Forgot your password?
typodupeerror
Bitcoin Security The Almighty Buck IT Your Rights Online

Bitcoin Exchange Mt.Gox Suffers Serious Attack, Instawallet Offline 388

Posted by timothy
from the which-fed-bank's-ip-address? dept.
Bruce66423 writes "The BBC reports that Mt.Gox, the main exchange dealing with Bitcoins, has been attacked, and other resources are off line. A scary reminder of how insecure ALL money is in the computer age..." Also at TechWeekEurope. A message at bitcoin storage service Instawallet's site begins "The Instawallet service is suspended indefinitely until we are able to develop an alternative architecture. Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is."
This discussion has been archived. No new comments can be posted.

Bitcoin Exchange Mt.Gox Suffers Serious Attack, Instawallet Offline

Comments Filter:
  • Is it? (Score:5, Insightful)

    by paiute (550198) on Thursday April 04, 2013 @11:31AM (#43357941)
    "A scary reminder of how insecure ALL money is in the computer age...."

    I applaud the creation of Bitcoin, but really, would you trust your $10,000 more on a server somewhere or in an FDIC-covered bank?
    • Re:Is it? (Score:5, Funny)

      by Anonymous Coward on Thursday April 04, 2013 @11:39AM (#43358043)

      And if you did trust it on a server somewhere, would that server be "Magic The Gathering Online Exchange"?

      (Or are we supposed to forget that that's what "MtGOX" stands for?)

      • Re:Is it? (Score:5, Funny)

        by camperdave (969942) on Thursday April 04, 2013 @12:09PM (#43358365) Journal
        See! I knew bitcoins were some in-game currency.
      • I don't trust MTGOX, and I have no illusions of trust. However many people trust the government. The real question is, is the illusion of trust better than the reality of not trusting anyone.

        Caveat Emptor.

        • Re:Is it? (Score:5, Interesting)

          by lgw (121541) on Thursday April 04, 2013 @12:35PM (#43358653) Journal

          When I buy a share of stock or a corn future, my need to trust the government is minimal. I need to trust the exchange. And the big exchanges have an excellent track record - the exchange rules protect against 400+ years of dirty tricks by participants, and the likes of MtGox have a very long way to go. Attacking the database is just the most obvious and straightforward approach; there are so many ways to participate fraudulently in an exchange, or corner the market, or so many other dirty tricks that become rewarding if bitcoin really takes off.

          • Re:Is it? (Score:5, Informative)

            by Archangel Michael (180766) on Thursday April 04, 2013 @12:53PM (#43358831) Journal

            This wasn't a hack of the database. It was a DDOS attack. The database was not at risk in this case. People who don't understand technology need to not talk about it like they do.

            And unlike most other exchanges, I can actually hold on to my own bitcoins, and submit to the exchange only when I want to trade them for other currencies.

            • Re:Is it? (Score:4, Interesting)

              by lgw (121541) on Thursday April 04, 2013 @01:48PM (#43359565) Journal

              This wasn't a hack of the database. It was a DDOS attack. The database was not at risk in this case. People who don't understand technology need to not talk about it like they do.

              We can at least read TFS.

              "The Instawallet service is suspended indefinitely until we are able to develop an alternative architecture. Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is."

              Now if TFS is just wrong (as happens), it's good to say so explicitly.

              My point was that securing one's DB is just the first and most obvious step. Running a successful exchange puts you in direct opposition to investment banks: folks with no morals, who hired the majority of math PhDs for several years just to look for market exploits. You may be smart. The folks who run bitcoin exchanges may be smart. But this is an advanced, persistent threat, and one that's not in any way limited to technology

              And unlike most other exchanges, I can actually hold on to my own bitcoins, and submit to the exchange only when I want to trade them for other currencies.

              Unlike what exchange? You can't hold physical corn? Or live cattle? Or gold? Heck, I can get printed stock shares if I feel the need (I've done this for sentimental reasons - framed in my office). You seems to be confusing an exchange with a bank. The two have little in common.

          • Re:Is it? (Score:5, Interesting)

            by Anon-Admin (443764) on Thursday April 04, 2013 @01:17PM (#43359097) Homepage Journal

            That is because you do not understand how the stock exchange works. Some notes to help you under stand

            #1) When you buy a stock, you do not own the stock. (Unless you get a hard copy of the stock certificate)
            #2) The real stock is in DTCC's (Depository Trust and Clearing Corporation) name in a hidden vault in New York City.
            #3) DTCC when Clearing the sale simply moves the record of the stock from one account to another and does not change the ownership of the stock.
            #4) DTCC's Data center is running on 10 to 15 year old hardware and the stuff crashes all the time.
            #5) Some day the database will crash and the information as to who owns what will be lost
            #6) DTCC Will profit as they own all the stocks.

