I want to say that I really do appreciate all those with well thought out constructive criticism, as opposed to those who glibly remark "nothing is unhackable" or similar comments.  I will say, however, that every comment (even those which might be considered to be "glib negativity") does offer a learning opportunity, and I do try to make the best of these opportunities.  So, I thank you all for your comments, whether I regard them as positive or negative.

I have stated over and over that it is our Paper Vaults, created using client-side javascript on the user's own computer, which are unhackable.  When these Paper Vaults are properly created and printed they are unhackable.  I am not saying that our site itself is unhackable, because it would be absurd to make that claim about any site, whether it is ours or more long-established sites such as bitaddress.org, or whatever. 

The reason for having our "Active Storage" at all rather than simply doing everything through our Paper Vaults is because we do have plans for additional services to be rolled out in the future, and Paper Vaults simply do not provide the necessary flexibility.  For example, we have already announced that we are planning to introduce Merchant Services very soon.  This will allow us to generate a unique Bitcoin Address each time a purchase is made from a vendor, rather than simply sending Bitcoins to the same Paper Vault address each time a purchase is made.  The purpose for this is, among other things, to provide a greater level of anonymity and privacy regarding a vendor's Bitcoin income.

We also have certain other services planned further out which would also rely upon the Active Accounts.  For now, however, I would like to mention that whenever someone Active Storage balance goes above a certain threshold we send an email to the Account Holder informing him or her that moving Bitcoins into a Paper Vault would be the safest way of storing large quantities of Bitcoins, and that only Bitcoins intended to be spent relatively soon should be kept in Active Storage.  This is done for two reasons: 1) to avoid large losses to our user's in the event that our site were hacked, and 2) to make our site a low-value target to hackers - in other words go hack someone like MtGox (or whomever) who actually HAS large quantities of Bitcoins on their server.

Also, about the word "Bank" in our web-service: No we are not a legally registered bank, but then again we are NOT storing or dealing in legal currency, but in Bitcoins.  This is an important legal distinction.  Also, "The Bank of Bitcoin" is not the name of a legal corporate entity, but the name of a website/web-service; another important legal distinction.

I would further like to state that it would be next to impossible to actually tell who is or is not checking the md5 hash of our Paper Wallet pages.  Let's not forget that typing in a long Bitcoin Address and Private Key can take some time, which can vary greatly from person to person, or even vary greatly for the same person on different visits.  It is far quicker to check the md5 hash than to type in the Address and Private Key, and because of this it is impossible to know when someone is checking the md5 hash.  I do understand and appreciate the high level of caution regarding Bitcoin security and am open to any workable suggestions that would fit into our business model.

Again, thanks for all your comments.

Actually, we have no way of knowing who is or is not checking hashes.  And actually, it takes less than 30 seconds once you get the hang of it.


The SAFEST place to keep your coins is OFFLINE, in paper form, hence our Paper Vaults, which are created and printed using client-side javascript on the user's computer.  The coins in your Paper Vault aren't sent off to our "bank," but remain OFFLINE in your Paper Vault.  The Bitcoins and Private Keys in your Paper Vault are in YOUR hands, NEVER ours.  And that's the point.

Don't be confused or mislead by the term "Bank" in our name...perhaps we should have called ourselves The "UnBank" of Bitcoin...because we are unlike any other Bank, reflecting the unique nature of Bitcoin itself.


Actually, nothing could be further from the truth.  Running your own client only allows you to spend Bitcoins from the same device where you stored them, while The Bank of Bitcoin allows you to spend them from any Internet connected device.  Furthermore, there is no need to drain your own memory, cpu resourses, or bandwidth, or to back up wallets.  Just create your Paper Vault, print as many copies as you like, and store your coins there, in the most secure form of Bitcoin storage possible.


Paper Vaults, like paper wallets, ARE unhackable.  We have never stated that ANY site is unhackable, just that Paper Vaults are.  And no problem about the language.   

nnyld, ScaryKubiak, pluh, r3wt (and others) -

I have said before that although we have done literally everything we can think of to make our site as absolutely secure as possible, we know that there is always a possibility of any site being hacked...even the White House's site has been hacked in the past.

