BitFloor Joins List of Compromised BitCoin Exchanges 232
hypnosec writes "An attacker managed to access an unencrypted backup of wallet keys and steal 24,000 BTC (worth more than a quarter million USD), following which Bitcoin exchange Bitfloor has been shut down while the investigation of the theft is going on. The attack was carried out sometime last night. In a forum post, Shtylman pleads with Bitcoin users that BitFloor needs their help."
Re:Why ever use Bitcoin in the first place? (Score:3, Informative)
Re:Not surprised ... (Score:5, Informative)
Except that article is incorrect - because its registered within the European Economic Area, it is still FSA registered and falls under the FSAs regulatory umbrella.
PayPal (Europe) Sarl et Cie SCA is registered with the FSA under the registration number 226056.
The fact that it moved to Luxembourg doesn't change the fact that it is regulated within the UK.
Re:Not surprised ... (Score:3, Informative)
You hit the nail on the head. Bitcoin just isn't trustworthy for a lot of reasons:
1: It isn't anonymous. Anyone who thinks it is is deluded. There are anonymous currencies (look up Chaum or Tim May's items on this) that actually are truly anonymous, using RSA blinding factors or other items.
2: The system was rigged from the ground up to give lots of coins to people hopping on first, then shaft people later on. This reeks of a classic Ponzi scheme.
3: The lack of interest in security of BitCoin clearing houses. No PCI-DSS regulations, no money spent in watching accountholder stuff. To boot, if the the whole institution gets cleaned out, there is no way to recoup losses.
4: The lack of open source clients.
5: The fact that BitCoin can deflate in a matter of hours.
6: BitCoin is not backed by a single thing. Even the dollar is backed by a relatively stable government.
7: There is no honor among thieves. The problem of doing business in the shadows is that the unregulated clearinghouses have little to no interest in protecting their customers. This is why you don't see crack dealers using other crack dealers as places for stashing their ill-gotten gains.
8: Governments get really interested, really fast, with people using BitCoins. Especially entities like FinCEN. Since BitCoins are not anonymous, someone being stupid can bring the IRS down on them in a heartbeat. Someone who thinks they can use BitCoins for laundering money will find some guys with suits and handcuffs waiting for them.
There is just no point to using BitCoins:
They are not anonymous.
No regulation means that one can lose all their holdings in an instant.
They were created to line the pockets of the original people with ease of creating coins.
They have zero value, even less than a fiat currency.
Re:Not surprised ... (Score:4, Informative)
That's actually not correct at all.
Firstly, Bitcoin exchanges are regulated, that's why Mt Gox requires you to do ID verification and other such things. Not that regulations are a magic wand - US banks routinely get pillaged due to their pathetically weak (often single factor!) security systems. And whilst many European banks at least use dedicated 2-factor calculators, that hasn't stopped massive bank runs in Spain and Greece as people fear different kinds of failure mode.
Secondly, they are not outside the normal banking system. The whole point of a centralized exchange like Mt Gox is to interface with the banking system. They have bank accounts, accept and send bank wires, etc.
Thirdly, they are accountable in the same way any company is accountable. But they go further, publishing transparency reports [bitcointalk.org] that detail exactly how their business is operating. You'll note that Mt Gox is very different to Bitfloor. It is a real company (albiet a small one), not a one-man operation anymore. They have staff processing support tickets. They have redundant datacenters and the ability to withstand 100Gbps DoS attacks. Most crucially 90%+ of their Bitcoins on deposit are stored in offline wallets in various places that can only be accessed physically. Bitfloor (with a whopping 2% of the market) was a one-man job that ran on Linode, a provider that has been completely rooted in the past! That right there should have been an indication that maybe he wasn't really serious.
Let me be clear, anything Bitcoin related is risky right now. That's not because of some inherent flaw of Bitcoin, it's because it's very new and so the ecosystem is immature. In particular the fact that it's an open system with open APIs means a lot of programmers just jump right in and start creating services without fully thinking things through. If you're going to run an exchange you need to have your shit together and there are just way too many people who don't. Now is that their fault, the fault of people who then hand them money, or both?