[HN Gopher] FTX stored private keys to crypto assets in plaintex...
___________________________________________________________________
FTX stored private keys to crypto assets in plaintext, without
access controls
Author : danso
Score : 333 points
Date : 2023-04-10 16:45 UTC (6 hours ago)
(HTM) web link (twitter.com)
(TXT) w3m dump (twitter.com)
| [deleted]
| SilasX wrote:
| I was confused, since this is kind of old news, but it looks to
| be news because it's part of a new report, which you can see if
| you scroll wayyyy up to the beginning of White's twitter thread
| and the link to the court document filed by John J. Ray's team at
| FTX:
|
| https://twitter.com/molly0xFFF/status/1645197258873270276
|
| https://www.courtlistener.com/docket/65748821/1242/1/ftx-tra...
| iameli wrote:
| I get such an incredible volume of malicious crypto spam on
| Discord and Twitter every single day. They're constantly creating
| new sites as things get banned, new accounts with legitimate-
| looking traffic, custom art and even videos for the fake
| "airdrops" they're planning. And FTX is just keeping their
| billions of dollars unencrypted in S3 buckets. Hey scammers,
| wouldn't hacking into that be a better use of your time???
| renewiltord wrote:
| It wasn't/isn't just them. It wasn't a massive secret either.
|
| https://news.ycombinator.com/item?id=32077583
|
| The test of all these security exploits are in the exploiting. In
| practice, you can run wild and nothing will happen. My HN
| password was 000000 for years.
| RSZC wrote:
| I mean I have a yahoo chess account with a password of like
| abc123, that's not the point.
|
| Your HN password doesn't provide access to your money, never
| mind other people's money.
| renewiltord wrote:
| Sure, but look at the timestamp on the linked comment. No one
| took the money for the next 4 months after that.
|
| And they had a lot of crypto to take.
| skyechurch wrote:
| When reading crypto clownworld stories like this, it is easy and
| fun to observe that cryptocurrency is a satire of the real (or
| "fiat", if you prefer) financial system.
|
| Less fun, but far more important, is to note how incredibly
| (infinitely?) subtle this satire is:
| https://news.ycombinator.com/item?id=22352840
| reisse wrote:
| One thinks about crypto as a clownworld only until one had to
| work with or inside the real financial system.
|
| Techincally, it is in no way better than crypto. The only
| difference is that in real financial system there is a strong
| legal cover for all the technical and security fuckups. Like,
| stealing from bank by exploiting their 10-years old Windows XP
| ATM connected to the internet is 10-years-in-jail offence,
| while stealing crypto may be hard or impossible to prosecute in
| many jurisdictions.
| VHRanger wrote:
| Also, banking is dealing with massive legacy codebases.
|
| You get to write your own new stuff in crypto, there aren't
| excuses for fucking up on best practices
| LapsangGuzzler wrote:
| > while stealing crypto may be hard or impossible to
| prosecute in many jurisdictions.
|
| This is one of the inherent contradictions of crypto. If the
| ultimate goal of crypto is to create a financial system that
| is free of government control, then that system must also be
| free of the justice system because that's the government too.
|
| Asking people whose salaries are paid for with tax dollars to
| help you recover stolen crypto while simultaneously trying to
| avoid taxes and government oversight is so ironic.
| pcthrowaway wrote:
| If your goal is to avoid taxes, you're better off using
| cash than crypto. And not everyone using crypto is a
| diehard libertarian.
| overthrow wrote:
| Being free of government control doesn't imply lawlessness.
| I wouldn't want the government to control jeans
| manufacturing, but if someone steals your jeans, that's
| still a crime. There are laws against theft, and crypto and
| jeans are just different kinds of property.
| pasc1878 wrote:
| So it is OK to have your jeans made by children and in a
| factory that pours toxic waste into a river used for
| drinking water?
| overthrow wrote:
| If you read my post, I said laws should apply equally to
| jeans and crypto. That includes child labor laws.
| r_hoods_ghost wrote:
| So you do want the government to control jeans
| manufacturing then?
| overthrow wrote:
| You're being silly, but I'll humor you. The world
| "control" has multiple meanings.
|
| In the communist sense: the government should not control
| the means of production for jeans or crypto.
|
| In the social welfare sense: the government should
| "control" whether people are allowed to steal others'
| jeans and crypto, and the government should "control"
| whether you can abuse children in connection with your
| jeans or crypto company.
|
| You can play with the meaning of the word, but whatever
| meaning you choose, jeans and crypto shouldn't be treated
| any differently.
| knorker wrote:
| > I wouldn't want the government to control jeans
| manufacturing
|
| Of course you do. You want asbestos to be banned in the
| clothes you buy. You want labelling of material to not be
| lies. You want child labour banned. You want slavery
| banned. You want trademark protection. You want the
| factory to not dump toxic waste in the nearby river.
|
| And you say "well, of course I want _that_ , but not... I
| dunno..." and give some hypothetical. Well, the same with
| cryptocurrency. If you think you want to get rid of all
| financial regulation, including AML/KYC, then I don't
| think you've thought about the issue for more than a
| fleeting moment.
| [deleted]
| olalonde wrote:
| That conclusion doesn't necessarily follow. A significant
| portion of the economy functions with limited government
| intervention, as the government sucks at managing the
| economy. However, money is an exception in this regard, and
| many cryptocurrency advocates argue that it could be better
| managed outside of government control. This does not imply
| that a justice system is unnecessary; rather, it emphasizes
| diverse roles of government.
|
| In other words, one can agree with certain roles for
| government (e.g. justice system) while not agreeing with
| others (e.g. managing money). I don't see the irony or the
| contradiction.
| Eisenstein wrote:
| I think the contradiction is that if you don't allow the
| government access to the financial system then there is
| little it can do for you to get your money back or
| investigate financial crimes.
| LapsangGuzzler wrote:
| > A significant portion of the economy functions with
| limited government intervention, as the government sucks
| at managing the economy.
|
| This just isn't true, government participation can be
| found throughout the entire US economy. Import and export
| controls, labor force participation and visas, a massive
| small business loan portfolio, R&D investments in things
| like clean technology (e.g. Tesla was initially funded by
| a government clean energy grant), on and on and on. The
| assertion that the government just lets the economy run
| itself is laughable.
