Statement on Mt. Gox(antonopoulos.com) |
Statement on Mt. Gox(antonopoulos.com) |
This reveals a lack of objectivity here. There IS a bug in bitcoin. There are workarounds, and some exchanges implemented those properly.
Of course, MtGox should have followed best practices and implemented a workaround, but the above sentence is - on its face - flawed and biased. The fact that some exchanges were immune to the bug does NOT mean that bitcoin bears no fault or that Gox's claims are false. This was and is, in fact, an acknowledged and widely known bug in bitcoin.
I'm not saying MtGox was not incredibly incompetent, however nobody is helped by this false defensiveness over a very serious and clear bug in bitcoin that seems to have affected at least a few exchanges.
Regardless of MtGox' incompetence, this IS a serious bug in bitcoin for which a workaround is required, and without which a bitcoin theft is possible.
Yes, but that is completely contrary to the whole reason Bitcoin exists in the first place. If you wanted a regulated currency you'd get fiat. It's wild west by definition, which is good for popcorn-muncher like me... but bad for friends of mine who have lost a significant amount of money by "experimenting" with Bitcoin. :(
Not really. Satoichi has shied away from the political motivations of a lot of the community.
Evolution in nature is brutal, I can understand that you don't want to be part of that process.
I'm not saying this is comparable directly to those situations, but we shouldn't forget that regulated markets have crooks and cheats too.
A little regulation and over sight would have prevented the industry from even existing.
It looks likely that the free market, which includes the self-regulating actions by Coinbase, Blockchain and others (as well as customer reactions), will punish the bad actors and reward "good" (well managed) companies. It will also create better consumers, who will now be more diligent in evaluating relevant services before they sign up.
You write that you'll be staying away for now, that is your right as a potential participant in the market. We are already seeing the major players (like Coinbase) react to your sentiment by increasing transparency to bolster confidence in their services.
1. This is what we want. 2. When have you seen the existing financial system react so rapidly and thoroughly to the many flaws and disasters incumbent within?
Yes, "a little regulation and oversight might have prevented all this", but it also might have prevented crypto currency from being able to prove its value (or fail to) in the free market.
No one has ever doubted that this was possible. 'Robust' currency has existed without a central monetary authority in the past (for millenia!). The reason the Fed exists is because its believe that it takes an existing 'robust' currency and makes it better.
Define "robust."
Gox probably has logs of withdrawal requests. It might be daunting but feasible to sift the tx-MAL withdrawals from legitimate ones, then work with major pools and exchanges to double-spend stolen coins back to Gox.
Gox could then be forced (by the same 51% majority) to pay legitimate requests for reimbursement by vendors or 3rd parties holding stolen coins they transacted for goods or services, given reasonable documentation. Leaving us with some but not unacceptable collateral damage.
I'm still hoping that banks will take what to me is the bitcoin's biggest feature (multiple wallet addresses and the ability to easily make cash transfers to other wallet address) but without pretending that centuries of legal and financial traditions somehow don't matter.
“Cold storage” does not “leak”. The idea that the funds were stolen,
unnoticed, from cold storage, due to Transaction Malleability,
strains the credulity of even the most gullible observers.
One possible explanation that I haven't seen anywhere else is that MtGox lost control of the private keys to their cold storage.
How else could 744,000 BTC disappear, without anyone noticing, from cold storage?
a) Adreas is the Chief Security Officer of Blockchain and a well known / respected digital currency personality.
b) The most interesting part of the article was a link to another post reviewing Coinbase's security practices (1) where he concludes "it appears that the Coinbase system contains the expected funds and their cold storage system and process appear to be operating according to security best practices."
http://techcrunch.com/2013/12/17/foundation-brian-armstrong-...
A Google Ventures video about coinbase security with Kevin Rose(from old Digg) asking a bunch of questions with Coinbase founder Brian Armstrong.
Sounds very legit to me.... but... you _still_ shouldn't leave huge amounts of bitcoin in any exchange! Make[1] your own btc-address + private key and keep the coins there. And note that bitaddress.org can be git clone'd and ran on a computer without internet access.
I don't think that reveals anything about what happened in MtGox. Also, don't know if anyone's noticed... but mtgox.com has a message now. http://i.imgur.com/YDONE4d.png
And note the word "DONE" in that imgurl URL. Ominous...
Also, that makes it more attractive to act maliciously, as an exchange. Either you make off with your stolen BTC (win), or the community fixes things for you (not really a loss).
