I watched this over the weekend. As someone who has spent an absurd amount of hours following this case: it breaks new ground, has great depth, and is absolutely riveting.
There are at least seven jaw dropping moments in it. One is explaining how Bitcoin wallets pre-cache the next 100 change addresses the wallet will use, so that if someone steals your wallet without you noticing it and continues to use it you will determinisically share the same change addresses on your next 100 transactions each, which both leaves a forensic trail and also resulted in Gox continuing to send money into accounts controlled by the attacker.
Also, for bonus points: Gox allocated the new addresses as deposit addresses for new customers. So when the attacker moved stolen coins, their change appeared to be deposited on Gox into the accounts of hithertofore innocent people. (The attacker retained custody of it and Mt. Gox appears to not have swept it into e.g. offline storage, which we have fairly persuasive evidence did not really exist.)
This being the Bitcoin community, what would you expect someone who suddenly has 1,000 BTC credited to their exchange account to do?
The thing that sucks is, it was impossible to tell any of this was going on. I know people will say "Well, you should have known. The signs were all there." But there were no signs. Coinbase could be the same way right now. Any exchange could.
> The thing that sucks is, it was impossible to tell any of this was going on.
It was impossible to know the details of this exact bug - but it was possible to know that something was wrong at MtGox before the takedown.
Of the two-dozen or so people I know who held Bitcoin at the time only one lost funds on MtGox - the rest had long left Gox or were never comfortable using it.
The main administrative issues were withdrawal delays[0], MtGox not being able to prove their reserves satisfactorily[1] and having accounts seized[2]. ID verification was slow, and support was almost non-existent.
If you read the forums in the ~12-18 months before MtGox went down there was a lot of conversation about what was wrong at MtGox.
The tech issues were horrible code[3] (read the description of that repo and tell me if you would trust it with bitcoin), previous hacks[4], many more hack claims and the internal trading bot being traced by outside researchers.
I don't blame anybody for not seeing these issues - there was a lot of FUD at the time and many who saw attacks on MtGox as attacks on Bitcoin. Nobody really wrote a good and concise "this is why you shouldn't use MtGox" post anywhere. Hearing after it was taken down that someone knew it was bad is useless and only self-serving.
I don't think it is possible for a third party to hold your bitcoins for you in a secure way that is also convenient. You can pick any bitcoin company or exchange and claim its insecure and you'll eventually be right for many users.
One of the only ways to avoid the problems and store your bitcoins safely but also still be able to use them is with a hardware wallet. There has been a lot of improvement since MtGox with "vault" products, better multisig implementations, better auth, and offline signing etc. but still some way to go.
I was in BTC from very early on. Ironically I didn't make much money but that's another story.
I'm shocked, absolutely shocked that the Magic The Gathering Online Exchange wasn't suitable dealing with hundreds of millions of dollars.
The signs were obvious that it was being run by amateurs for anyone that spend five minutes doing a google search.
When I heard a friend had deposited more money than he could afford to lose on MtGox, I immediately jumped in the car and drove 2 hours to his house. I convinced him, basically at the point of physical violence to take his BTC out of MtGox and store them in a wallet on his computer, encrypted and backed up on several cloud sites.
One month later MtGox was hacked. I received an apology and a very nice bottle of whiskey from my friend.
I think if a friend drove two hours to my house and threatened physical violence because they disapproved of my financial and technology decisions, I would have one less friend.
It's only admirable in retrospect. What if Mt. Gox shot to the moon and decided to pay dividends, but your friend threatened you not to buy in?
I've been threatened by inlaws for subscribing to practices that will end in my damnation -- something much more significant than losing savings. They genuinely believe this. And I still don't think that's right, and it wouldn't be right if everything they said turned out to be true.
As far as I'm aware, all the exchanges are being run by rank amateurs with effectively zero oversight or accountability. They're reinventing the wheel and re-learning all of the painful lessons that the real banking sector took centuries to learn. From what I've seen, they're applying the "move fast and break things" attitude to other people's money. I wouldn't trust any of them to look after my pocket change.
I may revise my opinion if I start seeing cryptocoin exchanges founded by people whose LinkedIn profiles include job titles like "VP for Regulatory Affairs" or "Head of Risk and Compliance". Right now, I'm mainly seeing CS grads and people who spent a couple of years on a trading desk.
