Cryptocurrency: is it worth it?

[sabs]

The Bank I work for does ACH transfers on a daily basis, we also deal with reverse ACH transactions all the time. It's a giant pain in the ass.

There are systems for doing that shit.

[Vebyast]

What you are talking about is a fraudulent invoice. [...]

[...] no way to prove that you actually owned any of those fucking Bit Coins [...]

[...] because there's nothing to revert to or with.

Bitcoin has no fraudulent invoices because the only way to get money out of an account is to actually have their private key; there are no withdrawals, only deposits. There is no way to fake a transaction or to take one back because transactions cannot be modified once confirmed by the network. You can prove what your account balance was at any point in history, prove where that balance came from, and prove where it went; all you have to do is demonstrate that you have the private keys corresponding to the signatures on the transactions that moved that money around. Those are facts in the same way that addition is a fact. You can't multiply two large integers together to get a prime number, you can't find an optimal solution to the traveling salesman problem in polynomial time, and the bitcoin protocol can make mathematical guarantees about some of its features.

As for the backups: every client in the network has a backup of every single transaction that has ever happened. It is possible (albeit not yet implemented, see below) for the entire network to revert to an arbitrary point in history. If the entire network gets monumentally screwed, you just go back to the most recent not-screwed block and fork the chain.

When you talk about botnets, are you talking about a client's computer getting owned and all of their passwords being stolen, or are you talking about a botnet attacking the system itself and breaking the cryptography? The first is a problem, but could be fixed by setting up fraud insurance agencies that work exactly like they would "in real life". The second doesn't matter because there is no "trying new things"; the only attacks are implementation-dependent or brute force, and those either don't work or only work against part of the network.

---

But the point is: backups and reconciliation of bank data happen every day. Many times in a day for that matter.

All we know is that rollbacks and reconciliations happen for single transactions and single accounts. We don't have any information about how that would behave on the kind of scale that would be required to revert a mass breakin. Sabs, since (to the best of my knowledge) neither of us actually work in the banking industry, how hard is to reverse a transaction that was to or from a bank in, say, Russia, or Yemen? What happens if you need to reverse a transaction that was carried out a week ago or a month ago? What happens if you need to reverse a transaction for several hundred thousand dollars, or if you need to reverse several hundred thousand or several million transactions? What would you do if several of those overlapped?

---

Less likely, but if it happensyou fall for it

Fraud is another matter, although banks have an advantage in that regard, too.

That's true; although things like credit card fraud and forgery are effectively impossible, successful scams can be rather more damaging. See musing above about bitcoin fraud insurance.

---

You could resolve that via the magic of mandatory auto-update, but then you run the risk of a drunken coder hitting the commit button and realizing in the morning that he accidentally commented out auto-increasing difficulty of mining or whatever, which is why people don't update that fast.

That's what unit tests are for, but sure. It might take a day or two instead of a few hours. The fact remains, though, that things like Google Chrome Canary and Firefox Aurora (both of which I use) push out more-or-less stable updates for a 200MB codebase every three to five days. Doing that for a bitcoin client or miner (150k of code, maybe) would be much easier.

After all, if they end up in worlds in which a transaction occurred in different ways, both of which are theoretically possible, you'll never know which is right.

That's one of the nice things about having a defined protocol instead of just implementations. You can look at a block and say, "This block is not possible and correct implementations should reject it, therefore this universe is fantasy and that one is not." If a transaction happens in n different ways, >=(n-1) of those ways are wrong.

Also, now that I think about it, just one bug wouldn't do the trick. You'd need both a miner and a client with the same bug. Universally bad miners or universally bad clients would shut down the network entirely until at least one was fixed. Individual bad miners would fork the chain and the bad chain would be ignored by clients and other miners until the bad miners are fixed. A single bad client wouldn't do anything because the miners are all generating valid blocks. The only way for a bad chain to really get anywhere would be for a bad client to recognize it and a bad miner to keep it going. That's what happened earlier; both the only available client and the only available miner were using the same verification code, so they were both vulnerable to the same error.

That is arguably a worse problem, hence why the system currently doesn't have a blacklist.

That's true. The simplest way to do it would probably be a vote by processing power, since that's just a rewording of what already happens. If one chain has more miners than any other chains, then that chain stays ahead. Just have clients publish their list of invalid chains, present that list to the humans, and you're pretty much set. Think of it as a distributed autoupdate prompt. Since hitting "OK" will be a rare occurrence, the miners already know what they're doing so they can mine efficiently, and it wouldn't even need a restart, I'd guess it would work pretty well.