The Paper Vaults that The Bank of Bitcoin allows its Members to create CANNOT be hacked.  They are literally just as secure as any paper wallet.  I have stated this so many times, in so many ways, that I am reminded of the scene in "The Shawshank Redemption" where the lead character called the warden "obtuse" for seeming to deliberately misunderstand what he was being told.

Even if our site were hacked, any Bitcoins in your Paper Vault would be absolutely safe.  This is quite unique for an online Bitcoin Service: when other online services are hacked your Private Keys and Bitcoins are gone; with us, it would be an inconvenience, but the Bitcoins and Private Keys in your Paper Vaults would remain safe.

Furthermore, to combat the possibility of the injection of malicious code into the client-side javascript used to manipulate your Paper Vaults we have described a two- or three-minute method to check that our code has not been altered (either by a hacker or otherwise).

It should be obvious that we take security VERY seriously, and have created an online Bitcoin service which handles that security by putting YOUR Private Keys and YOUR Bitcoins in YOUR hands, and yet STILL allowing you to send your Bitcoins from any javascript-enabled Internet-connected device.  This is a very unique, valuable and secure service - and I am proud of what we have accomplished.

r3wt- I don't think you got the point.  The point is not whether or not md5 is able to be "cracked."  The point is to demonstrate that our pages have not been changed.  If you hash a text string with md5, as long as the input text string is the same, the resulting md5 hash will be the same.

You should have given it a full second.   

Explodicle- There is no "hashing code" to download.  The way it actually works is that the user visits our Paper Vault pages and downloads the source code for these pages according to the instructions at https://thebankofbitcoin.com/docs/check_for_yourself.php?lang=en.  The idea is that if this source remains unchanged then it has not been altered by a hacker, and no malicious code has been injected as you said.

There are many ways to check if this source code remains unchanged.  On the page listed above we provide instructions for doing this by using a online md5 hash generator.  The md5 hashes of the two pages in question should be 9cd21c1046322458a873a986ab3d6e37 and 6cc7f0c7505cec5b6fb2a2b2a16179f0.  I don't know if anyone has actually followed the instructions for checking the source code, but would be interested in their experience and any feedback on the process we have described.

firefop- We have never said that there are not other ways to accomplish similar things to the services we offer, but none that offer our range of services (with more to come) and integrate them in such a simple, convenient and accessible manner.  We do things differently, and in many ways we do things far better, and we are trying to make Bitcoin accessible to the masses, while preserving the anonymity and security which make Bitcoin what it is - and I think we are succeeding!

Anyone who cares to examine what we have done can see that a lot of really intensive work has gone into creating The Bank of Bitcoin; not exactly the hallmark of a scam.  Also, even if it was true that we were simply duplicating the services of others (which is certainly not what we are doing) your post is sort of like someone going into Burger King and shouting "This place is a scam, because there is a McDonald's down the street!"

I am happy to see that now that some people have taken the time to examine and understand what The Bank of Bitcoin actually does and what we offer, we are starting to see some growing positivity here!  I also don't think it hurst that we recently added instructions on our site where we explain how someone can check our Paper Vault security for themselves: https://thebankofbitcoin.com/docs/check_for_yourself.php?lang=en

I will say again, just for anyone who may have missed it earlier, that our claims of "unhackable" apply specifically to our Paper Vaults, which are a paper printout of pairs of Bitcoin Addresses and Private Keys; these pairs generated on the user's own computer in such a way that the Private Keys are never transmitted over the Internet, and are printed by the user him- or herself. They are unhackable in the sense that you cannot hack a piece of paper.

And no, we are not going anywhere. 

Inedible- I forgot to mention it in my last post, but thanks for your kind words.  It seems that you are someone who does "get" what we are doing, and as you are a Sr. Member of this board we are happy about that.  Of course, just because you "get" it does not mean you actually endorse us or even trust us, but it does show that you have taken the time to understand, and we appreciate that!