|
| > In other words, one can agree with certain roles for
| government (e.g. justice system) while not agreeing with
| others (e.g. managing money). I don't see the irony or
| the contradiction.
|
| It's not a question of what the ideal role of government
| should be, the question hinges on the government's
| legitimacy and ability to do things like collect taxes
| (which is an important function of a government). Lots of
| participants in crypto believe that taxation is theft and
| that government is an inherently wasteful entity, all
| while continuing to enjoy the largely invisible benefits
| that government policy and enforcement provides them.
| This is the contradiction.
|
| EDIT: The government is the only reason that FAANG and
| other tech companies aren't bringing in foreign software
| developers who will work for $15/hr en masse. You know
| that if they could, they 100% would.
| reisse wrote:
| It's not really a contradiction. People who want financial
| system free of government control and people who want
| government to prosecute for crypto crimes are mostly
| different people.
|
| The latter usually care about 100% APR on dollar and other
| scammy promises, and not about any real crypto benefits.
| When they get burned, they want government to step in and
| regulate.
|
| The former don't care much that system allows to scam
| people (the "it's your fault if you were scammed"
| attitude), they care more that it's free from regulations.
| knorker wrote:
| > People who want financial system free of government
| control and people who want government to prosecute for
| crypto crimes are mostly different people.
|
| Are they? I'm not so sure.
|
| Could you elaborate? The whole selling point of
| cryptocurrencies seems to be to start from scratch,
| without those pesky KYC/AML and tax laws.
|
| Traditional banking is not a natural law. It's man-made.
|
| The benefits cryptocurrencies have over traditional
| banking seem to all come either directly or indirectly
| from the extent to which they do not have the man-made
| rules and laws.
|
| Basically: It is hard to send money from A to B because
| of laws.
|
| The set of people who like cryptocurrency is not small.
| The number of anarchists is vanishingly small. People
| want anarchism (complete freedom) and unregulated
| cryptocurrency until someone else uses that anarchism
| against them, and then they want regulation, post-facto.
|
| It's not different people. It's the same people at
| different times; the times they're affected and the times
| they're not.
| xirdstl wrote:
| That only difference is an extremely important difference
| lern_too_spel wrote:
| The reason for this is cross-border controls. If North Korea
| steals your crypto, you have no recourse.
| rossdavidh wrote:
| My impression is that there is a lot more auditing going on
| in the conventional financial system. Not to say that it's
| not bad, but there are at least some (legit) outside eyeballs
| on your system.
| piyh wrote:
| My financial company has amazing enforcement around code
| quality, deployments strategies, separation of concerns,
| testing enforcement, escalation, approvals, backups,
| minimum security standards, vulnerability remediation and
| so much more. All of this is aimed at being able to keep
| compliant at scale. It's a large burden, but it's one you
| take when you hold people's money.
| WeylandYutani wrote:
| Nobody wants to be their own bank. That's the mistake crypto
| makes. Banks were invented because it offloads the risk and
| hassle of handling money.
| anecdotal1 wrote:
| The still living members of the Silent Generation would
| disagree. They still don't trust banks and the banks have
| once again proven themselves to be untrustworthy.
| oblio wrote:
| I come from a country which is under-banked.
|
| It used to be non-banked, because in 1990 in Romania
| there were no commercial banks.
|
| Trust me, being non-banked/under-banked is not better.
|
| What you want is decent banks, not no banks at all.
|
| The alternatives are all awful from a combination of
| peace of mind, convenience, etc.
| Eisenstein wrote:
| > The still living members of the Silent Generation would
| disagree.
|
| Never heard of them. They are incredibly effective at
| living up to their name.
|
| > They still don't trust banks
|
| Neither do I. I also don't trust my cell phone provider
| or the grocery store or the company that makes the web
| browser I use.
|
| > the banks have once again proven themselves to be
| untrustworthy.
|
| That's because they are. That's why we have a system of
| laws and regulations in place which kinda work at keeping
| them from screwing over most people, most of the time.
| But not always and not everyone. It is a work in
| progress.
| startupsfail wrote:
| Cryptocurrency is over complicated, very wasteful funny paper,
| not real money.
|
| It had been there for more than a decade, yet all it had
| generated was fraud, Co2 emissions, wasted and burned GPUs and
| useless mining of crypto hashes.
|
| Not a single penny of real wealth created out of that. Just waste
| and fraud.
| clownpepe wrote:
| Right....
| verytrivial wrote:
| Hey, and just like legacy/fiat currencies, it has made a tiny
| subset of often nefarious actors inexcusably rich while doing
| nothing for society, but for Good Reasons, right? Such an
| improvement!
| Tepix wrote:
| I'm pretty sure that some Venezuelans and Chinese people have
| used it successfully to smuggle wealth outside their countries.
| stametseater wrote:
| Probably incompetence. Or maybe, done this way to create doubt
| if/when they decided to take the money and run. _" Who did it?
| Who had access to the keys?"_ _" Uh, everybody.."_
| mabbo wrote:
| Imagine if you were an employee at this company with access to
| these keys. They're so disorganized, you could have stolen tens
| or millions of dollars in crypto and even right now after
| auditors have gone through everything, still no one would know
| you had done it. That anyone had done it.
|
| How ethical are you really? Could you actually resist that
| temptation? Do you think all your co-workers could too?
|
| What a fiasco.
| burnished wrote:
| Yeah? Being well compensated makes it much, much easier to
| resist temptation.
|
| Plus the nagging suspicion that you'd fuck up or never be able
| to use it in a meaningful fashion.
|
| I'm not saying I'd be surprised if some one took advantage, but
| I don't think it would be most folks natural inclination.
| JustSomeNobody wrote:
| Would this fall under "fake it till you make it" or "move fast
| and break things"?
| dbmikus wrote:
| I think the general rule is "move fast and break things" unless
| you are handling money or healthcare. That said, some financial
| and health-tech firms do seem to fly by the seat of their
| pants.
| romseb wrote:
| That sounds like a perfect clone of Mt.Gox. They did the same 12
| years ago.
| whalesalad wrote:
| this is how 95% of startups operate
| kickaha wrote:
| I'm starting to think that what's keeping me off the cover of
| Forbes is my weak-ass sociopathy and my tiny tiny crumbs of
| competence.
