boutell: (shave)
OK, on a macro scale I'm not surprised at all, but on a micro scale I'm curious about the mechanics of this theft.

If I read this right, flexcoin's "hot wallet" just consisted of a big ol' pile of bitcoin that belonged, cryptographically speaking, to flexcoin itself. And a pile of user accounts, in a very conventional "this is a site with some accounts in a database" system, with balances. None of those people actually *had any bitcoins* in the sense that can be mathematically verified by a party outside flexcoin.

That enabled a pretty simple attack that worked because they were tracking their accounts with chewing gum and string - excuse me - using a database that wasn't transactional and couldn't guarantee that it wouldn't finish adding over here unless it also finished subtracting over here.

Am I right about that?

And why would anyone who thought bitcoin was worthwhile want to *not actually own* the bitcoins they "own", in the most cryptographically sound manner possible?

Could it be that *most people using bitcoin have zero comprehension of how it really works*? OK, yes, of course it's that.

But also, how crappy is my own crappy understanding of "owning bitcoins"? There is some sense in which the original miner signs them and stuff, right? And some sense in which if ownership is transferred, the new owner gets to sign them in that crazy "blockchain" thing? Except that doesn't happen in these "hot wallet" systems? Because... why???

Will bitcoin "exchanges" be replaced by a system in which the math of this craziness, however unproven, is at least applied to every transaction?

September 2014

2122232425 2627


RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 23rd, 2017 11:26 pm
Powered by Dreamwidth Studios