We Need Freedom of Speech in our Financial Commerce

Financial commerce, the exchange of money and currency, is indistinguishable from speech. Therefore, it deserves the exact same respect and “freedom of speech” protections afforded to the utterances of the street-corner preacher, the independent journalist, the newspaper publisher, the internet blogger and so on. Financial commerce is speech, and should be free.

"Freedom of Speech" by xoxolaxbabexoxo at deviantart
“Freedom of Speech” by xoxolaxbabexoxo at deviantart

Despite all of the “freedom of speech” and “free speech” talk we hear, speech today is anything but free. This ranges from what you can and can’t say in public or in print or on television, to “free speech protest zones”, to speech codes on university campuses and all the way up to the towering insanity of “illegal numbers“.

Today I see the tyrant’s sword unsheathed and poised at the throats of everyone, everywhere who dares to do anything contrary to the increasingly oppressive financial status quo. Bitcoin exchanges are being forced out of business, and criminal charges are likely coming. The United States’ FinCEN is writing law — administratively! — restricting innovative, resilient, peer-to-peer virtual currencies — globally! Somebody telephoned someone at MasterCard, and the next day WikiLeaks could no longer take credit card donations. e-gold was crushed out of existence, along with the Liberty Dollar. The SWIFT payments network was strong-armed into a financial blockade of Iran. And, quite recently, the Liberty Reserve payments system was put out of business and the founders arrested on the criminal charge of money laundering, a “financial thoughtcrime” if there ever was one.

Thoughtcrime
“1984” wasn’t supposed to be an instruction manual.

Almost everywhere, the laws and regulations governing financial businesses are so voluminous and so burdensome that only the already super-rich can hope to compete legally in the so-called “free market”. Americans with less than a million dollars’ net worth (not including primary residence) are effectively banned from investing in anything other than “safe” US dollar-denominated securities. Financial privacy has almost completely disappeared, except for the very wealthiest. Cash transactions larger than $10,000, €5,000, €2,500, €1,500, €1,000 and now even €500 are being or have been outlawed in some places. And on and on.

The suppression of financial speech is being used as a weapon of war against the people of this planet just as surely as drone strikes, pervasive surveillance and land mines are and have been.

The time has come to begin separating money and currency from state, irrevocably and irretrievably. Free people and a free world deserve currencies that they control directly.

It seems we are far from perfecting and embodying the free speech ideal. Are we going to continue working to improve ourselves and our societies toward that ideal, or shall we just abandon it altogether to avoid complete hypocrisy?

What do you think? Is financial commerce speech? If so, how? If not, why not?

[This day, 30 May 2013, in Bratislava, Slovakia, I, Michael Jude Gogulski, do hereby dedicate this text to the public domain, to the explicit and unlimited detriment of all legal rights (authorial, moral, economic and otherwise) arising or adhering to myself, my successors and my heirs, globally and without limitation, in perpetuity. I pledge that I shall never pursue violence, legal or otherwise, against anyone using this text or any part of it in any way they see fit. I encourage and welcome redistribution of this text in any form or fashion and at any time.]

Has The Fall of MtGox Already Begun?

MtGox has suffered considerably over the past two months. All within the relatively short period of April and May 2013, we have seen the following:

  • During the Bitcoin crash of April 10-12, MtGox saw its trading engine lag increase to over 70 minutes, and for over ten hours the exchange was almost entirely inaccessible. MtGox’s response was mixed; at first, they committed what may go down as one of the major public relations disasters in Bitcoin history, telling angry customers that they were “victims of our own success!” and gloating about their high trade volume. Then, however, the exchange did take significant steps to improve its transparency.
  • On April 17, MtGox took away the ability to place orders without having the underlying funds already in one’s account. Such a feature may seem counterproductive, but it is very useful for traders who, for example, wish to place a buy order at $120 and a sell order at $140 in order to profit on, and simultaneously help relieve, price volatility. It was also essentially the only advantage that MtGox’s actual trading system had over its major competitors.
  • On May 2, MtGox’s partner Coinlab sued them for failing to follow through on their agreement to transfer control over US operations to Coinlab and (whether or not the agreement actually requires this next part is not entirely clear) cease operations in the US themselves. The amount claimed: $75 million.
  • On May 16, MtGox lost their Dwolla account due to a failure to take even the simple step of registering as a money services business with FINCEN. It was also uncovered that the company may have knowingly made false statements on their bank application in 2011; most believe that it is as a result of this that MtGox CEO Mark Karpeles was forced to cancel his trip to the Bitcoin Conference in San Jose.
  • On May 25, MtGox lost a second deposit and withdrawal partner, Liberty Reserve.
  • On May 27, MtGox lost a third partner, OKPay.

Tough luck even for such a juggernaut as MtGox. However, even at the middle of the month it appeared as though MtGox was breezing through its difficulties; by May 16, its share of the past 30 days’ volume nevertheless remained at over 75%. But since that day, MtGox’s fortunes have taken a darker turn.

This chart shows the trade volume of MtGox and BitStamp, now the second most popular exchange in the world:

BitStamp has grown slightly over the period, but what we can clearly see is that volume on MtGox has decreased by a large amount. A large portion of this is undoubtedly market conditions; low volume is characteristic of price stability. However, the increased difficulty of dealing with MtGox following its banking and regulatory debacles also played a part; it is the reason why the Bitcoin price on MtGox is now 2-3% higher than on BitStamp and other exchanges – it’s not that BTC is more expensive in one place than another, it’s that people no longer treat 1 MtGox USD as being actually necessarily worth 1 USD. This is a pretty serious loss of trust; in similar cases in history involving governments and banks, once the ball starts rolling in such a crisis of confidence it is very difficult to get it to stop.

Another, more telling, way of looking at the trend is through the graph of BitStamp trade as a percentage of that on MtGox:

On some days, BitStamp is now as much as half as large as its competitor. Many people have been talking about replacing MtGox since 2011, and for a time there was some hope in 2012, but now, taking together the fact of MtGox’s recent misfortunes and the evidence of Bitcoin’s rapid growth in the past two weeks, it appears that it’s actually happening. The long stalemate of late 2012-2013, where BitStamp, BTC-E and to a lesser extent BTCChina all had about 10% of MtGox’s volume for many months, is finally broken, with BitStamp surging clearly ahead.

From here, things can happen quickly. Much of MtGox’s volume is through a small number of what are essentially resellers; an entire one third, for example, belongs to BitInstant. These companies can switch to using BitStamp, or Tradehill, at a moment’s notice – BitInstant is even close to having the needed money transmitter licenses to become a Bitcoin exchange in their own right (although they may not want to do that for technical reasons). Also, users follow liquidity, and liquidity follows users, creating a vicious (or virtuous) cycle that may reverse the current MtGox near-monopoly far faster than a monopoly can fall almost anywhere else; for many users, switching costs between the various exchanges are essentially zero. My warning to BitStamp: you may now be on the cusp of not just growing to be an equal competitor to MtGox, but taking over first place outright. Get better servers, get better lawyers, and double or triple your support and compliance staff now; do not follow the mistakes of Coinbase and MtGox and let trading outages or month-long verification queues tarnish your path to greatness.

The Bitcoin Search Engine Launches

Billing itself as an easy to use, user generated, searchable database of businesses that accept Bitcoin, The Bitcoin Search Engine (TBSE) has launched bitcoinsearchengine.com.

Featuring a crisp site design, and the tag line “Get Listed, Get Indexed, Get Found,” the new service encourages users to list Bitcoin friendly businesses for free after creating an account. Sign up is simple, and includes a refreshingly legible CAPTCHA. The website also provides a discussion forum with sections for The Bitcoin Forum, Bitcoin Ideas, Development & Technical Discussion,  and Project Development.

The database is searchable by keyword (although this feature appears to be only available in the mobile version at this time), as well as country, category and region. While sparse on listings as of this writing, (searches for “food,” “cupcakes,” “alpaca,” and “socks” returned no results)  the service appears to be intuitively designed for ease of use. Like other Bitcoin service listings, The Bitcoin Search Engine appears to be waiting for user generated data to catch on, while distinguishing itself for style and presentation. TBSE has indicated plans to implement a Bitcoin based auction site as well as a rewards system for merchants, taking advantage of its affiliation with the “Billing and Rewards solution” software company CRM New Zealand.

A “Navigate to” menu next to the search box gives a handy list of options, including “New Listings,” and “What’s Popular,” which gives the user a convenient way to access the latest (and the greatest) directory listings. Also in the menu is “Navigate the Directory” which contains an exhaustive list of countries and the number of businesses listed in each country. When a country link is opened, the user is provided with a list of business categories,  again showing the number of businesses in each category. Under categories are specific regions within the country, and finally the businesses in that region.

What is most impressive about this new search engine is the variety of ways that a searcher can find information. From simple keywords, to drop-down menus offering an increasing level of specificity by country, category and region, the “Navigate Database” feature mentioned above (which will appeal to fans of the list format), to filtering by what’s hot, and the option to choose your “Favorite Links,” TBSE provides people with a wide range of search style preferences a way to access the data they want according to how they process information.

As Bitcoin matures and a wider range of talented groups and individuals become involved, more Bitcoin-specific services and tools will become polished and user friendly as is seen in this example.

WebMoney, Bitcoin, and Off-Shore Banking

The currency trading and transfer system WebMoney announced earlier this month that it is adding bitcoin to its ecosystem. It joins a stable of currencies that includes the Russian and Belorussian Rubles, the Euro, and Vietnamese Dong, as well as gold certificates.

By virtue of the currencies it includes, WebMoney’s users are primarily located in Europe and Asia.  Customers use what are termed “purses” to hold each specific currency. Each currency has its own WebMoney-specific moniker based on a combination of the currency, and what payment method is used. WMR is refers to a bearers check in Russian Rubles, WMU for bank account claims in Ukranian Hryvnia, and now WMX for bitcoin.

Retailers and service providers, both online and offline, use WebMoney as a payment processor,  with comparisons drawn to PayPal in the USA. One distinction, however,  is that WebMoney does not provide a chargeback service, making it simpler to accept the notoriously chargeback-allergic Bitcoin into its fold. WebMoney’s services are used by mobile phone companies, internet bookstores, and internet service providers, among others.

WebMoney utilizes different “guarantors” to underwrite its transactions into each currency.  The underwriters are responsible for the deposit and withdrawal of funds for the transfer system. Shell companies are often used for liability purposes (Amstar Holdings Limited, Ukrainian Guarantee Agency, LLC, etc), but the list of underwriters does include the Vietnamese bank VietAbank.

The underwriter for bitcoin in the WebMoney system is the British Virgin Islands based INDX Transactions Ltd, whose director is listed as Marea Jean O’Toole. O’Toole was included in a November 2012 Guardian piece detailing a joint Guardian/ International Consortium of Investigative Journalists(ICIJ) investigation of “nominee” offshore banking directors. The article shows O’Toole as being based in Indian Ocean island nation of Mauritius while heading 37 companies in the British Virgin Islands, 152 in the UK, 10 in Ireland,  and 3 in New Zealand for a total of 202, with the caveat that there are likely more records that their investigation did not uncover.

The Guardian/ICIJ investigation indicated that while the practice of using paying an individual to register as head of a company to protect the privacy of it’s owners is not illegal under UK law, its overuse can be a problem.  It was discovered that 28 individuals, of which O’Toole is one, are connected to more than 21,500 companies worldwide.  The most prolific name on the list, James Grassick, has 4,196 companies attached to his name, the bulk of which are registered in Ireland.

The high numbers displayed in the report may show not only the scale of this phenomenon, but could also be indicative of the reaction by some businesses to both comply with complex regulation while at the same time mitigating some of the intent behind that regulation.

While this raises more questions about the existing financial system and WebMoney than it does about bitcoin, it does show that bitcoin is being integrated into an already well established financial realm.  It also raises curiosity over exactly who is underwriting WebMoney’s WMX bitcoin transactions.

OKPAY Takes Bitcoin Hiatus

One year and two months after heralding “the ultimate integration of bitcoin” into their system, the ecommerce company OKPAY has announced that it is suspending its “complete Bitcoin integration.” In a statement on okpay.com Monday, OKPAY told its users; “Dear customers, we are currently suspending bitcoin processing” with the headline “Bitcoin processing temporarily suspended.” While no longer listing bitcoin as a payment option for individual users, a statement from the bitcoin exchange service Mt. Gox indicated that OKPAY may be allowing some of its larger customers (including Mt. Gox) time to phase out its bitcoin related service.

Another major bitcoin exchange using OKPAY, BTC-e, had users noting that they were no longer able to make deposits into the exchange using OKPAY’s service beginning the second week of May. BTC-e announced on 11 May that OKPAY deposits would be restored “next week.”  There has been no indication since then that the issued has been resolved, or as to whether the cause of the problem originated from the exchange or the payment service.

Although OKPAY themselves provided no rationale for their decision in their most recently released announcement, a cached version of a previous announcement on their website says that they were temporarily ending their bitcoin related services “due to the exchange rate instability and current market situation.”  It went on to say “We monitor the situation on the market and as soon as it will become possible to resume processing – we will certainly do so.” Dated 12 April, the timing of this earlier announcement seems to indicate that the company was having ongoing problems adding bitcoin alongside its other payment methods. According to the cache, the announcement was taken down sometime after 20 May.

