Darwin strikes another bitcoin exchange as China’s BTER loses $1.75M in cold wallet hack



Another week, another bitcoin exchange hack.

The latest in the long list of breaches occurred at China’s BTER exchange, which has lost 7,170 bitcoin (valued at ~$ 1.75 million at today’s exchange rates) via an apparent hack to its cold wallet system.

The company is offering a 720 BTC (~$ 170,000) reward for information leading to the return of the stolen funds. The offending transaction can be viewed on the blockchain, meaning that the bitcoin ecosystem has at least some shot at tracking the missing funds and identifying the party or parties responsible.

The company issued a statement in Chinese on its Weibo that read, in part: 

To ensure the safety of other funds, we have taken technical measures to stop and turn off all the virtual currency trading in online wallets in order to do further checks 

At the same time, we plan to arrange CNY and other virtual currency extractions as soon as possible to reduce user’s concerns. 

Please be assured that we will not run away, we will assume responsibility for the user to recover the stolen Bitcoins.

The issues at BTER come a week after Hong Kong exchange MyCoin was revealed to be a $ 385 million Ponzi Scheme and less than two months after Slovenia-based BitStamp suffered a hack that cost what was at one time the world’s largest exchange more than $ 5 million in customer deposits. In late 2013, fraud by the owners of China’s GBL exchange cost customers $ 4.5 million. 

But if BTER’s own statements are to be believed, this incident has the most in common with the Mt. Gox debacle in that both companies saw their respective cold wallets breached – in Mt. Gox’s case costing depositors a staggering $ 450 million in crypto-currency wealth (based on exchange rates at the time of the breach).

The use of cold wallets, which are by definition stored offline and in most cases protected by extensive physical security, are meant to prevent this very type of scenario. Most modern exchanges keep less  than 5 percent of all deposits in their hot wallet at any time, with the balance meant to be safe from would-be hackers. For example, it was BitStamp’s hot wallet, not its cold wallet that was breached, meaning the exchange lost just a fraction of its assets and has been able to continue as a going concern (despite suffering a blow to consumer confidence).

One thing that all of these incidents have in common is that they occurred at international exchanges in jurisdictions that have little to no regulatory oversight pertaining to digital currency businesses. As I wrote last month when Coinbase launched the first regulated bitcoin exchange in the US in partnership with the New York Stock Exchange:

For bitcoin to “cross the chasm” it needs reliable institutions that users of all sizes and levels of sophistication can trust. Coinbase, in partnership with the NYSE and other major financial institutions brings a new level of sophistication and credibility to the market – even if many bitcoin idealists will bristle at the centralization and institutionalization. 

Bitcoin is, in many ways, still navigating its rebellious teenage years. As the technology matures and adoption grows — not only among online anarchists but mainstream consumers and businesses — there will be less tolerance for the type of amateur hour operations and fly-by-night founders that have plagued the industry’s first half-decade. But with several venture-backed organizations like Coinbase, BitPay, Circle, Blockchain, Xapo, Kraken, Ripple, Gemeni, SecondMarket and others seemingly operating under the full scrutiny of US regulations and the oversight of boards of directors with significant vested interests in their success, this transition is already taking place. 

The Coindesk Bitcoin Price Index sits at $ 236 currently, up nearly 34 percent since bottoming out on January 14 at $ 177 – a low precipitated in part by the above-mentioned BitStamp hack and the trial of accused Silk Road mastermind, Ross Ulbricht –  but down significantly from its all-time high of $ 1,120 reached in November 2013. Sentiment within the industry remains high, despite the overwhelmingly negative news cycle in recent months.

Lest you look at the above list of bitcoin hacks and conclude this is a technology that is somehow more risky or less worthy than the existing legacy banking system, note that the world’s leading banks were just hacked to the tune of $ 1 billion and didn’t know for months that it was taking place.

The rule of thumb in bitcoin, as with most things in life, is choose wisely who to do business with and know what recourses you might have if things should go wrong. This isn’t the first time BTER was the victim of a major hack. In August 2014, the company had £1 million ($ 1.65 million) of the NXT digital currency stolen from the exchange.

In the case of BTER, it’s unlikely that affected customers will get their funds back. With the latest generation of regulated exchanges, like the banks affected by the above hack, FDIC insurance covers those unlucky enough to be caught up in any breach.