First employee of a major exchange here. You were correct a few years ago, but it's not strictly true anymore. Some oversight and accountability comes from the VCs that own them and sit on the boards, some from the compliance requirements of banks they work with to obtain financial connectivity, and some from people they outsource customer onboarding to or work with for additional financial settlement options. Also, third party penetration testing should be common by now. There is also something to be said for "zero legacy infrastructure", from a security perspective.
I'm still waiting for an exchange taking proof of reserves or multi-sig with other exchanges seriously.
We know it can be done, and we k ow that none of the exchanges do it anymore.
As hopeful as I am, I know that scaling number of users is much more important for exchanges than advancing security through cryptography that users can verify.
At BitMEX we do 100% offline multi-sig. Unfortunately, that also means any form of live proof-of-reserves is quite difficult to do, as the keys are offline.
Early in our history, we thought once-a-day withdrawal would be a problem customers would be quite vocal about. Instead, we found many of them appreciate what it means - that the keys aren't hooked up to a hackable webserver, but are actually protected. Accessing funds should be difficult and should require human interaction.
This counts for a lot IMO. Of course there are still questions of whether and how the insurance comes through. But it's a big step to make such a declaration, and the implications on security are significant.
When they say stored 'online' they mean 'not in cold storage'. 98% (according to that article) of the crypto held by Coinbase is in cold storage and is not insured.
I honestly find this attitude fascinating. A Technology that exists since- 5 years, and yet, expertise is demanded, as if these exchanges could attract and hire the experts of banks.
The thing is, all the "new" or "high tech" parts of bitcoin can be treated as a black box, and their relevant properties summarised on a single sheet of paper. You could then hire someone with financial controls expertise to run the other side of the business - the entirely conventional money handling.
A bitcoin exchange really isn't all that different from a metals exchange, if you substitute "physical delivery of gold" for "emit an actual on chain bitcoin transaction".
Other fintech startups have little difficulty in attracting experienced talent. You see a lot of grey hair and a lot of very distinguished CVs in that scene. Several banks run their own accelerators and angel schemes.
If cryptocoin startups can't recruit the right talent, then I think that's a strong indicator of their fundamental business value.
I think you're mistaken when you say that there were no signs. There were many signs, and here are some of the worst. As a point of reference, Feb 7, 2014 is when Bitcoin withdrawals were frozen.
May 2, 2013: CoinLab sues MtGox, says MtGox promised to let CoinLab operate its North American branch. This makes no sense -- why would MtGox surrender its most valuable territory to a virtual unknown? -- but MtGox doesn't explain what's going on and simply shrugs their shoulders. They will be doing this a lot.
May 15, 2013: US Government seizes $5 million from a bank account held by MtGox. MtGox shrugs their shoulders.
June 20, 2013: MtGox stops USD withdrawals; bitcoin and JPY withdrawals continue to operate normally. People ask when they'll be restored, MtGox shrugs their shoulders.
July 4, 2013: MtGox says USD withdrawals are back to normal. This is a lie. When people ask why USD withdrawals are still not going through, MtGox.. well, you guessed it. They shrug their shoulders and just repeat the lie.
By this point, alarm bells should have been blaring in people's heads. Anyone who claims that this kind of crap was the norm for the bitcoin world should keep in mind that Coinbase had launched in 2012 and was running a much tighter ship.
By this point, people still had more than 6 months to get their bitcoins out.
August ~13th, 2013: CEO blames issues on Mizuho bank; claims that Mt. Gox was greater than 50% of Mizuho's SWIFT volume (!) and DOSed their banking systems multiple times (!!); also says that Mizuho has limited them to ~10 outgoing wires per day.
Yeah, I forgot about that one! While we're on the subject of lies they told, my favorite was in Feb 2014 when bitcoin withdrawals got frozen. The claim was that they turned off withdrawals while they dealt with the bitcoin malleability issue that was in the news at the time. It was obviously a lie but they just stuck with it.
Given the USD ~1.64 TRILLION in assets Mizuho had in 2014, presumably this claim is beyond insane? Is there some mechanism to look up SWIFT transaction volumes by bank?