| commandersaki wrote:
| What's wrong with Secrets Manager? I'm sure FTX didn't - but you
| could setup RBAC using IAM.
| wnevets wrote:
| Maybe it's time we stop conflating net worth with intelligence
| and competency.
| [deleted]
| jrockway wrote:
| This sounds like your standard startup-y security stack. Bonus
| points for trying to use your cloud provider's hardware key
| storage and keeping secrets in 1password. It ain't great but you
| could do worse.
|
| (I've worked at startups and we did better. No access to the
| cloud provider without a time-based escalation. Secrets in
| secrets managers. Passwords rotated regularly. Mandatory 2FA.
| Signed commits. But it would probably still look god-awful if we
| were a finance company!)
| amanj41 wrote:
| What's particularly astounding about the case of FTX is that it
| was rolling in cash (unlike many startups), and yet never cared
| enough to throw money at hiring tons of security-minded staff
| and engineers
| dieselgate wrote:
| Yeah have often thought the same but presumably they wouldn't
| have been able to keep pulling all these shenanigans/fraud if
| they had proper security staff.
| japhyr wrote:
| If you read through some of the other parts of the thread,
| there are stories where they fired competent people as soon
| as they called attention to these kinds of issues.
| jrockway wrote:
| Very good point. Spending the money on security engineers at
| a crypto company sounds like a no-brainer to me. They have a
| lot of good ideas and the work is essential.
|
| (Demanding that crypto keys be stored in Google Drive is the
| kind of suggestion you'd make if you were planning on
| stealing all the money, I guess.)
| CodeWriter23 wrote:
| Do we even have a specific term for the opposite of "Defense in
| Depth"?
| whalesalad wrote:
| "fake it till you make it"
| rossdavidh wrote:
| "Vulnerability in Depth"?
| AlexandrB wrote:
| I'd suggest "Vulnerability in Breadth", since increasing your
| attack surface and number of points of failure is a good way
| to ensure _something_ goes wrong.
| willio58 wrote:
| While this is flatout insane, it does not speak toward crypto's
| security directly. If you personally decide that you want a
| company to hold your crypto that's your decision and a poor one
| at that. You have the ability to create your own wallet and hold
| your funds in it securely. Some exchanges like Coinbase even have
| wallet apps so the transition is super easy to make.
| [deleted]
| krunck wrote:
| And then there are the M of N keys schemes where one can have
| multiple parties holding the keys. Example: Three keys, any two
| can sign transactions. You have one somewhere safe(in a safe)
| and one on your hardware wallet. And the bank has one for your
| account. The bank can't do anything without you also signing
| the transaction. You can always sign transactions on your own
| with both your keys.
| themagician wrote:
| Wallet "apps" are not secure. It's an illusion of security.
| Unless the source is open AND verifiable there is no reason to
| trust it more than trusting FTX.
|
| I 100% guarantee that there will be a major hack, from a major
| app, at some point in the future where it turns out that all
| seed generation was not in fact random. Honestly, it's probably
| already happened multiple times and they just haven't gotten
| caught. Those stories where people claim that all their crypto
| got stolen even though they never shared their seed--you know
| the stories that everyone always dismisses as, "You must have
| let someone else see it." Well, some of those are probably
| true.
|
| When you generate a private key through an app you are 100%
| trusting that the person who published that version of that app
| did not do something trivially easy like decide to generate all
| seeds from a known incremented input. You'd never know. And if
| that person caught caught internally the company is far more
| likely to cover it up, because otherwise they will collapse
| overnight.
| pcthrowaway wrote:
| I've never heard of a crypto wallet that was _not_ open
| source. The coinbase one certainly is.
|
| That doesn't mean there won't be hacks and backdoors though.
|
| You also need to build them from the codebase yourself if you
| want to be completely sure that you're running the code
| that's visible (though maybe there's a better way to verify
| this with Android/iOS apps?)
| themagician wrote:
| How do I know the code running on my iPhone is the same as
| what is on Github? I don't.
|
| There is every incentive for someone to cheat here. There
| is very little risk, and the potential reward is basically
| infinite. I can slip a few lines of code in that grant me
| access to every wallet generated. Worst case I get caught
| and fired. Best case no one _ever_ knows.
|
| Assuming your employer isn't in on it and you get caught,
| what are they going to do? Seriously, think about it. If
| they acknowledge this in anyway the company is OVER. The
| best course of action is fire you, push a new release and
| just pray that you don't drain the wallets of the victims
| in a way that raises too much suspicion.
|
| You either generate seeds from source you audited or
| _maybe_ trust a hardware wallet that has been sufficiently
| audited. App-based wallets get new releases on a daily
| basis. The security is a joke.
| nullc wrote:
| > from a major app, at some point in the future where it
| turns out that all seed generation was not in fact random.
| Honestly, it's probably already happened multiple times and
| they just haven't gotten caught
|
| Bitpay's "copay" wallet used only 64-bits of randomness for
| the nonces in their signatures, making it trivial to recover
| the user's private keys.
|
| That wallet was "open source" -- but it doesn't much matter
| if its open source if no one competent is reading or
| reviewing the code.
|
| They never announced the vulnerability-- they fixed it and
| the person who introduced it quietly parted ways with the
| company (he surfaced again later as part of conman Wright's
| team, ... I'm not sure if that increases my estimate the the
| vulnerability was intentional or if it was just
| incompetence).
| cypress66 wrote:
| It has always been recommended to use hardware wallets, and
| software wallets are considered highly insecure.
|
| You can get a trezor which is open source.
| leetrout wrote:
| > The Forbes survey also revealed that FTX did not have a SOC
| audit and was hoping to get these certificates in Q4 2022 or Q1
| 2023 from Prescient Assurance LLC, but given the firm's collapse
| in November, it is unlikely they got them or will do so.
|
| https://www.forbes.com/sites/javierpaz/2022/12/02/crypto-exc...
| tough wrote:
| Prescient Audits never gone well
| caycep wrote:
| there are crypto companies and then there are "crypto"
| companies....
| Quarrelsome wrote:
| As the tweet points out the bad practice and doesn't comment on
| the good practice how _should_ one store their keys? Specifically
| the tweet states that using a secret manager or password vault is
| a problem, so what is the solution?
