1. one can try to trace the bitcoin client that executes the unauthorized transactions
2. as a way to resolve the dispute ... all transactions to the disputed account could be reversed

[3. one could assign to the safe address pools of preferred IP addresses prior to the theft]
[4. one could assign an additional address[/signature] that is needed for resolving the dispute ... the service owner would have to make sure it is stored in a different place ... this could be the (central or independent) authority ... but the address owner has the a priori choice "whom" to choose]

1. ok

2. ... so what ? it is better to make bitcoins worthless than to give it to the hacker ... they will be worthless if the dispute is not resolved. by sending them back to the previous owners at least the community will profit ... also, imagine, this is a 'forex' exchange ... there would be ways to negotiate with the original owners terms of returning the coins.

3. ok

4. ?

Perfect, this would be sufficient for me. Any plans to introduce this?
... I am sure the community would love this and trust more services that claim to have introduced this mechanism.

Can You require now that bitcoins in one account require also the signature of another [or 2 signatures] to be sent ?
[this would also help if 2 wallets are needed to send BTC].

but they have to be stored in one wallet, right ? ... the required solution is to have two wallets .

Also the option of rolling back transactions has advantage because You detect intrusion attempts. The two keys requirement will most likely prevent the detection if the intrusion (compromise of one key).

but the service must be able to do the transaction automatically.


It is a sufficient solution for me if I need 2 separate computers that do NOT communicate with each other to confirm initiate the transaction. But if the transaction is conducted in one place by inserting two keys in one wallet, or by confirming the transaction with a passphares ... this is not safe enough.

I don't really care if most of the thefts occur due to ignorance of the service provider. A popular service (like mtgox) is probably the target of many intrusion attempts and after some time people will break in.

... in any case I will read more about the dual signatures ...

This concept is clear and this are basic safety elements of a service. Still imagine a single person that has the single key to most mtgox bitcoins. if he goes nuts the whole network will loose faith in the system. Also building larger, more reliable project will be problematic if all funds can just disappear due to a "malfunction" of one individual. This will not happen in real world as there, transactions can be reverted. In the current bitcoin network it is not the case and any claim that a service is reliable is exaggerated due to human errors.

If we want to make the system more reliable we have to introduce additional safety. Having the option to require 3 signatures from 3 (out of 3+x) people to confirm a transaction enables me to setup a system where a single person will not take off with substantial amount of other peoples money. If there is one administrator, he can have an accident and forget the passphrase :-) ... it is pointless of course to give more examples ... You know all this. But to be able to build something like a bitcoin bank that can not just evaporate due to a glitch the network needs to provide mechanisms that give at least the option to add safety.

- fallback account is great ... provides tools to identify malicious attempts and tools to defend it
- independent multiparty sign off of transactions needed for special accounts is also some solution that I could live with

Of course one can try to decentralize large services like forex exchanges but it is difficult to decentralize the interfaces between bitcoin and the real world unless we convince banks to accept interactions with the bitcoin network.

We're in agreement.  I'm just making sure you understand what tools exist, currently, for avoiding theft (as is the title of this thread).  If I was managing a multi-million dollar cashflow, you'd be using combinations of things.

3 people, in different place, with three different offline wallets.  Need 2-of-3 or 3-of-3 signatures to unlock any funds.  And as D&T pointed out, this is part of the network already, it's just not entirely accessible yet.  However, Armory provides a fairly convenient cold storage capability, and it won't be long before someone (Armory, too?) will get some useful multi-sig interfaces.  Then these kinds of ideas can actually thrive.

And many business owners still won't use them and will still lose people's money.  But we can't force it on them... we can only offer them the right tools...

I kinda like the idea of a slow address, but the reverting is a big nono. I would just permanently mark a address as a slow address, when a transaction is started it is broad-casted to the network and accepted but not confirmed as a transfer till 24 hours have passed, In that 24 hour there is a cancel option for both sender and receiver, if one of them cancels the transaction does not get confirmed.

People dealing with incoming transactions from such a address can see it has been instantiated but don't get conformation so they know they can't count on it being a valid payment till the 24 hours have passed. People owning such a address have 24 hours to notice btc was moved without there permission and to cancel that transaction. Even if the thieve has the same cancel power after obtaining a wallet it ends up in a game where the most persistent person wins and at the very least it dramatically decreases the appeal to steal such wallets. To me this seems like a valid and good way to add a extra layer of protection on personal saving addresses and/or any cold storage.

As for hot wallets on servers, it's less useful for those; as said we need multi sig to be completed asap.