ASICMINER: Entering the Future of ASIC Mining by Inventing It

[Herp]

2. Pending withdrawal of your Bitcoins; time lock?

How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. It can be unlocked, but upon doing so an email is sent notifying me that it's been unlocked and it takes a further 7 days or so before a new address can be entered?

Yep, this would be a great feature.

[Fabrizio89]

How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. [...]

+1

[elasticband]

2. Pending withdrawal of your Bitcoins; time lock?

How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. It can be unlocked, but upon doing so an email is sent notifying me that it's been unlocked and it takes a further 7 days or so before a new address can be entered?

Yep, this would be a great feature.

Does not stop a hacker selling your shares for dirt cheap to himself.

[silverfuture]

2. Pending withdrawal of your Bitcoins; time lock?

How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. It can be unlocked, but upon doing so an email is sent notifying me that it's been unlocked and it takes a further 7 days or so before a new address can be entered?

Yep, this would be a great feature.

Does not stop a hacker selling your shares for dirt cheap to himself.

...or transferring them to another account for free.

[twentyseventy]

Here at Havelock we take security issues very seriously.

We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.

Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.

So we turn to you, our valued customers, what features would like us to add to our platform?

1. Confirmation email before any action is taken; some but not all actions.

2. Pending withdrawal of your Bitcoins; time lock?

3. Lock account by IP address?

We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.

Also we can assure everyone that it was not an "inside rogue employee"

Thank you,

Support Team
Havelock Investments

PIN for orders or withdrawals, perhaps, or lock the BTC withrawal address for x days.

Instant BTC withdrawals to any old BTC address is a problem.

I like that idea - PIN for withdrawals, BTC withdrawal address can only be changed after 7-day waiting period. You could even make the second part optional.

[havelock]

Thank you for all of your quick replies,

We will start to work on the following security implementations:

1. The option to Lock your account to a specific IP

2. Required 2FA for withdrawal / optional for order execution

3. Once 2FA is enabled, you will be required to enter your 2FA to view the private key or to disable 2FA on your account.


Once again thank you for all of your support,

Havelock Investments

[electerium]

2fa on withdraw is a decent roadblock to mitm attacks that can circumvent the initial 2fa sign in. Additionally I think the 2fa email is also a decent idea but less robust for obvious reasons

[shawshankinmate37927]

2fa on withdraw is a decent roadblock to mitm attacks that can circumvent the initial 2fa sign in. Additionally I think the 2fa email is also a decent idea but less robust for obvious reasons

I like 2FA via e-mail because my e-mail account is set up with 2FA via a text message to my cell phone.  With 2FA via e-mail, a hacker would have to hack my e-mail account in order to access my Havelock account.  In order to hack my e-mail account, he would also have to hack my cell phone.

[runam0k]

Thank you for all of your quick replies,

We will start to work on the following security implementations:

1. The option to Lock your account to a specific IP

2. Required 2FA for withdrawal / optional for order execution

3. Once 2FA is enabled, you will be required to enter your 2FA to view the private key or to disable 2FA on your account.


Once again thank you for all of your support,

Havelock Investments

No locking the BTC withdraw address (which seemed to be the most popular suggestion here)?

[lunarboy]

Here at Havelock we take security issues very seriously.

We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.

Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.

So we turn to you, our valued customers, what features would like us to add to our platform?

1. Confirmation email before any action is taken; some but not all actions.

2. Pending withdrawal of your Bitcoins; time lock?

3. Lock account by IP address?

We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.

Also we can assure everyone that it was not an "inside rogue employee"

Thank you,

Support Team
Havelock Investments

This is the Asciminer thread so we should probably move this discussion over to havelock exchange, although if you remember Havelock suggestions have been made in the past, had these been implemented this sort of thing could not so easily happen
https://bitcointalk.org/index.php?topic=135035.msg3661143#msg3661143

withdrawals should be locked to a specific BTC address and multisig should be signed for share transfer. This would at least stop funds leaving the accounts. YOU WERE WARNED.

[minerpumpkin]

Some sort of address locking seems to be the sweet spot.
The other proposals are nice to have, but a compromised mail account won't help against mail confirmations and may not help against 2FA. Keep your 2FA separate (phone and unrelated email address)!