What would help is some equivalent of FDIC. A group of Bitcoin "banks" that handle your deposits, with some pro-BTC group guaranteeing your deposit up to 100 BTC or something. Getting the insurance would of course require all sorts of intense auditing and oversight. And somehow, someone's gotta pay for it all (perhaps the same group of Bitcoin companies pay in). But that's... very far removed from the current state of affairs.
Consider this simplified example:
A Gox thief sold the bitcoin on another exchange. Then I unknowingly buy that very bitcoin from that exchange. Now the blockchain is rewritten and my bitcoin is gone even though I am innocent of any crime.
The MtGox situation is tragic. But when you start messing with the fungibility of bitcoin, you introduce new consequences that reach much further into the ecosystem.
With forensics on the initial theft, miners could then tree-traverse back up to blacklist future transactions on stolen coins. There are probably lots of ways to accomplish basically this. This would render all stolen btc dead in the water, hence the "force Gox to repay legitimate requests for reimbursement of those who transacted for stolen coins."
That second part, though, isn't crucial to the idea. The community could just double spend the coins to mitigate harm done without attempting to stop the stolen coins downstream.
"Stop Saying Bitcoin Transactions Aren't Reversible" http://elidourado.com/blog/bitcoin-arbitration/
The n-of-m multisignature facilities described in that article are the future of Bitcoin. You probably don't need multisig arbitration when you buy a coffee or a stick of gum, but you probably do when you're transferring large sums. Of course, there was no multisig protection in sight in the MtGox case, but then there was no blockchain in sight either. Far worse errors of judgement were made there.
Bitcoin makes the use of arbitration services optional, and it makes the actual mechanics of arbitration services safer and more efficient. The arbiter in a 2-of-3 multisig transaction can't freeze or seize funds in transit -- hello PayPal! -- and takes zero action in the vast majority of cases, where there is no dispute.
Banks, credit card companies, and existing payment systems like PayPal can't easily, optionally disintermediate themselves. They must play arbiter. And we must pay for it.
> bitcoin tries to workaround them for no good reason.
There's a good reason. Why do businesses today pay transaction fees when you use your card to buy that coffee?
I'll just quote the opening paragraph of the original Bitcoin paper:
"Commerce on the Internet has come to rely almost exclusively on financial institutions serving as trusted third parties to process electronic payments. While the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust based model. Completely non-reversible transactions are not really possible, since financial institutions cannot avoid mediating disputes. The cost of mediation increases transaction costs, limiting the minimum practical transaction size and cutting off the possibility for small casual transactions, and there is a broader cost in the loss of ability to make non-reversible payments for non-reversible services. With the possibility of reversal, the need for trust spreads. Merchants must be wary of their customers, hassling them for more information than they would otherwise need. A certain percentage of fraud is accepted as unavoidable. These costs and payment uncertainties can be avoided in person by using physical currency, but no mechanism exists to make payments over a communications channel without a trusted party."
In the long term, we will be training people to be better and more diligent actors.
If you can determine the guilty party in the case of frauds, you can still report them to the police. This is enough protection.
* I mean fools in the larger sense of acting without diligence. Every one of us has been such a fool at one time or another, and learned painfully from the experience.
The common argument is that the modern, global economy is too complex to govern itself, and prone to disasters.
He/she/they talk about a need for finical transaction capability without the need of a trusted third party, but I'm not seeing how that was in any way overtly political.
Realizing that you need to shy away from something after you do something doesn't invalidate the reasons behind why you did it.
http://blog.magicaltux.net/2010/06/27/php-can-do-anything-wh...
then is ssh broken?
https://soundcloud.com/mindtomatter/e85-mtgox-and-malleabili...
My understanding of the way the network operates is that a group with 51% of hashing power can essentially arbitrarily manipulate the blockchain going forward. Nothing could stop them from confirming otherwise invalid transactions (re-spending the original outputs) and mining those new transactions. After which, clients, only looking backwards to the first block a transaction resides in, wouldn't notice that the funds were originally double-spent.
This means that if the purported thieves have transferred their coins to e.g. an exchange, potentially any of the transactions the exchange has made since then could be reversed, cascading from there.
There is a bug in the REFERENCE implementation, which is used by almost every exchange. And one criticism of MtGox was that they used a custom version of the reference implementation, and should have used the standard one. You can't have it both ways.
By your standards then SSH is broken, which is false. I don't want to have it both ways. I think if you are running a money service that you should not rely on variables that were known to be malleable since 2011. There's even a wiki page about it, on a site the guy owned, since Jan 2013. Either they run someone elses code and made sure it worked, or run their own code and made sure it worked - and by worked I meant worked the way they needed it to, not the way they expected it to.
However, it's quite clear that this is a bug, and it could have affected them, and they could be telling the truth, contrary to what the original article says.