When MtGox's trade delay hit 30 mins+ (April 2013), and the price was crashing, I hopped on to IRC. I went to mtgox's channel and advocated in the strongest terms that they halt trading, like any sane exchange would do (the trade delay was a major factor in the crash).
When Tux's #2 told me he couldn't do it because Mark was asleep (time zones! etc), it became pretty clear they didn't have a clue about what they were doing.
I'm glad other people perceived the delays and realized they were unacceptable and indicative of something bad as well as bad management / development practices.
Some people have tried telling me in the past that I'm full of shit for pointing out the delays and what they meant. I moved my coin away about a month or so before the big hack.
The presence of a persistent arb premium was what made me back off Gox. As a quant trading guy it just seemed too fishy that a one-way arb could persist. I wrote an arb engine to take advantage of the price difference but I concluded there was too much credit risk in it. Which turned out to be correct. At best the arb was explicable as slow operations getting money out of the bank, but that would in the very best case be total incompetence. Plus the forums were saying a lot of not nice things about the management, so definitely failed the sniff test. Remember it's not the balance of probabilities that matters; it's the worst case.
Coinbase, by contrast, has VC backing that you would think means they'd find someone who understood regulatory issues. They'd also have links to proper tech people who understood security and exchange coding, a pretty small subset of coders since it's quite specialised. They may not have started with everything required but chances are they've found the money to buy it by now.
>The thing that sucks is, it was impossible to tell any of this was going on.
A few months before the big collapse, I lucked into some money and started looking at arbitrage opportunities on bitcoin exchanges.
Want to know what stopped me? The cost benefit vs. risk ratio. Here's an exchange with a really dodgy past, and the price is just shooting up, and people are shouting, and damn this seems too good to be true!
(edit: I did some trial runs, and had gone through their painful verification process - the above decision came about when I was starting with the "big boy" sums of money)
Funnily enough, I have the exact same thoughts about the crypto ecosystem right now.
I think it's probably unwise to hold coins right now, and whether the scam unfolds this year or not, I'm experiencing that very same spidey-sense this seems to good to be true worry from the Mt. Gox days.
Disclaimer: I bought into Bitcoin about 7 years ago. I'm mostly out now, but I hold a small amount of Sia, BTC, and Dash.
Especially for ICOs and Eth more generally, but also for Bitcoin, Litecoin, Dash, etc.
We use our financial system to combat international crime. Why on earth would governments allow unregulated blockchains and currency transfers to circumvent their controls?
They won't remain unregulated for long. It's similar to the late 19th century markets, except the regulatory environment already exists - the SEC will go after low hanging fruit for a while to build precedent and then take down a whale, then apply all existing securities regulations to all ICO's and their advisors. That'll cut out a lot of the scammers and introduce traditional investment banks because they are licensed. The licensing process requires sponsorship, so they'll be able to push out and keep out the early players and reap the benefits.
> 15 dollar arbitrage between bitstamp and gox right now??? 15 dollar arbitrage between bitstamp and gox right now??? thats ridiculous, anyone know why?
> Because MtGox is a money black hole, absorbing all your money and refuse to pay back. The only way to exit is to buy bitcoins there and sent them elsewhere, this explains the consistent buying pressure there. An arbitrage is meaningless if your money cannot leave, right?
How would one perform investigative journalism on a Japanese company? One way might be "write down everything they say", "identify the subset of these statements that an external actor has signal on", "identify the subset of those statements that the external actor would have a social or legal obligation to confirm or deny", and "write some on-dead-tree letters."
Mt. Gox said lots of things, including some things which were, ahem, very effing improbable and yet which alleged very specific facts about people outside of the building. "We're totes solvent; all of our assets are on deposit at Mizuho", "All of our problems are due to banking partners", "The Financial Services Agency said we're compliant with all their regulations", "Japanese banks can't send more than 10 wire transfers per day; it's physically impossible because they're technologically backward", etc etc.
This is sort of similar to "But how do you know that their application is vulnerable, $SECURITY_RESEARCHER?" The answer "I bothered to look" might be unsatisfying, but it is not inaccurate.
We understand you bothered to look. We're asking "What are the specific actions you took, so that in the future, we may take them? What did you discover that led to your tweet? Was it hard evidence, or was it more of a list of worrying signs?"
