Slashdot Mirror
Bitcoin Exchange Flexcoin Wiped Out By Theft
mrspoonsi writes "Joining MtGox, Flexcoin today announced they have had their vault wiped out, to the tune of some 896 BTC (about $615,000) by hackers. 'On March 2nd 2014 Flexcoin was attacked and robbed of all coins in the hot wallet. The attacker made off with 896 BTC, dividing them into these two addresses: 1NDkevapt4SWYFEmquCDBSf7DLMTNVggdu [and] 1QFcC5JitGwpFKqRDd9QNH3eGN56dCNgy6. As Flexcoin does not have the resources, assets, or otherwise to come back from this loss, we are closing our doors immediately.'"
Not!
Which one is next?
"Wow, we just got 896 bitcoins"
"yup but because we did the value is now $2"
rocks ... doesn't it.
This is what you wanted right?
Seriously, if you come here to talk about how this isn't a fundamental bitcoin problem, you deserve to have your noise smacked with newspaper like a dog.
The only 'benefit' bitcoin has is that its unregulated and not as well watched by the government ... which means its easy for people to just steal your money and lie about it ... I'm sorry, its easy for someone to setup an exchange and let someone else steal the coins from the 'hot wallet', whatever the fuck that is.
Before you open your mouth to defend bitcoin ....
THIS WHAT WE'VE BEEN TELLING YOUR STUPID DUMB ASSES ABOUT, NOW SHUT THE FUCK UP, ITS A SHITTY IDEA.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
im don't claim to be sherlock holmes, but im pretty sure im detecting a pattern here...
never bring a twinkie to a food fight.
So what we have is a bunch of startups who think they know how to be like a bank, but are failing utterly.
Is this is a systematic flaw in Bitcoin itself, or Schadenfreude by companies who have yet to learn they are nowhere near ready for holding onto something like this?
It just seems like this is the kind of thing which sounds great on a whiteboard, but in reality is anything but.
Lost at C:>. Found at C.
Q: Where will my bitcoins go?
A: Bitcoins deposited with flexcoin will be stored on our secure servers. They will remain in your account, and your account only, unless you authorize a transaction with them.
Wishful thinking.
From the Terms of Service:
We have taken every precaution to defend your bitcoins from hackers and/or intruders. However, Flexcoin Inc is not responsible for insuring any bitcoins stored in the Flexcoin system. You are entering into this agreement with Flexcoin Inc. You agree to not hold Flexcoin Inc, or Flexcoin Inc's stakeholders, or Flexcoin Inc's shareholders liable for any lost bitcoins.
We'll see.
So, it doesn't work - thousands of very bad men are trying and succeeding to break the ownership chain. No matter how hard you try to plan, you can't plan for malicious agents. And if you could, precise implementation is done by human beings, who forget where they last saw their toothbrush. . Voting machines? Trivial and done, hacked to hell and back and looks like elections were hacked ten years ago. Autonomous cars: oh, lordy lord lord, what a colossal fuck-up that will be; hubris on a scale undreamed of heretofore. Absolute perfection required of billions of kilos of metal racing around at high speed - and the designers assume bad people won't try to break it - will break it - for revenge or to make a point or just 'cause they are psychopaths.
Keep systems as simple as possible to perform their function. Don't lard layers of clever on top of things that already work. Complexity insures failure. The Bitcoin protocol can't do what must do in the real world.
Somebody stole a bunch of tulip bulbs!
So..... here's the thing.... .... while I'm no user nor defender of bitcoin, the idea seems fun...
except you're pissing off the biggest governments in the world (US, Russia, China) by creating a currency they can't control........ currency is used as a method of control ...now if I have an army of digital terrorists (APT's) and a digital currency that may undermine my rule........
well I know exactly what I'm going to do. I'm going to steal and terrorize anyone who accepts it.
Flame was ridiculously amazing, and those same programmers are still at work doing SOMEthing..... I'd bet they had a hand in some of these.... they seem too well co-ordinated, first one, then as the media coverage starts to die, another....and wait a week, we'll hear of a third.
Although Flexcoin labelled themselves as a "bank" what they really were was an EWallet service. Why people still use these web-based services to store their BTC balances is beyond comprehension.
Ya know, I'm reminded of the words of one William K. Black (UMKC School of Law), economist and, and the only combination of the two to exist, a criminologist. He was once asked, what is the best way to rob a bank? His answer was; 'be a banker'.
