Yes, m-of-n addresses are the solution, we use it on Bitalo [0]. It's true that it is less suitable for day traders, and while they make the most of network volume, they are not the only purpose that exchanges exist. Some people just want to buy Bitcoin occasionally, i.e. once a week, month or less frequently. They also want a secure place to store them. I believe that for those people, our service is the perfect answer :).

[0] https://bitalo.com/why_bitalo

Can you explain how this works? I read the page, but I don't quite get it. If Bitalo has one key and I have one key, what's the benefit?

- If Bitalo loses their key, I lose my money.

- If I lose my key, I lose my money (so I still need backups).

- Still need my own keystore device, so it's not more convenient.

- If I have a single device and it gets hacked, the attacker can emulate me to Bitalo.

- If I have multiple devices, why can't I use m-of-n without Bitalo?

I'm not trying to be negative, I just feel I'm overlooking something simple.

You only need to remember your password, from which your key is derived. You also need to write a recovery string (which can be used to derive your key as well) on a piece of paper and store it somewhere safe as a backup in case you forgot your password.

Now from our side, there's very little chance we lose your key (we do encrypted offsite backups every hour) and even then we're currently implementing "presigned transactions" that use "nLockTime" function in Bitcoin protocol to let you claim your Bitcoins after certain amount of time in case we disappear.

Also, we require you to use 2-factor, so even if your computer gets hacked, attacker still can't emulate your actions to steal your coins. And if an attacker hacks our server, he only gets one key of two needed to spend the funds.

Do you do 2FA when people enter their passwords? Otherwise isn't this like a password-derived wallet?

Presigned transactions sounds very neat.

Yes, you need 2FA for each login, for releasing funds as a seller, and for withdrawing coins.

it reduces the chance of deliberate theft by the service.

One problem with bit coin, is that an exchange service can suddenly find itself with millions of dollars worth of bitcoin, dwarfing the possible income available via fees and start thinking really, really hard about where the most money is to be made.

and then the service might go out of business, and the customers lose their property.

Not to mention the target the service might represent for hackers etc.

Having a dual key system ensures that, for all parties, the best possible outcome of attempted theft is nothing at all for anyone.

Not a great outcome for any specific customer, but an outcome that aligns the motivations of the service provider and the customer.

But what's the point of keeping it in an exchange if I still have to wait for confirmations? Might as well keep it in a fancy wallet and transfer it in as-needed.

Someone brought up that Bitalo isn't really an exchange, but an OTC marketplace, and that fraud is possible. A fraudster in the US can reverse the bank payment in a Bitalo transaction up to 6 months after the BTC has been released from escrow: https://news.ycombinator.com/item?id=7432635

You should probably specify that Bitalo is perfect for non-US customers.

That's true, in the US only SWIFT transfers should be used to prevent fraud.

Insurance.

this, a thousand times. Bank deposits are insured and yes it's a government thingy, but there is nothing that precludes *coin exchanges from setting up a private insurance policy.