Tom Gullen

Tom Gullen

Tom is a web developer, drummer and passionate Bitcoin advocate.

Follow me on Twitter!

Other Entries

We love brains!

Join us! Joiiinnn ussss! Mooooree brains!

A Safer Bitcoin Exchange

by Tom Gullen | 24th, March 2014

Bitcoin Exchanges are Failing

MtGox has made international news in its catastrophic failure and nauseating incompetence (which cannot be overstated enough). More recently Vircurex announced its lack of reserves from hacking. People new to Bitcoin as well as people experienced with Bitcoin are starting to seriously despair at the Bitcoin exchange industries fragility. Bitcoin exchanges server as gateways into the Bitcoin world, with trust in these exchanges nose-diving the entire Bitcoin ecosystem is suffering badly.

A movement is now being started for exchanges to cryptographically verify their reserves to prove their solvency. Kraken is an example of one exchange doing this. Verification of liquidity isn't a solution to the problem as some people seem to tout, it's simply a reassurance that the exchange is liquid at that particular moment in time. These exchanges are still bloated with Bitcoin, rouge employees still could run off with them as well as a multitude of other scenarios that could play out in the future that will primarily hurt those who trusted those exchanges to hold onto their Bitcoin for whatever period of time.

Exchanges suffering some sort of catastrophic failure through loss of Bitcoins is a very real risk.

The Problem

The truth quite simply is that Bitcoin exchanges are trusted with far too many of other peoples Bitcoins.

The fact that Bitcoins are so easy to steal as well by rogue employees, rogue businesses feigning theft and hackers make exchanges with deep reserves incredibly lucrative targets, perhaps the most lucrative targets that have ever existed online.

Exchanges are often used as storage by their users. This is a significant misuse of the exchanges, and bloats their reserves which cause far greater shockwaves in the Bitcoin ecosystem when they are eventually hacked or stolen. Blaming the users and victims of loss is entirely non-productive, users will always misuse services. If Bitcoin aspires to attract wider and more diverse audiences these issues need addressing.

A Possible Solution?

Perhaps an exchange that only temporarily holds Bitcoin would be highly beneficial, in effect serving as an automated escrow. Here's how I see it working:

The user wanting to sell Bitcoins

  • Seller 1 has 100 Bitcoins to sell
  • Seller 1 registers on this exchange.
  • Exchange asks for public address of a wallet in their control
  • Exchange requests 1-100 Satoshis from this address to prove Seller 1 is in control of this address
  • Exchange constantly monitors balance of this wallet

The user wanting to buy Bitcoins

  • Buyer 1 registers with exchange
  • Exchange asks for wallet address withdrawals are to be sent to
  • Buyer 1 deposits $1,000 USD

The buying/selling process

  • Buyer 1 places an order to buy 2 Bitcoins for $1,000 ($500 each)
  • Exchange deducts $1,000 from buyers balance
  • Exchange creates a temporary address
  • First seller to send Bitcoins to this address takes the $1,000
  • Slower sends are returned to sender (we know where they came from, and that the address they came from is in the sellers control)
  • Sends must be from the wallet sellers registered when signing up
  • Once order is filled, Bitcoin in exchanges temporary address are forwarded to Buyers withdrawal address. USD balance transferred to sellers account balance

Downsides

Slow transaction time. Sellers selling Bitcoin are in a race to get the first confirmed transaction if they wish to fulfil the order. This could at least partially be solved with a trust system. Sellers can automatically reserve buy orders. If they fulfil the order within 1 hour everything is fine, if they don't fulfil it they lose their right to reserve orders.

Slowness in order fulfilment could quite possibly be exploitable in some way.

Transaction fees could rack up for sellers if they are too slow to send Bitcoins to fulfil orders. Fortunately transaction fees have recently been significantly reduced.