OKPAY’s trust in the viability of bitcoin in their system may have been shaken after an OKPAY user reported on bitcointalk.org that they had successfully double-spent over 211 BTC to OKPAY and a seperate address controlled by the user during the block chain fork of 12 March 2013. The same user also reported that an approximately 65 BTC he had sent separately to OKPAY was not successfully credited to the approriate account. Somewhat of a standoff ensued, but was resolved with OKPAY refunding the 65 BTC only after the customer returned the double-spent 211 BTC. OKPAY support staff confirmed the situation on a bitcointalk.org forum thread started by the double-spender.

With their latest announcement leaving  no indication as to if or when service will be restored, bitcoiners are left wondering whether the stoppage is a temporary measure to provide time for OKPAY to implement solutions to problems that plague the interaction between bitcoin and existing financial networks, or whether the company has decided that the effort required to use bitcoin is beyond their willingness or ability to integrate it into their system.

Bitcoin Magazine Announces Upcoming Inside Bitcoins Conference and Exposition

To meet a growing interest in the decentralized cryptocurrency, Bitcoin Magazine will team with Mediabistro as a media partner for this July’s upcoming Inside Bitcoins Conference in the heart of Manhattan.  With an exhibition, conference sessions and a free Bitcoin wallet with .01 BTC for all attendees, the Inside Bitcoins Conference will attract attendees currently involved in the currency and many from the tri-state area who are interested in learning more.

This first-ever Inside Bitcoins Conference will open in New York on July 30. The conference will explore key issues including the future of virtual currency, FinTech business trends, investment strategies and opportunities, bitcoins, cryptocurrency, freedom of speech, and more. Attendees will be able to pay in bitcoins and will receive a bitcoin paper wallet with a 0.01 bitcoin.

Charlie Shrem, Vice Chairman, Bitcoinfoundation.org and Chief Executive Officer of BITINSTANT, will deliver the keynote presentation entitled “Bitcoin and The Future of Currency.” Shrem will discuss how he runs one of the largest and most well known alternative payment companies.

Additional conference speakers include Anthony Gallippi, Co-Founder & CEO of BitPay, Trevor Timm, Co-Founder and Executive Director of Freedom of the Press Foundation, Jaron Lukasiewicz, CEO of Coinsetter, Marc Hochstein, Executive Editor of American Banker, and Alan Safahi, Founder and CEO of ZipZap, Inc. View the full speaker list.

The program is designed to provide attendees with an overview of where the virtual currency industry is today and what business opportunities are on the horizon. The event’s networking reception also gives attendees an opportunity to meet with like-minded peers, entrepreneurs, and investors and add these valuable contacts to their networks.

PERK: Bitcoin Magazine readers will receive 15% off conference passes with the code: MAG15. For the best rates, register before May 30.

If you are interest in learning more about Bitcoin and live on the east coast or would like to take a trip to the Big Apple, Bitcoin Magazine encourages you check out our promotional rate.  For those who have family and friends who are looking to learn more, this is an opportunity for you to open their eyes to the multifaceted nature of Bitcoin as a vehicle for free speech, as an asset to businesses, as a dream come true for many venture capitalists, and as a wise investment.  To learn more about the conference, visit the Inside Bitcoins Conference’s website.

Bitcointalk At War With Ad Blockers

Over the past day or so, an ongoing arms race between the popular Bitcoin forum Bitcointalk and EasyList, by far the most popular filter list for the ad blocking extension Adblock Plus, appears to have reached a climax. In the recent past, Bitcointalk ads have generally slipped through ad blocking filters because they were relatively unobtrusive, appearing as small blobs of text in between the first post and the rest of a forum thread. On May 20, however, a Bitcointalk member posted that Adblock Plus was now blocking the ads. Within three hours, Bitcointalk operator Theymos posted the following:

Not anymore. Wink

They tried this once before with the same simple blocking method. I have a bunch of obfuscation techniques in mind if they try anything more fancy. It’s much more difficult for them to block the forum’s ads because they’re 100% inline and not images.

Over the next few days, it appears that the EasyList maintainers managed to break through Theymos’ obfuscation multiple times, and each time Theymos found a new way to circumvent their strategies. On May 25, Theymos posted a longer update saying:

Let’s see ’em block this. There’s now a random number of invisible “posts” before and after the ad, and they’re all (I think) indistinguishable from real posts if you’re limited to just CSS selectors. Hopefully the filter maintainers aren’t careless or they’ll end up blocking random posts.

At this point, however, Theymos proved to be very wrong. Theymos made a post on May 26, entitled “Adblock Plus censoring posts”, saying:

The Adblock Plus EasyList maintainers couldn’t block the forum’s ads, so they just blocked the links in the ads everywhere on the forum. So that’s why you might see posts censored like this:

At Private Internet Access, we provide multi-gigabit tier-1 access points to our private global VPN (virtual private network).

Why VPN?
Please visit our website, , at .

We look forward to providing you the highest quality .

There’s nothing I can change in the forum’s HTML to stop this. This isn’t a side-effect of my anti-ABP code. If you don’t want posts censored, you need to disable ABP (or just these filters) on bitcointalk.org. You can complain about it here.

The incident is interesting because it poignantly, and hilariously, shows at just how high a level of abstraction modern commercial cyber-warfare can take place. Here, the battlefield is forum readers’ eyes, the munitions are lines of Javascript code inserted into files are ultimately downloaded and run on users’ browsers, and the civilian casualties are readers and users of the forum. In a normal war, individual battles take place in one of the countries whose government is a combatant; here, users are continuing to voluntarily use Bitcointalk and Adblock Plus, and so all of the “civilian casualties” involved are essentially citizens of both “countries” at the same time – where citizenship is defined as having a habit of asking one’s browser to ask the “country’s” web server to send their browser data representing a web page (or an ad-blocking script) via the hypertext transfer protocol.

It is important to note that Adblock Plus does have a profit motive here; the company maintains a list of “acceptable ads” that they allow to pass through their filters (although there is a setting for users to block them), and although inclusion to the list is “free for websites and small businesses” they have been known to charge for it. However, this may be the “least bad” solution the site’s owners can come up with; it allows them to continue providing a service valuable to millions of people for free, all at the cost of a slight (and even optional!) loss of neutrality. Nevertheless, website owners have good reason to dislike it, and so events like these are only going to increase in the decades to come. The economics and game theory of the internet is proving to be a field that we have only begun to explore.

Liberty Reserve Shut Down For Money Laundering

Liberty Reserve, one of the more popular alternative payment processors for the USD and Euro, has been shut down and its owner, Arthur Budovsky, arrested in Spain as part of a joint money laundering investigation by police in the United States and Costa Rica. Budovsky had been arrested before in 2006, when he and Vladimir Kats were arrested for operating Gold Age, a digital currency exchanger which the US federal government deemed to be a money transmitting business, without a license. However, they received probation, and Budovsky continued to operate Liberty Reserve. This time, the underlying cause of the arrest was money laundering; “Budovsky’s businesses in Costa Rica apparently were financed by using money from child pornography websites and drug trafficking,” BehindMLM writes.

In 2011, Liberty Reserve, together with Dwolla, was one of the main methods of moving money into Bitcoin exchanges to buy bitcoins, and can be credited as being one of the chief enablers of the Bitcoin economy’s early growth at the time. The key feature that LR and Dwolla offered was the lack of chargebacks, meaning that exchanges could use these services safely without fear of a fraudulent customer buying depositing USD, buying and withdrawing bitcoins, and charging the USD back. Dwolla introduced chargebacks without warning in early 2012, suddenly costing one Bitcoin exchange, Tradehill, nearly $100,000 in chargeback fraud. As of May 2013, a lawsuit from Tradehill to recover the money is still underway, with little progress having been made. The loss of this alternative maintained Liberty Reserve’s popularity for some time, but since then it has considerably decreased in importance in the Bitcoin community. MtGox has continued to offer it as a popular deposit option up to this day, but other services, like OKPay, have grown to fill the space, and other Bitcoin exchanges have added more convenient means of buying bitcoins such as cash deposit and bank transfer.

Thus, on the whole, this may help Bitcoin more than hurt it. Many businesses that operate in a high-chargeback-fraud setting have stayed with the USD or Euro by using payment processors that attempt to be chargeback-free, but what the downfall of first Dwolla then Liberty Reserve shows is that, in general, chargeback-free on the internet is a lie; businesses only stay chargeback-free until they are either shut down outright due to the black and grey market activity that chargeback-free services also necessarily attract or a sufficiently large crisis happens that forces them to change their policies. Somehow, something eventually forces everyone’s hand. Except Bitcoin. Because Bitcoin does not depend on any government or corporation, there is no way for anyone to force the system to bend to their will, and so it will remain chargeback-free for as long as it has enough people mining it to defend against attackers. And if that does happen, alternative cryptocurrencies like Ripple will take its place, substituting in a globally distributed network of trust for mining.

BehindMLM’s article on the shutdown mentions how Liberty Reserve is being used by multi-level marketing (MLM) companies. MLM is a marketing strategy in which companies hire, usually on a very informal, “sign up here and start right away” basis, people to market their product and compensate them for not only sales that they themselves make but also a percentage of commissions earned by people they recruit. This is an industry that needs to pay usually very small amounts of money to millions of people around the world, and which is easily susceptible to chargeback fraud – one can simply sell a product to oneself ten times, get the commissions, and then charge the ten sales back. With Liberty Reserve down, they may be forced to move over to Bitcoin instead. Multi-level marketing is only one example; there are many industries that could benefit greatly from a secure chargeback-free method of money transfer like Bitcoin. Perhaps this event will convince them to finally take the plunge and switch to it.

BitInstant: We Have Money Transmitter Licenses in 30 States

Regulation has been a hot topic in the Bitcoin community since the FINCEN guidance in March, and in the Bitcoin conference that took place this past weekend an entire quarter of the conference was dedicated to economic and regulatory issues. The guidance evoked strong feelings of both relief and uncertainty throughout the Bitcoin community; although ordinary Bitcoin users are now almost certainly clear of regulation, a fact that has allowed the Humble Bundle and the Electronic Frontier Foundation to feel comfortable accepting the currency, Bitcoin exchanges will now likely be required to have money transmitter licenses in all 48 states to operate across the country – an extremely onerous procedure that has repeatedly stymied even businesses outside the Bitcoin space. Many figures have been thrown around as to just how much that process costs; a common understanding was that it takes millions of dollars of legal effort and surety bonds, and Jeff Berwick said in his resignation from the Robocoin Bitcoin ATM project that the main obstacle too US participation was “a $25 million “insurance bond” necessary as being deemed a “money transmitter” in the US.”

However, a deeper examination into the issue at play shows that things are not nearly so bleak. The requirements for becoming a money transmitter largely fall into two separate categories: bureaucratic legal effort and surety bonds. With surety bonds, a common requirement is that you need to be insured for 2% of the total volume that you plan to be processing over the next year. If you go over, you need to buy more surety bonds. The cost is thus less prohibitive for small businesses, although there are usually minimums; the Florida regulations specify a minimum of $50,000. In order to get insured for this amount, most insurers charge about 2%, so a money transmitter in Florida would need to pay at least $1000 per year in order to operate. Other states have similar requirements, and altogether the minimum amounts add up to about $7 million. Of course, one also needs to convince surety bond brokers to deal with Bitcoin exchanges, although some are appearing now specifically to serve the legal industry. The other onerous burden is the legal effort. “The more you spend,” Tradehill’s Ryan Singer explains, “the better lawyers you can get and the faster you get your applications.” You can spend only a medium amount of money (in business terms; for a basement startup, it is still very much prohibitive) and get the licenses in several years, or you can spend more to get them faster. Tradehill currently has two lawyers per engineer hired to work on compliance issues.

Just how far along to 48 are leading businesses? The answer from every major exchange in the US (except perhaps MtGox’s US subsidiary) is, surprisingly, quite far. BitInstant’s Alex Waters has even provided a precise figure: 30 states. BitInstant’s progress in getting these licenses is particularly impressive because, technically, they do not even need them; because the company only acts as an intermediary for other exchanges, they are actually classified as a payment processor, a category for which there is a specific legal exemption. However, BitInstant nevertheless wants to be on top of things. “We’ve been registered as an MSB [money services business, the federal license for money transmission] since 2011,” Waters explains. “We take finance and regulatory issues seriously … we’re doing things the way they should be done.”

This should qualify as another piece of highly positive news for Bitcoin. Although regulators certainly are watching Bitcoin exchanges, as the Department of Homeland Security’s recent seizure of MtGox’s Dwolla account clearly shows, no other major Bitcoin business has yet been caught in government crosshairs. Furthermore, the MtGox seizure was justified solely by federal law, which MtGox was not compliant with but which every other major Bitcoin exchange has been compliant with for a long time – BitInstant, as mentioned above, has been a licensed money services business since 2011. In March, there may have been a public perception that exchanges were suddenly scrambling to meet the new requirements. In reality, however, the exchanges have been working on acquiring these licenses since long before the guidance was out, and the day may not be too far away when at least these legal worries are behind us.

