Announcing a Return to our Roots: The All-New Bitcoin Magazine

OKCoin Reveals Security Policy: Sets Standard for Operational Transparency


         OKCoin Reveals Security Policy: Sets Standard for Operational Transparency

On Friday, Star Xu, CEO of trading platform OKCoin, published his company’s security policy in a Reddit thread.

“OKCoin has decided to openly share [its] cold wallet security information. Through this transparency, OKCoin aims to assure users of the security of their funds,” the post stated.

Xu then encouraged members of the community to contribute feedback.

He began by outlining the company’s security design philosophy, focusing on key vulnerabilities inherent in Internet connections, USB drives and reliance on centralized management.

He went on to explain how the company’s security design protocol addressed concerns surrounding private key generation and backup, depositing bitcoin from an online hot wallet to an offline cold wallet, and retrieving bitcoin from an offline cold wallet.

The post listed key highlights of the OKCoin security protocol:

  1. The cold wallet addresses can only hold a limited amount of bitcoin.

  2. Private keys are stored on completely offline computers.

  3. Certainty that the private key never had any contact with the Internet or USBs.

  4. Encrypted private key paper document requires offsite backup, and is controlled by different people in different places.

  5. AES private key password shall also be controlled by different people in different places, and shall not be the same person with the master of the private key.

  6. Holders of the AES private key password and those with the ability to retrieve the encrypted private key are different people and in different places.

  7. Once a private key has been used to transfer bitcoin out of the address, the address is no longer to be used again for deposits.

In an interview with Bitcoin Magazine, Michael Perklin, president of the CryptoCurrency Certification Consortium (C4) and president of Bitcoinsultants Inc., commended Xu.

“Having a strong security policy is one of five things that every cryptocurrency storage solution should have,” Perklin said, adding that the other four pillars include “procedures, trained personnel, secure hardware and secure software.”

According to C4’s Cryptocurrency Security Standard matrix, it appears that OKCoin’s manifesto covers many, though not all, of the points companies need to include in their security policies to earn Level II and Level III ratings.

Perklin added that by publishing its security policy, OKCoin doesn’t lose anything in terms of security. The move should, in fact, give their clients a degree of confidence.

“Kudos to OKCoin for doing this,” Perklin said.


Ten Years Later, a Reflection on Bitcoin’s Genesis and Satoshi’s Timing

Rather than focusing simply on what the genesis block is, today is a day to reflect on what the genesis block represents.

Colin Harper

Op Ed: From Gray To Black and White: Traditional Regulations Come to Crypto

For the crypto industry, recent developments — at both the federal and international levels — signal that the time for plausible deniability or unregulated freedom is coming to an end and more traditional regulations are moving to the forefront.

Courtney Rogers Perrin and Joshua Lewis

Bitcoin Price Analysis: Blowing Through Support Levels on the Way to $3,000

Bitcoin continues to tumble lower and lower as it struggles to claim any footing in the market. It’s down almost 50% in three weeks and it’s showing very little sign of stopping. It’s currently clutching onto the $3,500 values but it doesn’t look like it can hold on much longer.

Bitcoin Schmitcoin

Op Ed: SEC’s Latest Declaration Creates Legal Minefield for Digital Assets

This broad, authoritative declaration is not unexpected, as, to date, the SEC has stated that all digital assets — regardless of whether they function as alt coins or utility tokens — are securities at least initially and, thus, subject to its jurisdiction.

Huhnsik Chung and Nicholas Secara