| datadata wrote:
| A normal pattern is to tier storage into a hot wallet and a
| cold wallet. Hot wallet is used for daily operations and can
| have lower security, but has a very low percentage of value, so
| that if hacked the exchange and eat the loss. The cold wallet
| can have very very high security measures such as multisig,
| physical security, geographic distribution, etc, and only needs
| to be periodically accessed.
|
| Analogy in a old bank with cash or gold is hot wallet = cash
| that tellers have on hand, cold wallet = vault in the back that
| has everything else.
| pcthrowaway wrote:
| Yep. You can also put cold funds behind a multisig, which to
| use the vault in the back of the bank example, would require
| two managers to turn a key at the same time to open the
| vault.
| HL33tibCe7 wrote:
| Hardware security modules.
| mithr wrote:
| I think that if you, an individual who owns some crypto, wants
| to store your key in a password vault, that's probably fine, as
| long as you accept the risks (you've done your due diligence
| and trust your password manager is secure enough for your
| expected risk factor, etc).
|
| But if you're an exchange handling billions of dollars of
| customer assets, the requirements should probably be higher.
| The text implies that many employees at the company had access
| to the password vault, for example. Also, shared password
| vaults that I've seen tend to have functionality like the
| ability to share a password externally (something you probably
| don't want!), relatively low logging abilities (while it would
| probably be a good idea to track each and every time a crypto
| key was accessed and who acccesed it), etc.
|
| At least that's my guess at what they meant -- perhaps someone
| had deeper knowledge and can share that.
| RegularOpossum wrote:
| Also, they advertised on fortune cookies at my local Chinese
| takeout place, which I think told me all I needed to know.
| whalesalad wrote:
| I asked a girl to prom in HS with a fortune cookie. It didn't
| work, but it was a fun experiment.
| datadata wrote:
| It is fantastic that a company operating with such horrific
| practices is dead. While we are at it, when can we fix similar
| issues below with mainstream financial systems that millions of
| people are still using?
|
| - Social security numbers are used as a secret for
| identification, despite being in plaintext and having so low
| entropy as to be guessable, and originally issued on a card
| literally saying "Not for Identification".
|
| - Every bank check lists the bank account number, which serves as
| the only information needed for a party to issue a request to
| withdraw money from that account.
|
| - Credit card numbers are similarly a private number used as a
| public number, and printed on plaintext on the card.
|
| Is there any effort working on bringing asymmetric encryption to
| these systems or to replace them that has a reasonable chance of
| working?
| misterprime wrote:
| Me, many years ago setting up electronic payment. -OK, it's
| asking me for my bank account and routing number. These must be
| pretty secret. -Oh wow, they're both printed on my checks.
| Uh...this system works?
| themagician wrote:
| Traditional banking is sufficiently slow enough that things can
| be reversed before permanently settled. The "slow" speed of
| moving money is a feature. It's designed for humans who make
| mistakes all the time.
| datadata wrote:
| I agree that it is a feature, but that feature didn't come
| with any downsides initially when the speed of everything
| else was also slow. The downsides are now substantial as the
| customer expects higher speeds. The downsides of not having
| the option to have final settlement quickly also seems to be
| a source of many other problems.
|
| We also don't even need to change this aspect of traditional
| banking in order to add strong asymmetric encryption in front
| of the system. That would nip most fraud in the bud, and if
| nothing else save a lot of effort that goes into fraud
| schemes, prevention, and reversal.
| themagician wrote:
| Honestly, I don't really see this. Small personal
| transactions happen via Cash, Venmo, PayPal, Zelle, etc.
| without much issue or friction. As far as the general
| consumer is concerned it is instant.
|
| Large business transactions generally (not always,
| obviously) do not have the sense of urgency that would
| require fast settlement. There's some market maker stuff
| that benefits from fast settlement, but that's not exactly
| a reason to push whole new system out to everyone.
|
| The biggest "benefits" of crypto are not benefits to the
| average consumer going about their daily life. Instead of
| dealing with fraud you'd have to deal with customer service
| issues for actual customers who forgot/lost their keys.
| And, honestly, you'd probably have to deal with more fraud.
| Your phone gets hacked, your keys get stolen, and then
| what... all your money is irreversibly gone?
| datadata wrote:
| You are imagining a false dichotomy where things like
| fast and final settlement, or self custody are forced
| onto every user, and pointing out the obvious problems
| with that scenario. They are not good defaults, but they
| are great to have as options to protect customers against
| a fraudulent or over leveraged system. It is a bit like
| any protected right-- you don't have to directly make use
| of it for it to be valuable, the real value is in the
| optionality you have to be able to use it, and the risk
| that optionality poses to those who would exploit the
| absence of the right.
| themagician wrote:
| Not really. Fast (immutable) settlement is terrible for
| humans. Self custody is more or less incompatible with
| our modern world. And despite that, there are ways to do
| both without crypto--hand someone stacks of cash and keep
| gold in a safe under the floorboard. Both of these
| options exist.
| datadata wrote:
| You are repeating the same false dichotomy by stating
| again that final settlement and self custody are bad
| defaults for the entire world. That isn't want I'm
| saying, I am saying a choice is better than no choice at
| all. I'm also not saying anything about crypto. Gold and
| cash are also useful instruments that should be financial
| instruments for everyone also.
| sublinear wrote:
| > The downsides are now substantial as the customer expects
| higher speeds.
|
| Why would they expect this? It seems like the slowness is
| the only thing keeping the game from growing legs and
| walking away from the humans playing it.
| datadata wrote:
| Ask anyone waiting for an emergency withdrawal to settle
| from a failing institution like FTX or SVB.
| UncleEntity wrote:
| According to both of them that's what sank them and not
| the blatant shenanigans going on.
|
| If there were more of a delay, like the maturity rate of
| whatever bonds, SVB would be fully functional today.
|
| FTX, as long as nobody looked too hard they probably
| could have lost the few billion they had left while
| keeping everyone happy.
|
| Bank runs... always blame the customers.
| medvezhenok wrote:
| On the flip side, think about all the old people that
| initiate transfers to various scammers and get stopped by
| the bank.
|
| Making things faster will be good for some people, bad
| for others. Not clear if better on the whole.
|
| It's also probably better to keep it slow to prevent
| impulse decisions (let me put all of my money into
| dogecoin, it's mooning now)
| ChrisMarshallNY wrote:
| _> Credit card numbers are similarly a private number used as a
| public number, and printed on plaintext on the card._
|
| I have an Apple Card. The only text on the card is my name. I
| think a lot of bank cards are starting to do similar stuff.