[Koumei]

So basically with Bit Coin you're betting that a meme on the internet will outlast the largest and most powerful empire that has ever existed on Earth.

I'd bet on lolcats outlasting America. But that has cats with funny messages, not a cute little algorithm.

[erik]

Maybe I missed it...

If a person pays a bitcoin for X product to be sent to them and never receives said product what is their recourse for getting their bitcoin back?

[Vebyast]

If a person pays a bitcoin for X product to be sent to them and never receives said product what is their recourse for getting their bitcoin back?

First, if you had a contract of some kind, you go to any relevant authorities (online auction site, the government, whatever) and show them that the other party didn't uphold the contract. I don't know how reliable this would be. Probably not very, unless you had a contract lawyer to write something up for every transaction you made.

Second, use an escrow service like ClearCoin. Instead of giving money directly to the seller and waiting for your package, you give your money to a mutually trusted third party. If the package is delivered, the escrow service pays the seller, otherwise your money gets returned. This is sufficiently effective that it's been in universal use for hundreds if not thousands of years, and it's only gotten better on the internet.

Third, require everybody to be part of a trust network like Bitcoin-OTC or PGP. After every transaction you rate the other person in the transaction. This rating becomes publicly associated with that person either in a central repository (Bitcoin-otc) or on a distributed network (something like PGP). People with poor reputations can't sell anything because nobody trusts them to pay up on time. This system worked well enough for eBay that it dominated online auctions for a few years (it may still; I don't follow it).

[Username17]

There is no way to fake a transaction or to take one back because transactions cannot be modified once confirmed by the network.

Oh man, that's a good one. I agree that the system has no way to recover absconded monies. But if you think that any math could ever make it so that people can't use chicanery to take your monies in the first place, you're either a pathetic utopianist or just not very bright.

But really this all doesn't matter. A fiat currency is currency because the issuing authority guarantees that civilization won't collapse and currency will remain more useful to you than shotgun shells and cans of beans. A purely electronic system that is not issued by an agency that in any way protects or maintains the internet cannot make that claim. It has no authority to issue currency at all.

For fuck's sake, at least Starbucks Bucks are backed in coffee.

-Username17

[Draco_Argentum]

It is possible (albeit not yet implemented, see below) for the entire network to revert to an arbitrary point in history.

Oh exploitable.

[sabs]

http://www.pcworld.com/article/230377/w ... 00000.html

Bit coins are awesome

[Swordslinger]

Now that I think about it, bitcoin isn't that remarkably different from most stocks. It does nothing and the only actual value in it is trading it. And so long as people think it has value, they may want it.

[Doom]

Stocks actually represent ownership of something. Granted, for most stockholders, their ownership is so miniscule to be irrelevant, but there's still ownership.

Bitcoin just strikes me as pure madness....that guy got in early, and had $500,000 for being one of the first on the pyramid. His theoreticall money is stolen, and because it's all untraceable, he'll never get it back.

Bitcoins still don't represent anything to me, even tulip bulbs make more sense as money. I could see me owning some, the same way I own some Mardi Gras doubloons, but not much past that.

[Vebyast]

But if you think that any math could ever make it so that people can't use chicanery to take your monies in the first place, you're either a pathetic utopianist or just not very bright.

They can scam you, they can break into your computer and steal all of your keys, it's possible (albeit rather difficult) to exploit a bug in the implementations, etc etc etc. But if they don't have your keys, your permission, or a programming error in your software, they can't do anything even related to you. It takes a failure in real life to break it. If that's what you're saying, I suspect that this is just a definitions problem and we've been violently agreeing the whole time.

A fiat currency is currency because the issuing authority guarantees that civilization won't collapse and currency will remain more useful to you than shotgun shells and cans of beans.

That's a reasonable assumption if you live in the US, but it doesn't quite explain the shopowners in Russia, the drug smugglers in Southern America, or the weapons dealers in Africa that only accept USD. The value of a currency is that other people value it as currency. National currencies get a leg up because one of those people is the government's tax service, but nothing else impacts a currency's value except by making other people more or less likely to consider it valuable.

[erik]

A fiat currency is currency because the issuing authority guarantees that civilization won't collapse and currency will remain more useful to you than shotgun shells and cans of beans.

That's a reasonable assumption if you live in the US, but it doesn't quite explain the shopowners in Russia, the drug smugglers in Southern America, or the weapons dealers in Africa that only accept USD.

Really? I thought it exactly explains why they use USD. Because it is stable in an environment where stability is harder to come by.

