Can someone from @BitGo pls chime in and describe how "setPolicyRule" calls are protected?https://twitter.com/el33th4xor/status/761492444303265792 …
-
-
Replying to @el33th4xor
Spoke to
@bendavenport from BitGo & based on his description, am convinced that setPolicyRule is not fundamentally insecure in the BitGo API3 replies 15 retweets 15 likes -
Replying to @el33th4xor @bendavenport
@CraigNakamoto based on what you know is there anything
@BitGo can do to prevent smthing like this happening again1 reply 0 retweets 0 likes -
Replying to @MrChrisEllis @bendavenport
maybe this particular scenario but it will never be possible to save people from themselves.
1 reply 1 retweet 3 likes -
Replying to @el33th4xor @bendavenport
even if diff API could have been used BitGo still blind signing, why no human oversight for $60m?
1 reply 1 retweet 5 likes -
so
@BitGo automated all the things and signing 120k BTC w/out human oversight is good opsec?3 replies 1 retweet 3 likes -
Replying to @MrChrisEllis @el33th4xor
Last I heard,
@BitGo facilitates over $1B in txns per month. I don't see how injecting human middlemen can scale.4 replies 3 retweets 2 likes -
Replying to @lopp @MrChrisEllis and
can have limits that require a human to change that are only hit in a very small % of circumstances
2 replies 0 retweets 1 like -
Replying to @alistairmilne @lopp and
yeah or just an automated machine phone call to the CTO when more than n% gets hit.
2 replies 0 retweets 2 likes
beeing called and giving permission for n% of 1btc wallet doesnt make sense
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.