What's there to say? This is yet another piece of evidence that Mt. Gox was grossly incompetent. Unfortunately, it's very difficult to prove whether or not there was any criminal fraud involved. If there was, and it could be proven, then at least justice could be served. If there wasn't any fraud, and that could be proven, then at least it could be shown that Karpeles was just a bad businessman, not a fraudster, and his name could be cleared. This limbo leaves so many questions unanswered that it's hard to know if we're ever going to find out what truly happened.
Mt. Gox recently claimed they found 200,000 BTC that they'd lost track of. If their claim can be taken at face value, then I think it's plausible they may have panicked back when their losses first became clear to them in February, leading them to blame it on malleability even though they didn't really have a clue where their money went or why. They probably felt they had to tell people something, and saying "we lost track of >750,000 BTC for unknown reasons" may have been less desirable than blaming their problems on something tangible, like transaction malleability. Unfortunately for them, it turns out that they were wrong about that.
So here we are. All that's been demonstrated is that consumers currently have very little protection in this space, and that patio11 and others were right to warn people to be very careful with bitcoin.
I'm not necessarily pro-bitcoin, but there's a difference between bitcoin:the protocol and bitcoin: services offered around this.
I think this is more another case of pretty incompetent people going into this (probably linked to the fact that a lot of proponents of bitcoin are in it for the ponzi-scheme like qualities of the current environment). Maybe we'll get some people who've taken an accounting class and a concurrency class(necessary but not sufficient conditions) to implement these exchanges one day.
The public ledger in particular could be used to establish a good amount of trust with an exchange (publicly-auditable). The only problem being that many bitcoin proponents buy into the myth that bitcoin allows you to remain anonymous, and that the exchanges should be built in the same way as money laundering services.
We'll probably see a lot of this so long as the current environment is based around bitcoin being some sort of investment vehicle like gold. Maybe if enough people actually start wanting to use it as a currency, the quality of these services will go up, and we can trust them a bit more. Maybe actually having exchanges bail each other out (see Japanese banks in the 80s/90s) and supplying safety nets would increase trust.
The problem, which I can't figure out a way to solve, is that any exchange can die at any time due to massive theft or failure. When this happens, customers will lose all of their funds.
People have mentioned m-of-n transactions as one possible solution, which means that the customer and the exchange both have to approve of any transaction involving the customer's funds. But this may preclude realtime trading, which is usually one of the main purposes of an exchange.
It's a tough problem, and there may be a solution. I'm continuing to think about it.
Yes, m-of-n addresses are the solution, we use it on Bitalo [0]. It's true that it is less suitable for day traders, and while they make the most of network volume, they are not the only purpose that exchanges exist. Some people just want to buy Bitcoin occasionally, i.e. once a week, month or less frequently. They also want a secure place to store them. I believe that for those people, our service is the perfect answer :).
You only need to remember your password, from which your key is derived. You also need to write a recovery string (which can be used to derive your key as well) on a piece of paper and store it somewhere safe as a backup in case you forgot your password.
Now from our side, there's very little chance we lose your key (we do encrypted offsite backups every hour) and even then we're currently implementing "presigned transactions" that use "nLockTime" function in Bitcoin protocol to let you claim your Bitcoins after certain amount of time in case we disappear.
Also, we require you to use 2-factor, so even if your computer gets hacked, attacker still can't emulate your actions to steal your coins. And if an attacker hacks our server, he only gets one key of two needed to spend the funds.
it reduces the chance of deliberate theft by the service.
One problem with bit coin, is that an exchange service can suddenly find itself with millions of dollars worth of bitcoin, dwarfing the possible income available via fees and start thinking really, really hard about where the most money is to be made.
and then the service might go out of business, and the customers lose their property.
Not to mention the target the service might represent for hackers etc.
Having a dual key system ensures that, for all parties, the best possible outcome of attempted theft is nothing at all for anyone.
Not a great outcome for any specific customer, but an outcome that aligns the motivations of the service provider and the customer.
But what's the point of keeping it in an exchange if I still have to wait for confirmations? Might as well keep it in a fancy wallet and transfer it in as-needed.
Someone brought up that Bitalo isn't really an exchange, but an OTC marketplace, and that fraud is possible. A fraudster in the US can reverse the bank payment in a Bitalo transaction up to 6 months after the BTC has been released from escrow: https://news.ycombinator.com/item?id=7432635
You should probably specify that Bitalo is perfect for non-US customers.
this, a thousand times.
Bank deposits are insured and yes it's a government thingy, but there is nothing that precludes *coin exchanges from setting up a private insurance policy.
If they have actually lost three quarters of a million bitcoins, in an unrecoverable way (and nobody stole them), that's a HUGE proportion of all the bitcoins there will ever be that have just disappeared into the ether.
Mt. Gox recently claimed they found 200,000 BTC that they'd lost track of. If their claim can be taken at face value, then I think it's plausible they may have panicked back when their losses first became clear to them in February, leading them to blame it on malleability even though they didn't really have a clue where their money went or why. They probably felt they had to tell people something, and saying "we lost track of >750,000 BTC for unknown reasons" may have been less desirable than blaming their problems on something tangible, like transaction malleability. Unfortunately for them, it turns out that they were wrong about that.
So here we are. All that's been demonstrated is that consumers currently have very little protection in this space, and that patio11 and others were right to warn people to be very careful with bitcoin.