Really, the entire Bitcoin story has been one that was highly suspicious all along. Have you ever read a Bitcoin story that didn't make your left eyebrow raise like Mr. Spock in a room full of illogic? I watched 'The Wolf of Wall Street' recently and thought, *pffft*, soooo dated. I reckon in 20 years someone in Hollywoodland will catch up with reality enough to make a film in that vein about Bitcoin.
Ok, I don't understand how bitcoin works, but ultimately they're just encryped hash files on a disk, right? So unless the other person spends them before you do and you have a backup, how can they be stolen?
Someone please explain...
GREETINGS, Permit me to inform you of my desire of going into business relationship with you. I got your contact from the International web site directory. I prayed over it and selected your name among other names due to it's esteeming nature and the recommendations given to me as a reputable and trust worthy person I can do business with and by the recommendations I must not hesitate to confide in you for this simple and sincere business. I am Wumi Abdul; the only Daughter of late Mr and Mrs George Abdul. My father was a very wealthy cocoa merchant in Abidjan,the economic capital of Ivory Coast before he was poisoned to death by his business associates on one of their outing to discus on a business deal. If you send us your bitcoins now to our highly encrypted, uncreacable account, we will 1) Keep it safe from hackers 2) Wire you the equivalent USD to a bank account of your choosing We are willing to offer you 15% of the sum as compensation for effort input after the successful transfer of this fund to your designate account overseas. please feel free to contact ,me via this email address
wumi1000abdul@yahoo.com
There are ways to profit from falling currencies. Particularly with strategically placed liabilities and investments.
For example, place an order in bitcoins amount of "product" equal to $X. Sell on streets in cash for $X + markup. Watch bitcoin value "conveniently" fall and pay back promised amount bitcoins, now valued much below $X. IRL cases would probably be much more complex, but bitcoins still suffer from an issue where there's large financial gains for some folks if the prices were to fall - and the means of significantly achieving such are plausible.
I read TFA and all I got was this lousy cookie
I don't think it's possible to make something "illegal tender", at least in the US. If I want to trade you one thing for another thing, it's hard to see the government saying we can't do that. "legal tender" is something that must be accepted for all debts, public and private. Trying to say that something cannot be used even in barter, is pretty tricky.
It hasn't crashed yet because the current BitBelievers are buying up the stock folks are selling off, thinking they are getting "fire sale" prices. So it's the same people who are already in that are presumably spending all the legal tender they can muster to buy more to hoard away. One of them described it to me on this board as him "putting my money where my mouth is". I think he may have been almost right, he just didn't follow through the entire statement where he then places the money in his mouth, chews on it, swallows it, digests it, and then deposits it in a toilet somewhere before flushing it away.
www.amazon.com/Best-Way-Rob-Bank-Own/dp/0292754183/
This is not a failure of bitcoin. Suppose you had a stack of companies whose purpose is to store your physical gold and prevent it from being stolen and to serve as an exchange allowing customers to trade gold for currency. Then, it turns out that some of them had inadequate security or were outright crooked and the gold they were storing went missing. This would not be a failure of gold itself. Sure, if sufficient quantities of gold were affected, it would affect the price of gold, but it does not change gold itself. This is the same situation.
The real problem here is the notion that bitcoin is a currency. It really isn't. It's a virtual commodity much like gold, with similar properties save for the fact that gold is physical and bitcoin is not. (Sure, the odds that everyone suddenly decides to pack up their toys and ignore bitcoin are much higher, mostly because there are no "real" uses to bitcoin, unlike gold which has actual uses other than being somewhat "rare" and looking pretty.) The same things that make gold less than idea as an actual currency (or a backer to a currency) apply to bitcoin. Sure, you can use either one as a place holder in a transaction if both parties agree, but you could just as easily use a common fiat currency, chickens, or grains of sand.
If it works in theory, try something else in practice.
I don't really understand why people are keeping their Bitcoins in these online "bank" accounts. The point of Bitcoin is that it is digital cash. It has the negatives of cash, easily stolen, along with the positives, hard to track. Being a form of cash rather than a credit account allows you to store it on your own hard drive or USB drive. Hell, put it in your Dropbox and it would be safer than having it in one of these online Bitcoin "banks". The money should only be in these online accounts for the time it takes to change it from US$ (or whatever currency you use) to Bitcoins or in reverse. It should be treated as an exchange not a bank account. I don't go to a currency exchange in another country, change my US$ to Pesos (for example) and then leave the money there in the exchange for months at a time.
