I wholeheartedly agree with you. I couldn't believe that there was apparently a client-side JavaScript exploit on that Bitgrail exchange, where that was the only check it had to verifying an accounts balance!?! Seriously, code that runs in someone's web browser, wtf? That type of foolishness wouldn't make the cut for a web game, to say nothing of financial transactions of real value.
It seems like both developers
and investors tend to forget that they are handling real, actual money. Would you leave a suitcase full of cash in the middle of the street? Would you give your credit card data to some random stranger on the internet? That's what basically happens in crypto all the time.
In my view, best-practices standards are needed for security and code audits. There are many attempts at this out there, it needs to be pulled together, structured and maintained like RFC or BIP standards are, and proliferated through the field. Especially considering we are dealing with a rapidly evolving technology, these standards need to be maintained on an ongoing basis. I know the steps I take to lock down a server today in 2018 are different in quite a few ways than they were in 2014, for example.
I absolutely agree with you. As much as I love that whole wild west, new frontier vibe that crypto is swinging, I so very much appreciate the formal approach that Bitcoin and some of the alts have taken.
To be fair, handling crypto is especially tricky. Holding what equates to actual cash on a computer system is unprecedented prior to cryptocurrencies. Even if you were handling payments there was usually some form of rollback available, should things go awry. Not so with crypto, yet it seems to be partially held to lower standards than finance which is insane.
Nonetheless we've come a long way since MtGox. It's almost as if the market has begun to realize that crypto is a billion dollar business now.
My organization is going to be looking at this issue because it's a real problem that needs some coordinated focus. We're conducting our launch fundraiser right now with an Ethereum ERC20 token, but I have real concerns with the stability of that platform moving forward. A deep dive is in order with some consultations with the gurus before I make any long-term decision I'll live to regret on platforms. In some ways it's a shame, the Ethereum platform does seem good "on paper", but has some real flaws that need to be met before I would place the kind of trust in it that you do to a financial institution.
Hats off to you for critically evaluating technologies. I know this approach should be the standard, however it unfortunately isn't, which makes me all the more glad to hear that there are still organizations and companies out there that take a sane and prudent approach at blockchain techologies.
If a bank lost $500M in a year, people would be in jail! (Well, maybe not here in the U.S., but only because the banks own our government [for now]). But who would bank with a company that was so careless with funds it has custodial control over?
I don't think that European banks are much better in that regard.
Referring to "But who would bank with a company that was so careless with funds".... I honestly think that consumers are at least partially to blame on that matter. If people would avoid shoddy exchanges in the first place, a lot of these dramas could be avoided.