Month: August 2012

Recently, BitInstant CEO Charlie Shrem announced that his company would be releasing a new product: a Bitcoin prepaid debit card. The product is scheduled to come out in six to eight weeks, and would cost $10, although Shrem announced that the first thousand cards would be given out for free; for those who are interested the signup form is already available. The concept of a Bitcoin card is nothing new; they have existed in some form for months. However, with all of the previous options the costs have so far been prohibitive; beyond the initial cost of the card itself, deposits could cost anywhere from 4% to as high as 10%. BitInstant’s card, on the other hand, once loaded will cost a mere 1-1.49% to deposit, exchange fees included. What makes this possible is that unlike any of its competitors, BitInstant is working through a Mastercard banking partner directly, with no intermediaries.

Almost immediately after the announcement, however, there arose some confusion in the Bitcoin community as Mastercard came forward to deny¹ that such a card was in the making. Before being able to issue a card with a MasterCard logo on it, both the issuer and its banking partners need to go through a rigorous screening process, a MasterCard spokesperson explained, and “at the moment, BitInstant has submitted no documents to MasterCard, and is not even present on their system.” However, Shrem quickly clarified the situation², explaining why MasterCard made such a claim: BitInstant was not working with MasterCard directly, as the card would be made through an international banking partner, and the submission to MasterCard would not take place until the preparations with the banking partner were complete.

Aside from its cost, BitInstant’s card will have two other advantages over its competition. The first is its internationality – BitInstant’s card will be usable anywhere in the world – except perhaps, as Shrem points out, “North Korea I think.” The card itself is denominated in USD for banking purposes, although BitInstant will be able to make the card’s value rise and fall with the Bitcoin price to simulate a constant Bitcoin balance if the customer desires it. However, currency conversion fees are low; some currencies will be able to get away with no extra fees at all, while others may have an additional fee of 1% added on – considerably less than that charged by many other credit cards, whose intermediaries tack on much higher fees³ on top of the 1% charged by Visa and Mastercard. The second advantage is its convenience. The card can be reloaded simply by sending money to an address, and comes with a QR code that allows smartphone Bitcoin wallets to send funds to that address directly on the card itself.

The one disadvantage that the card has is that it is not anonymous – BitInstant intends to comply fully with the strict anti-money laundering (AML) and know-your-customer (KYC) standards that providers of prepaid debit cards are required to follow. Those who wish for greater anonymity may instead turn to an alternative card released by Bitcurex which has a higher initial cost of $30 and a deposit limit of $3500, but does not require any identification to order.

With the low fees that it has, BitInstant’s debit card represent another step in a growing niche use for Bitcoin: that of a behind-the-scenes intermediate currency for transferring the money that most of us already use every day. International money transfer of the sort typically carried out by intermediaries like Western Union and Moneybookers is one example; some people have been finding it faster, safer and cheaper to send bitcoins⁴ from one country to another by converting in and out of Bitcoin through local exchanges on both sides than by dealing with the bureaucratic fees and delays of sending it internationally via traditional means. Now, BitInstant is expanding this niche into another market: the prepaid debit card industry. Prepaid debit cards are a growing market⁵, and Americans loaded a total of $37 billion onto prepaid cards in 2011 alone. So far the prepaid card industry has been burdened with high fees, and reloading them has always been a cumbersome process. Now, thanks to BitInstant, this may all change. Unlike so many other Bitcoin-based services that attempt to replicate businesses that already exist in the world at large, BitInstant’s prepaid debit card is actually superior to much of its competition, and may even be a competitive option to someone who does not yet have any personal or ideological interest in Bitcoin whatsoever.

It should be clarified that to such a consumer the card’s advantage is not fees. Beyond the 1.49% charged by BitInstant, such a consumer would need to pay exchange fees as well as exchange spreads – the difference between the price of the cheapest bitcoins that are available to be bought on the exchange (the “ask” price) and the higher price at which someone else has established that they are willing to buy them (the “bid” price). In total, someone who uses BitInstant’s card in this way may have to pay a total of 3.5-4% for the round trip, higher than even the sum of the various monthly, reload and conversion fees that card providers tend to tack on⁶

But low fees are not what prepaid debit card users are looking for. Even the cheapest prepaid debit cards have higher fees than traditional debit and credit cards, so for debit card users there are other factors that dominate. One article on bankrate.com describes the case for prepaid debit cards with four arguments. First, debit cards help curb spending, as it is impossible to have a negative balance. Traditional debit cards have the same effect, but are often unusable for online purchases, making the prepaid variety, which mimic credit cards, more attractive. Second, prepaid cards allow you to keep your money safe when travelling. If your card is stolen, your losses are limited to the value of the card. Third, teaching kids about money – prepaid cards can easily be used to give your children a controlled allowance. Incidentally, that is a purpose for which Bitcoin itself shines too, the main difference between the two being that Bitcoin offers the child more privacy. Fourth, prepaid cards offer more privacy, as merchants do not receive all of the customer’s personal information when a transaction is made, and some cards can be bought without anyone being able to link you to the card at all.

