Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Service Announcements
Re: BitMe now accepting new payment methods (Direct Deposit, wires, cash deposits)
by
Stephen Gornick
on 27/09/2012, 05:11:07 UTC
Quote from: freewil on September 12, 2012, 06:54:58 AM
transparent with a security and disclosure policy.


I've submitting these questions to various exchanges.  It is BitMe's turn.  I'm specifically looking for the answer to:

 - BitMe's security page describes "The great majority [of bitcions] are held offline". 

 - Is there a target as to how much of customer's funds are kept in cold storage?  (e.g., percent of total, or perhaps relative to recent withdrawal requirements)?

 - Do new deposits go to cold storage?  (if the hot wallet is compromised, new deposits made (e.g., automated payouts by mining pools) would still be secure)

 - Does the offline wallet where the cold storage resides remain protected due to an "air gap" (no access to it electronically, not connected to the network)?


Other questions that I'ld like to know the answers to:

 - Does BitMe maintain full reserve?  (i.e., BitMe controls bank accounts with all customer USD funds and controls wallets with 100% of BTC funds.  None of these amounts loaned out.)

 - Does BitMe maintain offsite backups of its accounts and transactions?  If for some reason the exchange's primary account database were lost due to a security breach, what information (and how recent) is still available from backup or archives?

 - If there is a security breach and BitMe cannot meet withdrawal requests of its customers, what is the withdrawal preference that BitMe would follow?  Various preferences are:

 - -  A.) All deposited funds are of equal standing with bitcoins being valued at their market rate at the time of the loss,
 - -  B.) Withdrawals of USD funds, if not impacted by the breach, are made available to those customers who held a USD balance. in full.
 - -  Do customer deposits have preference over any other creditor claims?  (i.e., a contract stating so such that they don't become unsecured creditors ending up in the same pool as the landlord for office space and hosting bill.)
 - -  or is there some other approach?

 - If there is a DDoS or server availability issue, where should users turn to to learn status (e.g., blog, forum thread, Twitter, etc.)?

 - Does BitMe have (or plan to provide) an out-of-band communications method (e.g., e-mail to inform customers of any security issues?

 - Does BitMe plan to offer two-factor authentication?  If so, will it be "done right" (as requested here: http://bitcointalk.org/index.php?topic=109424.0 where each withdrawal request requires a OTP).