Decentralized Currencies, Digital Panhandling, Startup Governments: It’s A Cyberpunk World

If anyone had any doubts that Bitcoin and cryptocurrencies would ever amount to anything in this world, after the events at Bitcoin 2013 it is safe to say that most of these doubts are now gone. Roughly a thousand people were present, dozens of booths featured businesses with products of such high quality that they may be indistinguishable with something from a mainstream corporation, and the organization of the conference itself was nearly flawless. Presentations and panel discussions featured dozens of speakers who are experts in matters of technology, business and regulation, and the topics were equally interesting; among the discussions were subjects involving cryptocurrency-based stocks, using Bitcoin for digital charity, two implementations of decentralized mixers, regulatory and security challenges and creating whole new nations. For every conceivable application to which cryptocurrencies can be put, there are at least two projects implementing it, and for every problem with Bitcoin that still remains to be solved there are at least three projects working hard on a solution. Altogether, the conference has been almost universally applauded as a huge success. As Sean’s Outpost founder Jason King described it after the fact, the halls of Bitcoin 2013 were filled with a “hopeful energy” and excitement that he had not seen since the first conference of the World Wide Web itself.

Independently filmed videos from the conference are available on Youtube already, and the Bitcoin Foundation’s own videos will soon be available on their website. Summaries of key announcements can be found scattered throughout the internet (some content has been posted and more will be added on our own website). Here are some of the key takeaways that I personally found important:

Bitcoin is being taken seriously

One observation at the conference that could be made right from the first day is just how fully the American liberty movement has embraced Bitcoin. Free State Project-associated charities and businesses are responsible for two of the conference’s booths, and Free Talk Live, a popular radio show, took the opportunity to broadcast directly from the conference’s center stage for three days in a row. At the nonprofit panel on Sunday, Fr33Aid’s Teresa Warmke described how last month her organization had abandoned its application for non-profit status with the IRS to become an essentially Bitcoin-only organization. New Hampshire may well become the Bitcoin Kiez, or even the Israel, of the Americas with its rapid, and rabid, acceptance of the currency.

Sean’s Outpost founder Jason King has now started the Bitcoin Homeless Outreach Center, rapidly expanding its operations using the currency and its associated community as an epicenter. The Electronic Frontier Foundation had agreed to accept Bitcoin days before the conference started, and another panel discussion at the conference featured the EFF’s Rainey Reitman, among others, discussing the topic of regulation and financial privacy. Business attention was also very clearly present. Since the start of the month, three major Bitcoin businesses had received a total of nearly $8 million in investment: Coinbase got $5 million from Y Combinator, BitPay $2 million from Peter Thiel’s Founders Fund, and BitInstant $1.5 million from the Winklevoss twins (who were, incidentally, present on the first day of the conference). At the conference itself, the Bitcoin investment group BitAngels had its first meeting. Altogether, the message is clear: Bitcoin is not a toy, it is a rapidly maturing, $1.3 billion economy that a rapidly increasing number of people are taking the plunge to base their lives around.

Bitcoin is here to stay

Of course, the conference did include a number of discussions on some of the weaknesses of Bitcoin that still remain. Ease of use, security and regulation were three major topics that analysts inside and outside of Bitcoin cite as weaknesses, and with good reason. However, for every problem that Bitcoin panelists in the presentation rooms were discussing, in the exhibition room there were three businesses working hard to solve it. Buying and selling bitcoins too hard? Coinbase’s exchange and Lamassu and RoboCoin’s Bitcoin ATMs are rapidly solving the problem. Bitcoind not user-friendly enough for enterprise use? Bitsofproof is working on that. Security? Butterfly Labs’ BitSafe, Slush’s Trezor and BTChip are all present, and the latter was even handing out free samples. Regulation? BitInstant, Coinbase and Tradehill are all well on their way to full compliance.

The alternate chains, and especially Ripple, also make clear that even if Bitcoin itself, for whatever reason, happens to falter, other cryptocurrencies will quickly take its place. The value of the Ripple currency’s total money supply is already higher than that of Bitcoin, and currencies like Litecoin are seeing their value grow even more rapidly than Bitcoin. Bitcoin alone may have fallen to half of its peak since the crash, but a balanced portfolio of Bitcoin, Litecoin and XRP is now stronger than ever.

Bitcoin is already introducing alternate centers of power into this world

Especially in the United States, from watching mainstream television and media one gets a very particular stereotype of how a wealthy bsiness owner is supposed to look: a 40+ year old white male, with a large body over 180cm tall, and always wearing a suit. For those who have not been steeped in Silicon Valley culture, at first Bitcoin 2013 was even slightly unsettling in terms of how quickly and utterly that stereotype was dispelled. Even the most prominent business owners were surprisingly average in weight and height, more likely under 25 than over, and equipped with a T-shirt as often as anything else.

This observation is mote than a minor detail; more than anything else, it clearly shows how Bitcoin is enabling individuals and businesses to succeed that would never make it elsewhere. In the “real world”, studies repeatedly show that factors like race and height can be even more important than any measure of the objective quality of a candidate in predicting success and failure. In the world of Bitcoin, wealth is generated from behind a computer screen, and many (although certainly not all) of these biases simply disappear. As the saying goes, on the internet nobody knows you’re a dog.

One of the reasons why wealth in the world in general is so centralized is that producing it requires not just talents and ideas, but also contacts – specifically, contact with the organizations that already have it. Being able to offer the lowest prices to one’s customers requires knowing the right people and having the skills to negotiate the best deals, and among those businesses that seek to interface between Bitcoin and the world outside this remains painfully clear. Inside of Bitcoin, at least in this early phase of development, product is all that matters, allowing people who were nobodies before to suddenly enter the limelight through talent, hard work or even simple random luck.

What’s more, this new wealth is physically, and socially, decentralized; although many firms now are located in Silicon Valley, many more are from regions as diverse as Florida, New Hampshire, France, Israel and China, and as these businesses grow local communities around the world will benefit. This may well prove to be a one-off effect, but even still it can be appreciated as part of a larger process of positive disruption through technological change. And in that regard it is very significant; the only other technology that has had a similar effect in the past thirty years is perhaps the internet itself.

It’s more than just Bitcoin

The topics at the conference were not just about Bitcoin itself. Perhaps the most commonly discussed alternate application of the underlying idea of cryptographically secured blockchains was that of smart property and crypto-stocks. There are now actually three distinct ways to implement both of these ideas in the works: OpenTransactions, Ripple and colored coins. OpenTransactions relies on centralized servers, although cheating on the part of servers is detectable, but it offers full anonymity through a construction known as blind signatures. Ripple is an alternative currency system that offers the ability for anyone to issue their own currencies, with features like a decentralized exchange built in. The main targeted use case is currencies representing fiat currencies like the US dollar, but making a currency to act as a stock or even to represent a piece of property is entirely possible. Colored coins provide a way to accomplish the same thing from inside the Bitcoin blockchain itself.

The most radical idea of all, however, has nothing to do with Bitcoin itself – at least not directly. The conference saw two distinct projects seeking to accomplish what can only be described doing for the offline and the political what Bitcoin did to the financial: creating entirely new, politically independent, city-states. The first of these, Blueseed, will work by maintaining a ship close to California just outside the international waters line, and will be particularly targeted to solving the difficulties in US immigration. Both employees and entrepreneurs interested in working in Silicon Valley face an uphill battle getting the visa to do so legally, and the process often takes years. By working on Blueseed, it will become very easy to circumvent the problem, and Blueseed residents will still be able to frequently visit Silicon Valley itself through a half-hour ferry – on a personal or business visa, which is much easier to obtain. The zone will also be particularly attractive to Bitcoin businesses seeking to remain easily accessible to US customers but avoid onerous US money transmitter regulation. The second, yet unnamed, will be a full-scale, Manhattan-sized Hong Kong-like free zone in a yet undisclosed country in the Caribbean, and the promise to the Bitcoin community that the project’s ambassador Edan Yago has brought is that the zone’s legal system will be specifically designed for cryptocurrencies right from the start. Exactly what that entails, well, watch the presentations to find out.

The overarching theme of the conference is this: 2013 is the year of Bitcoin’s coming of age. In 2012, we were still, as Reuters put it, “the city traders’ anarchic new toy”. Now, we have highly skilled and well-equipped teams of not just programmers, but also businessmen, investors and lawyers, ready to take on the challenges of finally pushing out Bitcoin to large-scale, real-world use. Bitcoin is increasingly carving out a role not just as a project in itself, but as part of a larger movement for technological and financial freedom and privacy around the world. Twenty years ago, ideas like those discussed at the conference were the topic of science fiction; today, we are already living them. Welcome to the future.

Bitcoin 2013: Day 1

Yesterday was the first day of Bitcoin 2013, the first major Bitcoin conference of the year. There were no presentations yet, other than an opening address including Cameron and Tyler Winklevoss, but right from the moment businesses started setting up their booths around noon the conference room was teeming with life. Over a dozen booths were present, with nearly every major business – BitInstant, BitPay, BitcoinStore and more, having some representation.

For long-time Bitcoin users, events like this are particularly emotional; here, for the first time, we are able to see fellow Bitcoin users, whom we have loved, worked with and had heated arguments with over forums or skype/IRC chat for many months or years as something more than just a username. Entire companies, existing only “on the cloud” before this day, are finally reunited – I myself had this experience finally meeting Tony Gallippi and Elizabeth Ploshay.

Officially, the main attraction of today was the exhibitions. Many established businesses in the Bitcoin community were present, but there were anso a number of companies that have until now barely had any public attention at all. Here is a listing of some – although certainly not all – of the interesting ones.

  • Mycelium – the Bitcoin Card has been around as an idea for a long time; the Internet Archive shows the site existing since as long as March 2012. The basic premise is that the Bitcoin Card will be a standard credit card-sized (including the thickness) Bitcoin hardware wallet, including some mesh networking features to help facilitate in-person Bitcoin payments. Many assumed that the company had simply faded away like so many other idealistic software efforts, but it turns out that it is still going strong – in fact, it is Bitcoin 2013’s premiere sponsor. We’ll have a more in-depth look at what this company really has in store in an upcoming issue of the magazine.
  • Bitcoin Armory – the Bitcoin Armory project had two representatives showing its newest features: printer-safe paper backups (you need to write down a small portion of the code by hand so that a corrupted printer could not steal your money) and M-of-N paper backups – just in time after I wrote an article suggesting that people use such a feature.
  • Free State Project – one thing that the first day of the conference has made very clear is that the US liberty movement is endorsing Bitcoin like never before. Free Talk Live, one of the movement’s most popular radio shows, broadcast its latest episode live from the conference. Bitcoin Not Bombs, Fr33 Aid and Lamassu’s Bitcoin ATM, all affiliated with the project, were present, and although Open Garden is not affiliated with the FSP directly its representative was seen with many stickers supporting the movement on the back of her laptop.
  • BitPay – the company’s CEO Tony Gallippi has become a celebrity in the Bitcoin world for the work that the company has been doing getting Bitcoin merchants signed up (at the conference, Gallippi announced that they now have 7000, and are gaining 100 per day), and especially so after the recent $2 million investment round by Peter Thiel. BitPay’s main competitors, Coinbase and BIPS, were also present.
  • Lamassu Bitcoin ATM – this is one of the two Bitcoin ATM projects that we have all been waiting for, run by Josh and Zach Harvey. This one only goes in one direction; you feed in a USD bill, make your phone’s wallet application show the QR code of your receiving address, put the phone against the scanner, click “confirm”, and voilà. The system did not always work; if the machine’s Bitcoin balance was supplied in a single transaction, the first purchase made will work, but the second may not if it occurs too soon afterwards. The reason has to do with Bitcoin’s concept of “change”; one limitation of Bitcoin is that transaction outputs must be spent all at once; if you received 20 BTC but want to send 5 BTC to someone else, you need to send the entire 20 BTC, but simply have a 15 BTC output redirecting back to yourself. However, while the 15 BTC is not yet confirmed, some Bitcoin wallets do not allow you to spend it, so your Bitcoin balance would temporarily reduce to zero. The problem is an inconvenience, but it is not critical; the obvious quick fix is to simply feed the machine with many transactions of 0.1 BTC each rather than a single large transaction.
  • Hardware Wallets – there are actually two hardware wallet companies at Bitcoin 2013: Butterfly Labs’ BitSafe snd BTChip. The BitSafe is similar in form to the Trezor that Slush’s Marek Palatinus and Pavol Rusnak have been developing for nearly a year now, offering essentially the same features (although BitSafe does promise a lower price point). BTChip is targeting the same use cases, but is cheaper and more basic in its features. Interestingly, both companies are working hard on supporting online wallets like blockchain.info, even though doing so is inherently a harder task since browser Javascript cannot directly talk to USB ports. The solution both companies are using is creating a downloadable program to run in the background as an intermediary – Javascript would talk to it via HTTP, and it would use various drivers to communicate with the hardware.

Today and tomorrow, the focus of the event will be presentations and panel discussions. Everyone who is at the conference can feel free to talk to me personally or buy issues 7,8 or 9 of the magazine at Bitcoin Magazine’s corner of the BitPay booth. Issue 10 will be going to print very soon as well. Continue to enjoy the conference!

MtGox’s Dwolla Account Seized For Unlicensed Money Transmission

The world’s largest Bitcoin exchange, MtGox, had its account with Dwolla closed down by the order of the Department of Homeland Security. The fact was first discovered on Monday when OKCupid cofounder Chris Coyne posted a screenshot of an email from Dwolla saying that his deposit to MtGox could not be processed because of “recent court orders by the Department of Homeland Security and US District Court for the District of Maryland seizing the account of Mutum Sigillum LLC (Mt. Gox)” The next day, DHS officials provided the warrant used to shut down the account, exposing the reason why the shutdown was made: MtGox was operating an “unlicensed money transmitting business.”