It’s still early for bitcoin, meaning the Darwinian process of weeding out bad actors continues. At the same time, the industry is beginning to identify and embrace those good actors, who will likely be the seminal companies as the digital currency ecosystem matures. There are now more reputable exchanges and wallet providers than at any point in history. In the meantime, if you have doubts about your bitcoin service provider, trust your instincts and do something about it. This is one lesson no one wants to learn the hard way.

[Illustration by Brad Jonas for Pando.]



Circle goes surprisingly global with the public launch of its user-friendly bitcoin wallet



When Circle previewed its bitcoin wallet and exchange platform in May, then in public beta, I called it the “CryptoBank of America.” It was a nod to the company’s focus on consumers, rather than merchants, its commitment to leading with free, easy to use, and aesthetically pleasing products, its desire to serve the underbanked, and its aim of challenging the legacy banking system. In other words, this wasn’t a futuristic financial platform for the pocket-protector class, but one for everyday folks.

Today, Circle removed the velvet ropes and launched its product publicly. A lot of what I like about Circle early on remains, but it seems I was wrong about at least one thing: My choice of “America” as a descriptor was a bit shortsighted. The most striking thing about today’s launch is Circle’s international focus.

Circle is available at launch to consumers across the globe. The platform supports 160 different currencies (responsively, based on a user’s IP address) and seven languages: Chinese, Japanese, Portuguese, Spanish, French, German and English – which it says in a blog post will allow it to “cover approximately 40% of the world’s population.”

Circle’s international users won’t yet be able to connect a bank account, but they can deposit money using a Visa or Mastercard or transfer in bitcoins purchased elsewhere. They’ll also be able to send bitcoin to any email address in the world using the Circle wallet.

It’s an unusual strategy, considering Coinbase, Xapo, and nearly all of the company’s others competitors have elected to restrict foreign usage until establishing banking partnerships in each individual market. It could allow Circle to onboard early adopters in these non-US markets, particularly those with existing bitcoin holdings who are interested in bitcoin commerce or speculative trading. But for mainstream users, local banking support is likely an essential feature, which means that Circle’s head start in foreign markets will be tied to its ability to outrace competitors in negotiating these banking relationships.

Relatedly, the first company to bridge the US with another major market for immigrant workers (like Mexico or the Philippines) could make a major splash by enabling zero-fee international remittances. But with Circle’s fee-free approach, this would be more impactful from a usage perspective than revenue generation. The company has had little to say about how it plans to monetize the service, but it would seem that additional services like lending and escrow would be natural additions.

As was the case during Circle’s early summer beta launch, where the product excels today is in its simplicity and ease of use. In an entry on its blog today, the company wrote:

When we set out to build Circle, we imagined a new kind of Internet-centric consumer financial service, one that the average person would find enjoyable and powerful, built on the promises of Bitcoin – instant, global, secure, free transactions.

Outlining its initial product aims, it points to:

Reduce[ing] the friction that so many people – even sophisticated, technology-savvy people – often experience in acquiring and spending Bitcoin. Starting today, people can onboard into a Circle account and begin using digital money within minutes, not days. And Circle eliminates the labyrinth of fees and complex user interfaces designed for traders.

So, the question is, did Circle succeed in this aim? As someone who’s used the product in beta for several months, I’d say, yes. Circle is every bit as aesthetically pleasing and intuitive as it was heralded pre-launch. It’s the first bitcoin product that I could conceivably see my mother using. The company also helped push the industry forward by being the first to announce fully-insured consumer wallet accounts – a feature that has since been duplicated by Coinbase and Xapo – further easing the transition from fiat to virtual-currency.

Where Circle still has room to improve is in mobile. The company teased upcoming native apps for both iOS and Android at a recent conference, but have yet to release anything into the wild. Until then, consumers will be relegated to using the inferior-by-comparison mobile Web version of the product. But this seems to be a fair compromise – and likely a short-lived one – for such a newly launched product. With $ 26 million raised from investors like General Catalyst Partners, Accel Partners*, Breyer Capital, Oak Investment Partners, Bitcoin Opportunity Fund, and Pantera Capital, there’s little doubt that the company will continue to iterate quickly.

Bitcoin has been called “the Internet for money (or value).” After several years of pundits (rightly) claiming that bitcoin was too abstract and too complicated to ever truly challenge fiat money, aka “cash,” Circle hints at a future where value may be as liquid as information. The company, and the crypto-currency ecosystem as a whole have a long way to go. But whereas before there were doubts as to whether bitcoin could ever be called “accessible,” Circle suggests this is no longer the case.

(*Disclosure: Accel is an investor in Pando.)