[noah1987]

A miner which use asicminer gen3 chip now on pre-sale, the poster is very famous in Chinese Bitcoin circle. This is the translation of the weibo post:

Miner presale Details:
Miner price :11000 RMB/T (1813 USD/T), full payment in advance.
Power consumption: 600W/T.
If a single miner's speed doesn't meet the design requirements, or beyond the design requirements, in accordance 11000RMB / T price, refund for any overpayment or a supplemental payment for any deficiency.
If you order more than 10T , it is 10000RMB/T.
April 20 is the deadline, if not shipped on time, we'll give you a full refund!
Tel: 13581816335 Zhao Dong's QQ group: 326548639

In the weibo below, one people replys:
So cheap, is it Asicminer's chip?
Zhao replys:"Yes"
Then he ask again:
Asicminer's gen3 haven't tapeout yet, can it mass production in April?
Zhao replys:"Almost"

Sorry for my poor English translation, the original weibo can be found here:
http://weibo.com/1658066713/AwIw85hLy

I have snapshoted the weibo and the chat.

[BuildTheFuture]

Interesting, anyone know if this first batch of Gen 3 hardware will be sold in the US as well? Or only to the Chinese?

[bitcoin.newsfeed]

2. Pending withdrawal of your Bitcoins; time lock?

How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. It can be unlocked, but upon doing so an email is sent notifying me that it's been unlocked and it takes a further 7 days or so before a new address can be entered?

^^ THIS. + yubikey

[ning]

If we take a look at the numbers, we can see that:

The power consumption of the new chips (3rd gen) is 0.2~0.35 J/GHash [1];
and the power consumption of the chips about to be sold is 600 W/THash = 0.6 J/GHash [2].

The numbers are different, so are the chips, seemingly.


[1] https://bitcointalk.org/index.php?topic=438359.msg4816701#msg4816701
[2] https://bitcointalk.org/index.php?topic=99497.msg5153058#msg5153058

[romerun]

sounds like another pump attempt from chinese again

[Lohoris]

How about allowing us to specify a withdrawal address that is then locked; coins can only be sent to this address. It can be unlocked, but upon doing so an email is sent notifying me that it's been unlocked and it takes a further 7 days or so before a new address can be entered?

It won't help if your email is compromised, since you might also easily miss the confirmation email (the attacker would delete it).

[Lohoris]

Here at Havelock we take security issues very seriously.

We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.

Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.

So we turn to you, our valued customers, what features would like us to add to our platform?

1. Confirmation email before any action is taken; some but not all actions.

2. Pending withdrawal of your Bitcoins; time lock?

3. Lock account by IP address?

We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.

Also we can assure everyone that it was not an "inside rogue employee"

Thank you,

Support Team
Havelock Investments

Since apparently the email is the weak link, how about adding an optional extra layer via SMS?

[empoweoqwj]

That's pretty scary. Not sure what other attack vectors there might be except for some Havelock employee gone rogue or a security breach at their servers. Maybe your email account is compromised and they used it for some social engineering shenanigans (which would also be hard with you noticing).

Why would a rogue havelock employee sell his shares instead of just the bitcoins from one of the guys with a buy order?

Anyways I would try to contact havelock and see if they can dig up any further info. If it is a security breach on their end then that would be very serious.

Not sure about how 2fa can be breached along with your password. My guess would be an infected pc (keylogger or something).

I don't believe it was an employee. I have no reason to believe Havelock did this internally. But also, I don't believe it was a keylogger. All my other accounts are intact (banks, paypal etc) and not even been touched.

Would have been nice if havelock responded to my support email though !

[empoweoqwj]

Here at Havelock we take security issues very seriously.

We have never had any issues with users that enabled 2FA on their account. We have contacted the person that has made the claim that is account has been compromised and are looking to resolve the matter has soon as possible.

Trying to balance ease of use and security is never easy, especially in the Bitcoin realm. We can always add additional security features but those will always slow down the user experience.

So we turn to you, our valued customers, what features would like us to add to our platform?

1. Confirmation email before any action is taken; some but not all actions.

2. Pending withdrawal of your Bitcoins; time lock?

3. Lock account by IP address?

We always value your opinions and we strive to serve the Bitcoin community to the best of our ability.

Also we can assure everyone that it was not an "inside rogue employee"

Thank you,

Support Team
Havelock Investments

Yes to every one of those. (Instant bitcoin withdrawals worries me a bit)

Also maybe requiring a pin before placing orders/doing anything like btct.co would be nice.

The sad thing was someone took 80BTC or whatever ...... and there was no delay. He was just allowed to keep withdrawing. He must have withdrawn about 20 times in an hour.