[Username17]

Yeah, the fact that the US has a giant army, a giant empire, and a giant reserve of food and fuel is more than enough to explain why arms dealers in Africa would rather be paid in dollars than in gold or rice.

In other BitCoin related news, someone tries to frame LulzSec for the BitCoin heist. That's a weird one.

-Username17

[Vebyast]

A fiat currency is currency because the issuing authority guarantees that civilization won't collapse and currency will remain more useful to you than shotgun shells and cans of beans.

That's a reasonable assumption if you live in the US, but it doesn't quite explain the shopowners in Russia, the drug smugglers in Southern America, or the weapons dealers in Africa that only accept USD.

Really? I thought it exactly explains why they use USD. Because it is stable in an environment where stability is harder to come by.

That is true; there is a huge population using the USD and that gives it far more stability than bitcoin has at the moment, and the US financial system has a vested interest in keeping the USD afloat. The military is only indirectly involved by keeping that financial system afloat.

Also, Frank, a little FYI for that particular phrasing of your argument: the US strategic reserves hold enough food and oil to keep the US running for one to three months at normal consumption. Also, I seem to remember this very board concluding that the military would be pretty much useless against a zombie, vampire or shadow invasion.

In other BitCoin related news, someone tries to frame LulzSec for the BitCoin heist. That's a weird one.

Indeed it is. Current-events-wise, the whole BitCoin thing is fucked up beyond belief, and LulzSec is a source of near-constant amusement. I'm trying to decide whether they're an NSA or RIAA false-flag operation to get stronger internet controls, out to make a point about how failtastic internet security is, or actually doing it for the lulz.

[Ravengm]

Here's some more info to ponder for you:

http://www.symantec.com/connect/blogs/a ... s-are-ours

Who'd have thought storing something as good as cash in a plaintext file was a bad idea?

[Swordslinger]

Stocks actually represent ownership of something. Granted, for most stockholders, their ownership is so miniscule to be irrelevant, but there's still ownership.

That's what people say, but I've never seen how it even relates. Unless you've get dividends from the stocks (most don't even pay that), the actual corp you supposedly own doesn't give you anything, and you can't at any point say "Here I've got 5% of the shares and I want to pull out, so give me 5% of all your assets."

The only thing most stocks actually do is act like a currency with a corporation's name attached.

[Doom]

5% is actually pretty huge in terms of money and disruption for a company to turn over assets, at least for DJIA companies; if you owned that much, it'd be worth your while to talk to the other major shareholders and arrange for compensation for your shares. You could try a corporate vote to the company to liquidate just for you, but I doubt you'd get very far.

Ownership, even miniscule, can be leveraged, eg,

http://articles.chicagotribune.com/1998 ... -americans

[Ravengm]

Apparently there was some malware going around that caused an enormous Bitcoin selloff that tanked its value. They were about $20-22, now it seems they're going to level off at $17.5 if this place has any clout.

[Doom]

The bitcoin will be back to around 17.5$/BTC after we rollback all trades that have happened after the huge Bitcoin sale that happened on June 20th near 3:00am (JST).

One account with a lot of coins was compromised and whoever stole it (using a HK based IP to login) first sold all the coins in there, to buy those again just after, and then tried to withdraw the coins. The $1000/day withdraw limit was active for this account and the hacker could only get out with $1000 worth of coins.

I'm not sure I'm reading this mess right, but a more than 10% drop from a mere $1000 worth of liquidation...yikes.

[K]

I kind of love how the press blitz for Bitcoins are accompanied by massive fraud, theft, and market crashes.

[Vebyast]

Ok, here's what happened, in chronological order.

1) Someone acquires the user database for Mt. Gox, the largest BitCoin forex. They do this by breaking into a security consultant's computer and using it to gain read-only access to Mt. Gox's databases.
2) The cracker then breaks into a few huge accounts (accessing something like 500k total, about 7% of all extant bitcoins) and puts them up for trade with an offer of - literally - nothing.
3) Since Mt. Gox only handles a few dozen thousand BTC a day, this swamps the market. Over the course of a minute or two nearly every single bid on the entire site is filled, even the joke bids of two-cents-per-bitcoin.
4) The market eventually bottoms out when someone realizes what's going on and lodges a bid for "as many bitcoins as my money can buy" at .0101 dollar per bitcoin. This trader's account on Mt. Gox is now credited with about 250k bitcoins.
5) Not quite feeling safe now that Mt. Gox has been cracked, this trader attempts to withdraw as much money as possible before his account is broken into. He makes it out with only about 600 bitcoins because of the $1000/day withdrawal limit.
6) Mt. Gox shuts down, corrects its security, and reverts the offending transactions. Nothing leaves the system except the 600 BitCoins withdrawn by that one guy.