Government attention on Bitcoin exchanges has picked up after the US government’s financial regulator FINCEN released a guidance report expressing its position on digital currencies: in summary, people and organizations that use Bitcoin to buy and sell goods and services are in the clear, but Bitcoin exchanges are regulated as money transmitters. However, the underlying law is more complex than this. Money transmitters are regulated under federal law (specifically 31 USC 5330), which requires them to get a money services business (MSB) license, as well as additional state laws in 48 states, which require a separate money transmitter (MT) license in each state. The state-level regulations are much more onerous; it is estimated that getting all 48 licenses requires millions of dollars in surety bonds. The FINCEN guidance was federal, and so directly affects the state of federal law only; for state governments it is merely a suggestion, and so it is up to individual states to determine exactly how their local money transmitter laws will apply to Bitcoin exchanges. But there is also another federal law prohibiting a money transmitting business from operating without a license, 18 USC 1960, which piggybacks off of both 31 USC 5330 and state law for its definition of money transmission. 18 USD 1960 b1 reads:

the term “unlicensed money transmitting business” means a money transmitting business which affects interstate or foreign commerce in any manner or degree and—
(A) is operated without an appropriate money transmitting license in a State where such operation is punishable as a misdemeanor or a felony under State law …
(B) fails to comply with the money transmitting business registration requirements under section 5330 of title 31, United States Code …

However, it appears that in this case state law did not enter the picture at all. “According to FinCEN records on May 6, 2013,” the warrant reads, “neither Mt. Gox nor the subsidiary, Mutum Sigillum LLC, is registered as a Money Service Business.” Thus, it is under federal law that this seizure warrant is making its case. The warrant also states:

As part of the account opening process, Wells Fargo required Karpeles and Mutum Sigillum LLC to complete a “Money Services Business (MSB) Accounts, Identification of an MSB Customer” form. That document was completed on May 20, 2011 and identified Mutum Sigillum LLC as a business not engaged in money services. The application asks several questions; to include, “Do you deal in or exchange currency for your customer?” and “Does your business accept funds from customers and send the funds based on customers’ instructions (Money Transmitter)?” Karpeles answered these questions “no,” indicating that Mutum Sigillum LLC does not deal in or exchange money, and that it does not send funds based on customer instructions.

The document then proceeds to argue that MtGox’s activity of processing Dwolla withdrawals constitutes “accept[ing] funds from customers and send the funds based on customers’ instructions”, and so MtGox (or rather its subsidiary) is in fact a money transmitter,. At this point, we do not know what Karpeles was thinking when he put those answers on the form; perhaps this was simply an attempt to fly “under the radar”, or perhaps MtGox will have a legal argument up their sleeve as to why the warrant’s claim is incorrect.

The fact that state law did not enter the picture is a very positive sign; other Bitcoin exchanges and intermediaries in the United States, such as Coinbase, Tradehill/Prime and BitInstant, all have MSB licenses, and so are not likely to be immediately targeted by the federal government after this. Until these exchanges come up with the required millions of dollars in capital to get money transmitter licenses in 48 states, or the exact situation of state money transmitter laws with regard to Bitcoin is clarified, no one is entirely free and clear, but with a combination of luck, prudence and willingness to proceed toward resolving the remaining legal issues as quickly as possible the major exchanges may still avoid regulatory trouble entirely. If state regulators do start coming down hard on Bitcoin exchanges very soon, the other option is to do what Justin Oh’s Bitcoin ATM is considering doing and what Bitcoin Central did already: partnering with established institutions that already have the required licenses.

As for MtGox itself, this incident means the loss of one of MtGox’s major funding methods, making the exchange more difficult to buy and sell bitcoins with. BitStamp and BTC-E, the second and third largest exchanges, both do not work with Dwolla, so this removes one of MtGox’s advantages over these platforms. This is in fact the fourth item in a series of bad news for the exchange in the past month; the mishaps during the price crash of April 10-12, MtGox’s recent removal of the ability to place orders without immediately having the funds to fill them on April 17 and the Coinlab lawsuit on May 2 have all struck the exchange’s usefulness and reputation. However, altogether these misfortunes appear to be only further proving MtGox’s resilience; the exchange has been responsible for about 75% of all exchange volume over the past thirty days. Only time will tell whether MtGox will be able to recover its legal situation in the United States (perhaps by resolving its differences with Coinlab and finally executing their customer transfer agreement) and bring Dwolla transfers back up.

Bitcoin Self-Defense, Part I: Wallet Protection

Wallet security has always been a primary concern in the Bitcoin development community. Although no other payment system in existence grants you the same level of freedom and control over your money that Bitcoin does, at the same time it can also be its greatest weakness. If you lose your wallet, or the password to your wallet, there is (usually) no one who can help you recover it. If someone else gains access to your wallet (and your password) and steals everything, there is no way to reverse the transaction. This has all been known for the past four years, and great progress in security has been made, but many people do not realize that we still actually have a long way to go. Even if you take all of the standard security precautions, as the examples I am about to give will show, often a single mistake can undo all of your hard work and set you back tens of thousands of dollars. What this article will do is explore some of the more worrying examples of recent (and not-so-recent) losses and thefts, and what users and developers can do to protect themselves.

The Allinvain Theft

Because of the sheer amount of media attention that it received, arguably no list of Bitcoin-related security incidents is complete without this one. In June 2011, the Bitcointalk member “allinvain” lost 25,000 BTC (worth $500,000 at the time) after an unknown intruder somehow gained direct access to his computer. The attacker was able to access allinvain’s wallet.dat file, and quickly empty out the wallet – either by sending a transaction from allinvain’s computer itself, or by simply uploading the wallet.dat file and emptying it on his own machine. The solution to this is obvious: wallet encryption. In allinvain’s time, this was not so simple; one would need to use a generic encryption program (eg. ccrypt) to encrypt the wallet, and then every time one wanted to spend one’s funds one would need to decrypt the wallet, use it, and then encrypt it again. Today, the process is much easier; wallet encryption has been built in to BitcoinQt since version 0.4 in September 2011, and Electrum, Armory and MultiBit all have a similar feature as well.

The Stefan Thomas Loss

This next incident is also fairly ancient in Bitcoin terms, taking place in July 2011, illustrates how wallet security can also fail in the other direction. Bitcoin developer Stefan Thomas had three backups of his wallet – an encrypted USB stick, a Dropbox account and a Virtualbox virtual machine. However, he managed to erase two of them and forget the password to the third, forever losing access to 7,000 BTC (worth $125,000 at the time). Thomas’s reaction: “[I’m] pretty dedicated to creating better clients since then.”

The Evil Java Application

This event, and everything below in this list, is much more recent, taking place in 2013. As the victim himself describes it, “last night around 9PM PDT, I clicked a link to go to CoinChat[.]freetzi[.]com – and I was prompted to run java. I did (thinking this was a legitimate chatoom), and nothing happened. I closed the window and thought nothing of it. I opened my bitcoin-qt wallet approx 14 minutes later, and saw a transaction that I did NOT approve go to wallet 1Es3QVvKN1qA2p6me7jLCVMZpQXVXWPNTC for almost my entire wallet (2.07 BTC)” [~$300 at the time]. This time, the wallet was encrypted, but the attacker was much more clever. The Java application that the victim had opened had also asked for additional permissions, which the victim instinctively granted, unwittingly giving the malicious program the ability to read all of his keystrokes. The application simply waited until he started typing in his wallet password, recorded the password, and then immediately proceeded to decrypt and empty out the wallet.

The Blockchain.info Theft

A blockchain.info user lost 160 BTC (~$20,000) to an unknown attacker. This time, user was not careless in any obvious way; he wrote: “I use the blockchain.info wallet service to manage that address. My password was a random 18 character password with punctuation, upper/lower case etc. I had two-factor authentication with Google Authenticator turned on and a second password on the account that was a random 8 characters.” Rather, the problem lay with the blockchain.info mobile application. On the desktop, blockchain.info encrypts users’ wallets twice; the entire wallet with the main password, and the private keys themselves with an optional second password as well. On the mobile however, for convenience only the second layer of encryption is used. In a stock Android setup, this is not a problem; the sandboxing mechanism ensures that one application’s storage is not accessible by any other application. This user’s phone, however, was roooted. Rooting one’s phone allows the user to use powerful applications that tinker with low-level parts of the Android ecosystem, but it comes at the price of trust: any application to which the user granted root access could have potentially read the wallet file and sent it off, leaving the attacker free to crack the relatively weak 8-character second password on some kind of GPU, FPGA or cloud-based computing cluster.

The Costly Brainwallet Mistake

A Bitcoin user stored 90 BTC (~$10,000) in a brain wallet – an address that, along with its corresponding private key, can be generated from a memorized password. Brainwallets can be a very secure way to store one’s savings, as the information needed to recover the funds only briefly touches a computer once when the address is first generated. The problem with a brainwallet, however, is spending it. Seeking to spend 2 of his 90 BTC, this user generated the private key from his password, loaded it into the MultiBit Bitcoin client, and sent a transaction. He then deleted the MultiBit wallet file (since if the private key remained stored on a computer file it would not be much of a “brain wallet” anymore). However, this proved to be a fatal mistake. MultiBit had sent the 2 BTC to its intended destination, but it also sent the other 88 BTC to a newly generated “change” address. If he had been using MultiBit normally, this would have been fine; sending change to a new address is standard practice and improves privacy. Here, however, deleting the wallet afterward deleted the private key behind the new address, causing the 88 BTC to essentially be lost forever.

The Hidden MtGox API Key

A Bitcoin user had $480 cleared out from their MtGox account even with two-factor authentication installed. It appears that an attacker had managed to somehow get into the account before the two-factor authentication was added, created an API key, and then used that API key to withdraw from the account two weeks later once the sum had been deposited. This is not a security flaw on MtGox’s part; an API (“application programming interface”) key is a password specifically intended to be used by computer programs, and the point of two-factor authentication is for the second factor (eg. a one-time password sent via text message, or a Google Authenticator application on one’s phone) to be completely separate from the computer used to access the site. Thus, API keys must necessarily bypass two-factor authentication to be useful. The one thing MtGox could do is offer to clear all API keys when two-factor authentication is added or the password is changed.

So What Can We Do?

All of these attacks have their own specific countermeasures; to avoid Bitcoin wallet thefts, turn on wallet encryption; to avoid thefts from exchange accounts, use two-factor authentication (look for a “Google Authenticator” option in your exchange account’s security settings) and make sure to check for API keys that were created without your permission; to avoid attackers trivially bypassing both, do not give untrusted applications excessive permissions, even at the cost of convenience, and to avoid loss, create more backups, and check them regularly.

But looking at how even the more responsible Bitcoin users in the above list get hacked, these events clearly show that simply telling people to be more careful is not good enough. It does not seem particularly realistic to ask the average non-technical user, or even the average technical user, to never make a mistake. Thus, what we really need in wallet security, from both users and developers, is a change in paradigm. Rather than trying to continually patch up our digital walls in an effort to make them unbreakable, what need to recognize that any particular strategy used to secure one’s funds can always potentially be circumvented by a mistake on the user’s part, and a mistake is guaranteed to happen eventually. From that viewpoint, the only viable strategy is obvious: defense in depth, using multiple layers of security and granularity to ensure that no single attack can cause all of our funds to get stolen – or lost. Here are some basic tips that can help:

  • Basic Online Service Security – here, the multiple layers of defense are already provided, although it is your responsibility to actually use them. If you are using an exchange, make sure to (1) have a secure password, (2) turn on two-factor authentication (look for it in the security settings, and install the Google Authenticator app on your phone here), (3) make sure the email account that your exchange account is registered with has a secure password and two factor authentication, and (4) make sure you have no unauthorized API keys if you are using MtGox, and turn API access off entirely if you are using BitStamp (and do the equivalent for any other exchange).
  • Basic Computer Security – do not download or run applications from untrusted sources; the Web of Trust addon for Firefox Chrome is a highly recommanded tool that can warn you if you are entering a shady website. Consider uninstalling Java, or at least if you see a Java application asking for permissions train yourself to click “Deny”. Run antivirus scans frequently, and if you catch anything consider your entire operating system infected beyond repair and reinstall.
  • Wallet Separation – keep a separate “spending wallet” and a “savings wallet”. Your spending wallet should be a medium-security, but high-convenience setup with only a small portion of your bitcoins stored inside, and your savings wallet, containing the bulk of your funds, should be optimized for security (against theft and accidental loss) alone. The highest level of security is storing the savings wallet completely separately from your main operating system – a USB Linux distribution, a paper wallet and a brain wallet (provided you are careful with it) are all valid options.
  • Two-of-three Schemes – two-of-three schemes are a common way of simultaneously reducing the risk of both loss and theft by adding redundancy. The btckeysplit utility can be used to split up any private key (or potentially password) into N pieces, such that any K of them (but never just K-1) can be recombined to get the original input (you choose K and N; two out of three is the simplest and most popular), and multisignature transactions provide an officially supported, and more versatile, way of doing the same thing. The three pieces or keys should be placed in completely different locations; memorizing one, writing down another and keeping a third on your computer is a good combination, and you could also give a piece to a semi-trusted third party or friend.

Developers can also help – online wallets and exchanges should let customers voluntarily set low daily withdrawal limits, and a better user interface for two-of-three schemes is needed to make them more widely used. One interesting idea for a service would be an online wallet that signs multisignature transactions in exchange for some form of identity verification, essentially taking on the role of the semi-trusted third party described above.