Writing on-dead-tree letters is a flowery way of describing what you did, but it gives no actionable signal.
I'm sorry you lost money, sincerely. One of the reasons that I'm so vocal about my opinions on Bitcoin is that I think that, when it achieves its true value of 0, it will wipe out a lot of geeks of good will.
I cannot agree that you had insufficient notice from me regarding my opinions of Bitcoin or operations in the Bitcoin economy. That tweet went as close to the line as I could without risking arrest, contemporaneously. It was preceded by probably a few hundred comments on HN and Twitter about Bitcoin and businesses in the ecosystem.
I appreciate that you want a list of steps you can take in the future. I have described a way to reproduce the unpaid, unpublished original research project which I did, in sufficient detail for any competent researcher to reproduce it.
You think that that series of steps is not actionable. I respectfully submit that you are not capable of reproducing it; these are two different things. You are illiterate in the language that the research was conducted in. I'm sorry; that is true, and it is the nicest possible way to phrase it unambiguously.
You should, in the future, not make investments which you are incompetent to evaluate the risk factors of. If you must, you should secure the advice of competent professional advisors. If you believed yourself competent to evaluate the risks of doing business with Mt. Gox or believed the quality of the advice you had to be adequate, you should be skeptical of your self-assessments of your competence or your ability to evaluate competence in a professional advisor, and apply this skepticism to your reasoning process about future investments.
(For context, I edited out "if you'd made a ruckus on HN, you could've prevented a lot of suffering" from my previous comment. Mostly because I disagreed with myself that it was up to Patrick to do that.)
Patrick, I respect your writing. But your answers are rarely straightforward. Even now, when you risk nothing, you refuse to reveal precisely what you knew and how you came to know it. I'm skeptical that you knew anything of consequence, and I think this is a way for you to appear prescient. But if you say you discovered something, we have no choice but to believe you on reputation alone. I wish you'd share with us what the Great Sages know, but who can blame you for wanting to stay a member of their ranks? It's only through secrecy and obfuscation that you can maintain the aura.
> you refuse to reveal what precisely
> you knew and how you came to know it
I see, in his previous comment:
> Mt. Gox said lots of things, including
> some things which were, ahem, very effing
> improbable and yet which alleged very
> specific facts about people outside of the
> building
and then a list of those facts that could be fact-checked.
What could he, as an outsider, possibly have written to a bank that would let him determine whether Gox was solvent?
The simplest answer is "nothing," but we're meant to believe otherwise.
We could go through each item on that list and try to reverse engineer which entity he wrote and what he asked, but this indicates he isn't being straight with us. That's fine; it's his right. But it's a little odd. If someone performed some badass investigative journalism that could've blown the whistle on the Gox case long before anyone knew about it, who wouldn't want to brag about it after the fact? Especially when it'd be so easy to illustrate the steps taken.
We're talking basic questions like "What did you write?" and "What did they say?" But we're meant to guess.
I think a large part of the problem of "verifying" Gox was that people desperately wanted the story to be true.
If a big-name bank operated a bitcoin exchange that was repeatedly hacked, came up with a mountain of excuses about why people can't withdraw, made nonsensical claims about doing business (e.g. 10 wires/day, not trading in the USA etc.), no-one would use them.
(edit: in The Real World, I imagine they'd have been shut down in seconds flat thanks to regulations, but for the sake of convenience let's pretend regulations don't exist)
Instead, we had a plucky new underdog that people wanted to believe was creating history.
You see a business destined to fail, I see a line of incompetent exchanges playing Russian roulette. One of them died and the rest got lucky.
Bitstamp, Bitfinex, Cryptsy, more I've forgotten, were the competitors really more reliable?
I've been in a position to see some absolutely insane stuff happen on exchanges [most of it gets quietly buried), and I really don't think MtGox was anything remarkably different.
