Feeds

Bitcoin collapses on malicious trade

Mt Gox scrambling to raise the Titanic

Protecting against web application threats using SSL

The fragility of the Bitcoin peer-to-peer crypto-currency has been thrown into sharp relief when a large sell transaction sent the trade value of Bitcoins to zero.

According to the Mt Gox exchange, the sell order came from a compromised account. Mt Gox has taken its exchange offline (however, a screen grab of Bitcoins’ collapse is here) and is attempting to recover.

Its approach is to roll back all transactions to their state before the sell order was placed.

“The bitcoin will be back to around 17.5$ / BC after we rollback all trades that have happened after the huge Bitcoin sale that happened on June 20th near 3:00am (JST)”, (sic) says the Mt Gox posting.

As the comments beneath that posting reveal, not all users are pleased about the rollback attempt – for example, those who spotted the collapse happening and decided to load up with cheap Bitcoins.

El Reg Comment: This attack on the Bitcoin follows increasing instability in the crypto-currency. After quietly making its own way in the world for a couple of years, sudden attention from mainstream media started driving large rises and falls in Bitcoin value.

Last week, what was called “the first” Bitcoin heist was reported (whether it was the first is impossible to verify), after which malware came to light that’s designed to steal users’ credentials and wallets.

This latest crisis, however, is a disaster for Bitcoin boosters, many of whom considered themselves “Bitcoin millionaires”. Their status – and the viability of Bitcoins as a genuine alternative currency – depends wholly on the ability to trade out of Bitcoins at a given exchange rate.

Bitcoin’s design is supposed to make its value self-regulating. The supply of Bitcoins is limited by their underlying algorithm: the more Bitcoins exist, the slower new ones will be created.

This purely-internal mechanism doesn’t regulate how Bitcoins interact with the outside world, once a user tries to trade out Bitcoins for “real-world” currencies. Those trades are outside the scope of Bitcoin’s design.

This attack on Bitcoins may simply reflect the stupidity of the thief: instead of trading out quietly and slowly, he attempted a double-grab: first, steal the Bitcoin account, then use a large trade to drive the value down, buy the coins back at the new, lower value, and then try to trade out completely.

However, it illustrates the problem confronting Bitcoin users. Not only do they have to implement personal security better than the likes of Sony, Nintendo or RSA can manage: they also know that only a relatively small transaction – $1,000 worth of coins, which at the pre-collapse level was fewer than 60 Bitcoins – constitutes a “run” on the currency.

How well the Bitcoin recovers in the short term depends on how well Mt Gox can restore the currency to its state before the attack. In the long term, however, Bitcoins will have to solve the kinds of problems that confront currencies in the real world. ®

Update: Since I began writing this, it has emerged that details of more than 60,000 users have been stolen from the Mt Gox exchange. The compromised information includes hashed passwords.

A reader has suggested El Reg post links to lists of cracked passwords. I'll pass on that, but if you want to know how users feel about the Bitcoin crash, the forums are here. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.