There are also other developments now on the horizon; dedicated hardware USB wallets will soon come out, essentially providing a dedicated, highly secure mini-computer for making Bitcoin transactions that you can carry in your wallet. But just like wallet encryption and two-factor authentication, hardware wallets will only form part of a complete wallet security setup. In an increasingly digitized world, no technology will remove the need to make an effort to protect your digital keys, but users and developers alike can go a long way in making the Bitcoin world a safer place – users by always being mindful of security and taking advantage of the tips described above and developers by making it easier to do so.

BitPay Raises $2 Million Led by Founders Fund

Just this morning, BitPay’s press office released an announcement that the lead payment processor for bitcoin has raised an additional $2M in seed round financing led by Founder’s Fund.

Founders fun includes three founders of PayPal. In support of his decision to providing funding for BitPay, Brian Singerman, a Partner at Founders Fund said the following, “ECommerce companies see the tremendous value that frictionless international payments bring to their businesses as they expand into emerging markets. BitPay’s ambitions have been global from the outset, and at Founders Fund we have been impressed with the company’s tremendous growth as they sign up hundreds of new customers a day, turning the potential for opportunity into a reality.”

As BitPay has expanded tremendously just in the month of April alone, the what once started as a team of two has now expanded to 10 employees and counting. BitPay added over 1,900 new merchants during the month of April, and they continue to dominate the bitcoin payments space by signing up over 100 new merchants per day.  Through BitPay’s service, around $5 million per month worth of bitcoins are spent on goods and services with merchants around the world.  Businesses selling electronics, precious metals, and other low-margin products over the internet are seeing a large increase in profitability by accepting bitcoin payments.

As BitPay sets the tone for innovation in the payment processing world, its work has not gone unnoticed, specifically on the international front. Also joining this round of funding is Max Keiser’s fund Heisenberg Capital, a London-based fund focused on bitcoin companies. Having previously interview BitPay Co-Founder and CEO, Tony Gallippi on his show, The Keiser Report, Max has demonstrated a keen interest in the progress and development of bitcoin and the implementation of practical ways to continue to make this digital, decentralized currency flourish.

While the terms of the seed round were not disclosed, although 100% of the existing seed shareholders exercised their pro rata rights to maintain their ownership percentage in BitPay. As we have seen in the past weeks and months, BitPay is worth investing in.

In gratitude, Tony Gallippi, co-founder and CEO of BitPay announced, “We were not looking to raise any capital until later this year, but we could not ignore the opportunity to have Founders Fund involved with BitPay…There’s no single investment firm we would rather have on our team right now than Founders Fund.”
As this is just another step in the right direction for not only BitPay but the future of Bitcoin, Bitcoin Magazine congratulates and commends BitPay and also thanks the Founders Fund for investing in a worthwhile project.

BitPay Hires Jeff Garzik

Yesterday, BitPay Inc, the world’s leading payment processor for Bitcoin announced an expansion to now 10 full time employees. BitPay, founded in 2011 by Tony Gallippi and Stephen Pair, has continued to expand in organizational and merchant growth. Through enabling now almost 7,000 merchants to be able to process payments in the Bitcoin currency, BitPay continues to lead the way in promoting the utility of Bitcoin.

BitPay announced the newest additions to the team. Jeff Garzik, Bitcoin core-developer, will join staff to work full-time on Bitcoin and contribute his knowledge on the core Bitcoin protocol. In announcement of hiring Jeff, Tony Gallippi (CEO, BitPay) stated, “BitPay recognizes the need for more resources and developments in the core Bitcoin protocol, especially in the areas of scalability and reliability…We strongly encourage other Bitcoin companies to do the same, either through crowdfunding efforts or direct contracts, grants, or scholarships.”

Jeff Garzik announced his acceptance of BitPay’s offer: “Bitcoin is growing up, no longer a hobby but now a professional payment network used worldwide. BitPay’s contributions to the bitcoin open source software will benefit the entire community. After working on bitcoin open source software for years as a volunteer, I’m excited that BitPay is now sponsoring my work.”

BitPay also expanded to hire Chief Financial Officer, Bryan Krohn. Bryan has previously worked as VP of Finance and Director of Finance for several Atlanta-based companies in the IT and Healthcare spaces. Bryan’s experience with international banking and treasury management will greatly help BitPay’s service meet the needs of larger clients. BitPay increased the size of its Software development team with the addition of Chaz Ferguson. Chaz is a junior at West Georgia College majoring in Computer Science and has begun making improvements to the BitPay workflow to better handle edge conditions.

In addition to increasing in size internally, BitPay is growing in influence in the Bitcoin community. BitPay is a Supporting Sponsor of Bitcoin 2013: The Future of Payments, taking place this weekend in San Jose, California. BitPay executives are also presenting at the conference on Overcoming Challenges to Accepting Bitcoins, Driving Business Adoption of Bitcoin, and Funded Entrepreneurs. Attendees of the Conference can meet the entire BitPay team.

One of the main steps to increase the success of Bitcoin, is easing the payment processing of Bitcoin. BitPay is a Payment Service Provider (PSP) specializing in eCommerce, B2B, and enterprise solutions for virtual currencies. Bitcoin Magazine commends the work of BitPay and wishes continual success and growth opportunities for the company.

What To Expect At The Bitcoin Conference

The main Bitcoin conference of 2013 will take place in San Jose next weekend from May 17-19. The Bitcoin Foundation-organized event, entitled “The Future of Payments” is likely to be by far the largest gathering of Bitcoin users yet, with well over 500 people already signed up to attend. The conference will focus on three main aspects of Bitcoin: technology and mining, business, and economic and regulatory issues, and presentations throughout the conference will be run in parallel, one from each category at a time. Just like the previous two conferences in 2011 and 2012, alongside the presentations themselves there will be a number of other special events on the side.

This is not the only major Bitcoin-related event to watch out for this year. From June 17 to June 23, the Free State Project in New Hampshire will be hosting PorcFest, an annual event dedicated to various aspects of libertarian philosophy. The event includes a marketplace called Agora Valley, and in 2012 one Bitcoin user noted that over 80% of the merchants were accepting Bitcoin. Given how much Bitcoin has grown since then, we can expect Bitcoin to have an even larger presence in the event this time around. In July, the tech and business side of Bitcoin will get MediaBistro’s Inside Bitcoin conference on July 30 in New York, with BitInstant’s Charlie Shrem as the featured speaker. Important financial entrepreneurs and investors like ZipZap’s Alan Safahi and Knight Capital’s Abelardo Mendez will also be present. In November, the unSYSTEM conference will take place in Vienna, focusing on the ideological side of Bitcoin as well as activism in general. Speakers include Occupy London, Juice Rap News, Max Keiser, Defense Distributed‘s Cody Wilson, Berlin Bitcoin community organizer and restaurant owner Joerg Platzer and many more technological, artistic and political activists. Depending on their interests, Bitcoin enthusiasts may well consider attending one or more of these conferences in addition to (or perhaps in place of, in case of limited time or budget) this one.

The conference costs $300 to register ($350 at the door), a price which may seem steep, but one should bear in mind that most people attending the conference will be coming in by plane and therefore paying much more for airport and hotel expenses anyway. The difference between paying $1030 for a $30 conference and $1300 for a $300 conference is not all that much. The full schedule for the conference can be found here; the following is a list of some of the more interesting parts of the conference to watch out for.

  • The Tech and Mining Track – one of the three sets of presentations to take place throughout the conference will focus on Bitcoin mining and technology. This section will largely feature generic discussions on various topics surrounding Bitcoin technology, including a “State of the Union” address by Gavin Andresen, ease of use, security, mining pool rewards and electricity, although it will also have more targeted discussions on the topics of alternate cryptocurrencies, hierarchical deterministic wallets and Trezor, the Bitcoin USB Wallet.
  • The Business Track – for those already working with Bitcoin in their businesses or interested in doing so, this is the place to be. Presentations include Roger Ver’s “Bitcoin 101 for Business”, fraud prevention, overcoming the challenges of accepting Bitcoin, driving Bitcoin adoption, investing in Bitcoin businesses, international business and nonprofits, as well as several discussions on the interaction between Bitcoin and the existing financial system from speakers like Bitcoin Central’s Pierre Noizat and BitInstant’s Charlie Shrem.
  • The Economic and Regulatory Track – this track is a bit of a strange merger, combining what may be some of the ideological discussion about Bitcoin to formally take place in the conference with the most pragmatic. Half of the topics are about how Bitcoin can radically change aspects of the current “system”, and the other half are about how Bitcoin can interact with it. On the “economics” side, the topics include “Will Bitcoin Change the Payments Landscape?”, “The Role of Bitcoin As Money”, “Economics of Bitcoin”, a presentation by Blueseed and “The Future of Panhandling” by Sean’s Outpost’s Jason King. On the regulatory side, the three presentations are on the legal classification of Bitcoin, issues of regulatory compliance, and financial privacy and law enforcement.
  • Exhibitions – throughout the conference, as well as on the Friday before it, Bitcoin businesses will be holding exhibitions, and many will be using the opportunity to make announcements or unveil new products or features. Zach Harvey’s Bitcoin ATM (as opposed to the one connected with Jeff Berwick), for example, will be using the conference to make its first public launch. The full list of exhibitors can be found here.
  • The Hackathon – there have been Bitcoin-themed hackathons before, but the one that will take place alongside the Bitcoin conference is particularly interesting since it will be judged by actual Bitcoin business owners and investors: Brian Armstrong, Adam Draper, Alex Ferrera, Jeremy Liew and Tihan Seale.

Above all, the conference gives attendees a chance to meet and interact with fellow Bitcoiners from around the world. This includes many of the key figures in the Bitcoin community, including Bitcoin business owners, developers and investors, as well as ordinary enthusiasts from all around the world. If you are interested in getting involved with a Bitcoin project, whether a business, an open source software project or a charity, this will be a great opportunity to meet and talk to people that might be interested in having you onboard. Those who are unable to attend the conference will be able to watch all of the presentations on video, and Bitcoin Magazine will be releasing exclusive content from the conference in both our web and print editions. If you will be attending, enjoy the conference!

Last Forking Warning

It has been just over two months since the bitcoin block chain was rocked by a near disastrous fork causing the bitcoin price to crash.

The culprit of the crash was found to be a bug that prevented pre version 0.7.1 bitcoin clients accepting large blocks that could be generated by version 0.8 clients.  A temporary fix was put into place by Bitcoin Project lead developer Gavin Andresen that forced version 0.8 clients to generate blocks that version 0.7.1 could understand.

It is important to note though, the fix was a temporary one!  In just under two days on the 15th of May (I have made a countdown timer below for your convenience) the fix will expire and version 0.8 clients will once again be able to make large blocks that older clients will not be able to understand.

Countdown to Fork

This will lead to a hard fork where the newer clients and the older clients will  disagree on the state of the blockchain.

It appears that most miners and pools have upgraded to version 0.8 clients already but it is yet unknown how many users are running older clients so this is the last opportunity for them to upgrade and avoid any issues.

Upgrading is only necessary of you run a pre version 0.8 copy of the official BitcoinQt client from bitcoin.org you can tell if you need to upgrade by opening your client and selecting the options Help => About Bitcoin.  You should then see a window similar to the screen below, if your version number is anything below version 0.8 (the image below is version 0.8.1-beta ) you should immediately go to bitcoin.org and download and install the new client.

Bitcoin-QTv0.8.1-beta

Since most (if not all) miners and pools have already upgraded it is unlikely that we will have an extended fork like we did back in March but there is a very real risk that individual users may experience issues.

Author: Neil Fincham,  
This article is also available at the author’s website, mineforeman.com.

Bitcoin Magazine Congratulates Coinbase on a Series A Round of Funding

On Tuesday, Coinbase announced receipt of $5M in investment funding led by Union Square Ventures with additional support from Ribbit Capital, SV Angel, and Funders Club.  Coinbase’s Series A funding followed a September 2012 seed fund of $600,000 which provided the company tools to move forward.  Coinbase was founded by Brian Armstrong (former Engineer at Airbnb) and Fred Ehrsam (computer scientist and former currency trader) who shared the common goal of promoting the utility of the Bitcoin currency.

Based in San Francisco, CA, Coinbase provides three main services of providing an online wallet for individuals to store their Bitcoins, services for merchants to process Bitcoin as payment in lieu of USD or other currencies, and an ability for merchants and individuals to buy and sell Bitcoin for various fiat currency options.  Coinbase provides an opportunity for small businesses and individuals to accept Bitcoin in payment and then receive USD and additional fiat currencies in return.

Coinbase currently has 300 merchants including the popular dating site, OKCupid.com and the social news site, reddit.com.  As a Bitcoin payment processing company, Coinbase charges a fee of 1% per transaction from dollars to Bitcoin or visa versa.  Such a fee is approximately 2 percentage points lower than that of typical credit and debit card processing fees.

Fred Wilson (Partner, Union Square Ventures) stated in his blog, “We believe that Bitcoin represents something fundamental and powerful, an open and distributed Internet peer to peer protocol for transferring purchasing power. It reminds us of SMTP, HTTP, RSS, and BitTorrent in its architecture and openness. Like what happened with those other low level protocols, entrepreneurs and developers are now building technology on top of Bitcoin to make it more useful, more accessible, and more secure.”  Fred and his team at Union Square Ventures have high hopes for not just Coinbase but also the Bitcoin currency.