I think perhaps the word "Bank" in our name is confusing people at the least, and giving them an idea of what we are which is exactly opposite of what we truly are.  When you put Bitcoin in a Paper Vault you are NOT depositing it with us at all - and that's the point.  We are providing an extremely convenient way of anonymously creating offline Bitcoin storage, on paper, which only YOU have control of.  Each time I see a "+1" when someone says "nothing is unhackable" I have to laugh and shake my head, knowing that they simply do not understand what we do, or exactly what a Paper Vault is.   

A Paper Vault is a paper printout containing Bitcoin Addresses and Private Key pairs.  These are not generated on our server, but on the user's own computer, using client-side javascript.  The Private Keys are not transmitted over the Internet, and the Paper Vaults are also never in our possession, but are only printed and kept by the user.  Our claims of "unhackable" only apply to the Paper Vaults themselves: we are only (and very specifically) claiming that a Paper Vault, properly created, cannot be hacked by any known means.  I have stated, a few times already, that there is no way someone can "hack" a piece of paper tucked away in your sock drawer, or wherever else you choose to keep it.  Sure, it can be stolen...but then again someone can steal the computer you run the Bitcoin client on, and let's face it, it's much easier to securely hide away a valuable piece of paper than a valuable computer.

I know this is a rather long thread - 6 pages as I type this - so I know that many of those commenting haven't read every word and thus don't actually understand what we are offering yet.  And that is fine.  We are happy to explain. 

surfin01- Thanks! Actually, one of the best features, which we haven't talked about much on here, is the ability to send BTC to other Bank members instantly, without needing to wait for any sort of confirmation from the Bitcoin p2p network.  (These are Bitcoins stored in Active Storage, not in Paper Vaults, just for clarification.) We think that this has the potential to really advance Bitcoin commerce in the future.  Imagine going to a store and trying to buy something with Bitcoin, but having to wait at the register for confirmation.  It's just not practical.

We imagine, instead, moving a certain amount of BTC from your Paper Vault to Active Storage before your visit to the store, anticipating the amount you will spend.  Then, at the register you just move BTC from your Active Storage to the store's Bank of Bitcoin Account, instantly! And not only is it instant, but even the small Bitcoin p2p network fee would be eliminated.  As this practice became widespread, not only would it increase the acceptance of Bitcoin as an alternate currency, but we feel it would serve to increase the monetary value of Bitcoins.

BitWulf- This is NOT a bank in the traditional, government-controlled bank.  It is a bank in that it is a way to store Bitcoins, and it would be impossible for even the government to confiscate Bitcoins from a Paper Vault from The Bank of Bitcoin (or for anyone else to steal them for that matter) so in that sense it is even more secure than a traditional bank.

AzureEngineer and saudibull- yes, our Paper Vaults are unhackable.  As I have said before in this thread, it is impossible to hack a piece of paper with Bitcoins Addresses and Private Keys hidden in your sock drawer.  It is specifically these Paper Vaults which are unhackable.

EmperorBob- No we don't store passwords in plaintext.  Our programmers are fanatical about even the possibility of security flaws, and have simply disallowed certain characters which have been associated with security breaches on other websites in the past.  They have told me that in reality allowing these character would probably not be a problem at all...but why take a chance with security?  I was surprised myself some time back when I was sending a test message from our Contact form, and I received the notification that a certain character was not allowed in the subject line.  Again, our programmers just disallowed certain characters that could be used as "escape" characters or could be used to execute or inject "rogue code," even when the possibility of this happening is small to non-existent.

Explodicle- We are not hosted by GoDaddy. They are our registrar, i.e, where we registered our domain name.  They are also where we purchased our SSL certificate.  I don't think GoDaddy has the capability of actually hosting such a technically demanding site as ours, but I could be wrong.  In any event, they are not our webhost.

