I'm not doubting Bitcoin's potential to become a true currency, but unless this type of smash-and-grab situation can be traced/avoided/insured (whatever the right mechanism is) it is going to be extremely hard to make ordinary businesses and people use it. People don't place value in the currency itself, but the system that provides certain security around it.
Banks that handle USD follow strict federal regulations on security procedures and insurance. If this happened at a bank, the OP would absolutely get his money back. Bitcoin needs federal regulations... oh wait...
Agree. When a transaction is not authorised by the account holder, this transaction is legally invalid. Any bank would give the money back in this kind of situation.
I can't imagine my parents (or 99% of the adult population) being liable for this theft when "proper security precautions" means knowing when to detect and avoid a "0 day java exploit with a cross site injection attack".
If they felt they were in the wrong, and if they provided the appropriate security measures. Does Mt. Gox even have two-factor authentication or transaction signing or anything like that?
Not really. Most banks I've asked would not refund if the victim did not take proper security measures, and the OP in this case most certainly did not.
Banks are required to make users whole, even if the user's password is compromised. At least for individual accounts. (For businesses the situation is different.)
Or the bank could insure this type of stuff just like you're not on the hook when someone steals your credit card. (It's not an exactly analogous situation, but there's nothing preventing banks from handling this based on reputation.) We don't need to instantly assume this requires the government to intervene.
> but unless this type of smash-and-grab situation can be traced/avoided/insured
Why can't it be insured? Mt. gox or any other exchange could easily charge a premium for ensuring your bitcoins. If people wanted traceable currency they'd use a traceable currency.
Cash is vulnerable to actual smash-and-grab attacks, wherein physical items are properly smashed and grabbed. People still use it extensively.
The problem with bitcoin isn't necessarily that it's too much like cash, but that people don't treat it enough like they would treat cash. Few people would put their cash in a robot that would hand it over blindly to anyone with the right password, but that's effectively what they're doing by holding bitcoins on an exchange like Mt.Gox.
The key problem with the "cash is also vulnerable to smash and grab" argument is that you can be in Romania and grab someone's bitcoins in Illinois, whereas with cash, you actually have to be physically present, which is easier to notice, easier to track afterwards, easier to verify, and harder to escape from.
Also, bank vaults are guarded, you can't shoot a bot and you can't dye-pack bitcoins.
Yes, there are differences, but my point is that people treat bitcoins the way they'd never treat cash. Holding bitcoins in Mt.Gox without two-factor authentication is like having a safe outside in front of your house labeled "CASH" with nothing but a combination lock on it.
>but unless this type of smash-and-grab situation can be traced/avoided/insured (whatever the right mechanism is) it is going to be extremely hard to make ordinary businesses and people use it
The solution is probably some kind of secure hardware device/ecosystem run by a third party that the user trusts. The third party can then take legal responsibility for breaches of the hardware using existing market mechanisms.
Running bitcoin on general purpose hardware and software is a security nightmare for anyone who isn't a paranoid geek.
But this isn't a bug, it's a feature. Instant, uncancellable transactions. The problem is just that the feature is nowhere near ready for public use because there hasn't been time for an ecosystem of secure, easy-to-use transaction methods to evolve on top of it.
