Comment Text:
Hi,
I like the use of multisig in this proposal. That is what bitstamp did when they got hacked. But users should know more about this exchange's security practices.
Multisig means the exchange will need an outsider to co-sign a transaction. That makes hacking the hot wallet much harder. Ok, but multisig as the exchange proposes to use it does not prevent other problems:
--A user gets his username and password stolen and the thief withdraws bitcoins from the user’s account. If the exchange and the co-signer don’t know about the compromised username and password, the thief will succeed, since both the exchange and the co-signer will sign the transaction.
--A bad actor steals one key from the exchange and another from the co-signer. That is sufficient for the bad actor to steal bitcoins. Or, worse yet, what about what happened at mtgox – an inside job.
--An administrator (or user) accidently sends bitcoins to an address that does not have a private key. For example, if an admin mistypes a receiving bitcoin address, the coins are permanently lost.
You cannot have 100% security and be 100% certain of adhering to best practices at all times. Not even the military or government is 100% secure. But you can have very good security. This exchange sounds pretty good overall.
Given that we know nothing is 100% secure, there should probably be a way for users to gauge the level of security the exchange is using so they can figure out how much counterparty risk is involved.
Trent Havered