I don't think patio11 is claiming he did any in-depth investigation, and is saying that when the company seemed to start having problems they made odd claims like a bank cannot process more than X payments per day sound unlikely enough that they indicate a person lying to cover their ass
you're being pretty unreasonable. he took a look at the body of evidence, including statements from the company itself, did some follow-up (i doubt the specifics actually matter), and got a really bad feeling about it. the technical term for this is 'spidey sense'. also 'bad juju'. or 'his bullshit detector went off'.
what if the answer you're looking for is, "he called up someone at mizuho, went and got a beer, and the guy let it slip that that gox is broke."
then what? hmm? haha what are you going to do about that? that's how the vast majority of insider information (note i didn't say insider trading) is passed. are you going to replicate that the next time around on a specific asset that's about to crash, or a specific company that's going to go insolvent? good luck, friend. this is how the world works; you clearly were not in on it, none of us were, that's why a bunch of people were left holding their dicks in one hand and an empty wallet in the other (i don't deal in bitcoin because i'm too dumb to comprehend it, but i saw the carnage online).
at the end of the day he believed something differently than most. it's not any more complicated than that. that's how people generally make a bunch of money, or in this case, prevent from losing a bunch of money.
also, he lived or lives in japan and speaks japanese, so that's probably going to be the major hurdle for you to grasp his process - he has a lot more day to day context of how all this stuff works in that country. unless of course, you live there too, in which case, that's even worse for you. sorry pal.
People who say that are people who don't understand fiat money's ONLY purpose is to track who owes what. It's debt-based. If Alice pays 1 unit of currency to Bob is because Bob gave her a product or service worth 1 unit of currency. Bitcoin is great at tracking "debt": universal, electronic, decentralized, robust, inflation-proof.
The "true value of 0" reflects the huge confidence of legacy providers (Patrick/Stripe) that crypto will sink. They may well be correct but for a community of "Entrepeneurs", it's entertaining to see the same patterns of technology disruption applying to the so called distruptors.
I don't understand how someone can hold the opinion that Bitcoin has no value. At the very least, it enables a lot of crime, which is valuable to criminals.
Technically, the true value of any currency as time -> infinity is zero. I have no doubt that at some point in the future, USD will be worth less then the paper it's printed on.
The problem is that most of us can't wait until time -> infinity.
Then why doesn't it say "Mt. Gox is probably insolvent"? It's also not very helpful to say "Told ya so" rather than "These are the signs to look for in general."
The adjective I would have chosen was not "probably", but being any more explicit than I was might have earned me a "What did you know, when did you know it, and what was your part in this?" from either of two government agencies who could deport me by either pressing a button or failing to press a button.
Now that no one has the power to deport you, do you mind if we pose those questions? The answers would be informative for anyone who has to weigh which exchange to be using at any given time.
I'm not patio11, but in all seriousness, it is true that just the inexperience and immaturity of the people building these exchanges is sufficient evidence on its own.
In a way, the issue here is that if you want to operate in this space, you do need to take the discussion about BitCoin being money seriously. (Even if you don't think it's "money", it's still definitely a money-like asset.)
Again: That would identify Coinbase as insolvent, right? Why or why not?
I remember how amateurish Coinbase was in the early days, and you can look up a lot of the controversy on HN. People have been coming out saying they haven't processed $5k deposits, that they haven't responded to support claims in months, and on and on. If you're looking for "This exchange is run by amateurs," look no further than Coinbase.
Yet it's not that simple. Coinbase has somehow managed to become the #1 exchange to go to if you're a US citizen that needs an easy way to convert BTC into USD. So I just don't get this line that if an exchange is run by amateurs, it's a sign of insolvency. We have evidence that demonstrates that's not true.
You're not thinking probabilistically nor in terms of risk. There's no way to know for sure that an exchange is insolvent or at risk of becoming insolvent, but there are signs that increase the probability. Being run by amateurs is one such sign. Other signs are lack of insurance, persistent withdrawal issues, persistent arbitrage opportunities, lack of security reviews, poor technological practices (there are posts about the original Mt Gox codebase's poor handling of passwords for example, before Mark took it on), and misleading public statements.
If you bought the line that traditional banks were simply unable to process more than 10 wires a day, rather than it being that Mt Gox was so risky that they refused to process 10 wires a day, then you need to work on critical thinking. Likewise, exhortations that banks were placing restrictions on exchanges because "they were scared of Bitcoin" rather than being because these partners were shady and didn't have sufficient controls should have been met with suspicion.
