Jump to content
Bitcoin Foundation
Sign in to follow this  
Colin Gallagher

A Worthwhile Revival of an Old Topic: Warnings To Users About Exchanges

Recommended Posts

With the recent theft of 119,756 BTC from Bitfinex, once again users of a web-based exchange have been robbed and are likely without much recourse.


It's worth bringing up the point again that you should not trust web wallets or web-based exchanges at all, and that if you for some reason personally feel that you must have your funds travel through a web-based exchange or brokerage, it should be only for the briefest of moments, and then get yourself and your funds as far away from that exchange or brokerage as possible!


Put simply: Do not treat an exchange of any kind as your wallet, or you will be sorely disappointed.


You should only hold your funds in a secure wallet where only you have the control of the private keys, such as Electrum, Core, or Mycelium, or if you are using an exchange, you should be using a decentralized, distributed exchange such as Bitsquare - not a web-based exchange or brokerage.) This was essentially my warning to people on the subject back in October of 2014.


(Edit (May 5, 2017): Some web-based exchanges are beginning to explore much better privacy practices and work to develop decentralized mechanisms for users to access and work with their systems. This is a good sign and given the volume that is being moved through web-based exchanges, improvements in privacy and security should continue.)


(Here, Justus Ranvier describes how to stop the plague of bitcoin heists, thefts, scams, hacks, and losses. It does not require adding any new regulations on how people behave nor does it suggest that any new permitting or regulatory regime would be necessary to improve security. Greg Maxwell described how zero-knowledge proofs could be used to avoid revealing a service's total holdings. And some while back, Zak Wilcox documented the proof-of-reserves movement.)


Here's my summary post on the subject (from October of 2014) as a stark reminder and warning about web-based exchanges:




It seemed to have gotten plenty of interest back then - went straight to the top on reddit, and with the original Bitcoin Foundation forum post soared to get around 30,000 views, with quite a lot of support from interested members of the public, bitcoin developers, and bitcoin business owners. Curiously, however, the industry didn't seem to learn much from my message.


Maybe they should take the time and read the post, and pay some attention to its message.


Reviewing the (biggest) heists in bitcoin:


1) MtGox: 850,000 BTC

2) Silk Road: 171,955 BTC

3) Bitfinex: 119,756 BTC

4) MyBitcoin: 78,739 BTC


The Verge made a great article (not that I'd recommend following it, but it will make you concerned about things, and that's why I consider it a great article) about how to steal bitcoins in three easy steps. While centralized, web-based exchanges and vulnerable, centralized marketplaces which have poor security practices are going to be the big, fat targets, this story should also be a cautionary tale for all who use bitcoin, big and small.

Share this post

Link to post
Share on other sites
Sign in to follow this