-- ssoorrrryy,, dduupplleexx sswwiittcchh oonn.. -Quote found on actual fortune cookie.
Yet... Now is probably a good time to start a Flexcoin exchange which you can then "rob" and shut down in a years time for some easy $500,000.
Of course, if bitcoin itself goes bust due to a reputation for this sort of thing, all that hacking and all that farming will be for naught.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Who is to say they haven't already?
Either they're complicit and these exchanges are a scam, or they're not really qualified to be doing this, and just ripe to be picked off.
Well, we're not trusting laws, regulations, legal accountability, or liability (since the TOS say those things don't apply).
So, really, what's left besides blind trust in their intentions and integrity?
Lost at C:>. Found at C.
right. fine. I'll give you the benefit of the doubt...but hilariously, all the rabid Bitcoin defenders have all gone away here on /. only to be replaced by its critics.
i can't help but think that some of the posters who are saying "I told you so" were also big time Bitcoin fanbois a few months ago
look at this discussion, from early December, when I **dared** to ask if Bitcoin had peaked: http://yro.slashdot.org/commen...
look at the mods...
I want /. to do better on this...MtGox and Bitcoin were hype, and sockpuppets on /. helped build that hype & it pisses me off
real techies should have seen this a mile away! now everyone thinks we're idiots
Thank you Dave Raggett
I don't understand... If they know the address where the bit coins went, why don't they just get them back? If someone took my iphone but I know where it went I would go get it.
Is there an electronic currency like bitcoin, but which is much less private and traceable? This way we have the convenience of electronic transfer and the safety of normal cash.
Why OpalCalc is the best Windows calc
"Why is anyone assuming this is being done by 'criminals'?"
Probably because many of us don't run around assuming the truth of unevidenced hypotheticals. But you go on and be you, okay? Don't let us keep you down.
There's easy ways to avoid that. Document all of your transactions and for any large transactions, follow the applicable laws that require a good-faith effort to determine the other party's identity.
Oh, your chosen form of exchange doesn't make that easy? Well too bad - you'll have to do it anyway, face the consequences for breaking the law, or change your chosen method. This is why we usually don't make large financial transactions via carrier pigeon.
You do not have a moral or legal right to do absolutely anything you want.
Why is anyone assuming this is being done by 'criminals'?
Because that is by far the most likely answer. These are almost certainly the equivalent of digital bank robbers. Where there is poorly secured money to be stolen it will be stolen. Furthermore if you steal something you are by definition a criminal even if you are something else as well.
I know that folks involved in bitcoin like to invoke grand government conspiracies (they seem to be a bit paranoid) but the government doesn't have to steal bitcoins. If the government wants to squash bitcoin it will pass some laws and regulations and make it illegal to deal in bitcoins. Why go though the window when you can smash down the door?
a) Bitcoins don't work that way.
b) The internet doesn't work that way.
systemd is Roko's Basilisk.
Comment removed based on user account deletion
Why would anyone trust their funds to these people?
Good question. The answer is that they have a poor appreciation of economics and a worse appreciation of risk.
Bitcoin itself is not a shitty idea.
We disagree on that point. I think bitcoin is an idiotic solution in search of a problem. The rather narrow problems it purports to solve (money transfer fees, etc) are done by externalizing a great deal of risk and cost. If you really account for all the costs and all the risks it isn't actually cheaper than currencies like the dollar. In reality it is used mostly by those who are either ideologically motivated or find the idea of it romantic or (unfortunately) by those who are engaging in illegal activities of one sort or another. A lot of people are involved too as a get rich quick scheme.
But to say a system that offers frictionless payments is a shitty idea and should not even be attempted is stupid.
Bitcoin is anything but "frictionless". It carries very real and significant costs including opportunity costs, exchange rate risk, security costs, liquidity problems, volatility costs, and more. It is not widely accepted, requires a computer, has essentially no physical payment infrastructure, etc. Any merchant that accepts bitcoin and doesn't charge some fairly hefty fees to use it is being incredibly irresponsible given the risks involved.
One last thing and more of an open comment to people who have bitcoin. "Don't be a dumbass and let Lenny hold your bag of cash for you!" Geez does it even need saying?