It is the second use case in which BitInstant’s card truly shines. Existing prepaid debit cards often have currency conversion fees as high as 2.5%⁶, making them expensive to use while travelling, but BitInstant’s card charges a mere 0-1% for the service, making it a perfect fit. If privacy is your primary concern, Bitcurex’s debit card may be your best bet, although BitInstant’s card fares decently in this regard as well; even though BitInstant itself will have access to your personal information, the merchants who you transact with will not.

Of course, for those who are already avid Bitcoin users, BitInstant’s card offers even greater advantages. It essentially turns your Bitcoin balance into a fully fledged bank account, allowing you to live almost entirely “off the grid” of the traditional banking system. The card offers a convenient way of “cashing out” of Bitcoin at any time, complementing the services that BitInstant offers to facilitate people instantly “buying in” and allowing those who wish to live a more halfway house lifestyle a seamless experience in converting from one to the other. Employers interested in paying their employees in bitcoin will now suddenly find their lives much easier; while before Bitcoin could only be used to buy a limited range of products which employees may or may not need, potentially requiring them to undo the employer’s hard work in buying bitcoins with their own hard work of converting them back to cash, now the currency can literally be used to buy almost anything. And the benefits will extend far beyond the prepaid debit consumers and employers who may be interested in such an offer; the growing use of services like BitInstant’s card may be what provides the final push to bring Bitcoin to critical mass as a free-standing economy of its own.

Sources

1. http://www.techweekeurope.co.uk/news/no-bitcoin-debit-card-90058
2. http://blog.bitinstant.com/blog/2012/8/22/public-statement-regarding-the-bitinstant-paycard.html
3. http://www.bankrate.com/brm/news/cc/20050624a1.asp
4. https://bitcointalk.org/index.php?action=printpage;topic=74952.0
5. http://www.bankrate.com/finance/savings/pros-and-cons-of-prepaid-debit-cards-1.aspx
6. http://www.canadapost.ca/cpo/mc/personal/productsservices/visagiftcard.jsf#prepaid

 

Laying rest to one and a half weeks of suspense, yesterday pirateat40, the pseudonymous operator of the Bitcoin Savings and Trust investment scheme, has officially announced that he is in default¹. BST was a high-yield investment scheme that opened in November 2011² and offered its customers interest rates of up to 7% per week, claiming to be able to offer such returns by “selling BTC to a group of local people” – ie. arbitrage. Since then, the scheme has grown rapidly, and Pirate claims³ (and independent estimates agree) that over 500,000 BTC, or $7 million USD at the time, were deposited in BST at its peak.

For months, the main question that has been asked about the scheme is: is it a legitimate investment? Proponents argue that it is, and justify Pirate’s pseudonymity and secrecy as being necessary to both protect him and prevent others from replicating and diluting the effctiveness of his business model, while detractors believe that Pirate’s unwillingness to further elaborate on the sources of his income is a sign that these underlying sources do not exist at all; in short, that BST is a Ponzi scheme. A third possibility is that BST is itself a pass-through for another Ponzi scheme, such as Sergey Mavrodi’s MMM-2011, although that possibility has become a remote one since MMM defaulted in June and BST continued operating for two months afterwards.

The first shock to BST came on August 14, when Pirate lowered the maximum interest rate on his accounts from 7% to 5%⁴. Whether the scheme was legitimate or not, it was clear to everyone that an effective interest rate of 3313% was unsustainable and Pirate would have to reduce interest rates at some point. And, at some point this summer, the time finally came. At first, Pirate tried to continue his prior rate of growth and keep attracting new investors by attempting to increase investors’ confidence in himself; he announced on July 2⁵ that he, under a newly disclosed supposed real name of “Trendon Shavers”, would be attending Defcon in person on July 27-29, and invited investors and curious Bitcoin users in general to meet him in public – “look at a pirate, eye to eye if you dare”, the forum thread read. There have been no confirmed reports that anyone actually saw Pirate at Defcon, but the announcement alone restored confidence at least for a short time. However, even then, BST was simply growing too large and too quickly to last, and on August 14, Pirate was forced to contain his growing debts by shifting down his gears. However, Pirate’s measure utterly failed in its intent; as Pirate himself describes⁶, “In a perfect world this would allow me to hold more coins in reserve outside the system, but instead it only exponentially increased the amount of withdrawals overnight causing mass panic from many of my lenders.” And thus, on August 17, Pirate was forced to finally shut down.

Since then, following the tradition started by the July 11 Bitcoinica thief donating 100 BTC to a claims fund⁷, Pirate has paid back 106.92 BTC⁸ to one of his depositors, and has only been claiming to make progress toward repaying any others. At first, Pirate promised that all BST depositors would be paid back including interest up to the last hour – a promise which many pointed out would be very difficult to fulfill even for a legitimate business, as he would be accruing over $50,000 USD of new debt every day, but many believed that he would be able to manage the feat. On August 28, however, Pirate announced that he would not be able to pay back his depositors after all, and that he was officially in default¹. He has nevertheless made vague promises that depositors would be partially paid back, requiring operators of so-called “Pirate pass-through” bonds on the Global Bitcoin Stock Exchange to report a list of their customers⁹ to Pirate by Friday if they want to be refunded.

