WingNews logo WingNews GitHub [2]
top | item 10352148

Winklevoss Twins’ Bitcoin Exchange

186 points| wehadfun | 10 years ago |gemini.com | reply

88 comments

order
[+] tetrep|10 years ago|reply
They have a reassuring security page[0]. It's nice to see they're enforcing good practices, I especially appreciate their "no-link email policy" where they will never send you links in emails, which seems like a great way to head off phishing attempts. I hope they actually present this to users in some way during sign-up though, or it won't be of much help unless a user manually navigates to the security page and reads through most of it.

I'm a little disappointed that they only have level 2[1] HSMs in the cloud, as I would be uncomfortable protecting my hot wallet keys with only tamper evident protections, rather than level 3+ that actually attempt to detect intrusion and delete keys. Bitcoin makes for very quick stealing once you have keys, so reactive defenses against key loss don't help much as you're literally in a race condition with the attacker to empty the wallet (you into a non-compromised one, the attacker into their own). But I would assume they weighed cost/risk and I've never heard of a security compromise of Amazon's HSMs so it was probably a reasonable choice.

edit: I should also applaud their use of PGP and (explicit) respect for responsible disclosure.

[0]: https://exchange.gemini.com/security

[1]: https://en.wikipedia.org/wiki/FIPS_140-2#Level_2

[+] dtwhitney|10 years ago|reply
I personally know many of the engineers at Gemini and have worked with some of them in the recent past. If I were going to choose a team to build a bitcoin exchange, the people I know at Gemini would be on it. If you're into bitcoin, I think this is the place to put your money.
[+] benmmurphy|10 years ago|reply
I don't understand Amazon's cloud HSM product. Amazon says they don't have access to your HSM but presumably they do if they wanted to. Also, how does HSM protect the hot wallet if an attacker is able to get access to a machine that is using the HSM for signing? Your only hope is that you can obscure the credentials for the HSM from the attacker.

HSM for the hot wallet probably provides greater security than no HSM for the hot wallet but I don't think it gives you that much extra security.

[+] artursapek|10 years ago|reply
It's live! You can see there is some activity starting: https://cryptowat.ch/gemini

Also, there was a great post on /r/bitcoinmarkets by the CTO of another exchange, picking apart Gemini's technical setup. Worth a read if you're into modern frontend web development.

https://www.reddit.com/r/BitcoinMarkets/comments/3nkxh3/gemi...

[+] dubcanada|10 years ago|reply
I'm not sure if 'picking apart Gemini's technical setup' is the right way to describe it, I tend to think of 'picking apart' being negative while the comments are entirely positive.
[+] SuperKlaus|10 years ago|reply
He's really just looking at the frontend side of things.
[+] scient|10 years ago|reply
I would not consider going over their frontend assets and request headers anything close to picking apart their technical setup though. For anyone a little more knowledgeable that post is just a collection of random facts about the apps visible front-end.
[+] colinplamondon|10 years ago|reply
I find this kind of analysis way more interesting than highscalability. Different audiences, but these kind of frontend-centric articles are incredibly actionable.
[+] sandGorgon|10 years ago|reply
interesting... still doesnt talk about the actual API stack though. Conformal is using golang and Coinbase is using Ruby... wonder what these guys are using.
[+] roymurdock|10 years ago|reply
What is the difference between this exchange and say, Coinbase, that makes it "next generation"? The website is very light on details.
[+] arpit|10 years ago|reply
From Tyler Winklevoss's answer on the Product Hunt page for Gemini: "Gemini is a New York state limited liability trust company, we did not apply for or have a BitLicense which is a much lower standard. As a limited liability trust company we are a fiduciary, which allows us to accept both individual and institutional customers under New York Banking Law (unlike the BitLicense, which does not convey such fiduciary powers). In short, we can work with both Main Street and Wall Street."

Source: https://www.producthunt.com/tech/gemini-2

[+] Caprinicus|10 years ago|reply
Well for a start coinbase is not an exchange
[+] TomGullen|10 years ago|reply
Interesting (unfortunate?) time to launch this with the malleability attacks going on.
[+] eterm|10 years ago|reply
Is this a dank meme based on the fall of mtgox or are there actually malleability attacks going on?
[+] pnathan|10 years ago|reply
Nifty. I think this is the first BTC operation I've seen where words like "compliance" are used in a serious fashion, and a direct aim at institutional investors is presented. Institutional investors are Very Serious Business, so it should be a fun ride.