|
| It isn't foolproof, though. Someone somehow was able to charge
| against the card, a couple of months ago.
| giobox wrote:
| The lack of identifying numbers causes no end of confusion
| when I travel with it too, especially in European countries
| that Apple haven't launched the card in yet.
|
| It got so annoying on a recent trip, I just reverted to using
| another conventional credit card. The Apple Card is generally
| fine any time I use tap to pay from the phone, but the
| physical card simply isn't as reliable as some other cards I
| have that generally "always work" abroad. I've even had
| restaurant staff treat me very suspiciously over the blank
| card.
|
| Its also an odd card in that the physical card itself has no
| tap-to-pay functions at all; of course Apple want you to use
| the iPhone it can't operate without to do this part instead.
| Again though, if I do have to hand over the card, in Europe
| people will of course try and tap it instead of a swipe and
| once again confusion reigns.
|
| Oh and if a server drops the card, it makes the most
| irritatingly loud clang being a small metal object - I would
| happily go back to plastic for the card!
| HL33tibCe7 wrote:
| I mean you're right in that, thinking about this on an abstract
| level, your suggestions seem like no-brainers.
|
| But the current system works _well enough_ in the vast majority
| of cases. And the fixes to the problems you list would add
| considerable complexity. I don't think it's actually that clear
| that fixing these problems would have a net positive effect on
| the world.
| datadata wrote:
| The size of the market just for identify theft protection is
| 10 billion USD [0]. There is 30 billion USD in credit card
| fraud a year [1]. I don't think that is working well enough,
| that is a multiple-FTX sized loss of money every single year
| going into a problem that is fueled mostly by really bad
| underlying security systems.
|
| 0: https://www.globenewswire.com/en/news-
| release/2022/03/23/240.... 1:
| https://www.bankrate.com/finance/credit-cards/credit-card-
| fr...
| lxgr wrote:
| > Every bank check lists the bank account number, which serves
| as the only information needed for a party to issue a request
| to withdraw money from that account.
|
| The same principle (i.e. knowing an account number means being
| able to debit it) works surprisingly well in many European
| countries for direct debits, and the account number is
| considered even less of a secret than it is in the US. For
| example, many freelances routinely print it on their invoices
| sent out to clients, have it as part of their e-mail signature,
| or even prominently feature it on their website.
|
| What makes it work is that, under the SEPA Direct Debit
| framework, the risk of fraud and insufficient funds is 100% on
| the party initiating the direct debit. An accountholder can
| literally click a button on their bank's app or website and
| they get the funds back immediately, no questions asked, within
| 8 weeks of the original debit date.
|
| This, in turn, means that it is in the initiating party's self-
| interest to only accept this form of payment in high-trust
| situations, and not just like a low-fee replacement for credit
| and debit cards that shifts some amount of fraud risk to the
| accountholder or their bank.
| marcosdumay wrote:
| > What makes it work is that, under the SEPA Direct Debit
| framework, the risk of fraud and insufficient funds is 100%
| on the party initiating the direct debit.
|
| It also helps that the accountholder has to allow each party
| that will debit money from their account. By default, those
| requests are denied.
|
| AFAIK, the US works the other way around.
| lxgr wrote:
| > By default, those requests are denied.
|
| That's not the case in Germany, at least.
| RandomLensman wrote:
| Banks don't need a SEPA mandate to allow a direct debit?
| germanier wrote:
| The SEPA mandate is between the parties in the
| transaction. While banks require their existence, it is
| usually not shared with the banks involved.
| RandomLensman wrote:
| So only a creditor ID is needed if someone has a set of
| IBANs and then things will be processed?
| germanier wrote:
| A creditor ID and a direct debit agreement with some
| bank, yes. After you have those, (usually) the banks
| won't verify individual transactions.
| oblio wrote:
| Do you mean that if I know a German bank account number I
| can just withdraw money for me?
|
| Be right back, asking some German friends for their bank
| account numbers.
|
| Jokes aside, you're probably wrong. There's NO way I can
| just pull money from their bank account just by knowing
| their bank account number.
| lozenge wrote:
| As a person you can only send them money. As a business
| you can initiate a direct debit which withdraws money.
| However you are attesting that they signed a direct debit
| agreement with you and provided their account number and
| agreed on the amount to pay.
|
| This is the same as a credit card - you can charge any
| card with just the number and a couple of basic details,
| however if there's a complaint "I found these CC details
| on a random website" isn't accepted, you need to show the
| card holder agreed to the charge. If you don't provide
| the evidence the transaction is reversed.
| lxgr wrote:
| > Jokes aside, you're probably wrong.
|
| What GP says is accurate.
|
| > Do you mean that if I know a German bank account number
| I can just withdraw money for me?
|
| _You_ most likely can 't, because if you have to ask
| this you don't have an agreement with a SEPA Direct Debit
| originating bank that lets you :)
|
| And even if you decide to open one now: Given the risks
| involved for the originating bank, they will heavily
| scrutinize your business case and demand considerable
| collateral and/or payout time limits.
| summarity wrote:
| Yes, yes you can. Name + IBAN is all you need to enter
| even large recurring payments.
| lxgr wrote:
| Most importantly, you need a bank that will let you
| submit any DD requests.
| germanier wrote:
| Yes, if you set up a direct debit agreement with a bank
| you can do that. If you'd actually try what you suggest
| it will be revoked quickly and charges filed as your
| identity is known.
| organsnyder wrote:
| > AFAIK, the US works the other way around.
|
| "Positive pay" is available for checking accounts in the
| US, though I've never heard of it used outside of business
| accounts, and only then by request (and probably extra
| fees).
| Denvercoder9 wrote:
| > By default, those requests are denied.
|
| This depends on your bank, mine allows them by default.
| oblio wrote:
| Which European bank is it?
| Denvercoder9 wrote:
| > What makes it work is that, under the SEPA Direct Debit
| framework, the risk of fraud and insufficient funds is 100%
| on the party initiating the direct debit.
|
| Additionally, you need to have a direct debit agreement with
| your bank to be able to initiate a direct debit. You need to
| show at least some legitimate banking history (and a
| government-issued ID) to get one, and they come with limits
| on how many and how much you can debit per period, and your
| bank will terminate the agreement if your reversal rate is
| higher than normal.
