All of these companies have been operating as if keeping heaping wads of cash behind the counter was fine, merely because it was convenient.
You're still making a fundamentally invalid comparison: with cash, your security threats are still limited to people who are nearby and have both the time and means to move large amounts of currency. Bitcoin allows anyone in the world to steal amounts which would require a large team with dump-trucks in the real world even if the bank completely screwed up their security design.
That's because there's a huge security net provided by the general public against the fuck-ups of banks, no matter how big.
Just as an example, Bank of America has over $2 trillion in deposits. If any minimally significant portion of that amount goes missing, it's pretty easy to track just due to scale. There are policies in place that ensure any transaction above a certain size gets looked at. If there are too many large transactions in a day, that gets investigated too. In exchange for having these safeguards in place, the government is willing to guarantee these deposits in the form of FDIC insurance.
Banking regulation is a good thing, especially when you're talking about an anonymous currency where transactions can't be rolled back.
EDIT: Just wanted to add that while Bitcoin itself probably will never be a globally significant currency, some form of cryptocurrency is likely to obtain relevance. But some people are going to get burned along the way, and these are the risks that you need to accept if you want to dabble in what amounts to unregulated banking. The regulations exist for a reason.
My uninformed intuition tells me it's more likely that there will be a Gold and a Silver - one better, one worse, each used for different things.
Plus there is that whole thing of regulations about bank responsibilities.
What exactly is a hot wallet/storage?
Bitcoin developers haven't quite cottoned onto the wisdom of separating these functions architecturally. (One of many advantages is "If your matching system is compromised, you shut it down and investigate, but no money actually leaves. The settlement system is in your back office and much more protected than the matching system, because the settlement system doesn't have to talk to customers directly.")
Bitcoin developers instead have developed a security pattern called hot wallet/cold wallet, where BTC which are available to the system are "hot" and BTC which are not available to the system are "cold." The idea is that, in any given day, you might only require 2% or so of your company's total reserves to go in or out. You keep the private keys to, say, 5% of it on the live system. That's your hot wallet. You keep the private keys to the remaining 95% somewhere else. That's your cold wallet. Even if your live system is rooted, you should not (the thinking goes) lose the private keys to the cold wallet.
The Bitcoin community widely believes that this pattern is sufficient to prevent events like the recent Mt. Gox debacle, where the system was compromised and both the hot wallet and cold wallet were drained.
A cold wallet is one where the keys are kept offline and not plugged into anything, eg, a printout, or a USB key.
"We have taken every precaution to defend your bitcoins from hackers and/or intruders. However, Flexcoin Inc is not responsible for insuring any bitcoins stored in the Flexcoin system. You are entering into this agreement with Flexcoin Inc. You agree to not hold Flexcoin Inc, or Flexcoin Inc's stakeholders, or Flexcoin Inc's shareholders liable for any lost bitcoins."
Also, one can argue that if they had truly taken every precaution then either intruders would not be able to break in or they are prepared for such a scenario. Evidently, neither was the case.
In other industries standards and "recommendations" exist to state a set of measures companies have to set up in order to be "secure"
Also, even if you take every reasonable precaution, there's still a possibility that your systems can be broken into.
People moan that NFC has been "just around the corner" for the best part of a decade, and some even think that it has missed its opportunity (it hasn't, btw), because it has taken so long to bring to market. This is largely because of the in-built security, and the demands it places on participants' business models.
These Bitcoin exchanges and other service providers, on the other hand, seem to have been put together with great haste. They seem to have little-to-no oversight, a high risk profile, untested systems, not much institutional experience -- and there's no safety net for customers.
It illustrates why the "old" financial services industry is so cautious when it comes to electronic money. "Move fast and break things" may work for all sorts of businesses, but it's not a good mantra if you're handling money.
Bitcoin exchanges seem to be trying to rebuild the wheel while touting they're not wheels.
There are many layers to banks and exchanges, including security and risk reduction, which add to the overall operational cost. These exchanges either thought they were exempt to these same issues or they thought they could skate by without addressing them.
It's almost an agency effect - "If other exchanges aren't doing it, why should I increase my costs by doing it?" This line of thinking and deferment of responsibility is what leads to financial crises.
Parent poster is talking about Non-Fiat-Currencies.
edit: oh, sorry I thought it was obvious, but I say "seriously" because how could you seriously think this bitcoin topic is about Near Field Cmu.....
Of course, storing Bitcoins on your laptop is even more risky than storing cash under your mattress. Someone has to physically enter my house to steal the cash, but to steal my bitcoins? All they need is a virus, spyware, out of date OS, out of date router firmware, out of date NAS firmware, a zero day exploit, etc. and they can drain me of my coins from anywhere in the world.
Then of course there is the risk of simply losing the coins. An accidental deletion. A hard drive failure. Losing a laptop or having it stolen. You have to back everything up, you have to back it up offsite, and you have to trust the offsite backup. You have to keep your machines securely locked down.
All of this requires the user to be quite tech savvy. This will never change for storing coins locally... so if Bitcoin is going to be the "currency of the future" to be used by the masses then secure banks and exchanges have to be a thing. They also have to be a thing for lending and investing, anyway.
Though I think I'd put those paper printouts with the QR codes on them in a fire-resistant box, at least.
Most people trust places like a bank, an investment brokerage, or paypal to store money, and not have it be "lost to hackers". There are banking regulations and insurance policy that have been around for 100 years to protect people from that kind of thing.
PSA: Don't peacock.
Another bit of irony... http://i.imgur.com/KurgdXp.png
But seriously, sorry to those who lost coins here. Also sorry to the folks of flexcoin, the timing couldn't be worse. Can't say it enough; cold-wallets and private key that's exclusively in your possession.
Only you can prevent forest f- er...bitcoin thefts.
For me this actually shows promise of real market stabillity in the long run. Image what would happen if a real bank failed in a normal country. Or image what would happen to USD if the largest world bank would fail (destroying 12% of worldwide supply of USD) and nobody would bail them out? Would the drop be worse than 10-20%?
EDIT: Now that I think of it, it seems like I read somewhere that, with Mt Gox in particular, the Feds seized their ~$5M in BTC a while back by having them transfer it to a wallet under their control. Can anyone corroborate this?
The whole point of state-backed currency is to provide stability and make it so there's money you can trust - not some wild west cross-your-fingers system. Yes, countries have failed (e.g. hyperinflation), but at least there are extremely powerful institutions in place who's remit is to prevent that at all cost.
You can quickly and securely trade bitcoins with other people around the world with your local currency!
Sadly, I think many people trust such marketing claims, partially because they assume the people behind the site know what they are doing, they assume the laws of a developed host economy like Japan are strong enough to prevent companies from making false claims (even while the market itself is unregulated), and, most importantly, they want to believe it will benefit them.
So then why don't these Bitcoin companies embrace ridiculous amounts of information disclosure and transparency?
Don't tell me you "take every precaution." Detail what precautions you are taking. Name an external pentesting firm that tests your infrastructure quarterly. Post their findings a few months after you have address the issues. Open Source everything that you can. Offer bug bounties paid in BTC for security issues discovered. Discuss, in detail, your hot/cold wallet storage setup. Do offensive analysis to determine the most likely attack scenarios, and publish them, along with the layer defense you have put in place to mitigate the risk.
'We got hacked by ourselves, thank you for contributing to the magnitude of our initial private offering.'
