Steem&#x27;s ecosystem needs to take the lesson of Bitfinex to heart. Bittrex and Poloniex NEED cold wallets!

dantheman (73) · 8 years ago

We are working on a solution where exchanges can set daily rate limits on withdraw activity from their account. Their "warm storage account" could be online allowing them to withdraw X% per day to their "hot storage account".

The downside from a user's perspective is that attempts to withdraw your funds would be rate limited by the same algorithm. But at least it would be transparent why there is a delay in withdrawal.

$2.82

pfunk (72) · 8 years ago (edited)

This is really good to hear, but I'd still hope to see a third-tier cold storage with manual offline transactions to refill the hot/warm wallets. Forgive me if there's already a method, but are offline signing tools on the to-do list anywhere, by the way?

$0.04

satoshifpv (58) · 8 years ago

A possible solution would be to add 2 factor authorization. This would be great for users and exchanges could move a majority of funds to an account secured by a secondary hardware PIN.

$0.00

lukestokes (75) · 8 years ago

The downside from a user's perspective is that attempts to withdraw your funds would be rate limited by the same algorithm.

As long as the default is hot storage and people have to opt in for warm storage (much like Coinbase does there vault), I think this would be a great feature to add.

$0.00

toroiskandar (53) · 8 years ago

I agree with your opinion @lukestokes

$0.00

bless (52) · 8 years ago

Maybe the limit could be increased substantially for people that have 2fa?

$0.00

psychologyrad (30) · 8 years ago

Still 2FA is better. This makes very little sense. Security should come first.

$0.00

deepsynergy (54) · 8 years ago (edited)

I would like to see a security audit for Steem in general. It could be crowd funded right here on Steemit. I really believe that a single serious breach can undermine the whole success of the project.

$1.16

5 votes

suicidemime (11) · 8 years ago

All true safety comes first!
As far as I Poloniex uses cold wallets.
It is very sad that we have to fight for freedom, for the development of technologies for cryptocurrency and blockchain. And then our money so easily disappear.
I hope all this story will end well.
And these negative factors will be as small as possible.

$0.86

metaflute (41) · 8 years ago

Nothing can stop bitcoin even falling exchanger. Every chrisis brings fresh air. That's Bitcoin.

$0.00

klye (73) · 8 years ago (edited)

You raise very valid concern here... What the hell are they thinking dangling such a large carrot.

$0.00

fubar-bdhr (68) · 8 years ago

I believe the system bitfinex was using was put in place because of government regulations they had to meet to be a legal exchange. They couldn't keep the coins in cold storage and use ledgers to move the coins they had to move the coins from account to account to satisfy the regulations. Same would have probably been true of any other coin on the exchange.

$0.00

klye (73) · 8 years ago

I wonders if that means they'd have some type of insurance on the wallets?

Would make it pretty lucrative for an insider to come in and fill his pocket..!

$0.00

teatree (63) · 8 years ago (edited)

They should have tried to get insurance. The Lloyds Insurance market in the City of London does all sorts of bespoke insurance for a fee, and other exchanges have obtained insurance this way. Of course they also demand rigorous audits and internal security to reduce their risk, and perhaps Bitfinex believed they couldn't meet the criteria...

$0.02

pfunk (72) · 8 years ago

I'd like to see an equal-replacement insurance policy for 120,000 bitcoins. It would easily create a new all-time high BTC price!

$0.00

fubar-bdhr (68) · 8 years ago

I think it would still have crashed. Thief dumping lots of BTC, panic selling, and the insurance probably wouldn't pay out until after an investigation and months of paperwork.

$0.00

fubar-bdhr (68) · 8 years ago

I believe they said there was no insurance for that yesterday on reddit.

$0.00

timcliff (73) · 8 years ago

What about the Steem/Steem Power/Steem Dollars that are in your Steemit.com wallet? Are they considered secure?

$0.00

pfunk (72) · 8 years ago (edited)

They are as secure as your password/keys are secure. So far, a web exploit was able to compromise the keys of people who were logged in with a master password. That web exploit has been fixed and all lost funds have been promised to be reimbursed. I haven't read if there have been any changes to the way the keys are stored locally after that incident, but I have some faith that it's been made more secure now.

$0.00

timcliff (73) · 8 years ago

Ok, cool. Thanks!

$0.00

magdalena (45) · 8 years ago

Exchange should give serious attention about security, what happens to bitfinex should make them even more concerned about security, and we also need to save each of our assets in place is really safe, do not store all assets in one place it's much safer

$0.00

jrkirby (47) · 8 years ago

This is true, they should be using better security standards. However, Steem has shown that it's antifragile - hacks can be reverted. This makes me feel safer with steem than other cryptocurrencies.

$0.00

https://steemit.com/steem/@dantheman/bitfinex-blockchain-hacks-and-replay-attacks-oh-my-all-things-that-steem-s-technology-is-designed-to-prevent

tomkirkham (57) · 8 years ago

Be careful what you wish for - ask Ethereum, although @dantheman had a great post about this. I am not opposed to hard-forks to recover stolen funds, it just opens a can of worms that without proper vetting, can be disastrous. If I read this post correctly, there is still a shoe to drop on the ETC/ETH problem at Coinbase:

$0.14

cryptoiskey (61) · 8 years ago

Exactly... There is some massive wealth building on steemit, and like any mass amounts of Cryptocurrency we need a secure safe to secure the jems.

$0.00

bendjmiller222 (64) · 8 years ago

Great point! If we do not learn from others, we will be doomed to fail ourselves. Maybe you can make a post for newcomers about what happened in the hack and what they should do with their currency to be as safe as possible.

$0.00

ervin-lemark (71) · 8 years ago

How can we do that? I mean "ask"?

$0.00

https://steemit.com/steemit/@greatone/proposal-steemit-vault-safeguard-your-investments

greatone (11) · 8 years ago

Amazing I posted a story about this yesterday and got nothing, but now I see a post saying the same thing I did and it has tons of Votes. WTH

$0.00

timcliff (73) · 8 years ago (edited)

There are a lot of variables to a post being successful. People who have a larger following will have their posts get noticed sooner. The time you post, who is online/reading at that time, how attention grabbing it is, how well written, etc. all play a factor too. Try not to let it discourage you. Building a following takes time, but if you consistently keep posting good content - people will start to notice.

$0.00

pfunk (72) · 8 years ago (edited)

It's actually not the same at all. What you are proposing sounds similar to what Dan said they're implementing. I want to see Bittrex, Poloniex, and any other exchange use one or more accounts (with different active keys) as cold storage, significantly reducing the risk of a large amount of liquid STEEM or SD from being stolen.

As it stands, if someone were to get the active or owner keys of either of these accounts they could instantly send the liquid assets to another Steem account. We know their active keys are "hot" because both are sending withdraws from the account.

$0.00

gikitiki (60) · 8 years ago

There is nothing I could say that isn't said in this earlier post. If you haven't read it, it is worth the time.

https://steemit.com/steem/@dantheman/bitfinex-blockchain-hacks-and-replay-attacks-oh-my-all-things-that-steem-s-technology-is-designed-to-prevent

$0.00

jphamer1 (59) · 8 years ago

Crypto is really showing itself up at the moment, it could get really ugly which would be very disappointing. I have a lot of faith in it but the security side of things is letting everything down bigtime.

$0.00