| janosdebugs wrote:
| This does have a minor drawback on the service provider side
| as allowing people to sign up for a service with direct debit
| is hard to get right, so many services prefer to offer credit
| card payment even if it is more expensive. There is no way
| for you to verify that a person signing up is actually the
| account holder save for doing the "we debited 1c on your
| account" thing, which takes a few days.
| lxgr wrote:
| Yes, and that's arguably by design. If you need
| confirmation of funds, cardholder/accountholder
| authentication, and a dispute mechanism that doesn't side
| with the customer in 100% of scenarios, SEPA Direct Debit
| is probably not the payment method you want.
|
| > the "we debited 1c on your account" thing
|
| This doesn't actually work with SEPA Direct Debits, since
| there is no such thing as "disputing a reversal" or
| "compelling evidence": If the accountholder says "funds
| back, please", the involved banks have to oblige.
|
| In fact, direct debits are so reversible/non-final that
| it's SOP for bankruptcy managers to claw back all of the
| last 8 weeks' worth of direct debits drawn on a bankrupt
| person's or entity's account, which can be quite surprising
| for debtors.
|
| In other words, it's possibly a better mental model to
| think of direct debits as a request for a wire in 8 weeks
| that gets earmarked for approval by default if enough funds
| are present, but that accountholders can cancel at any
| point in time, as far as finality (but not liquidity) is
| concerned.
| sithadmin wrote:
| For credit cards, mobile wallet transactions are tokenized, and
| EMV chip transactions function similarly.
| stronglikedan wrote:
| - Banks not doing their due diligence to make sure they are
| lending to the correct person, and then being allowed to blame
| the victim for it.
| [deleted]
| gumby wrote:
| > Every bank check lists the bank account number, which serves
| as the only information needed for a party to issue a request
| to withdraw money from that account.
|
| A check is simply a contract -- a promissory note. Like any
| contract you wouldn't sign it with someone you didn't trust,
| right?
|
| (Obviously that statement, while true, is risable these days.
| But I remember a Bogart film in which he was setting a debt at
| a casino so asked the owner for a check -- he filled in not
| only the amount but his name, address and bank).
|
| All the info on your check is just printed there as a
| convenience to you, or at least used to be. Until ~20 years ago
| physical checks were still sent back to your bank where they
| would check the signature, which could take a while! I think
| since the 72 hour rule went into place (and sending checks
| physically no longer allowed) the format was set by regulation
| singleshot_ wrote:
| If you trusted the person from whom you accepted a check, why
| didn't you simply accept a promise to be paid later?
|
| Put elsewise, the salient feature of a check is that your
| trust in that bank backstops your lack of trust in the bearer
| of the checking account.
|
| (Right? Or did I misunderstand your trust model perhaps?)
| thephyber wrote:
| Each one of these systems has a better replacement, but not all
| of the industry has moved to it.
|
| The largest related issue I believe is that the use of
| "knowledge databases" by credit bureaus (and all of the
| companies and governments that trust credit bureaus).
|
| Each of these has been solved, but until the last system using
| the inferior authentication is upgraded, they all remain weak
| points. I have argued that the US (or each state) should create
| a digital certificate system similar to Estonia's "digital
| residency card" or S Korea's online transaction signing
| (although hopefully not implemented as an ActiveX control for
| Internet Explorer 5).
| lxgr wrote:
| > Estonia's "digital residency card"
|
| The EU is actually federating systems like that under an
| umbrella of regulations and technical services called eIDAS
| [1]. I haven't been able to use it in too many places yet,
| but if it takes off (which is a pretty load-bearing "if", to
| be clear), I think it could be an important step towards
| making these systems usable internationally.
|
| Especially the US, which seems to prefer to handle ID card
| issuance at the state or even municipal level, could benefit
| from a federated approach like that - assuming that people
| would be willing to trust their local/state government to
| that extent, in any case.
|
| [1] https://en.wikipedia.org/wiki/EIDAS
| briffle wrote:
| You think that is bad, every doctors office I have ever dealt
| with over the phone has just asked for my name, and birthdate.
| Think of all the friends on social media I can impersonate!
| grishka wrote:
| This is mostly unique to the US. Where I'm from, we don't use
| our SSNs _as passwords_ , bank checks and direct debit are
| simply not a thing, and credit cards have two-factor
| authentication for online purchases.
| Semaphor wrote:
| 2FA for online purchases is, at least in Germany, is not
| always a thing. I don't know how it's decided, but I'd say
| only about 50% -70% of online purchases trigger the 2fa of my
| bank.
| RandomLensman wrote:
| My understanding is that it is related to the fraud
| prevention capabilities (incidence?) of the other party and
| the amount.
| cs702 wrote:
| Wait, _what_? Private keys were stored in unprotected plaintext
| files regularly opened by multiple people at the company? WTF?
|
| That crosses the line and goes deep into "willful negligence"
| territory, in my view.
|
| The physical equivalent would be stacking customer assets like
| dollar bills and gold bars in big piles inside a heavily
| trafficked room that has no lock.
|
| The term "irresponsible" doesn't quite do justice to it.
|
| Unbelievable.
| albatross13 wrote:
| The fact that you're surprised by this is the most alarming
| thing in all of this.
| paulcole wrote:
| > That crosses the line and goes deep into "willful negligence"
| territory
|
| This is FTX we're talking about. That line is far far far in
| the rear-view mirror.
| panarky wrote:
| > Wait, what? ... WTF? ... Unbelievable.
|
| You sound shocked! shocked! to find gross incompetence going on
| in a place where the accounting system is an Excel spreadsheet
| manually maintained by the CEO himself, with entries like
| "Hidden, poorly internally labled fiat@ account" (sic)
| purportedly worth $8 billion.
|
| Private keys in plaintext in the shared Google Drive that the
| entire company has access to? That is the least surprising news
| I've heard today.
| berkle4455 wrote:
| Yet FTX wasn't hacked. Their own irresponsible bets lost it all
| instead.
| danielvf wrote:
| I mean FTX had over 300 million dollars moved out of company
| funds, without company authorization, by parties unknown, and
| with insufficient monitoring to even know it happened until
| third parties let them know. So kind of depends on your
| definition of hacked, I guess.