And yes, Coinbase was also risky. The fact that things worked out doesn't mean it wasn't risky to begin with. I didn't give them any money for the first several years they were in business specifically because I saw them as high risk.
In hindsight, Coinbase had the benefit of having backing by VCs with real business experience and subsequently hiring people with experience in the space, which reduced risk.
It's entirely possible that keeping your money out of Coinbase was the correct ex ante advice, despite their subsequent success. They may well have gotten lucky and succeeded (at least so far) despite their experience.
I don't have any particular knowledge or experience with CB or BTC in general. Just pointing out that it's possible success was despite great risk, and the advice to avoid may have been entirely correct given the evidence at the time.
Do you have evidence of Coinbase's solvency? Because it seems to me this is all based on blind trust. If there is real evidence, of course that trumps the blind trust issue, but without it, it's generally a good bet that amateurs lack the skills, experience and resources to ensure proper handling of financial transactions.
Real banks are also not trusted blindly; they get audited a lot by central banks and other regulators. And they still mess up and get flamed to hell for it. The chance that amateurs in a completely unregulated field do it better is very unlikely.
I don't think its black and white. If all exchanges are run by people who don't know what they are doing not all will fail but a high percentage than if run by more experienced players.
Having said that bankers would be part of the inexperienced group.
I strongly disagree. Comparing Coinbase to MtGox is insane. For starters MtGox had their US bank accounts seized a year prior to the company imploding.
As I remember it when first started getting interest in Bitcoin and looked for an exchange in November '13 the sentiment was unanimous in the community: Mt Gox will fail sooner or later, never put money/coins here. But it also looked like a lot of Americans didn't want to hear that because it was the only (as I remember it) exchange where depositing and withdrawing dollars for Americans was convenient.
Edit: just saw that other comments say the same thing with more detailed informations, at least it add a data point that even an amateur saw it
Oh, there were signs. Just because you couldn't see them doesn't mean they didn't exist.
I moved my coin from Mt.Gox about a month before the last major hack because just the thought of using it made the hairs on the back of my neck stand up. Something was amiss and I felt it.
The most glaring issue was that of inexplicable server load. When you are dealing with a service that handles money or valuable assets, things like this are very bad omens and should never be brushed off. It was clear that either A) the website was experiencing unusual traffic (in this case, I believe what came out was that the one of the attackers were testing their method.. supposedly this same method was used in the Silk Road hack) or B) the staff was not equipped to properly and securely run a server and were an attack to take place, they would not be ready to handle it. One bad security practice with such a critical service is indicative of generally bad security practices and lack of accountability.
You have to pay attention to your gut. If something feels amiss, and the service is critical, you have to assume that something is indeed amiss.
What standard did you set in terms of deciding whether a BTC exchange was trustworthy or not? What did you do to determine whether Mt. GOX was trustworthy and had met that standard? How did they gain your trust?
You can just assume zero trust. Transfer in what you can afford to lose. Split your big trades into a lot of small trades across exchanges keeping a maximum amount in flight at any time. Money is only safe if it confirmed in your crypto wallet, or in your bank account but beyond and period where the transaction could be reversed.
That's pretty much the rule in software. Which is why you have so much software that appears to be working but behind the scene is made of horrible hacks by devs who have no idea of what they are doing.
as others have pointed out there were signs - but I would say that this is true for most financial institutions if you are paying attention. I remember before Lehman's went down I saw them having a Christmas party and I joked with a friend I didnt think they could afford that anymore - and sure enough not long after they were gone.
Yea if you keep your own bitcoin wallet, which if it's in mtgox or a similar exchange is not the case.
It'd be akin to buying up a bond fund vs. keeping a stack of treasury notes in your house. Only here the broker or whatever who is running the bond fund has only been up and running for <10 years, has basically no SEC oversight, and when your funds don't show up in the right amount of time your official method of recompense is "yea just wait awhile longer, we're going through a massive growth phase and are having difficulty dealing with the scale". Oh and in this hypothetical world, this is also the #1 broker in the world who handles >50% of all trades.
Is there anything stopping exchanges (or other parties) from manipulating the price of Bitcoin by having millions of bots repeatedly buy/sell coins amongst themselves? If not, is there any way of detecting whether this is or isn't happening right now?