We can recognize Coinbase’s recent funding as another step towards legitimacy and greater utility of the Bitcoin currency.  To date, Coinbase’s new Series A funding represents the largest funding round for a Bitcoin start up.  We can expect additional venture capitalists to take note of the upward success and mobility of the Bitcoin currency.  Coinbase was founded in June of 2012 and has proven to be a force to be reckoned with in the payment processing industry.

Bitcoin Magazine Congratulates Gyft’s Opening of 50,000 Locations to Bitcoin via BitPay, Inc

Just this morning, BitPay, Inc announced it’s newest merchant, Gyft. Gyft, a mobile gift card platform, added support for Bitcoin purchases of gift cards on the Android platform, through its partnership with BitPay Inc, the world’s leading payment processor for Bitcoin. Gyft offers a mobile gift card app to allow customers to buy, store, send, and redeem gift cards on their phones. In addition to a free phone app, customers can share gift cards via Facebook.

Gyft works with 50,000 physical retail locations across the USA including GAP, Lowes, Sephora, Gamestop, American Eagle, Sports Authority, Nike, Marriott, Burger King, Fandango, Brookstone, and many more. Gyft fits right into the Bitcoin community of ingenuity and convenience as the Gyft phone app eliminates a need for plastic gift cards. Gyft’s platform allows for individuals to use the gift cards in online and in person transactions as the app contains front and back copies of a gift card with a bar code to be scanned at the time of purchase.

Gyft provides new opportunities, not only for consumers but also companies selling gift cards. The use of Bitcoin opens the door for Gyft to expand its user base and also contribute to the Bitcoin community by increasing the utility of Bitcoin.

“The partnership with Gyft and BitPay blows the doors open to major retail for Bitcoin users,” said Tony Gallippi, co-founder and CEO of BitPay. “Any shopper in a participating retail store, with Bitcoins on their Android device, can easily convert Bitcoins into a store gift card and pay for their purchase. The whole process takes less than one minute and can be done on a single mobile device.”

“Gyft is proud to be a pioneer in the Bitcoin universe and we are excited about the possibilities for further innovation on our platform,” said Vinny Lingham, Gyft co-founder and CEO. “By using our existing network of retailers, we are able to offer Bitcoin consumers the ability to instantly spend their Bitcoins at hundreds of merchants.”

Gyft made a wise choice in not only getting involved with the Bitcoin currency but also partnering with BitPay. BitPay currently processes $5M per month in Bitcoin transactions for merchants and is taking on new merchants daily to expand the utility of Bitcoin. BitPay now has over 6,000 merchants and Gyft is a stellar addition to the team! Gyft’s partnership with BitPay and acceptance of Bitcoin for giftcard payments is yet another step in the right direction for the Bitcoin currency.

btcd: A Full Alternative Bitcoin Implementation, Written In Go

Conformal, a company focused on building open-source software for privacy and security, has revealed their latest project: btcd, a full Bitcoin reimplementation in Google’s programming language Go. The implementation is not yet entirely done, but most core features such as transaction verification, database interaction and network connectivity are tested as working, and the company has released one component of the system for public review: btcwire, a package that focuses on converting Bitcoin protocol messages between btcd’s internal representation of the message and a serialized form suited for direct network transmission, as well as actually sending and receiving these messages over network connections. Conformal provides a more detailed description of btcwire on their website.

The company has also written a blog post explaining their decision to make this alternative implementation; they write:

A number of us at Conformal Systems had been keeping an eye on Bitcoin as passive observers for the past couple years since Bitcoin combines technologies that are already of interest to us: practical use of cryptography, distributed systems, and electronic payments. In January 2013 I had one of our developers, David Hill, attempt to port bitcoind and its GUI to Bitrig, an OS that several of our developers forked from OpenBSD. David encountered several problems with porting to Bitrig and in the process found issues with unit tests, non-portable functions and seeding of a PRNG. While pushing to get the port complete, it was clear that it would take a lot more effort than usual to complete this port. After seeing these issues with the porting, I felt that the Bitcoin ecosystem could use an alternative to bitcoind.

As for why they chose the programming language Go, they write that Go has a number of advantages over the C++ used by the only full Bitcoin implementation currently in major use, bitcoind. Particularly importantly for financial software, Go offers “integrated test infrastructure, no active memory management, standard formatting, platform independent code, simpler parallelism, built-in profiling and documentation facilities [and is] virtually crash-proof.” Integrated test infrastructure is particularly important; the easier and more natural it is to write tests, the more tests can be written, and the smaller the chance we will see another serious blockchain fork from an unforeseen edge case. Parallelism, profiling and crash-proofness are also particularly useful attributed for Bitcoin exchanges, so given the performance bottlenecks that all exchanges were revealed to have in the Bitcoin market crash in April new exchange developers may well consider using Go as their language of choice.

This is not the first attempt at reimplementing the Bitcoin protocol; Amir Taaki’s libbitcoin (written in C++) and Mike Hearn’s BitcoinJ (Java) have both accomplished the feat, although the former is being used only in some experimental versions of the Electrum server software and the latter in some Android light clients. Importantly, there are no alternative implementations of Bitcoin that are currently being used to any significant degree by miners.

There are reasons to believe that this is unhealthy for the Bitcoin ecosystem. In theory, Bitcoin is an open source protocol in which anyone can participate, and on most levels that is true. Partial implementations of Bitcoin that can make and verify transactions exist already, and are the backbone of alternative Bitcoin clients like Blockchain and Electrum. In practice, the deeper into the protocol one goes the more it becomes a monoculture, but monocultures are dangerous. If there is only one implementation being widely used, then unforeseen bugs appearing (or even disappearing) in upgrades can cause the entire Bitcoin blockchain to essentially fork into two as the two versions of the protocol disagree on which transactions and blocks are valid and which are not. Because the blockchain builds on itself, even one mistake will have consequences that cascade forever into the future.

This was the cause behind the blockchain fork that took place in March – a previously unknown limitation in the database software used by bitcoind 0.7 caused a fork only after bitcoin 0.8, which used a different database which did not have this limitation, was released. The two versions then disagreed on the validity of a single block, and the fork followed from there, sending the price crashing by 23% before enough major mining pools got together on IRC chat to correct the issue. With three or five re-implementations, on the other hand, any single version disagreeing with the others will be highly inconvenient for users of that version, but will not have a grave effect on the entire network.

Multiple implementations is also good for standardization; in a monoculture, the dominant software becomes the standard, giving the developers of the dominant software a higher degree of control over the future development of the protocol than was originally intended. This does not even require the developers to make a conscious decision to start subverting the design process for personal gain to be harmful. Even if, as is almost certainly the case today, developers are acting with the best of intentions, there is a bias in software development toward increasing complexity and confusion that is mitigated if multiple implementations have to work together on every change. If there is only one implementation, errors get uncovered later rather than sooner, and the result is a sort of Talebian “stability breeding its own instability” that ultimately, as in the case of the March blockchain fork, causes disaster. Additionally, developers have no incentive to even document the protocol as long as it works internally. Currently documentation does exist on the Bitcoin wiki, but with multiple implementations we can be much more certain that the page will be updated, and even improve in quality, in the future.

Whether or not btcd will actually be used by miners is hard to say; it is entirely possible that miners will remain comfortable with the existing bitcoind, and the stability through decentralization that a healthy ecosystem of alternative implementations can bring will never come to pass. But even in such a state, this will still be a step forward for Bitcoin if only because it makes it easier for Go users to interact with the protcol. A Bitcoin implementation in Go has already been written, but it has not been updated in nearly a year, and appears to have only ever had a single developer behind it. btcd is backed by a corporation that is clearly well-versed in security and privacy, inspiring much more confidence in its reliability.

For the near future, Conformal writes that “our goal is to continue releasing packages from btcd as we increase test coverage and bring them up to a professional level. The intent is that each piece can then be publicly reviewed for correctness as they become available while we continue work on the remaining packages.” The company intends to continue releasing packages over the next several weeks, pushing out one at a time so that the community can better review the packages as they come out. Their next release will be btcjson, a package the deals with JSON-RPC messages. You can watch out for more releases on the Conformal blog.

Introducing Carbon Wallet

Carbon Wallet, a new service seeking to be the next great innovation in secure online wallets, is launching today. Currently, there are two major types of online wallet: server-side controlled wallets and client-side controlled wallets. In a server-side wallet (eg. Coinbase), the actual wallet is controlled by a server which independently maintains all of its’ users like a bank account, and in a client-side wallet there is an actual fully-functional Bitcoin wallet operating inside the user’s browser, and the server only holds encrypted backups of each user’s wallet – to which only the user knows the decryption key. Carbon Wallet is adding a third paradigm to this mix: the server holds no backups at all, and the wallet is instead deterministically regenerated from the user’s password each time the client loads.

Reconstructing an entire Bitcoin wallet from nothing more than a password may seem like a magical feat, but in reality it is quite feasible. Essentially, a wallet is made up of two parts: private keys, and transaction information. Private keys are the secret numbers that let owners of Bitcoin addresses sign transactions to spend money from them, and the transaction information that wallets need is essentially how much money they have, and the content of the individual transactions that sent the money to them. The Bitcoin Wiki describes a number of ways to generate a potentially infinite set of private keys from a single root seed; the simplest one to explain relies on a cryptographic hash function also used elsewhere in Bitcoin called SHA256. Essentially, SHA256 can take anything as an input, and uses a series of highly chaotic transformations to generate a seemingly random 256-bit number as an output – exactly the right format for a Bitcoin private key. The private key generation algorithm is simple: private key 1 = SHA256(password+”1″), private key 2 = SHA256(password+”2″), and so on, and there exists an algorithm to generate the corresponding Bitcoin address given a private key. The mechanism used by Carbon Wallet is more complicated, replicating the one used internally by Electrum, but it shares the same ability to generate as many addresses as the user requires. Transaction information, just like in the popular client-side wallet blockchain.info, is simply downloaded with the help of the Carbon Wallet servers.

Currently, Carbon Wallet does not let users choose their own passwords; it instead relies on twelve-word “passphrases” of the same format as Electrum wallets. If you do not want to create your own twelve-word passphrase from Electrum’s 1700-word dictionary, Carbon Wallet can create new passphrases for you; “naked goose realize except concrete attack strange tightly thorn note memory church” is one example of a passphrase that Carbon Wallet generated.

The question is, will Carbon Wallet be actually more secure than its alternatives? On the one hand, this does significantly reduce the level of involvement that the server has in the Bitcoin wallet’s use. On the other hand, however, the main weakness of blockchain.info – namely, the fact that its operators are theoretically capable of introducing malicious code into the client to, for example, immediately empty a user’s wallet upon launch, is just as present in Carbon Wallet. Blockchain.info has provided a solution to the problem in the form of a Firefox and Chrome extension, and Carbon Wallet will soon implement a similar feature, but in this regard the security of the two models remains exactly the same.

But there are a number of ways in which Carbon Wallet’s model does win out. The first is reliability. Even if the Carbon Wallet servers go down, users can simply convert their Carbon Wallet password into a seed for Electrum, and they will then have an Electrum wallet with all of the same addresses. With blockchain.info, users must either take advantage of blockchain.info’s email or Dropbox wallet backup feature or risk losing access to their wallets if, for whatever reason, the site disappears or all copies of the database are erased. Another advantage is portability; anyone can make their own Carbon Wallet-compatible wallet with superior features or a better interface, and Carbon Wallet users will be free to simply hop between whatever providers they want at a moment’s notice; because the wallet is deterministically generated from nothing but their password, every provider will be able to give the user access to their money in an instant.

There are several features that Carbon Wallet will add in the future. One is the ability to store a long password in local browser storage, and then use a shorter password to decrypt it. This would also help mitigate the brute force guessing issue, and would be necessary when Carbon Wallet expands into mobile applications, as it is very inconvenient to type in a genuinely secure password on a smartphone. The wallet will also soon add at the very least a “validator” extension to protect against someone hacking the Carbon Wallet servers and secretly inserting malicious code into the client that ultimately gets delivered to the user’s browser. Support for mobile devices and QR code support is also a high priority. For those interested in what this new model of wallet storage that Carbon Wallet has to offer, the wallet is now available for use at http://carbonwallet.com.

Bitcoin Developers Adding $0.007 Minimum Transaction Output Size

Clarifications:

1. This is NOT a change to the Bitcoin protocol, it is a change to default transaction inclusion and propagation rules. If you can get your transaction to a miner willing to bend these rules, you will get included in the blockchain (although it will be inconvenient for you).
2. There is another justification given for adding a minimum transaction size: many new users end up receiving very small quantities of bitcoin from free bitcoin sites and are unable to spend them because the total amount is less than the minimum transaction fee for sending small amounts. This patch will eliminate this problem.
3. This is actually a softened version of a previous change that would have the 5430 satoshi minimum hardcoded with no option for individual miners to customize it without editing and recompiling source code, and so is already an improvement. Any expressed or implied criticism was directed at the original introduction of the minimum, not this particular patch.

See criticism of this article and my replies (and so on) at http://www.reddit.com/r/Bitcoin/comments/1drnvp/bitcoin_developers_adding_0007_minimum/, and feel free to make your own judgement.

