I know I'm not a very active member so my voice doesn't mean much, but for what it is worth TF paid me back in full. It was a relatively small amount compared to others. But it was significant to me.

Huge thank you to TF.

A single transaction would both unblacklist and transfer the coins. Either both happen or neither happens. There would not be any time between the unblacklisting and the transfer so the attacker could not steal your coins by running a script like you described.





This is the most serious criticism I think. If all unblacklisting triggers a notification, then there could easily be too much noise and the theft goes unnoticed. It may be necessary for the 3rd-party service to analyze the transactions to look for suspicious ones. For example, you could set it up to only notify you if more than X BTC is unblacklisted in a 24-hour period. A clever attacker might be able to steal a bit at a time, but you'd probably prevent him from stealing everything. This is about the same as the current hot/cold wallet approach. A hacker who just steals a bit out of your hot wallet may go unnoticed for a while and be able to steal a bit, but eventually you will notice and he won't have been able to steal everything.





I guess it remains to be seen whether the risk/reward of my suggestion is better than this alternative. I would personally opt for cold storage rather than your suggestion. Locking down a computer system is very hard and it isn't a one-time affair. It requires on-going maintenance. I suspect that the cost of taking coins in/out of cold storage would be lower than the cost of sufficiently securing a system like the one you described.




Thanks everyone for the feedback.

The point is that unless you are hacked, you won't need to bother with getting a key out of cold storage. The X day waiting period could be preferable to some people than the need to get coins out of cold storage on a regular basis. For example, offline storage always requires human involvement. With the scheme I have suggested, as long as you can wait X days before spending the bitcoin, the whole process can be automated.

If you are going to automate bitcoin transactions, you need to keep a private key on an Internet-accessible computer. There is no way around that; (please correct me if I'm wrong). Once you put your private key into cold storage, you lose all ability to automate transactions.

By having 2 private keys, you can keep one online and the other in cold storage. The self-invoked penalty gives you some time to respond in the case of a compromise of your online private key.

In short, my proposal doesn't eliminate the need for cold storage. However, it does reduce the frequency with which you need to access the cold storage.


Please tell me what the "other problems" with my proposal are. I'm not so naive to think that I'll have gotten this right on my first try (or at all).

I had an idea today, and I wanted some feedback on it.

Today, best practice for a business (or individual) holding significant amounts of bitcoin is cold storage. I.e. no private keys online. I'd like to know if anyone agrees that the scheme below might be an alternative that is more convenient without sacrificing any significant security.


First, the protocol/miners would need to be updated to support what I'm calling a self-blacklist. This isn't a trust-based blacklist where clients need a list of blacklisted coins from some trusted authorities. Instead, anyone with an address's private key could blacklist some or all of the coins held by that address. When blacklisting coins, you would set the amount of time it will take before the coins are unblacklisted, for example, 7 days. While the coins are blacklisted, no miner would accept any transaction involving those coins. At some later date, the address's private key can then be used to unblacklist the coins. However, there will be a delay (7 days in the example above) before the unblacklisting will take effect.

Just doing the above doesn't really provide any value other than delaying an attacker. However, each address would get a 2nd private key. This 2nd private key would be able to transfer and instantly unblacklist the coins. The 2nd private key would not be required for any transactions involving coins not blacklisted. The 2nd private key would always be kept in cold storage (or paper storage) unless there were a compromise.

Here is what I imagine might be a typical scenario:

• I blacklist all the coins that today I would have kept in cold storage. The private key is available online. This allows me to programatically access this coins as I run my business.
• I set my blacklist time to be 2 days because I watch my systems closely. I think I can respond to any attempt to unblacklist and steal my coins within that period of time. If I had to make a big payment, it would be delayed by 2 days, but it could still be done programatically. If I didn't watch this business very closely, I might set it to 30 or 60 days so I'd have a lot more time to investigate in the case of an attack.
• I keep my 2nd private key in cold storage with all the precautions used today for cold storage (redundant, secure, etc.).
• My server is compromised. The attacker steals everything in my "hot wallet," which isn't much. He then steals my private key for the blacklisted coins and unblacklists them. This starts my 2-day count down before the coins are actually unblacklisted.
• I have previously set up an independent system to watch for when my coins are unblacklisted. I get an email alert.
• I immediately re-blacklist the coins, probably with a longer blacklist time, such as 30-90 days or possibly indefinitely.
• I investigate why the coins were unblacklisted.
• Once I determine it was a hacker, I set up a new address and use my "2nd private key" (which I have taken out of cold storage) to instantly unblacklist all the coins, transfer all the coins to the new wallet, and reblacklist all the coins (again with a 2-day count down). These three things would all happen within a single transaction so there is no opportunity for the attacker to steal the coins between when I instantly unblacklist them and when they are moved to the new address.
• I fix the security breach. Then my service is back up-and-running.

