(1) Proper multi-signature cold wallet storage.
(a) Each private key is the personal and legal responsibility of one person - the “signatory”. Signatories have special rights and responsibilities to protect user assets. Signatories are trained and certified through a course covering (1) past hacking and fraud cases, (2) proper and secure key generation, and (3) proper safekeeping of private keys. All private keys must be generated and stored 100% offline by the signatory. If even one private keys is ever breached or suspected to be breached, the wallet must be regenerated and all funds relocated to a new wallet.
(b) All signatories must be separate background-checked individuals free of past criminal conviction. Canadians should have a right to know who holds their funds. All signing of transactions must take place with all signatories on Canadian soil or on the soil of a country with a solid legal system which agrees to uphold and support these rules (from an established white-list of countries which expands over time).
(c) 3-5 independent signatures are required for any withdrawal. There must be 1-3 spare signatories, and a maximum of 7 total signatories. The following are all valid combinations: 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7.
(d) A security audit should be conducted to validate the cold wallet is set up correctly and provide any additional pertinent information. The primary purpose is to ensure that all signatories are acting independently and using best practices for private key storage. A report summarizing all steps taken and who did the audit will be made public. Canadians must be able to validate the right measures are in place to protect their funds.
(e) There is a simple approval process if signatories wish to visit any country outside Canada, with a potential whitelist of exempt countries. At most 2 signatories can be outside of aligned jurisdiction at any given time. All exchanges would be required to keep a compliant cold wallet for Canadian funds and have a Canadian office if they wish to serve Canadian customers.
(2) Regular and transparent solvency audits.
(a) An audit must be conducted at founding, after 3 months of operation, and at least once every 6 months to compare customer balances against all stored cryptocurrency and fiat balances. The auditor must be known, independent, and never the same twice in a row.
(b) An audit report will be published featuring the steps conducted in a readable format. This should be made available to all Canadians on the exchange website and on a government website. The report must include what percentage of each customer asset is backed on the exchange, and how those funds are stored.
(c) The auditor will independently produce a hash of each customer's identifying information and balance as they perform the audit. This will be made publicly available on the exchange and government website, along with simplified instructions that each customer can use to verify that their balance was included in the audit process.
(d) The audit needs to include a proof of ownership for any cryptocurrency wallets included. A satoshi test (spending a small amount) or partially signed transaction both qualify.
(e) Any platform without 100% reserves should be assessed on a regular basis by a government or industry watchdog. This entity should work to prevent any further drop, support any private investor to come in, or facilitate a merger so that 100% backing can be obtained as soon as possible.
(3) Protections for hot wallets and transactions.
(a) A standardized list of approved coins and procedures will be established to constitute valid cold storage wallets. Where a multi-sig process is not natively available, efforts will be undertaken to establish a suitable and stable smart contract standard. This list will be expanded and improved over time. Coins and procedures not on the list are considered hot wallets.
(b) Hot wallets can be backed by additional funds in cold storage or an acceptable third-party insurance provider with a comprehensive coverage policy.
(c) Exchanges are required to cover the full balance of all user funds as denominated in the same currency, or double the balance as denominated in bitcoin or CAD using an established trading rate. If the balance is ever insufficient due to market movements, the firm must rectify this within 24 hours by moving assets to cold storage or increasing insurance coverage.
(d) Any large transactions (above a set threshold) from cold storage to any new wallet addresses (not previously transacted with) must be tested with a smaller transaction first. Deposits of cryptocurrency must be limited to prevent economic 51% attacks. Any issues are to be covered by the exchange.
(e) Exchange platforms must provide suitable authentication for users, including making available approved forms of two-factor authentication. SMS-based authentication is not to be supported. Withdrawals must be blocked for 48 hours in the event of any account password change. Disputes on the negligence of exchanges should be governed by case law.
The history of cryptocurrency is fraught with people losing their coins, whether through carelessness, greed, bad luck, or some combination of the above. Some ignored the first rule of crypto: “never leave your crypto on an exchange.” When their exchange failed, their crypto went with it. Others were negligent with their storage solutions, misplacing old hard drives, using software wallets on malware-ridden PCs, forgetting the passwords to hardware wallets. Some were greedy and lost their coins to a Nigerian Crypto Prince or a Ponzi scheme. And some were just plain unlucky. These unfortunate tales remind us to be careful with our crypto, and underscore the need for new solutions to storing crypto safely.submitted by Saifu-Lola to saifu [link] [comments]
Buying cryptocurrency used to be a risky prospect. There weren’t many exchanges, they often required you to deposit fiat via a third party, you certainly couldn’t use your credit card, and there was hardly any regulation. It was considered unwise to leave your cryptocurrency on the exchange after you bought it. Many people today feel safe buying some crypto on Coinbase or Binance, without transferring it to a personal wallet, but in those wild years you absolutely wanted control of your private keys. If the exchange had the keys, you were trusting your crypto to the reputation of a small company, located who-knows-where, that made its revenue by exchanging speculative, unregulated digital currencies between anonymous traders. One such company was Mt. Gox.