About a week ago, lead Bitcoin developer Gavin Andresen quietly introduced a patch that would add a fairly significant change to the transaction propagation rules: any transaction with any of its outputs less than 5430 satoshis (0.00005430 BTC) would be classified as non-standard, and will not be included or further propagated across the network by default miners. The minimum is a setting that individual miners are free to change (including to zero), and such transactions will remain valid under the rules of the Bitcoin protocol, but with only non-standard miners and miners that bother to change default settings including them in blocks and even passing them along to other nodes it will take much longer for them to get accepted (ie. “confirmed”) by the Bitcoin blockchain.

The main motivation for the patch is the same as that for many of the other rules restricting transaction propagation and inclusion in default miners: to fight “transaction spam”. One of the more problematic aspects of Bitcoin is that every transaction ever made will need to be stored by every fully participating node in the Bitcoin network forever, and already the size of the Bitcoin blockchain is over 7 gigabytes. Thus. there is an understandable desire to attempt to limit transactions that are deemed to be more trouble to store and verify than they’re worth. Some rules, like one added three months ago to make transactions that are over 100,000 bytes in size non-standard, exist to block single transactions that would cause an excessive amount of computing power to process and hard disk space to store. Others serve to discourage features of the Bitcoin protocol that are not well-tested. This one, however, serves a slightly different purpose: to block transactions that are perfectly ordinary in format and size, but which provide an extremely small benefit to the sender.

A substantial portion of Bitcoin transactions will be affected; a chart linked in Gavin’s pull request shows that about 20% of all recent transactions are under the threshold. By far the main user of such small outputs is the popular Bitcoin gambling site SatoshiDice. All bets on SatoshiDice take place directly over the blockchain; the bettor sends any amount of bitcoins between 0.01 and (usually) 500 to one of SatoshiDice’s addresses, if the bet wins, the original bet multiplied by the prize multiplier is sent back, and if the bet loses the bettor would receive 1 satoshi to let them know that they did, in fact, lose the bet, and their transaction was not lost due to some kind of error on the part of SatoshiDice or the Bitcoin network. SatoshiDice is prepared; the site has already increased the size of their “loss notification” transactions from 1 satoshi to 0.00005 BTC.

Also affected will be the colored coins project. The colored coins project’s core idea is to assign additional value to extremely small amounts of bitcoin; one application would be to “tag” ten thousand specific satoshis and then use them to represent shares of a corporation. One single satoshi can be used to represent smart property. Now, in order to achieve the same granularity what could be done with a single satoshi before would now need to be done with a block of 5430. However, in the discussion on this patch on Github, colored coins developer Alex Mizrahi commented: “I don’t think this change will create significant problems for ‘colored coins’. I mean, it’s strange that you’re doing this, but I guess we can live with it.” Although this will increase the expense of creating shares, it will not overshadow all other expenses; each individual colored coins transaction already required a 10,000 satoshi transaction fee in order to get included into the network without unreasonable delay.

In both cases, however, from both the Github discussion and conversations elsewhere it is clear that many core Bitcoin developers have a dim view of both SatoshiDice’s loss notification mechanism and colored coins being in the Bitcoin network. One poster said, “personally I think that a ‘colored coin’ solution lies in alt-chains and using the main BTC block chain is not appropriate for this application”, echoing a commonly held belief that Bitcoin is meant to be used to send payments and not information. Jeff Garzik added in response to another comment, “It is not breaking fundamentals — bitcoin has never ever been a micro-transaction or micro-payment system”.

Here, however, the developers have already gathered some criticism. Although this patch has been pushed relatively quietly so far, as though the change was simply a routine and uncontroversial optimization, the community’s position on these matters is far from settled; indeed, the two questions of (1) whether or not transmitting information using Bitcoin is legitimate, and if so just how much information is okay, and (2) whether or not Bitcoin should be used for micro-transactions are highly disputed matters. To show this, note that what appears to be an opposing view was held by Satoshi Nakamoto himself:

Completely non-reversible transactions [in pre-Bitcoin payment systems] are not really possible, since financial institutions cannot avoid mediating disputes. The cost of mediation increases transaction costs, limiting the minimum practical transaction size and cutting off the possibility for small casual transactions, and there is a broader cost in the loss of ability to make non-reversible payments for non-reversible services.

One of the original purposes of Bitcoin was thus micro-transactions, as stated by Satoshi himself.

Of course, the issue is somewhat more complicated than this, as there are actually two distinct uses of the term micro-transactions at play. The first can more accurately be termed milli-transactions; these are small payments on the order of $0.01 to $0.99, and transactions of this size are frequently used to pay for songs and mobile applications and to give tips through Bitcointip. It would indeed be a tragedy if these uses were hampered by a minimum size restriction of fee, but these are fortunately not harmed by this scheme. The second is transactions that are even smaller; one might imagine a computer paying a smartphone 100 satoshis per kilobyte in exchange for being able to borrow the smartphone’s cellular internet connection. These are the kinds of transactions that Bitcoin was actually never intended for, and which are better done with either some kind of centralized off-blockchain clearing mechanism or a repreatedly-adjusted transaction mechanism as described in the Bitcoin wiki’s page on contracts.

Where disagreement lies is twofold. First, there is the question of just how small a milli-transaction needs to be before it becomes a micro-transaction. On the one side are Bitcoin developers like Peter Todd, who stated in the Github thread that “We do need better communication of this stuff, and that includes doing things like taking ‘Low or zero processing fees’ off of bitcoin.org and not talking about microtransactions.” The argument in Todd’s favor was already mentioned; restricting as many low-value transactions as possible keeps the size of the Bitcoin blockchain down, mitigating the need for Bitcoin users to move away from “full clients” to “light clients” which do not store the Bitcoin blockchain themselves and instead rely on third-party servers to do much of the legwork. On the other side are those who see low processing fees and smaller minimum transaction sizes as being among Bitcoin’s cardinal features, for which it is even worth it to give up the idea that anyone other than a miner or business will be actually storing the full Bitcoin blockchain. The argument that this group makes is that most users have migrated off the “Satoshi client” maintained by the core developers to “light clients” like Electrum and Blockchain already, and it is a fool’s game to attempt to forestall this trend.

The other question is that of alternative uses of the Bitcoin protocol. The solution used to limit low-value transactions before this move toward an outright ban was transaction fees, and this mechanism had the advantage that, rather than outright banning any particular uses that are deemed “wasteful”, it allows the sender themselves to decide whether or not sending the transaction brings enough benefit to them to be worth the public cost. Here, no such individual judgement is possible, and so in order for a Bitcoin transaction to be deemed “valuable enough” to be allowed into the blockchain it must at least appear to be a substantial transfer of Bitcoin-denominated monetary value. The fact that colored coins users might benefit more from sending single satoshis than some other users benefit by moving around entire bitcoins, while the public storage cost for both types of transactions is the same, is not reflected in this rather blunt style of regulation. The argument used by developers, once again, is that Bitcoin is only intended to be a system for storing and sending money, and other uses belong on alternative blockchains better suited to their individual purposes.

It may well be that a community consensus will emerge that Bitcoin is a network for sending money and nothing but money, and substantial amounts of money too. However, so far no such consensus exists, and these questions remain very much up for debate. Because of its limited scope, and its nature as a modifiable miner setting, this particular patch is not particularly important, but it does highlight the importance of these long-standing issues that still remain unresolved. Exactly what minimum size of transactions should Bitcoin target itself toward, and should it aim for virtually no fees? Is the use of the Bitcoin network to send trivial amounts of information, whether that may be information about ownership in the form of a colored coins transaction or a loss notification from SatoshiDice, something that we want to accept? Exactly what balance we strike with each of these questions is a crucially important decision that will affect the course that Bitcoin will take for decades to come, and it is very important that we as a community have solid communication, and genuine two-way discussion, when these kinds of issues arise.

CoinLab Sues MtGox

The partnership between CoinLab and MtGox that had been met with great fanfare when it was first announced at the end of February has now rapidly turned sour, as Coinlab opened a lawsuit against MtGox seeking $75 million in damages. The original plan had been for Coinlab to take over all of MtGox’s operations in Canada and the United States, using its business relationships and marketing experience, as well as a local banking presence, to better provide for North American customers while still using MtGox’s technical infrastructure and leveraging the company’s established brand. The monetary side of the agreement, as we now know, is a revenue sharing arrangement in which revenues from existing MtGox customers in the US and Canada are split 60/40 between MtGox and Coinlab (in MtGox’s favor), and revenues from new customers are split 90/10 in Coinlab’s favor. However, almost right from the start it was obvious that things were not quite going according to plan. Coinlab’s takeover of MtGox’s existing US and Canadian customers was supposed to have concluded by March 22, but the date came and went and nothing appeared to change. Coinlab was quiet about the details of the process, and throughout the rest of March and April progress continued to stagnate, and Coinlab and MtGox were both silent on the matter. Now, it appears as though the delays have pushed Coinlab itself to the breaking point, and now in this way the company’s executives have decided to take action.

There are two main parts to Coinlab’s claim. First, the company claims that MtGox has utterly failed at living up to its side of the bargain in helping the transition go smooothly. Excerpting from the relevant section of the lawsuit:

28) Mt. Gox has failed to cooperate in facilitating the timely and seamless transfer of CoinLab Customers to Coinlab since the Agreement took effect.

30) Defendants have breached their promises to provide necessary technology, software, and know-how to CoinLab and have refused or failed to establish promised connections from CoinLab’s computer network to Mt. Gox’s computer network.

32) Despite repeated requests to do so, Mt. Gox has failed to deliver all passwords,Yubikeys, administrative logins and any other security information required so that CoinLabmay assume operation of the Bitcoin exchange services for customers in the United States and Canada in case of a service interruption.

The list goes on, giving a series of contractual duties that Coinlab claims MtGox has failed to comply with. The other major claim in the suit is more interesting. In the original contract between Coinlab and MtGox there is a clause stating the following:

F. 1 During the Term, MtGox and Tibanne shall not grant anyone the right to use the Licensed Materials to provide the Services, or any part thereof, in the Territory. The exclusivity granted herein shall apply strictly to Services targeting the Territory and the CoinLab Customers (as defined below) and advertised and sold as such. It shall not include the provision of Services to users of the Services who, depending on the interpretation or circumstances, may or may not be considered CoinLab Customers.

The contract also included a similar clause binding Coinlab, preventing Coinlab or its owners from operating another exchange independent of the agreement. These clauses are key; without them, MtGox or Coinlab could both attempt to draw customers from the Coinlab-operated North American MtGox to a separate exchange not bound by the revenue-sharing agreement, and so deprive the other of all revenue. Another clause later in the contract states that that “it may be impossible to determine the monetary harm suffered by the non-breaching Party” if Coinlab or MtGox violate either of these key clauses, and instead sets a specific figure that either party would be liable for in the event that they breach the contract: $50 million USD.

In the lawsuit, Coinlab claims: “Defendants have, in email and other written exchanges, and in public statementsto the press acknowledged that they have directly serviced customers in the United States and Canada since entering the Agreement. This conduct constitutes a breach of the Agreement, including the exclusivity provisions in the Agreement.” Combining this with MtGox’s alleged failure to transfer the necessary technical materials, the total value claimed in the suit is a sky-high $75 million.

MtGox’s defense against this claim will likely come in several parts. First of all, the transfer was never completed, and so there is no reason to believe tha Coinlab suffered actual damages from MtGox continuing to serve customers directly in the meantime. The $50 million figure in the contract does not depend on the transfer actually having taken place, but judges are known to cut down such pre-set damages in certain circumstances. Second, although the clause stating that “MtGox and Tibanne shall not grant anyone the right to use the Licensed Matrials to provide the services” certainly forbids MtGox from acquiring another partner and executing a second Coinlab-like relationship within North America at the same time, it is debatable whether “granting anyone the right” includes providing services to North American customers themselves. MtGox already had the right to use their own “Licensed Materials” to provide their own services, so it is not at all clear that exercising that pre-existing right constitutes granting the right.

There is a distinction between a “sole license” and an “exclusive license” in intellectual property; as described by TransLegal, “a sole license is a type of exclusive license where the licensor remains entitled to use the licensed subject within the territory of exclusivity, i.e., unlike in a typical exclusive license, the licensor generally retains the right to use the intellectual property.” However, this distinction is an esoteric one, and if the word “exclusive” was used in the contract with this definition in mind it is not particularly well supported by the content of section F.1. It is quite likely that there was a genuine misunderstanding between Coinlab and MtGox regarding this matter.

Finally, there is the possibility of other technicalities. For example, the contract includes a clause stating that “CoinLab shall operate the Services in the Territory in compliance with all applicable laws after completion of the Transition Period and MtGox shall cooperate fully with CoinLab in achieving such compliance.” It would be difficult for Coinlab to be literally 100% compliant already; FINCEN’s March 2013 guidance essentially states that all exchanges serving the entire Unites States are required to have money transmitter licenses in all 48 states that require them, a process which requires millions of dollars in surety bonds. However, Peter Vessenes claims in the lawsuit that “CoinLab is registered with FinCEN to provide Bitcoin exchange services in the United States and has fully complied with FinCEN’s March 2013 guidance for digital currency exchanges.”

Coinlab CEO Peter Vessenes has written a personal statement (backup) on the matter, writing the following:

“In the last month, many of you have contacted me directly and asked for more details on our transition, and I would say (charitably) that I’ve been frustratingly vague — I just haven’t been able to talk about it …

What tipped us into filing was our complete inability to get Mt. Gox to deliver on the few simple things left that were needed for customers to move over en-masse; we were often left just apologizing to our alpha customers while their own businesses suffered …

What I hope is that Mt. Gox has this same interest in the good of Bitcoin, and Bitcoiners, and finds a way to work this out.”