I'm still holding out for a BTC ETF. :-)

[+] gregwtmtno|10 years ago|reply
Very slick identity verification process.

Instead of requiring a scan of your driver's license or other identifying document, they ask you for questions about your history. I've seen a similar process used at etrade.

[+] knodi123|10 years ago|reply
It's just a 3rd-party identity verification web service. I've gone through that at a number of sites.
[+] scient|10 years ago|reply
It is also fairly easy to spoof, especially given the number of PII leaks in the recent years.
[+] bko|10 years ago|reply
> Gemini operates fully in the United States. We work exclusively with American banks; your dollars are eligible for FDIC insurance and never leave the country

Is this just for the cash balance with the exchange or the bitcoin balance as well? I can't imagine it does, but it would be a strong selling point if it did. If its not, its pretty misleading as written.

> FDIC insurance covers all types of deposits received at an insured bank, including deposits in a checking account, negotiable order of withdrawal (NOW) account, savings account, money market deposit account (MMDA), time deposit such as a certificate of deposit (CD), or an official item issued by a bank, such as a cashier's check or money order.

> FDIC insurance covers depositors' accounts at each insured bank, dollar-for-dollar, including principal and any accrued interest through the date of the insured bank's closing, up to the insurance limit.The FDIC does not insure money invested in stocks, bonds, mutual funds, life insurance policies, annuities or municipal securities, even if these investments are purchased at an insured bank.

[0] https://www.fdic.gov/deposit/covered/

[+] ryanworl|10 years ago|reply
I think it is written fairly. Bitcoins and not dollars, and the rest of those things you listed that are covered by FDIC insurance are denominated in dollars. If someone (not you specifically) cannot understand the difference between dollars and bitcoins, they shouldn't be trading currencies.
[+] clamstew|10 years ago|reply
Did Uber open source their css?
[+] dmalvarado|10 years ago|reply
On an unrelated note, can anyone tell me what that parallaxy, image sliding feature of their website is, so search for it and learn it?
[+] StriverGuy|10 years ago|reply
I was just going to comment how nice the design is on this page. The parallax is very fluid and I love the 3-D line/polygon thing going on...
[+] joshu|10 years ago|reply
ha, "gemini", get it?
[+] cpwright|10 years ago|reply
Seems like a bad choice to me given that ISE already has an Options exchange called Gemini.
[+] colordrops|10 years ago|reply
No, what's the joke?
[+] howdoipython|10 years ago|reply
What is the best way to get bitcoin without associating it with your identity (credit cards, debt cards, etc).

Accepting pre-paid cards is fine too

[+] 2mur|10 years ago|reply
Localbitcoin has sellers who accept cash-purchased gift card codes. You're going to pay above market rate.
[+] kordless|10 years ago|reply
Go to a local bitcoin meetup. There will usually be someone there willing to do a trade. Bring cash.
[+] yc1010|10 years ago|reply
On localbitcoins.com or paxful.com you can buy bitcoin with prepaid vouchers, prepare to lose 20% for keeping your identity secure.
[+] lemiffe|10 years ago|reply
What a beautiful, fast website.
[+] smoreilly|10 years ago|reply
Honestly when banks have crappy websites it makes me really feel like the engineers doing the backend work are terrible. I know this is a horrible bias but still if you can't spend the time to make a good website who says they didn't cut corners on security?
[+] stevenh|10 years ago|reply
It was incredibly slow here. The tab locked up the entire browser for a full 7 seconds before I could begin scrolling. The rendering frame rate of scrolling was 3-4 FPS, and only jumped back up to a fluid rate once I scrolled down past all of the images. Late 2013 MacBook Pro running Chrome.
[+] Demeisen|10 years ago|reply
How does this not create a conflicting trademark with ISE Gemini?
[+] bduerst|10 years ago|reply
Kind of annoying that they try to push the Authy app install first, then let you authenticate without it.

Love the interface, but would even greater if they would let you short somehow.

[+] teekert|10 years ago|reply
"Thank you! We will notify you when Gemini has launched in Netherlands."

Bleh.

[+] jonknee|10 years ago|reply
So now when does Mark Zuckerberg launch his Bitcoin exchange?
[+] 6stringmerc|10 years ago|reply
When he moves to a new neighborhood and wants to cloak the source of funds that buy up all the adjacent properties?
[+] unknown|10 years ago|reply

[deleted]

[+] celticninja|10 years ago|reply
that is not a bad thing.

edit: OP criticised the site not have a Facebook login option.