Feeds

Bitcoin collapses on malicious trade

Mt Gox scrambling to raise the Titanic

Top 5 reasons to deploy VMware with Tegile

The fragility of the Bitcoin peer-to-peer crypto-currency has been thrown into sharp relief when a large sell transaction sent the trade value of Bitcoins to zero.

According to the Mt Gox exchange, the sell order came from a compromised account. Mt Gox has taken its exchange offline (however, a screen grab of Bitcoins’ collapse is here) and is attempting to recover.

Its approach is to roll back all transactions to their state before the sell order was placed.

“The bitcoin will be back to around 17.5$ / BC after we rollback all trades that have happened after the huge Bitcoin sale that happened on June 20th near 3:00am (JST)”, (sic) says the Mt Gox posting.

As the comments beneath that posting reveal, not all users are pleased about the rollback attempt – for example, those who spotted the collapse happening and decided to load up with cheap Bitcoins.

El Reg Comment: This attack on the Bitcoin follows increasing instability in the crypto-currency. After quietly making its own way in the world for a couple of years, sudden attention from mainstream media started driving large rises and falls in Bitcoin value.

Last week, what was called “the first” Bitcoin heist was reported (whether it was the first is impossible to verify), after which malware came to light that’s designed to steal users’ credentials and wallets.

This latest crisis, however, is a disaster for Bitcoin boosters, many of whom considered themselves “Bitcoin millionaires”. Their status – and the viability of Bitcoins as a genuine alternative currency – depends wholly on the ability to trade out of Bitcoins at a given exchange rate.

Bitcoin’s design is supposed to make its value self-regulating. The supply of Bitcoins is limited by their underlying algorithm: the more Bitcoins exist, the slower new ones will be created.

This purely-internal mechanism doesn’t regulate how Bitcoins interact with the outside world, once a user tries to trade out Bitcoins for “real-world” currencies. Those trades are outside the scope of Bitcoin’s design.

This attack on Bitcoins may simply reflect the stupidity of the thief: instead of trading out quietly and slowly, he attempted a double-grab: first, steal the Bitcoin account, then use a large trade to drive the value down, buy the coins back at the new, lower value, and then try to trade out completely.

However, it illustrates the problem confronting Bitcoin users. Not only do they have to implement personal security better than the likes of Sony, Nintendo or RSA can manage: they also know that only a relatively small transaction – $1,000 worth of coins, which at the pre-collapse level was fewer than 60 Bitcoins – constitutes a “run” on the currency.

How well the Bitcoin recovers in the short term depends on how well Mt Gox can restore the currency to its state before the attack. In the long term, however, Bitcoins will have to solve the kinds of problems that confront currencies in the real world. ®

Update: Since I began writing this, it has emerged that details of more than 60,000 users have been stolen from the Mt Gox exchange. The compromised information includes hashed passwords.

A reader has suggested El Reg post links to lists of cracked passwords. I'll pass on that, but if you want to know how users feel about the Bitcoin crash, the forums are here. ®

Remote control for virtualized desktops

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.