As for a Government order, there is no sensitive personal information kept on our server.  All that is needed to register is a valid email address (which are easy enough to create anonymously) and a password.  We don't ask for anyone's name or other personal information. 

The way that our Paper Vaults are designed an operate prevents us from knowing your Paper Vault addresses, or from being able to access your Paper Vaults in any way, because we don't have the Private Keys.

Because there are many other websites which actually DO store your Bitcoins/Private Keys on their server while we encourage our Members to store the majority of their Bitcoins in offline Paper Vaults there is much less incentive to attempt to hack us, compared to other online services.

Also, to address the issue of a hacker trying to modify any of the javascript involved with our Paper Vaults we have created a page with pretty simple instructions for checking the md5 checksum of the source code for our Paper Vault pages.  Essentially, this allows our users to tell if the code for these pages is ever modified in a fairly simple way.  It also allows us to regularly check this as a part of our own daily routine, and take any needed countermeasures should the need arise.  This page is available at
https://thebankofbitcoin.com/docs/check_for_yourself.php?lang=en.

WBlaylock- You are probably right about the word "bank."  But as I have said earlier in this thread, the term "bank" does have meaning outside of government controlled banks.  And in this case, with regard to our Paper Vaults, they are even more secure, because no government can control your spending of Bitcoins from your Paper Vault, and no government can confiscate your Bitcoins from a Paper Vault.

Papaminer- Well I hope any good points we make aren't overshadowed by GoDaddy 

TimeofMind, you can absolutely use the standard Bitcoin client. There are problems with that though for a lot of people, although it may not be a problem for you.

One disadvantage of using the Bitcoin client to store your BTCs is that you have to spend them from the same device the client is being run on, or another device that is running the client. The Bank of Bitcoin makes it where you can spend your BTCs from any internet-connected device, anywhere in the world. That device does not need to be running the standard client. You could pick up your friend's iphone and spend your BTCs from there. Being able to pay someone in BTCs from your cell phone is a convenience that not many people have right now (or unfortunately need, but we're hoping to help change that). You could receive BTCs on your cell, and spend them from your work computer without any special software.

Running the client is also a huge drain on memory and bandwidth, which may not be a problem for you but is a problem for many people- and is a barrier in terms of BTC being adopted by the world. Running Bitcoin software on your own computer or other device typically requires downloading the full Bitcoin "block chain". The block chain is the full history of all Bitcoin transactions which have occured since the inception of Bitcoin. This is currently about 7GB of data and growing quickly. Maintaining a full copy of the block chain requires an ever-increasing allocation of memory, and the constant downloading of new transactions makes it impractical (and essentially impossible for people with slower Internet connections).

Our solution is to download and store the block chain on our server. We use our memory and bandwith, thus freeing up your resources, making Bitcoin easily accessible to all. This is in large part an effort to make this a more convenient (and therefore viable) currency. Thanks.

We are absolutely using BTCs to get away from government-regulated banks, and we are certainly not a government-regulated bank. We believe the word "bank" has meaning outside of regulated banks. In our case, it is bank in the sense that we deal in financial services; more specifically, we simplify BTC ownership, as well as make it secure. Paper vaults are like a piggy bank, and much like a personal piggy bank someone would have to quite literally break into your house, your safe, wherever you keep your Private Keys and Bitcoin Addresses and steal them that way.

I appreciate your input and questions folks.

Okay, great questions. There are two different types of storage. One is the Paper Vault, where you store your Private Keys yourself. We never see your Private Keys, never have access to them, and your Private Keys are never seen or sent over the internet. It is the safest way to store your BTCs.
 