The consequences of this are far-reaching. Almost immediately after Pirate announced BST’s closure, the Bitcoin price ended its three-month long rally after briefly spiking up to a one-year high of $15.4 and began a precipitous decline, losing slightly over half its value over three days⁹ before recovering to what appears to be a stable level at $10-$11. It is unclear if a Pirate default is good or bad for the Bitcoin price; on the one hand, it reduces confidence in Bitcoin as a whole, while on the other hand, it means that many wealthy depositors suddenly have far fewer bitcoins than they thought they would have, and would thus need to buy more (or sell less) to compensate. Many bets have also been made ^10,11 over whether Pirate would pay back; these bets have not yet closed, as the deadline for Pirate to pay in full is still over one week away. In the long term, it remains to be seen how this incident changes both the public attitude on the outside to both Bitcoin itself and the financial freedom that it offers and how the Bitcoin community will perceive any new lucrative Bitcoin investment, legitimate or not, that presents itself in the future. For now, many are relieved that this chapter in the Bitcoin community’s life is finally drawing to a close.

A more detailed version of this article will appear in an upcoming issue of Bitcoin Magazine in print.

Sources

1. https://bitcointalk.org/index.php?topic=82573;action=printpage
2. http://pastebin.com/yH0jr6KY (The original post on bitcointalk.org has since been edited)
3. https://bitcointalk.org/index.php?topic=101339&action=printpage
4. https://bitcointalk.org/index.php?topic=91141.100&action=printpage
5. https://bitcointalk.org/index.php?topic=91252.0&action=printpage
6. http://pastebin.com/VZgm7Dvy
7. https://bitcointalk.org/index.php?topic=93100.msg1029638#msg1029638
8. https://bitcointalk.org/index.php?topic=101942.0&action=printpage
9. http://bitcoincharts.com/charts/mtgoxUSD#rg60zczsg2012-07-01zeg2012-08-30ztgSzm1g10zm2g25zv
10. http://betsofbitco.in/item?id=433
11. https://docs.google.com/spreadsheet/ccc?key=0Ajtx05YrHtIydFVHcGxLOExTbnhqajJLZmlSZUNtM3c#gid=0

 

Some sources report that Icbit may be engaging in hidden market manipulation against their customers’ interests, although there is insufficient evidence to confirm or deny this conclusion. Always tread carefully when trading on the Bitcoin markets.

Ever since Bitcoinica shut down following the hack on May 11, the Bitcoin economy has lacked a way of betting for or against the Bitcoin price at leverage. While it is always possible to buy bitcoins and sell them, what Bitcoinica allowed users to do was to use a small quantity of bitcoins as collateral to hold a much larger quantity of virtual bitcoins or USD, balanced out with a negative balance in the other currency, allowing anyone to realize much higher losses and gains off of a limited amount of capital than can be achieved through simple trading, and also allowing traders to change their positions in any direction instantly without having to wait days for deposits at Bitcoin exchanges to process.

Furthermore, because margin trading allows users to hold a negative quantity of bitcoins, Bitcoinica allowed users to profit when the price dropped – a possibility which many believe had a valuable dampening effect on potential Bitcoin bubbles by providing an economic outlet for traders to express their caution. Almost immediately after Bitcoinica shut down, the three-month period of extreme price stability that had prevailed since mid-February ended, and the Bitcoin price began slowly rising. Some are concerned that without the economic tools that Bitcoinica offered, there was nothing to prevent the current rally from turning into another bubble and crash like that seen last June. Also, margin trading tools have another valuable use: they allow merchants to cancel out the exposure to Bitcoin price movements that they naturally get from holding currency for operational purposes, and with no such service available managing risk for Bitcoin merchants becomes considerably more difficult.

However, for the past several months, a new competitor has been slowly growing to fill the niche: icbit.se. Icbit was first launched in November 2011 with little fanfare, as the original margin trading service, Bitcoinica, was in full swing at the time. Throughout winter and spring 2012, the site continued to slowly and progressively add features, and it was not until July that the number of users started to pick up. Since then, growth is once again at a relative standstill, and the site is processing a relatively steady 2000 BTC per day on its exchange and 1500 BTC per day in the “futures” section, the part that allows Bitcoinica-like margin trading.

The site differs from Bitcoinica in two key ways. First of all, while Bitcoinica dealt directly in bitcoins and USD, allowing users to hold positive and negative quantities of each one, icbit.se accomplishes the same functionality using contracts called “futures”. Technically speaking, a futures contract is an agreement between two parties that one will sell a quantity of an underlying asset to the other at a given price at some pre-determined point in the future. For example, one might have a futures contract between A and B stating that A will sell one bitcoin to B for $13 on January 1, 2013. If the price of a bitcoin is $18 by then, A will be forced to buy the bitcoin on the open market and sell it at the reduced price, taking a loss of $5 that B will receive as a profit. For assets with low storage costs (a classification which Bitcoin fits perfectly), the price of futures closely follows the price of the actual asset, as when the two veer too far apart, it opens an opportunity for anyone to make a profit from arbitrage by buying one and selling the other at the same time.

Icbit allows users to do all of this using a very simple interface. The buying and selling is abstracted away and the future is defined as a “difference contract”: if the price of a bitcoin is above $13 on the expiration date, A simply pays B the difference directly, and vice versa if the price drops below. Buying a future constitutes making a bet that the price will go up, and selling a future constitutes making a bet that the price will go down. Just like at a Bitcoin exchange, to buy a future on Icbit, one can either place an offer himself, which will remain on the orderbook until someone accepts it, or one can match someone else’s offer already on the books. When the order is filled, he and the other party are locked into the contract, and the process is complete. Selling a future follows the exact same process.

