Feeds

Cleaning up the Bitcoin act

Camp BX live with high-sec trading platform

SANS - Survey on application security programs

The story so far is that a little-known hacker hobby currency called Bitcoin suddenly came to the notice of the press, then to the notice of regulators, and finally to the notice of hackers.

Believers are reluctant to moderate their hype; regulators and lawmakers want to either shut the whole thing down, or at least tax it; and hackers still see it as an attractive target.

Camp BX, a new exchange launched last week, hopes to address at least some of the problems. Could a combination of security and legitimacy solve Bitcoin’s problems? The Register spoke to Keyur Mithawala of Camp BX – and naturally enough, the conversation started around security.

“Although it looks like a hobby project, Mt Gox was already processing around US$324 million worth of Bitcoin transactions per year when you’re dealing with millions of Bitcoins, security has to be the core concern,” Mithawala said.

“I have worked for telecoms and finance companies, so I came at this from a corporate standpoint. You might not get a chance to rebuild if your security is compromised.”

Physical security is addressed by hosting the exchange in a secure data centre with three carrier connections.

The most-promoted aspect of platform security is the Camp BX association with McAfee, which runs “12,000 to 13,000 scripted tests” against the site each night, Mithawala said.

As well, the Bitcoin Consultancy in the UK conducts penetration tests against the platform, and Mithawala says that internally, the organization uses a peer-review mechanism to try and avoid all code vulnerabilities.

Bitcoin volatility

However, as recent events have illustrated, technical security isn’t the only challenge facing exchanges. The volatility of the currency itself is also a problem.

Mithawala says this price volatility illustrates a gap in Bitcoin’s design. “A core thing that’s missing in all the exchanges is that there is no functionality for short selling.”

While short-selling got a bad reputation in the global financial crisis, it’s still an important market mechanism, he believes, one which would help reduce the range of prices – and therefore the volatility – of Bitcoin prices.

“If someone believes Bicoin prices should be lower at a particular point in time, they should have that option.”

Bitcoin’s “one-sided” price pressure makes the currency vulnerable to “flash crashes”, he believes, leading to variations that can be as much as “hundreds of percentage points in a month.”

This volatility drives Bitcoin towards purely speculative exchanges, he told The Register. “If prices can stabilize, that’s when the Bitcoin economy will really take off.”

Liquidity is also a problem in the world of Bitcoin exchanges. If you’re unfamiliar with the scale of the “real” economy, US300 million or so in trades each year sounds like a lot; but as Mithawala points out, the world of foreign exchange deals in trillions.

Bitcoin’s small size – and consequent low liquidity – creates two problems. The first is that large trades can exceed the liquidity of the exchange, which creates the second problem, that an individual with large holdings can use large trades to manipulate prices.

“We believe we can stabilize prices if Camp BX is processing around 20 percent of total volume,” Mithawala said.

Compliance

There is a lot of uncertainty over the legality of Bitcoins in America, he said: money laundering laws, trading laws, and currency laws all impact on whether or not Bitcoins can be regarded as completely legal.

“We decided to do this project legally,” Mithawala said. To that end, he said, Camp BX consulted with a host of regulators, including the Department of Treasury and the Department of Banking and Finance, as well as state regulators.

“Our assessment is that Bitcoin can’t be banned outright – it would be like outlawing mathematics. If it can comply, then it can be legal. We don’t want Bitcoins to be underground and illegal.”

Mithawala says Camp BX will stay in touch with regulators about its operations.

Transparency is also important, Mithawala believes, and in a way this looks paradoxical, given that one of the attractions of Bitcoin is supposed to be anonymity.

However, users aren’t the same as exchanges. Mithawala said an exchange has to be transparent, visible and credible: it has to be backed by people you can name and phone numbers you can call.

“For example, Tradehill is the number two exchange right now. If you want to transact, then you put your money into a personal bank account in New Jersey.”

Not only does this look risky from outside, he said it arguably violates foreign exchange laws.

“We are offering clear processes of how we do the money transfer, who to contact, and we provide all the information that users will need to have confidence in us,” he told The Register.

Author’s note: I can’t tell you whether Camp BX will work or not. I’m certain there are questions I neglected to ask – and I’m also certain that El Reg readers will think of them.

One problem is that Camp BX's attention is on US regulation, and Bitcoin is international. Will this disadvantage users in other countries?

Possibly the greatest challenge for Camp BX will be in asking Bitcoin users to swap some of their freewheeling anarchy for a secure and transparent exchange. ®

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.