Forgot your password?
typodupeerror
Bitcoin Encryption Security The Almighty Buck IT

How the First Bitcoin Hedge Fund Approaches Security 124

Posted by timothy
from the I'm-thinking-of-a-number dept.
An anonymous reader writes with a link to a story at Forbes about what's said to the first Bitcoin hedge fund; the article goes into some of the details of how the (literally) valuable data is kept. A selection: "The private key itself is AES-256 encrypted. After exporting Bitcoin private keys from wallet.dat file, data is stored in a TrueCrypt container on three separate flash drives. Using Shamir's Secret Sharing algorithm, the container password is then split into three parts utilizing a 2-of-3 secret sharing model. Incorporating physical security with electronic security, each flash drive from various manufacturers is duplicated several times and, together with a CD-ROM, those items are vaulted in a bank safety deposit box in three different legal jurisdictions. To leverage geographic distribution as well, each bank stores only part of a key, so if a single deposit box is compromised, no funds are lost."
This discussion has been archived. No new comments can be posted.

How the First Bitcoin Hedge Fund Approaches Security

Comments Filter:
  • Really? (Score:2, Insightful)

    by Anonymous Coward

    So hundreds of thousand of dollars of peoples money (most of it virtual none the less) relying on some $50 flash drives.....No thanks. Ill pass.

    • Re:Really? (Score:5, Insightful)

      by Shavano (2541114) on Saturday March 09, 2013 @11:31AM (#43125677)

      So hundreds of thousand of dollars of peoples money (most of it virtual none the less) relying on some $50 flash drives.....No thanks. Ill pass.

      You think the bank's computer systems are safer?

      • Re: (Score:2, Troll)

        by hsmith (818216)
        Yes
        • by 1s44c (552956)

          No.

          There is nothing as secure as a computer system that's switched off. These keys are off-line, distributed, and safely stored. Nothing any bank has is better than that.

        • Yes

          My experience is that companies dealing with a large amount of clients financial records, data and transfers are required to meet a large set of physical and policy requirements. This means that all computers are tested and there are roles and rules to how everyone behaves and what information is known by individual employees. However, there is a limit to how much security can be achieved due to the nature of the underlying transactions. Bitcoin is a recent development and appears to have a much higher leve

      • by thegarbz (1787294)

        No.

        But banks are regulated and abide by lots of consumer protection laws. Bitcoin exchanges .... well I haven't heard anything of the sorts yet.

        When a giant bank gets hacked the people usually end up getting their money back. Hell when an end user gets hacked and someone cleans out their bank account they often end up getting their money back.

        When some small bitcoin exchange gets taken to the cleaners ... well we'll see.

        • No.

          But banks are regulated and abide by lots of consumer protection laws. Bitcoin exchanges .... well I haven't heard anything of the sorts yet.

          When a giant bank gets hacked the people usually end up getting their money back. Hell when an end user gets hacked and someone cleans out their bank account they often end up getting their money back.

          When some small bitcoin exchange gets taken to the cleaners ... well we'll see.

          Well I dont know of any bank that was "hacked" and all the money inside was stolen and then the government gave everyone their money back. If a bank is robbed, then the bank pays for the robbery to return the funds, because they are responsible for the money their clients left to them. In general, they pay insurance at all banks to cover these loses averaged out. The government has little to do with robbery and fraud. Instead what you are thinking of is when a bank mismanages your assests and through action

      • Yes, because they are backed by a big govt with a big police force and even bigger military. Should Bitcoin get hacked/attacked/destroyed, who is going to come in and save the day?
    • by GrandCow (229565)

      You don't actually think they really did this, do you? Bitcoin people love to make big promises and not deliver on them. In reality it's probably stored on a flash drive, possibly on 2 drives for "redundant backup!" and kept in a box on top of a refrigerator.

      • by 1s44c (552956)

        It's Exante, a real financial services company.

        https://exante.eu/products/ [exante.eu]

        • How do you reckon those financial services people afford all that cocaine? More to the point how good would you be at your job if you put Bolivian Marching powder on your Rice Krispies in the morning instead of sugar and then put so much Charlie up your nose you could see the pixies dance on you monitor while you stuffed a tampon up each bleeding nostril by lunchtime?

          That's literally the reality of financial services. Literally. They snort your life savings and then make up some crazy cokehead shit about 'C

      • You don't actually think they really did this, do you? Bitcoin people love to make big promises and not deliver on them. In reality it's probably stored on a flash drive, possibly on 2 drives for "redundant backup!" and kept in a box on top of a refrigerator.

        who knows what they really do. Trust in a company is exactly that. Fact is they are describing a process that is really possible. And if implemented as they describe it would be very secure. Whether or not a company follows through on their promises is outside the scope of what you can know from a press release.

        There are examples of bitcoin companies that did not properly secure their clients assests or worse... simply stole the assests of their clients (I think). But there are many many cases of companies

    • by 1s44c (552956)

      So hundreds of thousand of dollars of peoples money (most of it virtual none the less) relying on some $50 flash drives.....No thanks. Ill pass.