Mt Gox was a Tokyo based Bitcoin exchange. Led by CEO Mark Karpelès, who was also majority shareholder and lead developer, Mt Gox expanded quickly. Founded in 2010 and bought by Karpelès in 2011, Mt. Gox quickly dominated the Bitcoin market, responsible for 70% of BTC volume in 2013, with 1.1 million active accounts. But despite the outwards success, there were some signs that all was not well internally. Karpelès refused to allow any updates to the exchange software, without approving changes to the source code, meaning needed updates could languish for weeks. In June, 2011 the exchange lost $8.75 million in Bitcoin to a cyberattack, and the site went offline. According to friends of Karpelès who flew in to help get Mt. Gox back online, Karpelès seemed surprisingly relaxed about the affair, even taking the weekend off.
Mt. Gox was brought back online, but soon after US Federal agents seized $5 million from the company’s US account, and former business partner CoinLab sued for $75 million. Karpelès seemed more focused on creating a Bitcoin Cafe in the Mt. Gox building than on addressing these many issues. After an internal memo was leaked disclosing the disappearance of 850,000 BTC (worth about $460 million at the time), Mt. Gox collapsed into bankruptcy. It is still in bankruptcy proceedings today.
One might be tempted to dismiss the failure of Mt. Gox as a lesson learned by the crypto community, a mistake that wouldn’t be repeated. Sadly, exchanges continue to lose their customers’ crypto with startling regularity. A less spectacular but much more recent loss was $150 million of Nano stolen from exchange Bitgrail in February. Bitgrail’s management blamed the Nano blockchain software for the theft, but has refused to release any evidence. Nano, for its part, has vigorously defended itself against Bitgrail’s claims, showing that the missing Nano was stored in a hot wallet (one that is accessible online) instead of a cold wallet, which would have been more protected. Whoever’s to blame, if you had Nano on Bitgrail, it’s gone. Similarly, if you had any crypto on Korean exchange Youbit, you’re down 17%, which was stolen in a hack in December. Or if you used Bitconnect, you’ll find your Bitconnect tokens became nearly worthless after the company shuttered in January.
“Dozens of exchanges have failed since the creation of Bitcoin, taking many small fortunes with them. This should serve as a reminder to never leave your cryptocurrency on an exchange; however there are other ways to lose your coins,” according to Saifu co-founder Evgeny Vigovsky.
In October of 2017, a new cryptocurrency was created called Bitcoin Gold. Bitcoin Gold is a fork of the Bitcoin blockchain. This meant that anyone who owned Bitcoin was now entitled to an equivalent amount of Bitcoin Gold. Many were eager to claim their share, and some found a Bitcoin Gold online wallet called mybtgwallet.com. This helpful site offered to assist users claim their Bitcoin Gold, instructing them to enter their wallet’s seed or private key. The seed is a series of words, usually 24, that can be used to recreate a wallet if it’s lost or corrupted. Giving someone your wallet seed or private keys is akin to giving them the keys to your safe deposit box, and the victims of mybtgwallet found their wallets were quickly emptied of whatever cryptocurrencies they held. More than $3 million in Bitcoin was stolen.
MyEtherWallet is a popular online wallet for Ethereum and other tokens built on the Ethereum blockchain. The wallet is free to use, and as far as online wallets go, it’s secure, requiring users to take steps to protect themselves. In December, the MyEtherWallet iOS app hit the #3 spot on the App Store in the finance category. Unfortunately for the thousands of users who bought the app for $4.99, this app was just another scam. MyEtherWallet doesn’t have an app (and Apple doesn’t allow wallet apps on the App Store). Suspicious users alerted the MyEtherWallet team, who alerted Apple. Two days later, Apple responded and removed the app from the app store.
Less colorful but more insidious, there are a plethora of malware that targets cryptocurrency wallets. These programs run quietly in the background, searching for wallet software on your computer and uploading your credentials. A particularly nasty bit of malware was the Pony botnet, discovered in September 2014. The Pony botnet used a trojan virus to compromise about 700,000 accounts, including email accounts, website login credentials, and other sensitive information. Bitcoin totalling 335 were stolen from 85 different wallets; those Bitcoin are worth about $2.7 million today.
