> Ever notice how real banks don't do that

https://news.ycombinator.com/item?id=3656063

+1. The real issues here are that the coins were all stored in a hot wallet, and that wallet was on a VPS. For some bizarre reason people have started to act like having a VPS is as good as running a dedicated box with a backup power supply and physical (cage) security. A VPS is just a big shared server dolled up with OS partitions. There's no reason to assume that a the provider doesn't have non-physical root access to all the accounts, or that a single compromised account can't escalate via god-knows what kinds of buffer overflows or other exploits into gaining control of the whole machine.

I run a Bitcoin site that keeps a very small percentage profit out of a relatively large amount of coins in and out, which have to be held in trust for customers. Not only is our bitcoin daemon not running on our webservers (it's got its own dedicated box with all unnecessary ports closed and a vicious denyhosts policy that's locked me out more than once), we also set up low limits to immediate withdrawals so that no more is stored in the hot/withdrawals wallet than could be withdrawn immediately by players currently online (usually no more than $250), with all larger withdrawals processed in batches on demand. That lets us offload the excess coins to another wallet as soon as they're deposited, so in the worst-case scenario we might lose a couple hundred bucks. The cold wallet is stored in a truecrypt archive on a thumb drive in my pocket, with an encrypted backup stored on a server in a third country, manually, with each batch transaction. Moreover, a lot of our funds are moved out into USD and held for safekeeping to avoid excess Bitcoin risk.

This is why banks keep their money in a safe, not in the little drawers in front of the teller. And no offense to Zhou, but this should have been the obvious step to take from the beginning. Hopefully they'll do it now.