      If the same flash drives cost $5000 would you feel safer?

      • So hundreds of thousand of dollars of peoples money (most of it virtual none the less) relying on some $50 flash drives.....No thanks. Ill pass.

        If the same flash drives cost $5000 would you feel safer?

        Flash drives are far better at holding data then typical spinning hard drives. A master key that is approved for top secret documents by the NSA/FBI/CIA/CSIS/etc will fit onto the smallest flash drive you can buy. Also, 100 x $50 flash drives is far more secure then 1 x $5000 giant "reliable" drive. Flash drives are water proof, xray proof, largely pressure proof and shock proof. I have tested this myself and it is difficult to destroy a flash card. I have dropped, dunked, stepped on, put through washing ma

    • So hundreds of thousand of dollars of peoples money (most of it virtual none the less) relying on some $50 flash drives.....No thanks. Ill pass.

      I have worked with companies to attain PCI compliance. This is a set of steps and policies required to handle client credit cards and transactions. It is a step beyond what the average storefront accepting credit cards needs to do. It is a very vast set of rules that mostly make sense and do provide a fair amount of protection for customer data and potential theft and/or fraud.

      It is my opinion that bitcoin does offer a whole new set of options for greater security that is just not possible with standard inf

  • by Anonymous Coward

    Using "literally" to describe valuable data makes no fucking sense. It either is or isn't.

    Why do so many people not know how to use this word?

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Because they are literally stupid.

    • by Jeremi (14640)

      Using "literally" to describe valuable data makes no fucking sense. It either is or isn't.

      Usually "valuable data" is valuable because it provides its owner with a competitive advantage.

      This "valuable data" is "literally valuable" because it is being used as a form of cash.

      Hope that helps.

  • It's based on the Zimbabwean dollar. It's pretty secure too - I've rented safe deposit boxes all around the world and put the notes in them.

    For some strange reason though, the money's not exactly pouring in.

  • It only takes one person in the organization who decides to go on permanent holiday to make an illicit copy of the various Bitcoin wallets and then transfer the funds to their own account once they have already landed in a place with no extradition treaty.
    • by Anonymous Coward

      That's why they're using Shamir's secret sharing scheme.

    • The article says that they've already thought of that, and taken steps to prevent it - hence the use of secret sharing and other threshold schemes.

      • Those measures only apply to the offsite backups of the Bitcoin wallets, there is nothing preventing a fund manager who routinely performs transactions on these accounts from going rogue.
        • by 1s44c (552956)

          A rouge fund manager could only access the funds he was given to manage. He could not steal whats locked up in cold storage.

    • Would you even need a place with no extradition treaty? Or would the court view it as "I sent you these bits and now I want them back!"? I mean sure it's a "currency" but I'm not sure the courts recognize it as something with value.

  • The article describes impressive security precautions, but it leaves something out. Data is stored so it can be retrieved. On random days, restore and decrypt some test data, so everybody knows what to do and knows that it works.

  • Armory (Score:5, Insightful)

    by Wonko the Sane (25252) * on Saturday March 09, 2013 @10:56AM (#43125511) Journal

    Armory [bitcoinarmory.com] as a Bitcoin client would have been a better choice for this, since they could have used the same 2-of-3 method for storing the private keys, but then they'd have the ability to use watching-only copies of the wallet for accounting and auditing purposes.

  • by nweaver (113078) on Saturday March 09, 2013 @11:04AM (#43125565) Homepage

    Such procedures only work for cold storage of Bitcoin: wallets where you have no access to them. Basically, the equivalent of a bank vault for gold: its there, its sitting, but you can't actually do anything with it. Worse, unlike a bank vault, you can't transfer the bitcoins while they are in this vault.

    Therefore, the hedge fund's only strategy for these wallets is to buy BitCoins and sit on them. And do nothing. Which, if you believe in BitCoin, makes sense (the design is hyper-deflationary, so the only rational thing to do with BitCoins is to hold BitCoins), but thats hardly what you'd call a hedge-fund strategy.

    So how can you call it a hedge fund when all it can do is buy & hold?

    • by IamTheRealMike (537420) <mike@plan99.net> on Saturday March 09, 2013 @11:45AM (#43125753) Homepage

      That's pretty much what all hedge funds do, isn't it? Pick some asset they think will grow in value, buy it up (often using leverage), and then wait to see if their bet works out. Often they wait long periods of time. The fund is being targeted at people with lots of money and enormous appetite for risk - for these people, there aren't enough direct investment targets (like startups) so the easiest way to invest in the future success or failure of Bitcoin is indeed, buy and hold.

      • No, hedge funds typically use derivative instruments. Since a fundamental principal of hdge funds to to make a profit regardless of the underlying market, derivatives are a popular way to do this.

        They could also simply diversify into a wide range of investments that are not correlated - or at least not correlated in the same direction (say, stocks, bonds, commodities, and properties). But that obviously isn't possible in this case. There's only one bitcoin instrument.