| tough wrote:
| Sounds like really nice plausible deniability for whomever
| came up with such a blatant wrong way of storing
| secrets/value
| notfed wrote:
| Nov. 11 -- Friday: SBF resigns, FTX goes bankrupt
|
| Nov. 12 -- Saturday: FTX hacked for most of its remaining
| crypto
|
| Y'all be the judge.
| HDThoreaun wrote:
| They may have already been hacked and the hackers were
| laying low. Seems more likely that insiders stole it
| though yea.
| tough wrote:
| Let's hope he doesn't buy the judge with the stolen
| funds...
| panarky wrote:
| Why not both? https://www.bbc.com/news/business-64313624
| AlexandrB wrote:
| One way to look at FTX is as a horse race between multiple
| catastrophic failure modes. In this case the financial
| malfeasance "won". Maybe in another universe where interest
| rates stayed low for another year we'd see FTX go down to a
| hack instead.
| matthewdgreen wrote:
| My understanding from that document is that the bankruptcy
| managers are just beginning to piece together an accounting
| of what happened to the money at FTX, and even that
| accounting is incomplete because personal laptops belonging
| to executives are being held back by Bahamian authorities. So
| "FTX wasn't hacked" is just a hypothesis at this point.
| Hacking probably wasn't the major contributing factor to the
| exchange's financial problems would probably be a more
| accurate statement.
| AnimalMuppet wrote:
| "Sufficiently advanced incompetence is indistinguishable from
| malice."
|
| I don't recall who said it, but it seems to fit.
| unaesthetic wrote:
| Hanlon's razor is an adage or rule of thumb that states,
| "Never attribute to malice that which is adequately explained
| by stupidity."
| AnimalMuppet wrote:
| Right. My comment is a reverse of that, expressed in a
| similar form to Clarke's Law that "Sufficiently advanced
| technology is indistinguishable from magic."
|
| But I stole it. I didn't make it up.
| burnished wrote:
| Yeah, this is sort of the teleological view. I think Hanlon's
| razor is a great first guess when trying to figure out
| people's motivations, but this inverse is probably more
| appropriate when thinking about what your defenses/reactions
| should be.
| causality0 wrote:
| Personally I believe there's a strong correlation between how
| crazy you act on social media and how competent your internal
| security is.
| michaelsshaw wrote:
| True competent professionals tend to keep quiet
| WeylandYutani wrote:
| There's a reason why all bankers from Nigeria to Japan wear
| boring gray suits in commercials.
|
| Never understood what people saw in SBF.
| codyb wrote:
| That does not bode well for Twitter....
| clueless wrote:
| man, then look out for elon's companies
| [deleted]
| arcticbull wrote:
| > That crosses the line and goes deep into "willful negligence"
| territory, in my view.
|
| Er, that's the thing that pushed you over the line? Not all the
| fraud and crime?
| mnky9800n wrote:
| i was okay with the fraud and the crime. it was the
| hierarchical polyamory that pushed me over the line.
| h2odragon wrote:
| > the hierarchical polyamory that pushed me over the line.
|
| Really. At that point one should have the decency to
| declare your outfit a religion, and stop paying taxes.
| mnky9800n wrote:
| you are obviously too clever to have been employed at
| FTX.
| EGreg wrote:
| That was just ironic I am sure
|
| Just like the "very easy math" that they all touted that
| was all that was needed to manage the entire thing
| mrguyorama wrote:
| The math gets REALLY easy when you do none of it.
| Waterluvian wrote:
| Hierarchical polyamory? I thought they meant spreadsheets,
| not spreading the sheets.
| dang wrote:
| " _Please respond to the strongest plausible interpretation
| of what someone says, not a weaker one that 's easier to
| criticize. Assume good faith._"
|
| https://news.ycombinator.com/newsguidelines.html
| arcticbull wrote:
| Ah sorry, I just meant that light-heartedly. I wasn't
| assuming ill intent of the parent at all - just FTX. I'll
| be more careful. Tone doesn't always carry well over the
| internet.
| dang wrote:
| Ah thanks. I obviously misread you, but alas that
| probably means many others would as well - particularly
| when the comment doesn't contain enough information to
| convey intent.
| A4ET8a8uTh0 wrote:
| Both are bad. Crime is bad, but this is an argument for
| making software engineering more like a medical doctor's
| guild. Some things simply should not be done. There is an
| expectation of competence for some things like finance and
| medicine.
| ted_bunny wrote:
| Their finance scheme was like benefits fraud. Plaintext
| keys is malpractice. Is that close to what you mean?
| A4ET8a8uTh0 wrote:
| Basically yeah. Medical doctors will not do some thing
| for fear of losing their license to practice. One could
| argue storing data like this in plain text is
| malpractice.
| compiler-guy wrote:
| Storing your keys in plain text is hardly software
| engineering. Plenty of people who don't know the first
| thing about coding do it all the time.
|
| This is a failure of security and risk management. Making a
| guild or licensing requirements for software engineers may
| or may not be a good idea, but it wouldn't have addressed
| this problem.
|
| But even if it would have in the abstract, FTX played fast
| and loose with so many other rules, I wouldn't expect them
| to abide by those either.
| A4ET8a8uTh0 wrote:
| Hmm. That is a valid argument for me. You are right. In
| practical terms, the main issue lies with risk assessment
| ( and leadership basically running a scam ), but should a
| person implementing their ideas know better?
|
| I know what the real answer is, but I am curious of the
| response.
| AlexandrB wrote:
| I wonder if this reaction is so strong because the readership
| here are generally more knowledgeable on software and software
| security than banking. If there was a Hacker News for banking
| experts, they probably had this reaction to the "accounting"
| spreadsheet SBF released previously.
| logicalmonster wrote:
| > That crosses the line and goes deep into "willful negligence"
| territory, in my view.
|
| A lot of people are making the assumption that gross
| incompetence reigned supreme with FTX, and that does seem like
| the likeliest explanation, but another potential explanation is
| deeply devious criminal activity.
|
| They could have preplanned this behavior. If they were ever
| caught doing anything really bad, they had "plausible
| deniability" by being so loosy-goosy with security and best
| practices. Everybody from a rogue employee to hackers could be
| blamed by them if the shit ever hit the fan and they could have
| some kind of defense that they were so disorganized that they
| didn't really know what happened.
