On January 4, 2015, one of the more popular Bitcoin exchanges, Bitstamp, suffered a costly security breach. The administrators promptly suspended services and later announced a loss of nearly 19,000 BTC, worth roughly $5 million. This is simply wild.
One of the reasons that we like to praise cryptocurrency is because it is different. Granted, differences don't necessarily make something better, but when the old norm is wrought with as many flaws as our traditional monetary system, being different can be a good sign. Bitstamp's troubles present a wonderful picture of how Bitcoin is nothing like what we're used to.
Think about what might happen if your neighborhood bank was robbed of $5 million. There would probably be security footage to review, witnesses to interview, possibly fingerprints to analyze, and on an exciting day, there might even be a high speed car chase. Perhaps this is a bit dramatic - there are less intense ways to steal money - but the point is that there will almost always be evidence left behind and leads to follow. Even a credit card information thief working from his bedroom faces potential identification when he tries to cash out the card or uses it to buy something online.
With Bitcoin, however, thieves can pull off massive heists while leaving no useful evidence whatsoever. If this hacker was skilled enough to take control of a computer holding $5 million, then he was probably able to cover his tracks. At best, Bitstamp might have the IP address that the attacker used, but even a novice knows how to fake that.
And yet, despite all that, there is a public, immutable, and virtually infallible record: the blockchain. Anyone in the world can see the money that was stolen and can watch where it goes. This creates a difficult dilemma that the YMB team chatted about a few weeks ago, and we're still not sure how the situation should be handled. If we were to receive some of that stolen money as payment, should we refuse it? Should people accept money from people who accept stolen money?
Another extremely important difference that this event makes clear has to do with responsibility. At least according to Bitstamp, they have more than enough funds to cover the loss. MtGox, on the other hand, lost much more than they could afford and told lies to cover it up. These are two opposite examples in many ways, but they share one huge similarity. In both cases, the company was fully responsible for the lost money.
One company could not cover its losses and earned an awful reputation. The other company, Bitstamp, can supposedly continue repaying customers in full and will likely earn more loyal customers because of that.
If a bank lost $5 million, it would hardly be noticed. Banks keep fractional reserves anyway, so when they take a loss, they can just reserve a smaller fraction and it's unlikely that anyone will ever feel the loss. Even if a bank's customers really did lose money, the FDIC would cover them, and we all know that money would still be warm from the printing press.
That's wild. We need accountable banks and businesses. Let's use Bitcoin instead.
Leave a comment and let us know what you think of Bitstamp and how you might handle stolen money!