It is possible to buy futures with a higher total value than the amount of BTC that you have deposited or sell futures without buying them first – the only limit is a requirement to have enough BTC deposited to be able to pay for a 10% change in the price – similar to Bitcoinica’s limit of 10x leverage. If the price rises or falls enough that your account’s net worth falls below zero, Icbit attempts to liquidate your position by making automatic transactions on the market, and if there are no asks or bids available the algorithm moves to a last resort of closing your futures early, forcing your counterparties to accept a limited, albeit generous, profit.

There is currently only one futures contract sold, “BTCUSD-12.12”, which expires in December, but most users do not wait that long. If one holds a positive number of futures, he can liquidate his position by selling them, reducing his next exposure to zero and unlocking his margin balance, allowing him to immediately withdraw. If he holds a negative number of futures, he can buy futures to cover the difference to the same effect. Icbit automatically rearranges the counterparties behind the scenes so that when you liquidate and withdraw, the rest of the users can continue trading without disruption.

The futures model can be applied to much more than trading bitcoins, and Icbit already has plans to that effect. Eventually, BTC-denominated futures contracts will be able to be made with not just BTC as an underlying asset, but also major indices and commodities like the S&P 500 and the Brent crude oil price. Theoretically, any stock, commodity, index or even arbitrary variable like the temperature can be used as a basis for futures contracts, so if the site continues to grow, it has plenty of room to expand.

There is also one other key difference between Icbit and Bitcoinica: on Icbit, all transactions are made between the users themselves. While Bitcoinica had users trade with the service, employing an algorithm to buy and sell on MtGox to cover its users positions, Icbit allows the trades to happen by themselves, and only takes a flat fee of 0.005 BTC per 1 BTC in each contract as revenue. This model ensures that Icbit will be able to operate with less financial risk, a problem that Bitcoinica struggled with as its profits went from $100,000 per month to near zero in March due to a problem with the algorithm. The model will likely also ensure higher security, as the service can run without leaving as much money in a potentially vulnerable “hot wallet”. The problem with this setup is that liquidity is not guaranteed, a problem which Icbit is currently forced to alleviate by operating an algorithmic trader on its own service as a “market-maker”, but that is an issue that will resolve itself as more traders start using the site.

Legality is another concern. Icbit is currently not registered anywhere as a financial services provider, and its operators would prefer keeping away from the eyes of the law entirely. The site’s front page features the cryptic phrase “ICBIT is not a place for money laundering, so we are not going to enforce any AML measures like ID verification requirement”, a claim which its operator clarified on a Bitcoin forum with the statement “Indeed it makes me quite worried if a bitcoin exchange becomes a central war place for money laundering practices. Officials should catch offenders at other places before they reach exchanges. Like, when they actually steal money, not when they try to launder.” There is reason to believe that the site will be able to maintain this position for some time. Icbit is still relatively small, and the service itself never handles any financial instruments other than bitcoins and AurumXChange voucher codes, making any attempt to shut the site down through the banking system unlikely. The GLBSE, which is much more prominent, has much higher volumes and has been around much longer than Icbit, still survives with its lax verification policies. However, it remains to be seen how this policy will survive its first major trial, whenever that may come.

Icbit is still relatively small, and the high spreads that appear on the futures exchange as a result are a hump that the site will have to get over if it intends to see greater adoption. If it does, then it will be well on the path to becoming a fully fledged replacement for Bitcoinica, hopefully with greater security due to its more safety-oriented design. And if it does not, others will soon take its place. Icbit already has many challengers, and although none of them has managed to overcome the rigorous security and trust requirements of running a margin trading service, it is only a matter of time before one comes along that does. Regardless of which service, or services, become dominant in the end, one thing is clear: having been introduced to it once with Bitcoinica, margin trading is a service of which the community is unwilling to let go.

 

As many have predicted was an inevitable future, the man known only as Pirateat40 on bitcointalk.org announced the closure of his investment service, the Bitcoin Savings & Trust, earlier today, citing complications in performing larger transactions as the primary reason.  The interest rate given to investors was a staggering 7% per week for large investments, a number that could not have been sustainable in the long run and could only be matched in non-Bitcoin economies with ponzi schemes and similar cons.

Although it remains unconfirmed as of yet whether Pirateat40’s proposed investment service was or was not in fact a ponzi, the truth will undoubtedly be more clear next week: he has promised to pay back all of his users within a week, and begin those paybacks starting on Monday.  We will find out very quickly whether he has the ability to repay all customers, or if those words were the last we’ll ever hear from him.

After briefly touching $15/BTC prior to the news of the shutdown, the market had a stark reaction when the announcement was made, as it is fairly well known that deposits with pirate exceeded at least several hundred thousand BTC, if not more, and could be used to greatly affect the Bitcoin price. Within an hour, the price per bitcoin had dropped to almost $10 before stabilizing around $12.50.  Two trains of thought dominate recent market discussions: either Pirateat40 will be able to repay all of his investors, flooding the market with BTC that had been previously locked up and driving the price down as some of the investors cash out, or Pirateat40 was running a ponzi and will simply run with the currently-held funds, leaving no potential for cashout in the immediate future, and potentially more buying, as investors seek to replace the lost BTC.  Even the latter scenario does legitimize a price drop; if such a large con was to be revealed, it could shake confidence in Bitcoin considerably, and that uncertainty could lead to further price drops.