Mark Karpeles has only provided a brief comment, writing in an email to Gawker: “We have not been served nor notified of such a lawsuit (except from your email), so it is difficult for us to comment at this point in time. We will review this within the next hours.”

The most harmful part of the ordeal to the Bitcoin community at large, aside from the drop in Bitcoin price and the negative press attention, is that this will prove to be a serious blow to the Bitcoin Foundation. Peter Vessenes is currently also the Executive Director of the foundation, and MtGox CEO Mark Karpeles is himself a board member. The fact that the official head of the Bitcoin Foundation is moving towards a lawsuit first, not even trying to resolve the dispute through any kind of internal arbitration within the Bitcoin community, suggests a striking lack of coherence within the foundation as a whole. The organization has already been relatively passive since the initial fanfare subsided in the later months of 2012, but this incident suggests that, in its present form, it exists nowhere but on paper. What the Bitcoin Foundation now needs the most is strong leadership; it is currently still the organization in the best position to unify the Bitcoin community and push it forward, but without clear direction it only risks falling further into idleness and internal strife. There have been increasing calls for Peter Vessenes to step down in part for this reason, and given the inherent conflict of interest between being a semi-official head of the Bitcoin community and having an active lawsuit against its largest business, the arguments for such a move have only strengthened. The main problem is, however, that there is nothing close to a clear consensus on who can replace him.

Hopefully, as Vessenes says, the two companies will be able to resolve their differences peacefully without resorting to further advances toward legal channels. The most likely explanation for MtGox’s failure to live up to its agreement is simply that the exchange was overwhelmed with a sudden influx of customers in March and massive spikes in usage and multiple denial-of-service attacks in April – the same reason why the exchange was unable to upgrade its servers in time for April 10. This does not fully excuse MtGox’s failures in both the Coinlab affair and their own exchange – it is clear that the company should have quickly taken on more staff in February and March if they were uncertain that they would be able to meet their responsibilities – but it does mean that the root cause of both failures was a simple mistake rather than willful malfeasance. As long as MtGox remains the most powerful exchange in the Bitcoin economy, their ability to serve customers around the world remains crucial to Bitcoin’s continued success, and so no matter what our personal feelings toward MtGox or Vessenes may be we should all wish for the best possible outcome.

Bitcoin Magazine Congratulates BitPremier on Their Site Launch

BitPremier Final Image for Press Release

Today, BitPremier launched its new business and services with the goal of, “redefining the Bitcoin marketplace like never before.” BitPremier provides an opportunity for merchants to sell upscale products and real estate to the Bitcoin community. On day one, BitPremier is featuring a Bahamas Resort Ocean View Condo, Trump Soho Hotel Condominium, paintings such as LeRoy Neiman Basketball Stars, and designer watches as jewelry such as a Ulysse Nardin GMT Perpetual Watch. One of the best features of the site is the continuously updated BTC price along with the USD price.

The overall imaging of the site is conducive to sale of high quality products: a black and white color scheme, leaving the rest of the space up to each merchant to fill in with a vibrant picture of their real estate, art work, or upscale product. The simple design allows merchants to highlight their luxurious products and sites. As BitPremier’s mission is to provide Bitcoin currency holders access to unique, high-end luxury items, each merchant has a generous feature page to highlight their product. The site also has built-in features to safeguard merchants and customers through keeping both parties anonymous until the transaction is near completion. Due to the higher prices associated with merchandise, BitPremier does offer escrow services to secure payment on items until both parties have fully signed off on the purchase. In addition to ad placement on the BitPremier website, merchants can also be featured on BitPremier’s Twitter and Facebook pages.

Bitcoin Magazine had the opportunity to interview Alan Silbert of BitPremier.

Bitcoin Magazine : When did you first hear about and get involved in the Bitcoin currency?
Alan Silbert: Earlier this year Bitcoins were brought to my attention as something that could have enormous potential.  I started digging in, and became more and more intrigued with the concept.  I now firmly believe that Bitcoins are going to be a game-changer and a big disruptor in finance.

BM: How did you first get involved in the Bitcoin currency?
AS: Outside of schooling myself on Bitcoin 101 day and night, I started as an investor in the currency.  I made a point to test drive the different exchanges to understand the complexities of Bitcoin.

BM: When did you first get the idea for BitPremier and what inspired you to create the site?
AS: The idea has been in the works for a couple months.  There is really nothing out there quite like BitPremier, so we were glad to jump in and fill the void.  We want to open the door to unique items for the Bitcoin community that people don’t have access to today.  There are a lot of Bitcoins out there, and people need somewhere to spend them.  We think BitPremier.com will fill that need by providing a central go-to marketplace for these higher-end goods and services.

BM: Were there any preexisting businesses that inspired you to create BitPremier?
AS: 1stdibs, James Edition, and the Dupont Registry are good models for luxury marketplaces.  Those are great sites for unique purchases.

BM: Where do you see BitPremier’s services going in a year?
AS: We will of course firmly plant ourselves as THE Bitcoin luxury go-to site!  I have a few ideas of where we are going.  Stay tuned . . .

BM: What makes BitPremier stand out in comparison to other sites utilizing the Bitcoin currency?
AS: BitPremier is a one-of-a-kind site, so there is nothing similar in the market right now to compare us to.  It opens up to the Bitcoin community a whole new realm of possibilities of where to spend their Bitcoins, and provides sellers of luxury items with a mostly untapped $1B+ market of buyers to sell to.  We screen listings to provide buyers with the best experience possible, and act as escrow agent to facilitate a safe transaction where everyone is happy.

BM: What are your suggestions for individuals hoping to start a business like BitPremier?
AS: Research Bitcoins inside and out, because there is plenty to learn and a lot of tech-speak.  But there are tons of possibilities.  We are only at the beginning of the curve, so the opportunities out there for entrepreneurs to build out the Bitcoin ecosystem are endless.

BM: If I am a merchant looking to sell through your site, how can I get started?
AS: Sellers can check out the “How it Works” page on BitPremier.com to get acquainted with the site and review our listing criteria.  Sellers can then register through our “Seller Signup” page to submit their listings.  We reach out to the seller, verify the listing, edit it, and post it on the site.  Or if they have questions or multiple listings, they can contact us at [email protected].

BitPremier received support from the NYC-based Bitcoin Opportunity Fund.  The BOF has also invested in CoinLab, BitPay, BitSpend, OpenCoin/Ripple, Coinsetter, Tradehill, and Coinapult. We encourage you to check out BitPremier!

Bitcoin: April in Review

To those of us who have been with Bitcoin long enough to have seen the great bubble of 2011, what is perhaps the most suprising about the aftermath of this crash is just how similar it is to the previous. In the run-up to June 9, it seemed as though everything was going well for Bitcoin. There was some negative media attention regarding Silk Road, but even there many of the articles were positive, detailing the potential of the website rather than fearing governmental attack. Around June 3, prices started rising super-exponentially increasing from $10 to $30 in less than a week. After the crash on June 9, however, everything seemed to go wrong at the same time. Half a dozen major Bitcoin services were hacked all at once, MtGox went down for nearly a week, and media attention quickly turned sour as a result.

This time, the situation is similar. During the three days during which the Bitcoin price fell from $266 to $60, nearly every Bitcoin exchange was subject to heavy stress, with MtGox being inaccessible for ten hours and BitStamp, BitFloor and BTC-E for one to three. Three Bitcoin exchanges saw their bank accounts closed for legal reasons, and Bitcoin Central lost several hundred BTC in a hack. Bitcoin’s critics, who had remained strangely silent while the currency was still going up to its new all-time high, came out of the woodworks to criticize the currency as soon as the price started falling on April 10. Google Trends volume, after seeing a new all-time high, is now once again back to the same levels that it saw in mid-March.

However, there are also signs of hope. Unlike after the previous crash, dozens of new businesses have started accepting Bitcoin, and many columnists even came out to defend Bitcoin, or at the very least the idea of cryptocurrency more generally. News reports of venture capital investors being interested in Bitcoin are only continuing to increase in number. It’s a claim repeated often both here and elsewhere that there is simply no way to tell where Bitcoin will go from here; for now, perhaps it’s best to simply enjoy the ride.

Bubble and Crash

  • The Bitcoin price struck a new all-time high of $266.00 on April 10, 2011, before falling back to a low of $54.25 on April 12 and $50.01 on April 16 and recovering to $120-$140 by the end of the month.
  • Trade volume hit an all-time high even if denominated in BTC, breaking the November 2011 record of 382,186 BTC with two spikes of 556,289 BTC and 572,185 BTC on April 12 and 16, respectively. The USD-denominated daily volume record was on April 12, at a total of $47.6 million.
  • The Google Trends volume set a new high at nearly 4 times June 2011 levels, before quickly falling back down to slightly above the June 2011 peak by the end of the month.
  • The number of transactions excluding popular addresses a metric used by blockchain.info to measure Bitcoin transaction activity not including very heavy blockchain-using applications like SatoshiDice, hit a new high of 50,338 on April 11. Other metrics stayed roughly stagnant from March.
  • Alternative cryptocurrency Litecoin hit an all-time high of $5.89 USD before falling back to about $4, and Ripple’s internal currency XRP hit a high of 0.72 cents. Note that both of these currencies will have a larger number of currency units in circulation than Bitcoin; Litecoin’s final money supply will be 84 million, and the XRP 100 billion, compared to Bitcoin’s 21 million.

Growth from the Inside

  • The popular Bitcoin electronics retailer BitcoinStore sold 2184 BTC (~$300,000) worth of products in the month of April, putting them roughly on target to hit their goal of $850,000 by June 30.
  • The popular Bitcoin payment processor BitPay announced that they have passed 5,000 merchants.
  • Amagi Metals, a precious metals seller that started accepting Bitcoin at the end of last year, announced that they have sold over $750,000 worth of products between April 1 and April 26, including a record of over $220,000 in a single day.
  • For the first time, another country briefly overtook the United States with the largest number of downloads for the Bitcoin-Qt client. The country in question: China. China has also seen trade volume on its exchanges increase by a factor of thirty these past four months, compared to a finally began shipping their long-awaited ASIC mining hardware. Although power consumption turned out to be roughly six times higher than originally planned, and physical weight and volume two times greater, the devices are still somewhat more efficient, and much cheaper, than those offered by Avalon.
  • The Daily Bitcoin“, a new daily podcast discussing issues from all sides of the Bitcoin ecosystem, started releasing episodes.

…And From the Outside

  • The popular online dating site OkCupid has started accepting Bitcoin as payment for its premium “A-List” service, offering special features somewhat similar to Reddit Gold. A major Danish dating site, singles.dk, quickly followed suit.
  • The popular softcore-porn site MetArt started accepting Bitcoin (link safe) along with its siter sites.
  • PayPal’s chief director David Marcus stated on TV that PayPal was considering integrating Bitcoin as a funding option. Western Union and MoneyGram also expressed interest in the currency.
  • The Libertarian Party of Canada started accepting Bitcoin donations, and a potential Libertarian Party candidate for the 2016 election in the United States announced that he would only be accepting precious metals, Bitcoin and Litecoin donations.
  • Salon Supply Store and IWannaBuy became the first retailers in South Africa and China, respectively, to accept Bitcoin.
  • The One Foundation became the first Chinese charity to accept Bitcoin donations, receiving $30,000 within two days. Two local US charities, the homeless outreach group Sean’s Outpost and Bitcoins for Boston, started taking bitcoins as well.
  • The Pirate Bay started accepting Bitcoin donations, placing a Bitcoin address on their front page and raising over 14 BTC ($1,800) in the week following the initial announcement. Other torrent sites have quickly followed suit, although with less success due to their comparatively lower popularity.

Scandals And Hacks

  • Bitcoin mining malware was detected spreading through Skype, and plain old Bitcoin stealing malware also became increasingly prevalent.
  • In the aftermath of the April 10 crash, nearly all major exchanges were overwhelmed by massive spikes in usage combined with multiple denial-of-service attacks. Bitcoin exchanges are still in the process of upgrading their systems to be able to handle the new volume.
  • The Bitcoin exchange BitFloor saw its bank account closed down, leading founder Roman Shtylman to close the exchange for good and start returning deposits. Cavirtex and CADBitcoin in Canada also saw their accounts closed down, although the other major Canadian exchange, LibertyBit, remains confident that they are “in full compliance with Canadian laws” and a bank account closure is unlikely to happen to them.
  • The European Bitcoin exchange Bitcoin24 saw its Polish bank account closed, and its owner under suspicion by German financial authorities for embezzling clients’ funds for personal use.
  • The Bitcoin wallet provider Instawallet, which offered the easy to use but very insecure scheme of using a URL as a sort of “password” to its wallets, saw these URLs leaked in a database breach, and the attackers immediately proceeded to clean out Instawallet users’ funds.
  • Bitcoin Central was hacked through its VPS provider OVH, leading to “a few hundred BTC” of losses. The site is shutting down until what its owners expect to be some time this summer to upgrade their security systems.
  • The Bitcoin and Tor-based “anonymous market” Silk Road fell under two consecutive DDoS attacks, and was taken offline for a total of roughly four days. However, in both cases administrator Dread Pirate Roberts was able to bring the site back online, declaring a sale to celebrate the first of the two victories.