The 10% drop is a residual effect from other exchanges not reverting; Mt. Gox is the largest exchange by quite a bit, so its reversion dragged the smaller, also crashed markets back to where they were. The actual crash was a 99.94% drop from over $9,000,000 of instantaneous liquidation in a market that usually only handles $500k a day. It's been completely reverted because the trades were handled internally by Mt. Gox's software; as the official release states, the only unreversable operation was the 600-bitcoin withdrawal by the guy that stopped the crash, and Mt. Gox is either going to get that back or absorb the costs.

Lesson to be learned: use strong, unique passwords everywhere, because security sucks everywhere and your password hashes will eventually be made public. And never run an internet service without hiring a qualified security professional and a licensed security auditor. And know what you're doing so that when security fails at the Most Trustworthy Place you at least know how to securely connect to and shut down your bank accounts.

---

press blitz

The newsworthiness of a unit of information is nonlinear, which really pisses me off when single, near-meaningless, but flashy-when-misunderstood newsbytes ("miracle cancer cure!") gain huge attention instead of the constant, pervasive, grinding, and actually-important stuff that actually needs publicity.

[erik]

Thanks for that summary. The cobbling of various sources I had seen left the picture much murkier.

[Avoraciopoctules]

http://www.somethingawful.com/d/news/bi ... dlines.php
"Peer into the future with Google Future. See what happens in six years when Bitcoins are the predominant currency in the United States."

[Parthenon]

That summary sounds a little off, and a little bullshit. From what I understand about MtGox (which by the way shouldn't Mt. Gox, its based on Magic: the Gathering online card exchange so would be M:tGox or similar):

• people were complaining for a couple of weeks that their MtGox accounts had been hacked and that some transactions were being done they hadn't made.
• M:tGox ignored these, saying that they hadn't been hacked and that any problems were because of bad passwords or the individual being hacked.
• The events Vebyast starts talking about happens. Except for part 6.
• M:tGox has been trying to create a new website, security etc over the last few days and has been trying to work out who owns what- they have no real backups, aren't sure who owns what/who bought and sold what and can't simply revert because they are set up to buy and sell Magic the Gathering cards, not run a professional exchange and don't have records of the past, let alone be aware of at what point they were hacked and so when to revert to.

Seriously, they have no fucking clue what they are doing. They don't even have a fucking Terms of Service to sign up. They were supposed to reopen yesterday at 3am GMT but delayed it by 24 hours because they hadn't finished "reverting". Seriously, if M:tGox could have simply reverted as Vebyast stated they already did, then it would be up by now.

They have 5 people working on checking accounts, and each person checks 3 accounts a minute. There is no way that they can be accurate.

EDIT: So yeah, M:tGox somehow didn't manage to be up and running still. Here were their estimates of when they'd be up and running:

• On the 20th they were saying they'd be up "sometime tomorrow",
• On the 23rd they said they'd be up at 3am GMT on the 24th.
• About twenty minutes before the deadline they said it would now by 3am GMT on the 25th.
• 4 minutes before it was due to be up they changed it to be 3pm GMT on the 25th.

What are the chances they can actually sort it out? My guess is that around 14:50GMT they'll delay opening the exchange again with a promise that it'll take about 3 hours or so.

We have found that balances on some older accounts look significantly incorrect when compared with the old database. At this time we do not know what caused the balances to be off, or how many of the older accounts are affected.

They still probably have no idea when they were first hacked and so when they need to revert to.

[Vebyast]

That all lines up. I originally assumed that they would just fix the bugs in what they had, rather than rewrite their entire site from the ground up. The fact that they were originally an MtG card swap site certainly explains a few things. For example:

We haven't touched the old backend or database, so we're going to import the accounts again once we have found what caused the off-balances.

They've obviously never developed a serious piece of software in their life, and as a result they underestimated how long it would take to do what they wanted. I'm surprised they have anything at all running, even locally; big systems like that are mindbogglingly difficult to deal with. In particular, this quote suggests a bug in the program converting their data into the format used by the new backend.

Their bank tracks everything on the USD side and bitcoin itself tracks all of the BTC transactions, so there is a verifiable history of the entire system back to day zero. The only question is determining trade validity. I suspect that they're going to assume that the vast majority of trades were valid, revert to just before the attack, and set up a mechanism for people to report incorrect operations. So, one or two weeks to get the site back online, then a couple of months for people to verify their transaction history and report anything they're going to report.