Many investors in the program shared the belief that it was a ponzi scheme, but openly admit to investing in it (or pass-throughs made for smaller investors) anyhow.  If reinvested, the return on investment at 7% interest rate would mean a doubling of one’s account balance about every 10 weeks.  And, given that the service has been running since early November 2011, a user could have conceivably seen an increase in their account balance of 700%.  These extravagant returns attract investors who believe they will be able to pull out of a scheme before it collapses, even though they might know it is a scheme to begin with.

Keep a watchful eye on bitcointalk.org come Monday – it should be very telling as to whether investors will be seeing a bitdime of their money back or not.

Do you expect Pirateat40 to pay back his customers?  Tell us in the comments below, or send an email to ed@bitcoinmagazine.net.

 

Several weeks ago, there was a large one-day spike in Bitcoin’s price volatility, as a series of sudden sell-offs sent the MtGox price oscillating within a range of $7.3 to $9.5, an event which pirateat40, operator of the Bitcoin Savings & Trust high-yield investment scheme, eagerly took credit for at the time. Now, it appears that there has been a less dramatic, but much more sudden, spike in volatility on MtGox, jerking the price between $12.64 to $13.84 over the course of twenty minutes. Volume spiked from an average of 14 BTC per minute to a high of over 1000 BTC per minute, and the top price of $13.84 that the volatility brought provided the Bitcoin price charts with a new high, the likes of which it has not seen since July 31 last year.

In the world of traditional finance, trading bot malfunctions are nothing new. Two weeks ago, a malfunction in a trading algorithm operated by Knight Capital cost the company $440 million, losing the company nearly four years of revenue and sending the stock price crashing down by 75%. In the world of Bitcoin, it may be impossible to tell who was responsible for this shock, or how much money they lost; it is also impossible to tell how many lucky traders managed to earn back some of the bot’s losses for themselves by arbitraging its temporary insanity.

It’s worth pointing out that both the allegedly Pirate-related spike and this one took place the day after a sudden upward spike in the Bitcoin price, potentially suggesting that the same bot, with the same weakness, was responsible for both of them. But regardless of who was responsible, in both cases, the markets have proven themselves to be self-correcting, and ordinary users were mostly left untouched. The price left the volatility spike at the same value of $13.50 at which it came, and when Bitcoin holders in the US began to wake up two hours later, the the markets had already resumed their regular motions and no lasting changes had taken place.

[divider]
Some image elements used under CC BY 2.0, by pasukaru76

 

If you have been following Bitcoin closely the past couple of days, you may have heard about MtGox trading bitcoins at $1B a piece.

Though all evidence of the event has been erased from Mt.Gox and BitcoinCharts history, Mt.Gox briefly showed a high of $1B per Bitcoin on the 9th of August, 2012.  Market depth on the ask chart was also incredibly low, showing a fraction of what might be considered normal.

Some users speculated that Mt.Gox’s live data stream had somehow been hacked to display incorrect data.  Ultimately, it was confirmed by Natalie on the Mt.Gox support team to be the result of a technical glitch, not a hack or any other sort of malicious behavior.  Reportedly, Mt.Gox’s creator MagicalTux stated that a 0-amount trade “triggered an old bug in the trade engine we’ve been tracking for a while”.

Witnesses to the incident uploaded a variety of screenshots highlighting the vast discrepancy from normal trading operations (1, 2, 3, 4, 5).

The full statement posted by Mt.Gox’s support team is shown below.

[divider]

Hello Mt.Gox Users,
Trading was unavailable for a short period of time today.  There were invalid trades taking place as well as trade orders that could not be cancelled.  Therefore we had to halt the trading engine and consequently, most ask orders were cancelled.
However, we have resolved this issue and trading has now resumed. Invalid trades have been cancelled and trade orders can now be cancelled. Users who have had their ask orders cancelled are kindly requested to place their orders again.
We apologize for the inconvenience caused and we will make every effort to prevent this from happening again in the future.  Thank you for your continued support to Mt.Gox.
UPDATE:  After investigating, we found out that the issue is likely due to an old piece of code in the trade engine that checks for bid/ask cross (i.e. negative spread). This piece of code would check for bids and asks differences, but did not make sure that both were in the same currency.
To prevent this bug issue from recurring, we have placed some extra checks to halt trading automatically should a similar issue happen again. Thank you once again for your kind understanding in this matter.
UPDATE 2:  It appears that some new trade engine features that were rolled into production earlier today caused this bug to become possible. We have now found the exact cause and resolved this bug.
We now are 100% confident that today’s problem was due to a technical glitch and we would like to assure that it was not caused by any malicious attempts.