        So, one must assume that they will creat

    • Bitcoin is not as deflationary as you seem to think. It is a member of a class of virtual currencies, and each member of the class can be endlessly duplicated, creating as many new virtual currencies as you like. Since there is no limit to the currencies that anyone can create (Bitcoin 2.0, 3.0, ...) none of them can rise in value without limit (deflation). Bitcoin is not a precious metal like gold. Gold is physically unable to be duplicated. It is the idea behind bitcoin that can be endlessly duplicat
  • It almost sounds y'all are talking about real money ...yet again.
    • by TeknoHog (164938)
      Care to give examples of real money? I think gold and silver would be pretty close. Dollars and Euros etc. are just numbers made up whenever someone takes a loan.
      • by hedwards (940851) on Saturday March 09, 2013 @11:59AM (#43125841)

        I wish people would stop saying that. Yes, they are fiat currencies, but that does not mean they aren't real money or that all fiat currencies are equally arbitrary in valuation.

        The value of the USD is measured against other currencies and against the things which one would like to buy. In most cases it doesn't really matter to me what it's doing versus the RMB or the CAD as I don't convert my money to pay for things brought in from those countries, I pay a price denominated in USD. Now, in practice shifts in those currency exchange rates will affect how much I pay, but so do all sorts of things that could affect domestically created things as well.

        Bottom line, the folks claiming that fiat currencies aren't real don't have any idea what they're talking about. Currency is just for convenience so that you don't have to buy an entire cow just because you want a T-bone, don't want to take delivery immediately or want to do a 3 or 4 way trade.

        • Except all fiat currencies are deigned to expand at the same or a slightly higher rate than the exponential increase in GDP, thereby remaining flat or having low inflation. Bitcoin, by design, has an ultimate limited supply (high deflation, as has been seen already). This makes it impossible to ever use as money, because prices and wages are sticky.

          This was figured out many many decades ago. This is why it's foolish to think bitcoin has a future, it's future was doomed by it's very design.

          • > because prices and wages are sticky.

            Correction, were sticky. With this marvelous invention called "software", you can list prices in two currencies, and have one float against the other:

            http://bitcoinstore.com/consumer-electronics/cameras-optics.html?cat=5526 [bitcoinstore.com]

            Assuming I wanted bitcoins enough to get paid in them, I would not have a problem having my wage rate set in dollars, then converted on payday to the bitcoin equivalent. It's not like having software look up the market rate and do a division prob

            • Actually that's my point, you want to be paid in dollars and prices to be in dollars, so bitcoin itself it not acting as the currency.

              Also if it was going to be used long term, it would just encourage massive hoarding, it would be a guaranteed 10+ % interest rate. Same reason we can't use gold anymore.

        • by aliquis (678370)

          But all the same could be said for bitcoins of course.

        • by TeknoHog (164938)
          My point was that Bitcoin isn't any less "real money" than fiat currencies.
      • by Jawnn (445279)
        Yen, Euro's, US dollars. Take your pick from the many legitimate currencies that are regularly traded for goods and services, or other currencies, around the world. More generally, any currency that one can pay taxes with. Still more generally, any currency that isn't regarded as little different than "Monopoly money" by more than a few guys living in their mothers' basements.
  • PT Barnum (Score:1, Insightful)

    by MarkvW (1037596)

    "Bitcoin" and "Hedge Fund."

    Two words that each should send a potential small-scale investor scurrying off in fear.

    There's a sucker born every minute.

    • by hedwards (940851)

      Pretty much, as a general rule, the more clever the Wall Street investment, the further away you should run.

  • Hint: It's password1

  • They forgot the Beware the Leopard sign.
  • Our first rule of security is to proudly announce our base strategy to the entire world, conveniently saving you the time and effort of figuring it out yourself.

  • In very limited longer-term storage experiments, I had complete data loss on several flash-drives. CD-ROM is not much better. If they understood how long-term data storage works, they would have copies on traditional HDDs and backup-copies printed on paper. What they are doing instead is on low amateur level.

    • by 1s44c (552956)

      In very limited longer-term storage experiments, I had complete data loss on several flash-drives. CD-ROM is not much better. If they understood how long-term data storage works, they would have copies on traditional HDDs and backup-copies printed on paper. What they are doing instead is on low amateur level.

      I agree CD-ROMs are not built to last but I've only ever seen 1 flash drive fail out of hundreds I've used. I've had far worse luck with both magnetic and solid state hard disks.

      Paper sounds like the best idea as long as it's not the cheap laser printer rubbish that turns yellow in a year or two.

      • by gweihir (88907)

        I should clarify that I let a bunch of flash-drives lie around unused for about a year. If they are powered, they can do scrubbing and refreshing. A HDD that goes bad typically does so while being used, while Flash also goes bad while not being used.

        As to the paper, I don't know what they sell where you live, but here (Europe), standard white laser paper has a life-expectancy of > 100 years if stored dark and dry.

Never test for an error condition you don't know how to handle. -- Steinbach

Working...