It is almost six months ago that Bitcoin Central, the main Bitcoin exchange in France, shut down after losing tens of thousands of dollars to an online attack. The attacker managed to get in by breaking into the exchange’s virtual private server, allowing them to access its online “hot wallet” and withdraw all of the funds. Fortunately, the bulk of the exchange’s BTC funds were stored in offline “cold storage” so Bitcoin Central was able to absorb the loss and fully reimburse its customers, but the platform’s developers nevertheless saw it fit to take down the site to prevent any further losses while they figured out exactly what went wrong.
What happened over the next six months was a complete redesign; the website was rebuilt from the ground up, the trading engine was split up into multiple components, and tight security and redundancy mechanisms were added on all levels. The site’s operators had originally intended to bring the site back online in the middle of the summer; in reality, however, June and July came and went, and not a word came from Bitcoin Central; indeed, some even began to suspect that the site was gone for good. But now, after nearly five and a half months of downtime, Bitcoin Central is back online.
The first sign that Bitcoin Central has changed appears as soon as the site is loaded; the site now features a radically redesigned web interface that is both simpler and much more visually appealing than the old version, and includes a detailed statistics page, latest trade data and support for English and French. The charts are not yet too interesting, as volume on the site is still low, but once people start depositing to the exchange and trading in full force that is likely to change. But what is more interesting is the extent to which the exchange has changed on the backend. CTO David François writes:
The complete stack has been redesigned from the ground up to vastly improve performance, security, flexibility and ease of maintenance:
* The architecture has been split into independent software components that talk to each other, which ensures a much better fault-tolerance, horizontal scalability, independent auditing and monitoring.
* Our security infrastructure and procedures are now designed in such a way that the compromise of one or several components has no impact on the integrity of our data and accounting; this is achieved through a mix of software evolutions and tight operational procedures.
“Fundamentally”, Pierre Noizat summarizes, “there are no private keys on the servers anymore”. From a security perspective, taking the private keys away from the public-facing servers is likely the single most important improvement that was made; by keeping the part of the system that handles private keys and signs transactions as simple and isolated as possible, the architecture minimizes the risk that attackers will find some flaw that allows them to extract the private keys and steal the exchange’s online funds. When the site was taken down in April, it sufficed to simply get into the public-facing server to get this information. Now, one must get into the public-facing server, retrieve the IP address of the key-handling server, and then hack into that server as well. Still theoretically possible, but with far more parts that need to fail at the same time for any kind of attack to succeed.
The database of which users hold much many bitcoins in their accounts is another important issue; when Bitcoinica was hacked for the second time in May 2012, the main difficulty in reimbursing customers, a difficulty which still remains largely unresolved, is that the attacker managed to not only steal about a tenth of the already financially struggling site’s funds, but also deleted both the live copy of the account database and the backup. In the new Bitcoin Central, “the accounting database is secured in multiple ways.” Bitcoin Central is hesitant to share further details about exactly how everything is secured; “as much as we do not believe in ‘security by obscurity’ for algorithms,” Noizat writes, “we do believe that knowledge of the server architecture can help a would be intruder.”
Almost A Bank Account
Bitcoin Central first became famous in December 2012 when the exchange announced an agreement with the payment services provider Aqoba to convert the fiat currency portion of its users’ exchange accounts into what would essentially be bank accounts. Each account would have its own international bank account number (IBAN), allowing anyone to wire money to it just like any other bank account, and Bitcoin Central had plans to come out with a debit card that could spend from the account. The only difference is, as Noizat describes it, that “that the funds are not ‘deposits'; they cannot be used by the Payment Institution to issue credit.” The Aqoba move was hailed by many as a massive step forward in banking and regulatory integration, especially since Bitcoin Central employees had had extensive discussions with regulators while they were working out the details of their agreement. Unfortunately, it never came to pass. Months of delays came and went, and at the end of April the whole effort was abruptly cut short when Bitcoin Central shut down. Two and a half months later, bitcoin.de in Germany made a very similar deal with Fidor Bank, the implementation of which is still in its later stages today.