[divider]

Image Copyright 2006 (CC BY-SA 2.0) hashashin

 

One of the lesser known features of Bitcoin is that the private keys, which form the basis for a Bitcoin address, do not need to be generated randomly; instead, one can generate a Bitcoin address, fully compatible with Blockchain.info’s wallet and Armory, using nothing but standard easily available cryptographic tools and a password of your choice. If you ever lose access to your client or account, or if you are using a brain wallet and don’t ever store your wallet electronically or on paper at all, you can always fully recover the ability to use your address simply by repeating the procedure you used to create it with the same password.

The trick is a simple one: open this web page in a new tab in private browsing mode (Shift+Ctrl+N in Chrome and Shift+Ctrl+P in Firefox), turn off your internet connection for security reasons, input the password into the larger textbox at the top, hit “Calculate SHA-256 hash,” and copy it down somewhere. Close the tab, turn the internet back on, and follow your wallet’s instructions for importing your own private key. It just so happens that the output of the SHA256 hash function is in exactly the right format to be a private key under Bitcoin’s elliptic curve cryptography system. You don’t have to use online tools to find the SHA256 hash; on Linux, for example, the command echo -n 'password' | sha256sum | grep -o '[0-9a-f]*' does the same thing and is more secure.

However, while this is a convenient way of reliably generating addresses, it is important to be extremely careful when using it. Recently, a Bitcoin user attempted a dictionary attack against addresses generated in this way, generating addresses from millions of passwords found in a leaked password database from an unrelated source, and ended up randomly guessing the backdoor keys to addresses that, at their peak, contained a total of seven bitcoins. Of course, this sum is a small one, but as the number of Bitcoin users increases and alternative wallet generation strategies become more popular, it will only increase, and there will be more incentive for someone with access to greater computer power to attempt this feat once again. Given that Bitcoin mining companies are developing computers thousands of times faster and more efficient at the task of calculating SHA256 hashes than anything else available today, they will be able to get much further.

So, how can you protect yourself? The most basic option is to use a strong password, and not something like 12345678, to secure your private key. However, the stronger the password the harder it will be to both input and remember, so stronger passwords, while being a necessity, need to be complemented with other strategies. One option is to use a hash function deliberately designed to run slowly. One popular option is bcrypt, of which a single hash takes a few hundred milliseconds to calculate. The wait is an insignificant one when you’re trying to create or recover your address yourself, but becomes prohibitive to any attacker wishing to attempt hashes by the millions. The simplest implementation to use is python-bcrypt; after installing it, open a Python console, type import bcrypt followed by x = bcrypt.hashpw ('password',bcrypt.encode_salt('0000000000000000',12)) (you can replace the empty salt with a second password if you wish). You will then need to apply SHA256 to the result to get the correct format for private key insertion, but what matters is that you have a very slow function forming the bulk of the generation process. Another possibility is to apply SHA256 a hundred thousand times (the python for which is import hashlib, followed by x = 'password', then for i in range(100000): x = hashlib.sha256(x).hexdigest() and finally print(x)) or, for added security against specializing mining computers, apply SHA512 a hundred thousand times instead and then only take the first half of the output.

However, there is also another option. Consider how password authentication works for normal websites: logging in to one’s Google, Twitter or Bitcointalk account does not simply require typing in a password to authenticate yourself, you must type in a username as well. And for good reason, too – rather than being able to pull off a dictionary attack and make off with thousands of accounts in one fell swoop, attackers are forced to try every password in their dictionary for each and every username that they come across, and they may not even have the database of usernames to work with. The solution to the Bitcoin address cracking problem is thus to replicate the username/password model for your private key. Rather than hashing “password”, I might hash “vbuterin:password” instead. As long as you remember your username and don’t have a complex convention for stringing the two together, this doesn’t harm memorability at all, but does severely hamper an attacker’s ability to unlock your address for his own use.

Creating your own addresses deterministically from a password is a powerful feature, and has many unique and powerful uses. It allows you to use your Bitcoin wallet with the reassurance that, even if you lose everything you have, you will still be able to recover it. It allows you to use Bitcoin without relying on any software except at transaction time. Combined with other advanced elliptic curve mathematical techniques, it can also be used to generate complex hierarchical wallets with a root password. However, passwords have their risks, and when money is at stake, doubly so. For this reason, it is important to understand passwords’ limitations, and use them with a healthy dose of prudence.

 

Much has happened since the first Silk Road report that we released a month ago. In mid-July, a Silk Road user was arrested by Australian police for allegedly transporting unspecified narcotics into the country. The event attracted considerable attention within the Bitcoin community as it was the first “Silk Road-related” arrest ever to take place, and the Australian police eagerly took the opportunity to warn Australians that law enforcement is “well aware of this method of drug procurement” and that “persons who buy or sell through online marketplaces, on so-called ‘anonymous’ networks should understand that they are not guaranteed anonymity.” However, it is important to point out that neither the anonymity of Tor nor that of Bitcoin was compromised. Rather, all evidence points to the seller being caught through the international mail system. It is also well understood that island nations have an easier time controlling their borders, whether against illegal immigrants, drugs or guns, than most others, so on the whole the event is not particularly surprising.