Then there is Active Storage, which is less secure but more convenient than Paper Vaults. We advise you keep as few BTCs there as needed, and the lionshare in your secure Paper Vault (much like you would typically keep smaller amounts of spending cash in your back pocket, and keep your life savings in a bank). When you want to spend your BTCs out of the Paper Vault, you can either spend them directly out of your Paper Vault (which requires going through the network)- or if you want to transfer BTCs to another Bank member for free and instantly, you can log in, enter your Private Key on the clientside javascript page we provide (so your Private Key is never revealed online, and your BTCs are never made vulnerable- only the transaction string is sent) and you can send the amount you need to your Active Storage for spending. In Active Storage, your Private Keys are kept on our server like Gox does it, which is how you can send to other Members free and instantly. You can always just transfer BTCs into Active Storage when you're going to immediately spend them, significantly decreasing any changes of anyone hacking our server, and therefore gaining access to your BTCs. Each type of storage has it's own benefits and disadvantages, but the tradeoff of storing your BTCs in Paper Vaults is pretty small- it's just the time it takes you enter your Private Key.

Shubhank008- The idea here is that Mt. Gox stores your Private Key on their server. We do not. The reason why it's a problem when Gox, or Bitfloor, or BTC-e get hacked is because they store your Private Keys, which is needed to access and spend your Bitcoins. Many have lost their BTCs as a result of this, and it's considered one of the biggest problems with Bitcoin as a currency. We offer you a seamless and secure way to store you're Private Keys in a Paper Vault, much like a Paper Wallet but more convenient. It is the safest way to store your Bitcoins, and indeed is unhackable. It is not a false claim that we offer the most secure way to store your Bitcoins, and we are the only online Bitcoin service to do so. You can learn more about Paper Wallets here: https://en.bitcoin.it/wiki/Paper_wallet


Regarding the look of the site, unfortunately I've learned that programmers aren't web designers so that will get better. I always thought Gox was pretty lame looking too 

You're absolutely right about that kazriko. The reason why it's done here is because most people are used to instantaneous transactions with their credit and debit cards, and if the masses are going to adopt BTC, they're not going to want to wait days- or weeks (I've heard it could take months without paying a network fee?) for a transaction to sort. A .0005 fee right now sorts everything very quickly. It's a small price for convenience, but if the price of BTC rises we'd adjust the Bank fees to stay as just as low. This is not a "get rich quick" operation. It's much more beneficial to Bitcoin than one may realise at first glance, for the simple fact that it makes Bitcoins accessible and secure for everyone and their Mother. We hope time will shine some light on that.

The Bank of Bitcoin also provides the advantage of being able to pay someone from any internet-connected device, and if the recipient is also a Bank member they will receive the payment instantaneously and for free. The recipient can then quickly send that payment to their Paper Vault, where it can't be hacked or touched by anyone. Thanks for taking the time to understand!

saudibull- We are using the word "Bank" in our name because a bank traditionally provides financial services.  Of course, this is not a traditional bank: instead of money, it holds Bitcoins, and instead of someone else holding them, YOU get to hold them yourself, in a way far more secure than in any traditional bank.  It seems that you and others simply have a negative knee-jerk reaction to the word bank...but it doesn't matter at all what it is called, but what it DOES.  It allows anyone to have sole control over the Private Keys for their unhackable Paper Vault, to never need to download or run any special Bitcoin software, and to be able to spend their Bitcoins from any Internet-enabled device in the world.

For this security and convenience, yes, we charge a very small fee of either .0005 or .0001 BTC depending on the action - and many transactions are free!  Even the Bitcoin peer-to-peer network charges a .0005 BTC fee.

Just like Mt. Gox charges fees for its Bitcoin service...but Mt. Gox never give YOU control of your Private Keys.
Just like Bitfloor (when it was running) charged fees for its service...and never gave you control of your Private Keys.
Just like BTC-e charges for its service...and never gave you control of your Private Keys.
(And the list goes on and on....)

But, unlike them, if we are ever hacked the Bitcoins in your Paper Vault are NOT lost!  Paper Vaults are simply unhackable.

So, if you don't want to use our service, you are free not to.  Those who do, however, will enjoy the convenience and absolute security.  

BTCoder- If you read the preceeding posts closer (I know there are a lot of them lol) or simply visit our site, you will see that it is specifically our Paper Vaults which are unhackable.  No one can hack a piece of paper with addresses and Private Keys tucked away in your sock drawer