Feeds

Bitcoin collapses on malicious trade

Mt Gox scrambling to raise the Titanic

Next gen security for virtualised datacentres

The fragility of the Bitcoin peer-to-peer crypto-currency has been thrown into sharp relief when a large sell transaction sent the trade value of Bitcoins to zero.

According to the Mt Gox exchange, the sell order came from a compromised account. Mt Gox has taken its exchange offline (however, a screen grab of Bitcoins’ collapse is here) and is attempting to recover.

Its approach is to roll back all transactions to their state before the sell order was placed.

“The bitcoin will be back to around 17.5$ / BC after we rollback all trades that have happened after the huge Bitcoin sale that happened on June 20th near 3:00am (JST)”, (sic) says the Mt Gox posting.

As the comments beneath that posting reveal, not all users are pleased about the rollback attempt – for example, those who spotted the collapse happening and decided to load up with cheap Bitcoins.

El Reg Comment: This attack on the Bitcoin follows increasing instability in the crypto-currency. After quietly making its own way in the world for a couple of years, sudden attention from mainstream media started driving large rises and falls in Bitcoin value.

Last week, what was called “the first” Bitcoin heist was reported (whether it was the first is impossible to verify), after which malware came to light that’s designed to steal users’ credentials and wallets.

This latest crisis, however, is a disaster for Bitcoin boosters, many of whom considered themselves “Bitcoin millionaires”. Their status – and the viability of Bitcoins as a genuine alternative currency – depends wholly on the ability to trade out of Bitcoins at a given exchange rate.

Bitcoin’s design is supposed to make its value self-regulating. The supply of Bitcoins is limited by their underlying algorithm: the more Bitcoins exist, the slower new ones will be created.

This purely-internal mechanism doesn’t regulate how Bitcoins interact with the outside world, once a user tries to trade out Bitcoins for “real-world” currencies. Those trades are outside the scope of Bitcoin’s design.

This attack on Bitcoins may simply reflect the stupidity of the thief: instead of trading out quietly and slowly, he attempted a double-grab: first, steal the Bitcoin account, then use a large trade to drive the value down, buy the coins back at the new, lower value, and then try to trade out completely.

However, it illustrates the problem confronting Bitcoin users. Not only do they have to implement personal security better than the likes of Sony, Nintendo or RSA can manage: they also know that only a relatively small transaction – $1,000 worth of coins, which at the pre-collapse level was fewer than 60 Bitcoins – constitutes a “run” on the currency.

How well the Bitcoin recovers in the short term depends on how well Mt Gox can restore the currency to its state before the attack. In the long term, however, Bitcoins will have to solve the kinds of problems that confront currencies in the real world. ®

Update: Since I began writing this, it has emerged that details of more than 60,000 users have been stolen from the Mt Gox exchange. The compromised information includes hashed passwords.

A reader has suggested El Reg post links to lists of cracked passwords. I'll pass on that, but if you want to know how users feel about the Bitcoin crash, the forums are here. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?