I'm not seeing any flaws in the plan? Please tell me where I am wrong.

You are misusing the term "intrinsic value."

1st, "intrinsic value" is a misnomer. Nothing has intrinsic value. Things only have value because humans value them. The value comes from human judgement, not from the thing itself. A better name for this would be "direct use value." That said, the term "intrinsic value" has been used for so long that it has stuck.

2nd, the term "intrinsic value" means that the thing can be used for something directly. I.e. a use besides transferring it to someone else. With gold, this is the various industrial/electronic uses, jewelry, decoration, etc.

3rd, there is essentially nothing you can do with a single, specific bitcoin. You can make an argument that simply possessing it is pleasing. For example, many people like to own limited edition or rare things, simply because they are rare. However, this value is quite limited. If you don't ignore this type if value, then the term "intrinsic value" essentially has no meaning because everything has some of this type of value.

4th, the bitcoin network has lots of value. Transferring money is a direct use value. And it can do many more things than just transfer money. However, this is the value of the network, not of a specific bitcoin. In addition, the bitcoin protocol and code is open source. That means it is not scarce. Thus, although it has value, it is not an "economic good." It is like air. Air is very valuable, but it doesn't have a price because it is so abundant that we all have more than we need or want. (Of course, that could change depending on environmental factors, but for now it is true.)

Conclusion: bitcoin does not have any (significant) "intrinsic value."

However, that doesn't matter!!! Intrinsic value isn't the only kind of value. Bitcoin has a LOT of exchange value.

Fiat currencies don't really have any intrinsic value, yet they still have exchange value. And if you look at Somalia its "fiat" currency remained in used for a long time (decades, I think) after all government support disappeared.

By all means, continue to espouse the great value of bitcoin. But please get your terminology right.

I am interested. I had about 5BTC in CL.


Also, those who have already settled may still be able to sue.

http://www.insitelawmagazine.com/ch5consideration.htm
http://en.wikipedia.org/wiki/Pinnel%27s_Case
"payment of a lesser sum on the day in satisfaction of a greater, cannot be any satisfaction for the whole, because it appears to the Judges that by no possibility, a lesser sum can be a satisfaction to the plaintiff for a greater sum"


Any contracts TF thinks he has with the people who settled may not be enforceable.

I'm not a lawyer.

I'm interested. TF owes me about 5BTC.

Can you get the documentation from your hosting provider? Surely they should be able to provide you with whatever proof of copyright ownership TradeFortress gave them. Please share it. It may help the people to whom he owes money.

That's not a good enough reason for not sending an update. Send an update with the information you do have. Here's a good start:

• Total amount owed to CL depositors (including all interest)
• Total amount of CL money that was in inputs.io
• Total amount owed to CL by borrowers. Then break it down by how much is late, how much is due within 30 days, 90 days, 180 days, 360 days, etc.
• How much has been paid back to CL depositors since the hack was announced
• The date when partial payments will start being made

You seriously need to get a 3rd party involved. Turn over all your documentation so that all the above info is public and verified by someone other than you.

We need a well-respected 3rd-party to audit TF and all his businesses. Until that is set up, we should have some serious transparency, starting with:

• Total amount in inputs.io before the hack
• Total amount refunded so far for inputs.io
• Total still owed to inputs.io users
• Total amount still lent out by coinlenders
• Total amount refunded so far for coinlenders
• Total still owed to coinlenders users
• Total BTC that TF has right now
• Total value of TF's non-BTC assets (house, car, bank accounts, etc.

And (where possible) proof should be shown. This could be scans of bank statements or links to BTC addresses (with signed messages proving TF owns them).

Then take inputs.io off the website.