In association with heise online

20 June 2011, 15:54

Bitcoin exchange closed after attack

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Bitcoin Logo

Bitcoin, the anonymous decentralised open source virtual currency, faces yet another problem after a theft and a trojan attack on Windows PCs where the "digital wallet" had been saved. The Bitcoin exchange Mt. Gox has been temporarily shut down following an attack. The value of the currency on the exchange fell from around $17 down to just pennies. Bitcoins traded on other exchanges remained stable, although most trading options had been closed.

An attack by hackers on the Mt. Gox customer accounts and passwords, which are encrypted with MD5, was the cause of Bitcoin's crash. Hackers apparently managed to steal the exchange's central user database. At least one user account with a considerable number of Bitcoins has reportedly been decrypted. An attempt to immediately sell these Bitcoins was discovered because Mt. Gox imposed a transaction limit of $1,000 per day following the recent events.

Mt. Gox is one of the few online providers who allow virtual money to be converted into "traditional" currencies which are guaranteed by a central bank, such as dollars and euros. Bitcoin is regulated as a distributed currency by the power price, which "miners" pay when Bitcoins are created in a process that is exceptionally compute-intensive.

Mt. Gox says it plans to go back online as quickly as possible with improved encryption. Mark Karpeles, head of Mt. Gox, says that all customers who have an account on that platform will have to get new passwords to login because the risk of the old passwords being decrypted is simply too great.

Stefan Thomas of We Use Coins says that those who own a Bitcoin wallet and do not wish to ask for help publicly should write to [email protected], where unanswered questions are addressed for specific situations.

Former Mt. Gox owner Jed McCaleb says that "only a small amount" of Bitcoins were stolen after the attack on the user database, though he does not provide any specific figures. Mt. Gox is currently 'rolling back' all transactions since the attack started on Friday. In other words, everyone who purchased Bitcoins for just a few cents and expected the currency to recover now owns invalid Bitcoins. The reason why Mt. Gox was attacked is currently not clear, although there has been some speculation.

However, Thomas says the whole story has a silver lining, noting that the Mt. Gox case shows that Bitcoin is now big enough to be a target for attackers. Thomas goes on to add that, because of this, Bitcoin firms such as Mt. Gox, will be forced to quickly update and protect themselves. Furthermore, such events should be looked on as opportunities by entrepreneurs as there is room for improvement and new firms can gain market share. He also recommends that users always use different passwords on different web sites, that suspicious programs (especially "Bitcoin generators") should not be downloaded, and that large amounts of Bitcoins should only be stored on multiple USB sticks and kept in different, protected bank safes.

Active BitCoin miners also point out that the power price is merely a floor price for Bitcoins and that mining is not intended to set the price of Bitcoins, but instead it constitutes part of the process based on a principle comparable to the price of metal and the cost of minting coins. In the case of actual coins, both of these factors determine a minimum value that is generally far below the actual trading price.

(Detlef Borchers / djwm)

Print Version | Send by email | Permalink: http://h-online.com/-1263448
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit