Provable Solvency Report #33 – December 2016

Coinfloor is a custodian of client bitcoins and we believe that we must set the industry standard for transparency and regular audits. Without proper public accountability, the industry will not be able to grow and mature. This is why we are committed to releasing a Provable Solvency Report every month. Coinfloor is proud to have the longest standing track record among bitcoin exchanges in regards to auditing.

Today we are publishing our 33rd monthly Provable Solvency Report with step-by-step validation instructions for your convenience.

As of today, Coinfloor holds a total of 6,193.0988 XBT on behalf of our clients. You are invited to verify that your held bitcoins are included in this balance by following the instructions below.

What does the Provable Solvency Report include?

We started out by creating an obfuscated report of all current client balances (the Solvency Report) and then generated a SHA-256 hash of this report.

We then created a bitcoin transaction to ourselves, that includes all currently held client bitcoins, for a value of 6,251.1114 XBT and included in the output script the OP_RETURN of the SHA-256 hash of the report, proving that at the time of making the solvency report, Coinfloor held all of our clients’ XBT funds. You can verify the amount and details of the transaction in the block chain.

Key Pieces of information:

Provable Solvency Report #33 (December 20, 2016):
https://s3-eu-west-1.amazonaws.com/provablesolvency/solvency_20161220.txt

SHA-256 Hash of the Provable Solvency Report: 74eca22a2790bcecbf10e690bef09c48d41c5248b86a57d9ba7903df3513c1c5

Transaction ID: 5185b7374eec400d9f8b70ebe3787aad2b54fdfcf1766b9d6bdb45ea98e0514b

View the transaction here:
https://blockchain.info/tx/5185b7374eec400d9f8b70ebe3787aad2b54fdfcf1766b9d6bdb45ea98e0514b

Your API authentication cookie:
You will find it in My Account > Dashboard in the Coinfloor signed in view, in the API section (visible only for fully verified accounts).

Where is my cookie?!

Instructions for Validating Solvency Report:

      1. Open the Provable Solvency Report file:

https://s3-eu-west-1.amazonaws.com/provablesolvency/solvency_20161220.txt

      2. Go to

http://www.xorbin.com/tools/sha256-hash-calculator or to your SHA256sum calculating application.

      Copy the entire contents of the solvency report into the SHA-256 generator and calculate the SHA-256 hash of the report.
      3. Go to

https://blockchain.info/tx/5185b7374eec400d9f8b70ebe3787aad2b54fdfcf1766b9d6bdb45ea98e0514b

      At the bottom of the page, in the Output Scripts section, you will find the generated hash in the OP_RETURN output script of the transaction that includes all customer bitcoins.
      4. Go to

your local SHA1sum application

      to calculate the SHA-1 digest of a message consisting of the timestamp shown at the top of the Solvency Report (1482251901) and your API authentication cookie.
      Example (Linux):
                timestamp: 1482251901
                API authentication cookie (API Key): 9BTa7M0Z/Mrk6tFMJwEkTV3BQek=
                command: echo -n ‘14822519019BTa7M0Z/Mrk6tFMJwEkTV3BQek=’ | sha1sum
      5. Find the resulting hash in the solvency report. Your balance is shown on that line in satoshi units. 1 bitcoin = 100 000 000 satoshis. For your convenience, here is a link to a bitcoin unit converter:

http://www.satoshi.24ex.com

We believe that this approach is the best way to achieve maximum accountability while retaining privacy for our clients. We welcome your feedback and hope that in time, other exchanges will also help safeguard client funds by providing proof of solvency reports to their users on regular basis.

Thank you for your trust,

Coinfloor Team

BITCOIN COM SEGURANÇA

O Mercado Bitcoin é nota máxima nos testes mais conceituados de segurança que avaliam a comunicação entre você e um website. O investimento é alto para ter a melhor proteção para o nosso cliente comprar e vender Bitcoins.

Para o Mercado Bitcoin segurança é uma obsessão!

O Mercado Bitcoin investe continuamente em segurança, nosso time está sempre trabalhando para identificar e proteger você contra novas ameaças. Veja abaixo nossa proteção em diferentes níveis de atuação.

Certificado SSL EV

barra verde

A comunicação com o site do Mercado Bitcoin é 100% criptografada. Investimos em um certificado digital EV SSL, apresentado para você pela barra verde localizada no seu navegador, ao lado do endereço https://www.mercadobitcoin.com.br.

Como você se beneficia disso?
(1) Garantia de autenticidade da empresa:
Esse certificado só é concedido após um processo de auditoria que verifica endereço, telefone, contrato social, entre outras informações;
(2) Proteção contra Phishing: Mesmo que alguém faça uma cópia do site do Mercado Bitcoin com a intenção de roubar os seus dados de acesso, essa página nunca conseguirá apresentar a barra verde de certificação do Mercado Bitcoin.

Servidor

Para um certificado SSL funcionar ele precisa estar instalado em um servidor. Essa instalação requer uma configuração complexa somada a uma série de serviços. E como será que está o Mercado Bitcoin? Com orgulho, podemos afirmar que tiramos nota máxima: A+

Você pode conferir o resultado do teste da Qualys SSL Labs, principal entidade no assunto. Informe o domínio mercadobitcoin.com.br no link abaixo:

https://globalsign.ssllabs.com/analyze.html

O teste leva alguns minutos.

Porta de entrada: WAF, DDOS e CDN

Esse servidor é a porta de entrada do site, logo precisa ser robusto e estar muito bem protegido. Nesse ponto, o Mercado Bitcoin conta com a melhor solução disponível: o Imperva Incapsula.

O Incapsula agrega serviços como:

  • Proteção contra DDOS;
  • WAF, Web Application Firewall;
  • CDN, Content Distribution Network;

Ele foi considerado o melhor serviço de proteção contra DDOS pelo Forrester e líder WAF pelo Gartner, principais institutos de pesquisa mundiais. O Incapsula ainda conta com certificação PCI DSS 6.6 Compliance Defense Security Service (PCI é a principal referência mundial em padrões de segurança).

Por todos esses fatores, o Incapsula pode ser considerado a melhor solução de segurança existente.

Email seguro

Quando falamos de segurança da informação, não é somente o acesso ao site que deve ser protegido, mas toda e qualquer informação que seja enviada. Por isso os emails que o Mercado Bitcoin envia tem a melhor proteção. Você pode comprovar isso através de um teste realizado pelo Google. Informe o domínio mercadobitcoin.com.br no link abaixo:

https://toolbox.googleapps.com/apps/checkmx/

O papel do cliente

Apenas o nosso trabalho não é suficiente. Precisaremos sempre da sua colaboração. Você é parte fundamental de nossa segurança.

Veja as melhores práticas para se manter protegido em https://www.mercadobitcoin.com.br/seguranca/.


BITCOIN COM SEGURANÇA was originally published in Blog Mercado Bitcoin on Medium, where people are continuing the conversation by highlighting and responding to this story.

Provable Solvency Report #32 – November 2016

Provable Solvency Report #32 – November 2016

Coinfloor is a custodian of client bitcoins and we believe that we must set the industry standard for transparency and regular audits. Without proper public accountability, the industry will not be able to grow and mature. This is why we are committed to releasing a Provable Solvency Report every month. Coinfloor is proud to have the longest standing track record among bitcoin exchanges in regards to auditing.

Today we are publishing our 32nd monthly Provable Solvency Report with step-by-step validation instructions for your convenience.

As of today, Coinfloor holds a total of 5,840.9455 XBT on behalf of our clients. You are invited to verify that your held bitcoins are included in this balance by following the instructions below.

What does the Provable Solvency Report include?

We started out by creating an obfuscated report of all current client balances (the Solvency Report) and then generated a SHA-256 hash of this report.

We then created a bitcoin transaction to ourselves, that includes all currently held client bitcoins, for a value of 5,866.3882 XBT and included in the output script the OP_RETURN of the SHA-256 hash of the report, proving that at the time of making the solvency report, Coinfloor held all of our clients’ XBT funds. You can verify the amount and details of the transaction in the block chain.

Key Pieces of information:

Provable Solvency Report #32 (November 28, 2016):
https://s3-eu-west-1.amazonaws.com/provablesolvency/solvency_20161128.txt

SHA-256 Hash of the Provable Solvency Report: 2f3e5539a6d32ee8f0d9a7ca62d2ee5ad90ced46e74e8c9cca07cc7c360be285

Transaction ID: https://blockchain.info/tx/325d3bec9b3cd17b8966c06513cef64bfa023d192058b522b7ba0fdb2f5e7398

View the transaction here:
https://blockchain.info/tx/325d3bec9b3cd17b8966c06513cef64bfa023d192058b522b7ba0fdb2f5e7398

Your API authentication cookie:
You will find it in My Account > Dashboard in the Coinfloor signed in view, in the API section (visible only for fully verified accounts).

Where is my cookie?!

Instructions for Validating Solvency Report:

      1. Open the Provable Solvency Report file:

https://s3-eu-west-1.amazonaws.com/provablesolvency/solvency_20161128.txt

      2. Go to

http://www.xorbin.com/tools/sha256-hash-calculator or to your SHA256sum calculating application.

      Copy the entire contents of the solvency report into the SHA-256 generator and calculate the SHA-256 hash of the report.
      3. Go to

https://blockchain.info/tx/325d3bec9b3cd17b8966c06513cef64bfa023d192058b522b7ba0fdb2f5e7398

      At the bottom of the page, in the Output Scripts section, you will find the generated hash in the OP_RETURN output script of the transaction that includes all customer bitcoins.
      4. Go to

your local SHA1sum application

      to calculate the SHA-1 digest of a message consisting of the timestamp shown at the top of the Solvency Report (1480344547) and your API authentication cookie.
      Example (Linux):
                timestamp: 1480344547
                API authentication cookie (API Key): 9BTa7M0Z/Mrk6tFMJwEkTV3BQek=
                command: echo -n ‘14803445479BTa7M0Z/Mrk6tFMJwEkTV3BQek=’ | sha1sum
      5. Find the resulting hash in the solvency report. Your balance is shown on that line in satoshi units. 1 bitcoin = 100 000 000 satoshis. For your convenience, here is a link to a bitcoin unit converter:

http://www.satoshi.24ex.com

We believe that this approach is the best way to achieve maximum accountability while retaining privacy for our clients. We welcome your feedback and hope that in time, other exchanges will also help safeguard client funds by providing proof of solvency reports to their users on regular basis.

Thank you for your trust,

Coinfloor Team