Soon after, Dread Pirate Roberts, the mastermind behind Silk Road, announced that Silk Road’s illegal gun-selling sister site The Armory would be closing. To justify the decision, Roberts wrote in a post on the Silk Road forums (original accessible only through Tor) that it simply was not popular enough to justify the expense; in his own words. “The volume hasn’t even been enough to cover server costs and is actually waning at this point. I had high hopes for it, but if we are going to serve an anonymous weapons market, I think it will require more careful thought and planning.” Unlike its larger cousin Silk Road, the Armory was never well received by the Bitcoin community or the media; many to whom the thought of legalizing all drugs is not even controversial, particularly those in Europe, find the prospect of psychopaths being able to anonymously buy guns much more worrying. The one major article covering it in the news came only weeks before the announcement, in the form of a piece on Gizmodo titled “The Secret Online Weapons Store That’ll Sell Anyone Anything“. The article did misrepresent the Armory to some extent, the largest offense being a claim that its cryptic garbled sixteen-character URL was part of a deliberate strategy of obfuscation (in reality, the Tor protocol offers no way, except perhaps extreme repeated trial and error, to choose one’s URL, as the generation process is a pseudorandom process somewhat similar to that used to generate Bitcoin addresses), but it did provide the Armory a last chance at acquiring a foothold in the illegal arms market. However, even that failed to reignite attention; at the time of this writing, the number of products available is less than sixty, and the Armory will soon be gone entirely. Weapons will not become allowed on Silk Road as a substitute.

The Australian arrest may shed some light on why Silk Road, the anonymous illegal drug store, has been able to succeed and the Armory, the anonymous illegal gun store, has not. The major bottleneck of both is the postal system, and drugs are much easier to sneak through than guns are. The former usually comes in the form of small tablets or a powder which can be reliably placed in vacuum sealed bags, while the latter, even if disassembled into its constituent parts, is made up of large pieces, any of which can trip a metal detector. The requirement for the customer to assemble the weapon also hampers usability, and the requirement for the seller to disassemble and spend more time packaging it drives up costs, which are another major reason why many potential customers opted to continue purchasing their weapons through offline channels instead.

Finally, a few days ago, Nicolas Cristin, a researcher at Carnegie Mellon University, released a detailed analysis of Silk Road in which he discovered considerable evidence that pointed to a, to some, exciting, and to others, frightening conclusion: that, unlike its arms-dealing sister site, the Silk Road is booming. According to Cristin’s paper, at the end of November 2011, Silk Road had 220 active sellers, increasing to 290 on March 1, but the number then started to quickly climb, leading to the site having over 550 active sellers at the end of July. In the previous Silk Road report it was mentioned that the majority of sellers were from the US, with a sizeable minority in the UK, a fact which Cristin’s paper corroborates: the most popular shipping origin, the USA, is the home of 43.86% of all sellers, followed by “undeclared” with 16.28% and the UK with 10.14%. Customer satisfaction on Silk Road is mostly positive, with a 97.8% positive feedback rate, although less than that on white market sites like Ebay, which boasts a positive feedback rate of 99%. But the most surprising figure of all is Silk Road’s sales volume. The volume was about 8,000 BTC daily in March, increasing to a peak of 15,000 BTC per day in May and then slowly falling to 10,500 BTC a day in July. But, as the paper points out, the fall was merely a nominal one, caused entirely by the rise in the Bitcoin price over the same period. In USD, the total sales volume in each of the past two months, June and July, exceeds $2 million. And, as Cristin points out, that does not even include the hidden listings.

For comparison, BitPay processed $170,000 in May and hit a record of $250,000 in one day with Butterfly’s ASIC launch. BitInstant transferred $1.1 million in April, and MtGox had a trading volume of $18 million these last 30 days, although the latter figure is hardly comparable to the others because the vast majority of Bitcoin exchange trading volume is a result of arbitrage and speculation. Silk Road’s revenue compares even better: while BitPay’s commission of 0.99% brought in $1,700 and BitInstant’s 0-5%, at most $60,000, Silk Road’s average commission of 7.4% nets the site over $180,000 USD per month, exceeding even the $45,000 to $108,000 earned by MtGox.

Given Silk Road’s low-profile stance in the Bitcoin community, these figures come as a shock. Far from being an easily ignorable sideshow, Silk Road is, in fact, a mainstay of the Bitcoin economy. Furthermore, Silk Road is not merely a particularly popular toy. Dividing Silk Road’s monthly volume of $2 million by its 550 active sellers gives an average revenue of $4500 per month, strongly suggesting that there are dozens of individuals earning a living largely or exclusively using the website. On the one hand, Bitcoin advocates can rejoice; there is now definitive proof that Bitcoin has found a stable and serious niche, one that is not merely a byproduct of novelty or community patriotism, and there are individuals beyond infrastructure providers like BitInstant and MtGox who are employed in the Bitcoin economy full time. But at the same time, as the law is beginning to turn its eyes toward Bitcoin with Brazil’s securities commission targeting a Bitcoin investment group and two legal actions being brought forward around the events of the Bitcoinica crisis, one cannot help but worry about the effect that this will have on Bitcoin’s public image in the months and years to come.

 

The owner and operator of Silk Road, aliased as Dread Pirate Roberts, announced on August 2nd, 2012 that “The Armory”, an extension of Silk Road focused on allowing users to anonymously buy and sell munitions, will be closing.  Roberts cited a low and continuously declining number of transactions – enough that the 10% take of Silk Road wasn’t even enough to keep the servers paid – as reason for discontinuing this particular arm of the Silk Road marketplace. Some users explain user dis-interest with high prices on The Armory, and too much competition from local dealers, who can still retain customer privacy while conducting legal transactions.