Benefits

  • Exchanges no longer are in control of large amounts of Bitcoin reserves
  • Hacking this website would only be able to steal live orders as they happen by publishing alternative order fulfilment addresses. It should also be fairly easy to build monitoring tools that can specifically stop these types of attacks as they happen.
  • Easy to pause to limit damage. If an attack is in progress, simply stopping the website is enough to stop the attack in its tracks
  • Sellers retain total control of their Bitcoins
  • Sellers can remain entirely anonymous until they wish to cash out fiat
  • Exchange knows roughly how many Bitcoin are available to trade
  • Can be entirely automated except for the fiat aspect of the business

Good idea or bad? Feel free to run with it if you think it's good, I don't have time and I'd like to see alternative solutions out there!

I think this is going to be a trade-off between speed/convenience and safety. Currently the Bitcoin exchange industry is leaning far too much over on the speed/convenience side of things, and I think an exchange that focussed on safety would stand to attract a lot of customers.

Now follow us and share this

Comments

5
tlarkworthy 1,052 rep

Open source exchange on top of a formally verified codebase. I want. See firesafe

Monday, March 24, 2014 at 3:38:36 PM
5
LolindirLink 4,778 rep

when it comes to money, HUGE amounts of money, how can safety NOT be priority nr.1?

Monday, March 24, 2014 at 6:32:19 PM
4
dinofun 4,200 rep

It would be cool to use Bitcoin or Dogecoin to tip people in the Forums for the help they give others and especially for tutorials.

Tuesday, March 25, 2014 at 8:56:11 PM
2
Aurora Australis 2,838 rep

I've just Goggles Bitcoin, and there's only one thing I can say. Wow, people are actually insane (moronic) enough to use such a system.

Wednesday, April 02, 2014 at 8:41:46 PM
3
AbelaNET 14.8k rep

Thanks for sharing. I am personally interested in this but as shown above I do not trust the system yet.

Tuesday, April 22, 2014 at 8:28:12 AM
2
ciscogee 471 rep

I kick myself everytime i think bitcoins, I was trying to get in when they where $62 ea. could have cashed out $100k last year... now im trying to make videogames... fml lol

Saturday, April 26, 2014 at 12:16:32 PM
1
CharlieBraun 1,416 rep

very interesting thanks for the info

Saturday, March 26, 2016 at 3:38:59 PM
1
Marzipan16 768 rep

I Like Your Blogs, Tom

Wednesday, May 18, 2016 at 10:23:38 AM
1
bedfl2016 577 rep

TOM please could u make cnstruct 2 on a chromebook

Tuesday, September 27, 2016 at 8:26:30 PM
0
dhunHERO 2,224 rep

You haven't made a blog post in 2 years...

Saturday, December 03, 2016 at 5:16:05 AM
-1
jon rade 151 rep

I want a program paid for free

Saturday, December 24, 2016 at 1:36:47 PM
0
Azhari 1,298 rep

Suggestions please for my game
scirra.com/arcade/puzzle-games/topeng-malangan-14275

Thursday, January 12, 2017 at 2:34:01 PM
0
DMAN62102 1,279 rep

Can anyone here help me? I'm trying to upload a game, but it keeps saying:
Maximum request length exceeded.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Web.HttpException: Maximum request length exceeded.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[HttpException (0x80004005): Maximum request length exceeded.]
System.Web.HttpRequest.GetEntireRawContent() 9701687
System.Web.HttpRequest.GetMultipartContent() 63
System.Web.HttpRequest.FillInFormCollection() 165
System.Web.HttpRequest.EnsureForm() 75
System.Web.HttpRequest.get_Form() 12
System.Web.HttpRequest.get_HasForm() 9703103
System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) 95
System.Web.UI.Page.DeterminePostBackMode() 69
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) 130

Friday, February 10, 2017 at 6:49:32 PM
0
riyadhus 303 rep

please help me

Friday, April 07, 2017 at 9:08:55 AM
0
STARTECHSTUDIOS 10.7k rep

these guys are easily the #1 bitcoin exchange bit.ly/2rNZZVc IMO..

Sunday, June 11, 2017 at 8:05:58 AM

Leave a comment

Everyone is welcome to leave their thoughts! Register a new account or login.