Comment by chaps
8 hours ago
Once did some programming/networking work for a company that did the networking of a office sharing building that Coinbase was running out of. Early in my work there I noticed that the company had its admin passwords written on a whiteboard -- visible from the hallway because they had glass for walls. So I sent them an email to ask that they remove it (I billed them for it).
Their fix was to put a piece of paper over the passwords.
What a time.
That is a great ancedote.
Not saying it is untrue, but it is definitely true that Coinbase has never lost customer funds while operating in an environment with 0 safety nets and being one of the most lucrative targets.
This leak over customer data suggests that they should treat that with as much obsession as they do with their private keys.
This doesn’t surprise me at all.
Bitcoin, and really fintech as a whole, are beyond reckless.
You say that but I work in fintech (granted, one of the larger more corporate ones, after an acquisition) and we are heavily regulated, and audited.
Wall Street is heavily regulated and audited, and still is 'beyond reckless', causing global financial calamities multiple times.
You're almost there. Think to yourself now: what was it that happened in the past that necessitated the need for a large regulatory apparatus, auditors, etc.?
>You say that but I work in fintech (granted, one of the larger more corporate ones, after an acquisition) and we are heavily regulated, and audited.
I have seen some toe curling shit in fintech.
funniest thing I read this year on HN - well played mate, well played!!!
How big was it when you joined?
Bitcoin is a crypto-currency/blockchain. Coinbase is a corporation that allows users to buy/trade crypto-currencies.
With Bitcoin you do not get government bailouts like what happened with the beyond reckless banks in 2008.
"With Bitcoin you do not get government bailouts" -- yeah maybe not yet? Is it beyond belief that a government with leadership deeply invested in crypto currencies might take action if something super disruptive happens?
13 replies →
I would be willing to bet the current administration would in fact do whatever they could to undermine the dollar's value, including propping up a digital currency when it should fail.
> With Bitcoin you do not get government bailouts like what happened during the beyond reckless banks in 2008
It is not beyond imagination that the most popular Bitcoin blockchain (and thus, the label of being the "real" Bitcoin) could change at some point in the future.
"Bitcoin" is not immune from the implications of political fuckery.
13 replies →
There was a government* bailout in Ethereum, however. https://en.wikipedia.org/wiki/The_DAO
The government of Ethereum is not the US government.
1 reply →
Ah yes, I remember all the times they hacked bitcoin
It's been a while, but it has happened:
https://nvd.nist.gov/vuln/detail/CVE-2010-5139
lol monero in username
[dead]
There's a great index of hacks here https://www.web3isgoinggreat.com/?theme=hack
It's breathtaking how frequent these are.
5 replies →
> So I sent them an email to ask that they remove it (I billed them for it)
Sending unsolicited bills for unrequested services is a great way to make sure nobody takes your email seriously
GP is saying that they were already one of Cloudflare's vendors (they did the networking/IT setup for Cloudflare's office). Whether you'd tolerate that kind of behavior from a vendor is one thing, but for an existing vendor relationship I think adding a few billable hours for "I found this issue in your network and documented and reported it for you" to an existing contract is not particularly unreasonable.
More likely, this is a spectacular version of CYA. By billing the hours, there is a paper trail so that when the inevitable breach occurs, you can point to having done the appropriate thing.
> but for an existing vendor relationship I think adding a few billable hours for "I found this issue in your network and documented and reported it for you" to an existing contract is not particularly unreasonable.
Billing for random things outside of the agreed upon scope of work is actually unreasonable. It’s something covered in every contracting agreement I’ve ever been a part of.
Maybe they could point to some contract that maybe would have covered it, but when your contractors start billing you for sending quick emails about unrelated things you didn’t ask them to look into, it’s not a good sign. When contractors bill for quick emails they don’t bill for the 3.7 minutes it took to write, they round up to some bigger number like an hour.
Anecdotally, every time I’ve encountered contractors who started billing per individual communication that they initiated (not something requested) or started finding new things to bill us for that we didn’t ask, it was a sign that we were a target being milked for billable hours. Some contractors have a lightbulb moment when they think nobody is scrutinizing their billing and think they discovered an almost infinite money glitch by initiating new things that they can bill for. None of the good contractors I’ve worked with over the years would even think to bill for an individual short email.
1 reply →
s/cloudflare/coinbase/
2 replies →
They are lucky they just got a bill and not a terminated contract. Consulting companies I have worked for would have dropped them immediately because we don't want clients with that kind of risk. Massive red flag that signals management is non-existent, incompetent, or checked out. That is egregious negligence.
[flagged]