boutell: (shave)
[personal profile] boutell
OK, on a macro scale I'm not surprised at all, but on a micro scale I'm curious about the mechanics of this theft.

If I read this right, flexcoin's "hot wallet" just consisted of a big ol' pile of bitcoin that belonged, cryptographically speaking, to flexcoin itself. And a pile of user accounts, in a very conventional "this is a site with some accounts in a database" system, with balances. None of those people actually *had any bitcoins* in the sense that can be mathematically verified by a party outside flexcoin.

That enabled a pretty simple attack that worked because they were tracking their accounts with chewing gum and string - excuse me - using a database that wasn't transactional and couldn't guarantee that it wouldn't finish adding over here unless it also finished subtracting over here.

Am I right about that?

And why would anyone who thought bitcoin was worthwhile want to *not actually own* the bitcoins they "own", in the most cryptographically sound manner possible?

Could it be that *most people using bitcoin have zero comprehension of how it really works*? OK, yes, of course it's that.

But also, how crappy is my own crappy understanding of "owning bitcoins"? There is some sense in which the original miner signs them and stuff, right? And some sense in which if ownership is transferred, the new owner gets to sign them in that crazy "blockchain" thing? Except that doesn't happen in these "hot wallet" systems? Because... why???

Will bitcoin "exchanges" be replaced by a system in which the math of this craziness, however unproven, is at least applied to every transaction?

"investors"

Date: 2014-03-05 09:55 pm (UTC)
From: [identity profile] wisedonkey.livejournal.com
I'm willing to bet that the bulk weren't actual users of bitcoin, but speculators and investors who are of the mindset that "it only grows in value, just like gold and real estate!"

Date: 2014-03-05 10:26 pm (UTC)
From: [identity profile] boutell.livejournal.com
I am being told my assessment is basically accurate if the story as told on the flexcoin site is correct: all the coins in flexcoin were probably held by one "private key" belonging to flexcoin, and everybody else had a "balance" column in a row in a database, with all the things that can go wrong with that, unless they chose to take their money "out" of flexcoin.

I understand that this is not wildly dissimilar to a deposit in a bank, but (1) banks are regulated, and (2) you'd think people would wonder if maybe they could avoid allowing a third party to hold their money indefinitely with just a little more effort.

To obtain bitcoins for cash you have to give somebody cash and hope they will send you bitcoins (sign some bitcoins with your public key, basically). You could get screwed on that one transaction. But why not at least insist on that much, instead of allowing them to hold money in an "account" denominated in bitcoins without actually signing any over to you?

Bitcoins and Electricity

Date: 2014-03-06 06:39 am (UTC)
From: [identity profile] avocado-tom.livejournal.com
This is tangential, but an interesting perspective on how the value of bitcoins could be impacted by electricity costs, as their production is dependent on electricity.

Or more to the point: we've created a currency that has an electricity externality that's not being accounted for.

http://stratechery.com/2014/cost-bitcoin/

Re: Bitcoins and Electricity

Date: 2014-03-06 04:00 pm (UTC)
From: [identity profile] boutell.livejournal.com
Electricity costs have already become the limiting factor that prevents people from mining with most equipment; only high end custom built ASIC rigs are profitable for mining right now. I realize we don't see all the social costs of electricity production reflected in that $/kwh.

Date: 2014-03-07 07:32 pm (UTC)
From: [identity profile] hatter.livejournal.com
Part of the commentary I've seen revolves around the risk of having someone trusting their bitcoins to an external wallet, vs the care people take not to get malware and to make sure they keep proper, secure backups. We've seen a lot of examples now of exchanges failing to scale their integrity/security from pet geek thing to billion dollar financial instruments, which must make a lot of bitcoin owners nervous of the others. Hard to balance the risk of not holding them directly against the risk of having yours stolen along with your key log, session cookies, stream from your webcam, etc when you next pick up something nasty.

The current system applies maths to the process, but it's a distributed system which applies eventual consistency. This is actually a part of some of it's recent problems, and was always a known possibility - that with enough clout in the network, you can permanantly steal some other people's money; also with a bit of luck and not much influence, you can in the short-term convince people you own that money, and withdraw on it before the network is consistent. The maths of the stream is unrelated to the maths of mining though - it's possible an alternative stream could be better suited to transaction logs.


the hatter

the hatter

Date: 2014-03-09 03:15 pm (UTC)
From: [identity profile] pinkhairedcyn.livejournal.com
One advantage of a shared wallet is that your transactions will actually be sort of anonymous, rather than psuedo-anonymous. Since all bitcoin transactions can be traced back to the wallet, having a shared wallet actually makes a lot of sense if you want to spend bitcoins on something sketchy.

firsthand

Date: 2017-04-02 12:10 am (UTC)
From: (Anonymous)
thanks due to the fact that this colossal illuminating website, keep up the massive work check out this [url=http://onlinecasinos-x.com]casino[/url] offers , buy [url=http://www.sextoysfun.net]sex toys[/url]

September 2014

S M T W T F S
 123456
78910111213
14151617181920
2122232425 2627
282930    

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 25th, 2017 08:48 pm
Powered by Dreamwidth Studios