Bitcoin Exchange Mt.Gox Suffers Serious Attack, Instawallet Offline 388
Bruce66423 writes "The BBC reports that Mt.Gox, the main exchange dealing with Bitcoins, has been attacked, and other resources are off line. A scary reminder of how insecure ALL money is in the computer age..." Also at TechWeekEurope. A message at bitcoin storage service Instawallet's site begins "The Instawallet service is suspended indefinitely until we are able to develop an alternative architecture. Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is."
target (Score:5, Interesting)
Bitcoin exchanges are a target right now at the current exchange rates, but I was thinking just a little while back [slashdot.org], isn't it strange that somebody who released [gmane.org] the original protocol is unknown and wishes to stay anonymous? I thought about that for a little bit, there are a number of possibilities. Of-course somebody who had the original idea could run the hash generation for a much longer time before anybody started doing it as part of a mining (proof of work) network. I don't know, it's hidden in plain sight [bitcoin.it]
This feature is then used in the Bitcoin network to secure various aspects. An attacker that wants to introduce malicious payload data into the network, will need to do the required proof of work before it will be accepted. And as long as honest miners have more computing power, they can always outpace an attacker.
- good, what if somebody had a much longer stretch of time to work out the answers before they could even become questions? It's not like those transactions are random.
What other motives can somebody have to release a protocol like this one potentially to be used by millions of people who see this as a way to make money? Giving people incentives to come up with faster SHA generators? Somebody who wants to break encryption mechanisms by generating huge amounts of SHA codes against various data?
I think without actually getting into the source code it's impossible to read the answers to any of these questions, so maybe that's the next step, read the source code.
InstaTheft (Score:3, Interesting)
Was InstaWallet attacked? Or is that what they want you to believe while they abscond with all the untraceable bitcoins?
Re:Is it? (Score:5, Interesting)
If you're into security, I'd highly recommend looking through the specs. It's an incredibly beautiful piece of engineering whether or not you are using it.
I looked at the specs, in great detail. What I saw is a system that uses cryptography but which is not secure under the notion of "security" that cryptographers use. The effort required for a successful double-spending attack on Bitcoin scales linearly with the effort required to use Bitcoin; this is worthless as far as cryptographic security is concerned. It is also troubling that the Bitcoin "security proof" only rules out a single attack strategy. Usually we want security proofs to rule out *all* theoretically feasible attacks, even those that we do not know of.
Re:Money is not secure, period (Score:2, Interesting)
The US cannot possibly end up like Cyprus. If it does, it means the global economy has collapsed and ALL forms of currency - save for bulets and possibly bottle caps - is worthless. Bitcoin backers demonstrate their fundamental lack of understanding of the economy on a daily basis.
Re:Is it? (Score:4, Interesting)
You obviously do not work with money or banking software. Its not a ledger, its a transaction trail. And its not in "an" its in several.
For transactions that stay in Bitcoins, the entire network tracks every transaction (well, more than half of it has to). The same goal is served without a central authority. The privacy implications are more disturbing than the prospect for fraud.
However, the exchanges are a different matter. Just like those stupid mortgage derivatives, there's a real need for a regulated exchange here. Note that most of the regulations involved in trading e.g. corn at the CME aren't government regulations, they're market rules. If you want to buy or sell at the CME, you follow those rules, if not, perhaps there's another market that works the way you'd like.
The CME (and the other big markets, but that's the main one for the US) is really good at writing rules that protect traders from crap like having the exchange hacked, or any of the other crap that the likes of Goldman Sachs have come up with over centuries of trying to hack the system.
My biggest worry with bitcoins is what happens when Goldman et al discover there's money to be made by manipulating that market, and have nothing to stop their centuries-old bag of tricks.
Re:Is it? (Score:5, Interesting)
When I buy a share of stock or a corn future, my need to trust the government is minimal. I need to trust the exchange. And the big exchanges have an excellent track record - the exchange rules protect against 400+ years of dirty tricks by participants, and the likes of MtGox have a very long way to go. Attacking the database is just the most obvious and straightforward approach; there are so many ways to participate fraudulently in an exchange, or corner the market, or so many other dirty tricks that become rewarding if bitcoin really takes off.
Re:Is it? (Score:5, Interesting)
That is because you do not understand how the stock exchange works. Some notes to help you under stand
#1) When you buy a stock, you do not own the stock. (Unless you get a hard copy of the stock certificate)
#2) The real stock is in DTCC's (Depository Trust and Clearing Corporation) name in a hidden vault in New York City.
#3) DTCC when Clearing the sale simply moves the record of the stock from one account to another and does not change the ownership of the stock.
#4) DTCC's Data center is running on 10 to 15 year old hardware and the stuff crashes all the time.
#5) Some day the database will crash and the information as to who owns what will be lost
#6) DTCC Will profit as they own all the stocks.
DTCC the privately held company you never heard of processing 4.6 quadrillion dollars a year in stock transactions.
Wait tell you find out who makes up the board of directors!
Re:Is it? (Score:5, Interesting)
In my opinion, microsecond stock transactions are the very type of dirty trick the exchanges should be protecting against, so based on the current actions of the stock exchanges, I disagree with your opinion on the big exchanges' track records.
Re:Is it? (Score:4, Interesting)
This wasn't a hack of the database. It was a DDOS attack. The database was not at risk in this case. People who don't understand technology need to not talk about it like they do.
We can at least read TFS.
"The Instawallet service is suspended indefinitely until we are able to develop an alternative architecture. Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is."
Now if TFS is just wrong (as happens), it's good to say so explicitly.
My point was that securing one's DB is just the first and most obvious step. Running a successful exchange puts you in direct opposition to investment banks: folks with no morals, who hired the majority of math PhDs for several years just to look for market exploits. You may be smart. The folks who run bitcoin exchanges may be smart. But this is an advanced, persistent threat, and one that's not in any way limited to technology
And unlike most other exchanges, I can actually hold on to my own bitcoins, and submit to the exchange only when I want to trade them for other currencies.
Unlike what exchange? You can't hold physical corn? Or live cattle? Or gold? Heck, I can get printed stock shares if I feel the need (I've done this for sentimental reasons - framed in my office). You seems to be confusing an exchange with a bank. The two have little in common.