, 2015, 01:06:08 AM
 #42

http://www.coindesk.com/bitgo-update-expands-security-controls-for-consumers/

Multi-sig for individual users with BitGo. While regular folks may be slow to adopt it, I predict 2015 will see a marked drop in BTC losses among companies/exchanges/organizations as they migrate to multi-sig.

Couldn't happen too soon; an exchange I used up until a few weeks ago (Allcrypt) just announced their BTC wallet was emptied over the weekend. That's eerie because that's the 2nd time I've left an exchange shortly before it collapsed (Mintpal). And for that matter, I was able to profit in the chaos surrounding Cryptorush's end as well (lost $20 when it shut down, but profited several times that amount in the final day as people struggled to extract funds.)

There should be a more secure 2fa on withdrawals and account activity for platforms. Phishing and other issues will result in a lot of users getting hacked potentially even with insurance, it costs the business significant amounts. Google 2fa/sms/authy are all text based and generated on a time seed which is vulnerable to multiple attack vectors, any time you use a text based 2fa it's like typing a private key in. I wish more exchanges would use clef... public/private key crypto with anti-phishing.

http://sakurity.com/blog/2015/03/15/authy_bypass.html/

 Anyways, multi-sig should really be ubiquitous and I still don't understand why companies choose to keep all funds in one "hot wallet". It costs almost nothing to split funds amongst multiple wallets, and have distributed multi-sig keys. Sorry to hear you lost funds, I think this mass incompetence of putting all eggs in one basket with one key is ridiculous.

The main issue is that waiting for a withdrawal on an exchange is annoying and makes users worry. Without this mass hot wallet with direct access from the platform means wallets have to be cycled and requires more complex architecture. Simply put the small players don't have the staff or development to protect customers in the same manner, a wallet provider adding this feature is per user, and separate while an exchange is one wallet or a few wallets for everyone Sad

Well, I dodged a number of bullets and only have the indirect hits (I call it shrapnel) from all the various scandals and thefts and altcoin scheming and so forth. I figure by most veteran's standards I've gotten off easy thus far. I picture the security situation at traditional institutions like banks is like a bucolic picture of a peaceful castle with tall walls and guards posted, with a few bandits lurking in the shadows of the forest in the backgrounds. With bitcoin the security situation is more like.... well, have you seen the movie The Two Towers? Remember the Battle of Helms Deep?  Roll Eyes

I think we'll get things locked down. I really am optimistic. For one thing, people can negate 99%-99.9% of the risk now by employing prudent safeguards without much fuss or reliance on anyone else. This thread has been very helpful in that regard.

On the simplest level I will say, only keep on an exchange what you are willing to risk at that time. Choose your preferred secure wallet provider, and move funds out accordingly to reduce risk.

Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!