Perhaps any online Bitcoin service is going to have to expect a certain loss rate due to hacking and budget accordingly. Just as credit card issuers expect to charge off some percentage due to fraud. The trick is to keep that loss rate manageable. It's clear that many of the same features that Bitcoin users like about it also make it attractive to criminals.
I don't think you should handwave this. Companies have hot bitcoins because they need them to cover transaction volume. Their "hot" liability scales with their business. When you're six months old, a 50k loss (more accurately: the requirement to redeem BTC that start with a market value of 50k) kills your company (or the rational incentive to continue pursuing your company). When you're a year old, 100k does the trick.
This isn't a problem bitcoin companies outgrow; it's a problem that festers as the company gets more successful. Do you go out like Flexcoin did, or like MtGox? Either way: you eventually do get taken out.
I didn't mean that to come off as hand-waving. I think this is a very serious issue that is going to require a complete rethinking of security practices. Perhaps it won't ever be solved satisfactorily, but I wouldn't rule out ingenuity of developers to at least reduce the risk to manageable levels.
Well I think the problem is that if we take the assumption of "being owned" at face value (and that seems justified by the evidence) then "reducing risk to management levels" doesn't stop these disastrous events from happening. It only makes it more disastrous once the black swan finally lands in your pond.
It seems that the only way for this line of business to be feasible in the long term is for the hot wallet :: total assets ratio to be as low as possible. Your income to build assets is proportional to transaction volume, but so is the required size of the hot wallet.
Maybe a massive up-front investment to allow for start-up assets to be suitably large in comparison to hot wallet size... but even then you'd need to be careful not to grow too quickly and to ensure that you proportionally build up your reserves for when your hot wallet gets wiped out.
But this means that you have those stored assets that you can't invest elsewhere, so are you even making a profit now? The only way to reduce assets needed is probably some kind of insurance arrangement, but why should the insurance company offer low fees for this with the risk profile we currently see?
The loss rate is extremely high; I don't think people would be willing to pay an extra 20% spread on their exchange to cover it.
Much higher levels of isolation (such as running the transaction engine in some kind of HSM) would help, but I suspect that anyone smart enough and cautious enough to do it properly is too smart and cautious to go anywhere near the prospect of running a bitcoin exchange.
Most credit card purchases, like almost everything in the financial system, are reversible. Things that aren't reversible are the exception, and those are the places where, pun intended, the buck stops. If someone gets my credit card, they can't get $50,000 out of it and disappear. It's very very hard to buy cash equivalents via credit card, and this is not an accident.
Nothing in Bitcoin is reversible. Everyone working with them has to be hyper-vigilant, always, constantly, whatever you do don't blink, blink and you're dead.
I think if I were working with Bitcoins I'd get an ulcer.
For thousands of years the only way to pay for something was with non-revertible mediums, either cash or bartering for other goods. Reversible transactions are new in the grand scheme of things.
If I ran a bank and didn't bother to lock the doors or keep the money in a safe and someone comes in and steals the money, I don't get to do a chargeback and get the cash back.
> If I ran a bank and didn't bother to lock the doors or keep the money in a safe and someone comes in and steals the money, I don't get to do a chargeback and get the cash back.
That would be one thing if physical security were just as hard (or harder) than cyber security.
But it's in fact the complete and polar opposite; physical security is much easier and much better understood by the actors who need to engage in defense.
