Bitcoin Exchange Space and Beyond

March 2014

Link to Slides

Bex is building a global, digital currency exchange network.

Mt. Gox Collapse

• stopped processing withdrawals early February
• 850,000 coins (~$500m) lost or stolen
• ~45% of exchanges have failed, claiming hacking and lost/stolen coins

Coinbase Blog Post

Joint Statement on Mt. Gox

• Co-signed by the founders of Coinbase and CEOs of Kraken, BitStamp, BTC China, Blockchain.info, and Circle
• "weed out bad actors"

Topics brought into sharper focus post-Gox

• Promote transparency and 3rd party audits
• Regulatory measures (MSL / AML / KYC)
• Security
• Structre Exchanges differently, leverage Bitcoin 1.5

Transparency through 3rd party audits

• Andreas Antonopoulos, CSO of Blockchain.info, was invited to do an independent review of Coinbase's cold storage reserves.
• The company Firestartr.co audited BitStamp's BTC and USD reserves, and in the process solved mystery of a 194,933 coins ($147m) transfer made on the blockchain last November
• Stefen Thomas, CTO of Ripple Labs, conducted an independent, cryptographically verified audit of Kraken's BTC reserves
  • Kraken Proof-of-Reserves Audit Process

Regulatory Measures

• the community is welcoming healthy regulation, but the logistics of that vary from region to region
• Money Service License (MSL)
  • Canadian exchange Valut of Satoshi recently got MSL
  • The arrest of Charlie Shrem at BitInstint essentially came down to breach of MSL
  • In the US, you need an MSL on a state-by-state basis
• Anit-Money Laundering (AML)
• Know Your Customer (KYC)
• Kraken (SF based, used as German-based Fidor Bank's exclusive digital currency trading platform in the EU) just raised $5m, CEO says it will mostly be spent on legal and regulatory compliance

Exchange Security

• The cost is huge, and the cost of screwing it up is even bigger
• risk of insider theft, external hacking, and loss through currency volatility risk and poor accounting practices
• Hot/Cold Wallet Management
• Two-factor Authentication (2FA)
• Penn-test, Blackbox testing, Whitebox testing, Bug Bounty

Potential Future Exchange Structures

• larger exchanges as wholesale liquidity providers (i.e. BitStamp)
  • price discovery
  • clearing house role
• localised exchanges as retailers
  • ease of exchange
  • facilitate adoption
  • specialize in regionally specific regulatory issues
• Don’t Get Goxed – Use The Five Parties Model by Ken Griffith
• Leverage Multi-sig wallets and transactions to mitigate risk, enable potential for chargebacks, implement 3rd party escrow scenario

Typical Bitcoin Wallet vs. Multisig Wallet

1 public key, 1 private key

1 public key, 3 private keys

2-of-3 Escrow

CryptoCorp

Goal: eliminate counterparty risk

• Another scenario for multisig:
• 1 private key semi-secure on your computer
• 1 private key in safety deposit box
• 1 private key on server (an Oracle, i.e. a trusted service)

• takes into account history, assigns risk score:
• low risk? server signs transaction
• medium risk? maybe request 2FA
• high risk? manual review, or extra KYC

CryptoCorp Quote

Bitcoin Wallets

• Coinbase acts as a wallet
• Blockchain.info has goal of 10m wallet users by end of 2014
• KrypotKit and Hive wallet
  • try to solve similar design and UX problems as exchanges
  • abstract the complexity of encypting wallet, backing up, integrating with other services, providing a UI for multi-sig

Link to Slides

References / Links

• Coinbase Blog: Joint Statement Regarding MtGox by LEDRA CAPITAL
• Bitcoin Exchanges are More Centrilised than Traditional Exchanges. We Can Do So Much Better Than This. by RICHARD GENDAL BROWN
• Don’t Get Goxed – Use The Five Parties Model by KEN GRIFFITH
• Multisig: The Future of Bitcoin by VITALIK BUTERIN
• Beware the Middleman: Empirical Analysis of Bitcoin-Exchange Risk by TYLER MOORE and NICOLAS CHRISTIN