Some classic scams have been updated for cryptocurrencies, including a variation on the Nigerian prince con, harnessing social media to attract victims. In the classic Nigerian prince scam, the victim would receive an email from a Nigerian prince who needs help to move his wealth to the United States. The prince needs someone to deposit a check for him, then wire out the funds. They pay the wire fee but get to keep part of the funds from the deposited check. Typically the victim’s bank informs them that they’ve deposited a bad check well after they’ve wired out the funds for the “Prince.”
In the new variation, scammers impersonate well-known figures of the tech world like Elon Musk or John McAfee, often on Twitter. They use a name similar to the celebrity, and their picture. They claim to be giving away cryptocurrency to the first 100 people to respond to the tweet, but there’s a catch; respondents need to send a small amount of crypto to pay for the “fees.” Naturally, the scammer just keeps these small bits of crypto and does not send anything in return. Here’s “Elon Msk” giving away some free Bitcoin:
Thankfully, crypto security is steadily improving. The rise in value and mainstream adoption have attracted established cybersecurity players, and innovative new storage solutions are being created with increasing frequency. Our firm Saifu has developed its own crypto storage hardware in partnership with Thales. “Users’ crypto keys are stored in Thales hardware security modules, which cannot be accessed remotely. Even if we were ever hacked, our customers’ cryptocurrencies are protected. As it becomes safer and easier to buy and use cryptocurrencies, we believe mainstream adoption will skyrocket. The crypto revolution is just beginning,” Vigovsky, the Saifu co-founder, says.
Mt Gox Claimants May See Distribution Soon. At the end of 2013, digital currency proponents knew something was fishy with the crypto trading platform Mt Gox. The bitcoin community later found out that the exchange was hacked and 850,000 BTC was stolen. Later, Mt Gox CEO Mark Karpeles found 200,000 BTC ($1.3 billion using current exchange rates ... Bitcoin Mt Gox Arrest. The MtGox exchange collapse was a milestone moment in the Bitcoin industry, and won’t be forgotten. The international investigation has shown ties to the Silk Road ... According to a federal indictment announced by Deputy Attorney General Rod Rosenstein, Russian agents used bitcoin in their campaign to influence the outcome of the 2016 US elections. Authorities in Washington claim that hackers working for the Russian foreign military intelligence paid in crypto for servers in the US and Malaysia, website domains, and virtual private networks (VPNs) used to ... Federal agent accused of bitcoin theft in Silk Road bust confesses By Brian Booker Last updated on January 2, 2018 at 00:00 4 Comments The Silk Road bust was one of the biggest crime busts of all time. The MT Gox thief? Unconfirmed bitcoin addresses of BTC-e are starting to circulate. The exchange apparently had some 560,000 bitcoins, currently worth $1.4 billion, with 66,000 bitcoins already suspected of being on the move as we reported earlier, but there seems to be another 66,000 that has gone.. It remains unclear who is moving the funds or who controls the rest with more details expected ... In July 2017 they went on holiday to Greece, unaware US federal agents investigating international money laundering were on their trail. The FBI suspected BTC-e was involved in hiding funds stolen from the hack of another bitcoin exchange, Mt Gox. Cybercrime experts also thought it was being used by the mysterious Russian hacking group Fancy Bears. where did mt gox bitcoins go - It is after the ownership transfer that the new owner noted that Mt Gox lost 80,000 BTC through a hack in the past. By then, the bitcoin was worth roughly 60,000 U.S dollars. As the price of bitcoin went on appreciating, the value of the lost bitcoins started worrying Mt Gox investors. - Mt. Gox remains under bankruptcy protection, with the case still being under ... 1. February 2014. Mt.Gox 850,ooo BTC. The greatest theft in the cryptocurrency world. $425 million then, and, as crazy as it sounds, USD 6.3 billion now. The platform that hosted 80% of Bitcoin trades at that time was destroyed. After the conducted research it became clear that security issues have existed at least since 2011, which allowed ...
[index]          
WORLD BUSINESS & FINANCE NEWS! BITCOIN WEEKLY CLOSE, STOCK CRASH IMMINENT! BITCOIN HALVING COMING UP! BITCOIN IS BEING HEAVILY MANIPULATED BY TRADITIONAL MARKET TRADERS! THE DOW JONES IS ALSO ... For tutoring please call 856.777.0840 I am a registered nurse who helps nursing students pass their NCLEX. I have been a nurse since 1997. I have worked in a... Bitcoin uses peer-to-peer technology to operate with no central authority or banks; managing transactions and the issuing of bitcoins is carried out collectively by the network. Bitcoin is open ... Gamersnet.nl is zo om en nabij de oudste, nog onafhankelijke gamewebsites van de Benelux. Al sinds het jaar 2000 voorzien wij talloze gamers van hun dagelijk... Bitcoin uses peer-to-peer technology to operate with no central authority or banks; managing transactions and the issuing of bitcoins is carried out collecti...