Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Service Announcements
Re: bitfloor needs your help!
by
JoelKatz
on 05/09/2012, 13:01:30 UTC
Quote from: bitbonga on September 05, 2012, 12:46:09 PM
I guess most newly incoming bitcoins can go straight to the cold wallet and have the exchange run on a manually updated hot wallet.
That's correct. There are serious risks if you don't have incoming bitcoins go directly to the cold wallet.

For example, recently an exchange was hacked with a bogus LR transfer. The hackers bought up Bitcoins and pushed the price up to some absurd amount. This encouraged people to deposit more Bitcoins in their accounts to sell them at the bogus rate. If deposits had gone to the hot wallet, these deposits could have been stolen as well.

Quote
It's more the hot wallet I'm trying to understand. It is needed for the exchange to instantly process transactions directed by customers. So there'll always be a kind of command path going from website to wallet, no matter how far away you hide the hot wallet, and we'll have to trust that path we setup ourselves. A good hacker will find that path and command the bitcoind. So there's actually no need to trust our path if we can't trust our website.
Right, that's why you don't keep that much money in the hot wallet. A starting point is your average one-day volume.

Quote
Now, of course you can have the hot wallet pull for commands and transactions, but then.. how do you trust the content of those commands and transactions? Because, basically, that is that same public website with input from customers.
You can't. That's the point of the hot wallet. It holds the coins you can afford to lose if you're hacked.

Quote
If we can't trust the website giving commands into the hot wallet, [edited:]how can we trust that same website to collect and offer the hot wallet valid and intended commands to pull?
You can't, that's why you don't keep a lot of money in the hot wallet.

To be clear, you do make the hot wallet as secure as you can. But the risks you mention above are fundamental and they are the reason having a cold wallet is essential. If an account is holding more than about $100,000, the keys to that account should never appear on any one machine that provides remote access from the Internet.