But Bitcoin Central has not given up, and is only coming back stronger. Noizat writes: “We have clinched a deal with a new Payment Institution partner, namely Lemon Way. Our systems are now fully integrated to speed up the funding and withdrawals operations to the point where I believe we will offer the shortest possible turn around time (one or two days at most) to buyers and sellers of bitcoins. Each customer of bitcoin-central now has a full-fledged, regulated payment account with our licensed partner, as soon as the customer account is verified.” This is significant; there have been talks for many months from Bitcoin Central, Fidor and others about having a direct partnership with some kind of banking partner, but this is the first time that anyone has actually carried the integration through to completion. As unlikely as it seemed when Bitcoin Central shut down and bitcoin.de charged ahead with its announcement with Fidor, it appears now like Bitcoin Central is the first one to integrate directly with the banking system after all.
On the other hand, Bitcoin Central’s payment accounts are much more limited in scope than the original vision that the company had with Aqoba. The accounts with Lemon Way have no IBAN, and although Bitcoin Central does plan to make it possible to fund the accounts with bank card transactions, even that functionality is not expected to come out until early 2014. Furthermore, because payment services providers, unlike banks, are not authorized to use deposited funds to issue credit, anyone wishing to get an interest rate on their deposits should best wait for the finished integration between Fidor and bitcoin.de.
So that is the benefit of having a regulated payment account? In essence, safety. With the way exchanges currently work, depositors are essentially creditors to the exchange; the exchange has, in the short term, full control over depositors’ funds, and if the exchange starts taking these funds for its own use depositors need to go through the legal system to get any recourse. Sometimes, it is not even the exchange’s fault, as either regulatory difficulties or banks’ unwillingness to work with Bitcoin exchanges leads to long delays for customers trying to recover their deposits. Both of these concerns are very real. In Germany, regulators began an investigation into Bitcoin24 earlier this year, concerned that the exchange was stealing users’ deposited funds; the current situation is still unclear, although many people report having received their funds back. As for externally caused problems, earlier this year when Bitfloor shut down due to banking problems, it took months for its founder Roman Shtylman to find a bank that would allow him to redistribute deposited funds to his customers. With regulated payment accounts, at least these problems can be avoided; there will be a clean separation between exchange funds and customer funds, and even if the exchange goes down the payment services provider will be able to handle withdrawals.
Bitcoin in France and Abroad
Bitcoin’s popularity in France, where Bitcoin Central is based, continues to lag behind its popularity in countries like Germany, the Netherlands and the UK. Pierre Noizat writes: “France and more generally, southern European countries seem to lag behind Northern European countries and behind countries where English is a dominant language. I believe the main reason is that most of the bitcoin literature is in English. That is a side effect of the free software, open source nature of bitcoin; things go fast and not enough resources are devoted to producing localized educational material. Translations of software are a good thing and can be crowdsourced but development and technical discussions still take place in English.” This argument is certainly a valid one; looking at various countries in the world by the percentage of English speakers and the Google Trends search volume for Bitcoin does indeed reveal a strong correlation.
With regard to those countries where the dominant language does not even use the same alphabet, the correlation is somewhat artificial; Russian Bitcoin users, for example, might be searching for “Биткойн” and not “Bitcoin”. Furthermore, much of the correlation is caused by the fact that Bitcoin and English are both more popular in countries with advanced economies. However, even looking only at countries of similar wealth where the Latin alphabet dominates, there are substantial similarities between the two graphs; the strength of the Netherlands, the Scandinavian countries, Israel (where the alphabet effect is mitigated since very many people speak English), Canada, the US and Australia, and the weakness of France, is apparent in both charts.
Bitcoin Central’s Pierre Noizat has written a number of educational materials explaining Bitcoin in French, including the book “Bitcoin: Monnaie Libre”, available in hardcover on Lulu and Amazon. In time, hopefully more Bitcoin materials in French and other languages will become available.
For now, though, Bitcoin Central is offering its services beyond just France. “Thanks to our partnership with a licensed Payment Institution,” Noizat writes, “we are legally authorized to serve all residents of the 30 states in the European Economic Area. Because of the SEPA wire transfer mechanism it does not make any difference whether we serve a customer in Denmark or in France: the account funding and withdrawal operations take one or two days at most.” Thus, Bitcoin Central should best be thought of as a European exchange, next to Bitstamp and bitcoin.de, and not a platform specific to France; anyone in the European Union (except Croatia), Switzerland and even Iceland can benefit. For other parts of the world, Bitcoin Central is offering its trading engine under a licensing agreement; Noizat reports that they have already initiated discussions with a USD exchange, “but there are opportunities with many other currencies.”