Yes it does unfortunately. Many of the people involved with bitcoin are smart but too many are not financially sophisticated and certainly don't seem to appreciate the risks involved.
I, like most of you, have a checking (and savings) account with a traditional bank. That bank has a web site. If that bank's web site gets hacked, my money is at risk. (Forget about FDIC for a second, because there's no reason a bitcoin exchange/online wallet site couldn't provide insurance.) My money could get transferred to another account, then withdrawn before I realize what happened. Why doesn't this happen as often as we hear about these bitcoin exchanges getting robbed? Is it because of regulations? I don't think so. As far as I know, there's no government regulation for "this bank's web site is safe because it implements these technologies we've decided they must implement." It's because the banks know that if their web site's reputation as a secure site becomes tarnished, they're going to lose a lot of customers.
My point is that there's no inherent security enhancement in big banks' web sites just because the banks are regulated and deal in government currency. The reason they're safe is because they've poured a lot of resources into making them safe, and the reason for that is so they don't lose customers. These bitcoin exchanges that are getting robbed obviously were not spending the amount of time and money necessary to ensure their safety. That's it. It has nothing to do with whether they deal with bitcoin or dollars.
When does this happen in the movie?
There's a flaw in your plan: it presumes you are worried about them being stolen. But if you were worried about them being stolen, then you would have already secured them (by holding them yourself instead of having some semi-anonymous unaccountable un-security-auditable party hold them for you).
"Believe me!" -- Donald Trump
So I have a reasonable question I'll post here. On the one hand it seems, at first glance, to be stupid to put your e-coins in a third party vault. Unlike gold, your home computer is theoretically as good as any third party as a vault/wallet for e-coins. So people who lost money at Mt Gox just seem like doofuses for using it as an online wallet. In the case of flex coin, the money lost is flex coins apparently, not their depositirs who were in off line storage.
But then rethinking that, maybe it is better to trust a professional 3rd party (i.e. but not perhaps Magic the gathering wizards) to manage your security? there's big bussinesses in managing computer fleets simply because doing it right, rolling your own, is non trivial. It's just like the notion of not writing your own implementation of SSL in PHP for your e-commerce site-- dumb. Much better to find an environmentally tested and hardened openSSL with a good history.
Managing your own coins has all sorts of patch, trojan and back up failure perils. sure you might do it right but if it's to become a ubiquitous currency, my grandma has to be able to do it right. So even though individually the accounts are distributed, they are potentially large and easy to get to, compared to say mugging.
So is it really dumb afterall to trust a third party with your bitcoins? Isn't waht is really missing here is some sort of accreditation standards for third parties so we can know that size doesn't equal quality (see Mt Gox).
Some drink at the fountain of knowledge. Others just gargle.
One possibility is that the site was "hacked", as the operators claim.
The other possibility is that the operators decided that walking off with ~$600,000 worth of Bitcoins was easier and more profitable than continuing to run the site.
Since, apparently, no one knows who the operators are, and there has been no evidence of a hack released to the public, why should we believe that the first thing happened, and not the second?
flexcoin was insignificant compared to MtGox -- about 1000 times smaller. Even so, unregulated, uninsured bitcoin exchanges (banks) are risky places for savings.
But if crooks rob a physical bank, your money is insured to the legal limit.
BTW, I've been listening to the old Planet Money podcast episodes (I started at the beginning and am now in early 2009), and the FDIC insurance isn't provided by the government, it's provided by payments the banks make to be FDIC insured.
And that's the basic problem. Fools keep giving their bitcoins to anonymous internet people to hold then act all shocked when those anonymous people disappear.
It's like giving a bundle of bank notes to a random stranger to hold for you. Anyone can see that's not going to end well.
OK, so what is it about Bitcoin that makes it so hard to create a safe exchange?
This is not a trick question. If there's going to be a magical currency outside of government overview, we need to know.
You are welcome on my lawn.
"OK, so what is it about Bitcoin that makes it so hard to create a safe exchange?"
Because Bitcoin only solves the transaction problem, it's a crypto-currency.
What is necessary is public & distributed account balances without any single point of failure. crypto-banking instead of crypto-currency.
But this is antithetical to the libertarian instincts of the ideological proponents, and the criminal instincts of the practical users who actually use the currency to transact instead of to speculate about itself.