How sure are you about this? Karpeles has admitted at trial to running bots on Mt. Gox, and such bots are implicated in the rise of Bitcoin's price up to $1000 in 2013:
> The story of how this works begins in 27 industrial warehouses in the Detroit area where a Goldman subsidiary stores customers’ aluminum. Each day, a fleet of trucks shuffles 1,500-pound bars of the metal among the warehouses. Two or three times a day, sometimes more, the drivers make the same circuits. They load in one warehouse. They unload in another. And then they do it again.
I spent some time messing with Bitcoin libraries, not an expert by any means. Generating a new private key (and the corresponding address) is trivial. Generating a transaction is a bit less trivial, but not that hard. As far as I understand, you don't need a change address to send the money to another, the change can go straight back to the original address. Random example:
So all that mess with the deterministic change addresses is simply due to the laziness of the developers, who didn't bother to generate addresses and transactions using relatively simple crypto, and instead chose to use the existing software, which they didn't really understand.
On the other hand, if the servers were hacked, almost nothing would help them. They should have kept most of their deposits in cold storage.
>There are at least seven jaw dropping moments in it. One is explaining how Bitcoin wallets pre-cache the next 100 change addresses the wallet will use, so that if someone steals your wallet without you noticing it and continues to use it you will determinisically share the same change addresses on your next 100 transactions each, which both leaves a forensic trail and also resulted in Gox continuing to send money into accounts controlled by the attacker.
hence why if your wallet is compromised you're supposed to move all of your existing funds to a new wallet. generating new keys every time sucks because it creates a problem of having to constantly back up your wallets (every time you make a transaction), which sucks from a usability point of view.
Bitcoin Core now uses deterministic wallets by default for new users (like most other Bitcoin software), so all keys are generated from the initial seed in the wallet and a single backup is enough to cover them for all time.
But by default, non-deterministic wallets have the next 100 addresses pre-generated. That's a lot for people not making a lot of bitcoin transactions. The "protection" that non-deterministic wallets give in case you're hacked is probably no use to most people.
If you ever notice funds from your wallet are stolen, even if you were using a non-deterministic wallet, your thought should be to reinstall your OS and move any remaining funds to a fresh new wallet. Not to keep using that wallet while the attacker keeps grabbing from it and telling yourself the problem will go away 100ish transactions later.
I guess there's attack vectors where an attacker gets hold of an ancient backup of yours that a non-deterministic wallet could have helped. If you think that type of attack is likely against you, you should just manually swap out to a new wallet (synced up to your backup schedule) instead of depending on the non-deterministic wallet's keypool being depleted occasionally.
The case that non-deterministic wallets actually protect anyone is slim (attacker only has access to ancient backups of the victim), and outweighed by the risk to the user that their backups will silently become out of date as their wallet's original keypool is depleted. I think everyone should forget about non-deterministic wallets. They're a historical quirk with few parallels to other systems.
I find your presumption that a Bitcoin wallet's balance should be immune to an attacker who gets a copy of it to be surprising and unfair. It's the same situation with any cryptographic keys: if an attacker steals your PGP keys, then they can use them to decrypt data or sign data for all time. If you want to protect against the situation of an attacker getting your old data, then it's up to you to rotate your keys (/wallet) and update your backups.
so if you buy an exchange that uses the standard wallet not only do you have to transfer all your coins to new addresses you also have to generate new wallets for those addresses
There are at least seven jaw dropping moments in it. One is explaining how Bitcoin wallets pre-cache the next 100 change addresses the wallet will use, so that if someone steals your wallet without you noticing it and continues to use it you will determinisically share the same change addresses on your next 100 transactions each, which both leaves a forensic trail and also resulted in Gox continuing to send money into accounts controlled by the attacker.
Also, for bonus points: Gox allocated the new addresses as deposit addresses for new customers. So when the attacker moved stolen coins, their change appeared to be deposited on Gox into the accounts of hithertofore innocent people. (The attacker retained custody of it and Mt. Gox appears to not have swept it into e.g. offline storage, which we have fairly persuasive evidence did not really exist.)
This being the Bitcoin community, what would you expect someone who suddenly has 1,000 BTC credited to their exchange account to do?