The Armory is not yet closed – a countdown has been initiated, to end at 8:10 PM GMT on August 15th. Roberts warns users to finish up their current business and withdraw any lingering funds before the countdown is reached.

Many Bitcoin users have expressed joy over the closure, either for personal anti-gun reasons, or for the removal of a potential derogatory connotation of Bitcoins with the illegal sale of firearms.

Despite this closure, there may be hope in the future for those interested in anonymously pawning and procuring guns online.  Roberts states, “if we are going to serve an anonymous weapons market, I think it will require more careful thought an[d] planning,” indicating the possibility of a future restoration of the service after some additional forethought on the design.

What do you think about the closure of The Armory?  Post your comment below, or send an email to ed@bitcoinmagazine.net.

 

As of 18:36:30 GMT on August 2nd, Bitcoin broke the $10 price barrier on MtGox for the first time in 2012.  Bitcoin closed at $9.35 at the end of the day on July 31st, and, as of 1:54 GMT August 3rd, is currently trading at $10.65, indicating a rise of almost 14% in just two days.  The trading price hit a new 2012 high of $11.00 around 22:00 GMT.

Some are suspicious of the recent run-up in price over the last two months, and do not believe it will last.  The price at the start of 2012 was only $4.72, and, with the current trade price of $10.65, shows a whopping gain of 126% over eight months.  Most of that gain was only seen over the most recent two months – June and July – of 2012, amid concerns that this is yet another bubble-based rally, with the potential for a mirroring of the boom and bust of the summer of 2011.

Others are more optimistic, giving reasonable explanations for the rally, such as the potential that  investors with high net-worth are beginning to invest significant funds into bitcoins, or conducting market trend analysis to legitimize the price increase.  The lack of increased activity shown on Google Trends also helps bring security to the idea that the current rally is sustainable, and not a bubble.  An increase in Google Trends activity tends to indicate hype, and a rally without hype might indicate a rally with legs to stand on, instead of a rally built on a group of get-rich-quick speculators.

While it is certainly impossible to predict the future price of bitcoins, the steady 3-month rally with every week ending at a higher price than the last does seem to bode well for those who believe the rally is sustainable and will continue.

[UPDATE]: As of 8:00 PM GMT on August 3rd, Bitcoin is trading at $11.08, continuing the rally with a rise in price of 18.5% in less than 3 days.

Are you making bank on the current rally?  Post a comment below, or send your story to ed@bitcoinmagazine.net.

 

As was previously reported, Bitcoinica was shut down on May 11th, 2012 as a result of a hacker stealing 18,547 BTC (then worth about $92,500) from the service’s hot wallet.  Two months later, while the service was in the midst of rebuilding user data to issue refunds, a malicious entity was able to gain access to Bitcoinica’s MtGox account and withdraw 40,000 BTC (then worth about $310,000) and $40,000 USD.

After Zhou Tong, the creator of the service, sold Bitcoinica to Wendon Group, the Bitcoin Consultancy was hired to be responsible for maintaining the service. Once the service was shut down, they were also responsible for refunding the service’s users.  Recently, the three members of the Bitcoin Consultancy have allegedly ceased all communications, and have stopped refunding users entirely.  Due to this deafening silence from the Bitcoin Consultancy, Tihan Seale has stepped up, and begun the process of liquidation via receivership in New Zealand.  Seale has claimed responsibility to Wendon Group for monitoring past investments, which evidently can include cleanup of failed investments.

Evidence made public by a variety of Bitcoin users seemed to indicate that Zhou Tong himself was responsible for at least the most recent hack. Within hours of this information coming to light, Zhou Tong claimed to identify the third hacker instead as Chen Jianhai, a previous business associate of his.  After Zhou Tong supposedly confronted Jianhai with evidence of his theft, Jianhai agreed to return at least some of the Bitcoinica funds.  Zhou states that he can recover, at most, about $330,000 worth of combined USD and Bitcoins from Jianhai, leaving the users short $42,000.

User deposits at Bitcoinica at the time of shut down have been estimated at just over $1M USD of total valuation.  With $442,500 of those funds stolen, but 15,000 BTC  (currently worth about $140,000) recently returned by Zhou Tong on behalf of Chen Jianhai, 38% of the funds paid out so far, and the $92,500 hack apparently being too much for Bitcoinica to pay out of its own pocket, it seems reasonable to estimate that Bitcoinica only holds around $390,000 to $490,000 in remaining assets with which the receiver of a liquidation might be able to pay back to users of the service.  Assuming this estimate holds true, it would mean that users of the service could expect, at the maximum, to receive around 75%-80% of their account balances at the time Bitcoinica was shut down. If Zhou Tong is able to recover the additional $190,000 from Chen, it would mean that users of the service could expect, at the maximum, to receive over 95% of their account balances at the time Bitcoinica was shut down.  Legal fees or other currently-unknown creditor claims could further erode this eventual payout percentage.

Have you been affected by the Bitcoinica debacle? Post your comments below, or send your story to ed@bitcoinmagazine.net.