|
| You might be able to distinguish this by looking at how SBF's
| own personal crypto funds were managed. If he knew enough to
| manage his own crypto in a saner way, then you could probably
| make a case that dysfunction in FTX was by design because he
| knew better and didn't do it.
| SoftTalker wrote:
| It is not plausible that he didn't know better. No jury would
| believe that claim.
| gleenn wrote:
| While I agree with most of this, keeping a small number of
| things secure for yourself is far easier than doing it for
| thousands/millions of accounts in an automated way. That's
| true of almost everything in software. For instance, just
| because I know how to use a password manager doesn't mean
| it's easy to get my whole family using a password manager.
| They were clearly dysfunctional and there may be some of this
| at play but Occam's Razor says it was just easier to store
| less securely.
| roundandround wrote:
| I think that is what is so hilarious about the situation.
| The US is forever creating situations where companies want
| to be first in and fastest scaling at any cost, offering
| free everything to begin.
|
| If they were a bank they would realize their growth is
| beyond their competence and bring in boring big bank
| security experts with some of the huge profits on the even
| more massive holdings.. But there were no legal profits on
| holding all these assets because they promised to be
| something better than a bank, making its money from risking
| your assets, so that was just done illegally leaving no
| above the table accounts for legitimate operation costs. (A
| friend of SBF with an illegal loan will obviously keep your
| keys safe.)
|
| How could an honest company that takes negligence seriously
| compete? It is like the opposite of regulations as barrier
| to entry. How do you sell things for less than the Mafia's
| laundering operation?
| logicalmonster wrote:
| > While I agree with most of this, keeping a small number
| of things secure for yourself is far easier than doing it
| for thousands/millions of accounts in an automated way.
|
| Of course, but the qualifier I used is "make a case".
|
| Obviously, nobody can ever read SBF's mind, but the
| government might have enough to prosecute him from this
| angle if they could prove that he knew better from his
| behavior with his own holdings, but didn't do things in a
| certain way for FTX's holdings.
| bongoman37 wrote:
| [dead]
| shagie wrote:
| > A lot of people are making the assumption that gross
| incompetence reigned supreme with FTX, and that does seem
| like the likeliest explanation, but another potential
| explanation is deeply devious criminal activity.
|
| Former FTX US President Reportedly Quit After 'Protracted
| Disagreement' With Bankman-Fried -
| https://www.coindesk.com/business/2023/04/09/former-ftx-
| us-p...
|
| > ...
|
| > According to the report, another employee in the exchange's
| legal department was "summarily terminated after expressing
| concerns about Alameda's lack of corporate controls, capable
| leadership and risk management."
|
| > Alameda wasn't even clear on what its own positions were,
| "let alone hedging or accounting for them," Ray's document
| reads. A June 2022 portfolio summary, which was supposed to
| show Alameda's makeup of crypto positions, was reportedly
| fabricated after employees were allegedly instructed by an
| unnamed higher-up to "come up with some numbers? Idk."
|
| > At one point, according to the report, Bankman-Fried told
| employees:
|
| > "Alameda is unauditable. I don't mean this in the sense of
| 'a major accounting firm would have reservations about
| auditing it'; I mean this in the sense of 'we are only able
| to ballpark what its balances are, let alone something like a
| comprehensive transaction history.' We sometimes find $50m of
| assets lying around that we lost track of; such is life."
|
| ---
|
| I'm not sure "devious" is the right word choice. Criminal
| activity - yes. I suspect they knew they were criminals to
| some degree but were grossly incompetent when it came to
| managing it.
|
| It feels more like a constant stream of lies to support the
| ongoing fraud rather than devious.
| bagels wrote:
| "such is life" = I refuse to take any action to improve
| this situation
| klibertp wrote:
| > We sometimes find $50m of assets lying around that we
| lost track of; such is life.
|
| I _want_ that life. No, seriously, let me find even just
| $5M laying around, just once.
|
| I mean, what do you need to have between your ears to even
| remotely consider losing, and then finding, 50 millions of
| someone else's money as normal? Such is life? Where? Other
| than in government agencies, of course.
| pcthrowaway wrote:
| I've found a $100 bill I misplaced before, and to me that
| represents a higher percentage of my net wealth than $5M
| would to most billionaires
|
| And that might be equivalent to a penny to a significant
| chunk of the global population that doesn't have more
| than $2-4 to their name
| endisneigh wrote:
| How should the keys be stored? Not excusing them, but this isn't
| as straightforward to resolve as people think. That being said,
| not having any access controls is cringe. Really?
| nawgz wrote:
| Remember when these guys were buying stadium names and sponsoring
| esports teams and everything?
|
| Pure incompetence was the shining jewel of cryptocurrency.
| Hilarious.
| kerblang wrote:
| Stupid & Evil are best friends - if you're looking for one, the
| other is often nearby. There's going to be a mix of incredibly
| stupid and incredibly crooked behavior all through this. It's not
| a surprise that this "genius" is a delusional, pathetic dolt who
| couldn't operate a frozen banana stand properly, much less a
| multi-million dollar company. It's also not a surprise that he
| _truly_ thinks he 's innocent on all charges, because he's that
| much of an idiot.
|
| Crooks typically believe and disbelieve their own bullshit
| simultaneously, which is even more nonsensical, but that's just
| criminal thinking at work. None of this is particularly confusing
| to criminal prosecutors, just the same ol' same ol'. SBF is going
| to jail, and if he doesn't switch his plea soon he's _really_
| going to jail...
| akira2501 wrote:
| > who couldn't operate a frozen banana stand properly,
|
| A lot of column inches are dedicated to making it seem that
| way; however, I have a sneaking suspicion that there's _always_
| money in the banana stand.
| qeternity wrote:
| Mr Banana Grabber royalties
| kibwen wrote:
| This is why seeing people attempt to excuse behavior via
| Hanlon's Razor makes me fume.
|
| For any entity with a sufficient amount of power, stupidity is
| indistinguishable from malice.
| hef19898 wrote:
| It is hard to accept, at least for me sometimes, that the
| answer to the question "Are those people stupid or fraud?" is
| more often than not is "both". It does explain a lot so.
___________________________________________________________________
(page generated 2023-04-10 23:02 UTC)