            DTCC the privately held company you never heard of processing 4.6 quadrillion dollars a year in stock transactions.

            Wait tell you find out who makes up the board of directors!

            • Let us see - Some minor nits and a major point.

              DTCC moved to New Jersey a few years go, I think.

              DTCC is owned by it members – so it’s as private as your local co-op. (Which is private, but has a slightly different profit motive)

              As to profiting when they own all of the stock? You are going to have to explain that theory to me.

              Loss of data? DTCC has a set of records. Each brokerage firm has a separate set of records. (Many being held in a separate, custodial account) If DTCC and it multiple site

          • Re:Is it? (Score:5, Interesting)

            by SydShamino (547793) on Thursday April 04, 2013 @01:28PM (#43359259)

            In my opinion, microsecond stock transactions are the very type of dirty trick the exchanges should be protecting against, so based on the current actions of the stock exchanges, I disagree with your opinion on the big exchanges' track records.

            • by lgw (121541)

              It's been my experience that complaining about HFT is a sure sign that someone doesn't actually trade on an exchange or understand them except as an abstraction. HFT reduces the bid-ask gap. It's not a dirty trick at all: it's pitting the investment banks against one another for the benefit of the casual trader. That's exactly what we want exchanges to do.

              • Re:Is it? (Score:5, Informative)

                by AuMatar (183847) on Thursday April 04, 2013 @03:28PM (#43361089)

                No, it does so in the opposite direction.

                I bid $10. Someone asks $9.99. Obviously we're going to make a deal. There's an overflow of 1 cent- one of us will make 1 more cent than they expected to. Either of us could move, we could split the difference, or we could just set an exchange wide rule for this (say the seller always makes it, or the buyer).

                Now add in HFT. Same scenario. The HFT sees my $10 bid before the seller does, and sends a buy for $9.99 exactly to the seller, buying the stock. He then sells to me for $10. He makes that extra penny. Has he helped me? Not at all- he took an average of half a penny from me. Does he help the seller? Nope, he took half a penny from them, for the service of completing the transaction a few microseconds sooner.

                HFT are parasites. They provide no value to either side, but make a vig. There is no bid-ask gap that they reduce because the bid is higher than the ask. If it wasn't there'd be no money for them to make. Its immoral, unethical, and ought to be illegal. It also siphons millions to billions from the economy.

                • by lgw (121541)

                  $10. Someone asks $9.99. Obviously we're going to make a deal. There's an overflow of 1 cent-

                  If the bid is $10 no one will ever ask $9.99, they'll hit your $10 bid. What you've described is not what market makers do.

                  There is no bid-ask gap that they reduce because the bid is higher than the ask. If it wasn't there'd be no money for them to make

                  You've got it backwards. I suspect you started from the assumption that HFT is evil, and constructed a scenario to explain why they are evil - but you've wandered away from reality.

                  See my post here http://slashdot.org/comments.pl?sid=3615411&cid=43362361 [slashdot.org] where I explain in detail - it's too much to repeat here.

      • The bought the domain name, dumbass. It's now K K Tibanne running it. That's like making fun on pets.com because of 15 years ago or whatever.
      • Re: (Score:2, Insightful)

        by Princeofcups (150855)

        And if you did trust it on a server somewhere, would that server be "Magic The Gathering Online Exchange"?

        (Or are we supposed to forget that that's what "MtGOX" stands for?)

        Since some people will pay $10,000 for a mint Black Lotus, it's in the same ballpark. :-)

    • by ackthpt (218170)

      "A scary reminder of how insecure ALL money is in the computer age...."

      I applaud the creation of Bitcoin, but really, would you trust your $10,000 more on a server somewhere or in an FDIC-covered bank?

      The big sack of pennies under my bed is as secure as ever.

    • by westlake (615356)

      I applaud the creation of Bitcoin, but really, would you trust your $10,000 more on a server somewhere or in an FDIC-covered bank?

      I hate to break this to you, but your insured deposits aren't held as coins in an outsized piggy bank like Scrooge McDuck's Money Bin. They exist only as entries in an electronic ledger.

      • by Hentes (2461350)

        There are many degrees of computer security, just like in real life. When you deal with lots of money, you want security that matches with the risk. Banks can do that.

      • by chill (34294)

        Irrelevant. The guarantee is by first the bank then the U.S. Government, regardless of how the funds are recorded.

        In the case of Mt. Gox, it is an exchange and not a bank. The only threat would be if you attempted to exchange for a different currency and couldn't because of the DoS. Just like what happened to Bank of America earlier.

        As for the wallet -- they're fucked.

      • I hate to break this to you, but your insured deposits aren't held as coins in an outsized piggy bank like Scrooge McDuck's Money Bin. They exist only as entries in an electronic ledger.

        Yes, and? Those insured deposits are backed by the full faith and credit of the United States government and the bank is liable for their security. Bitcoins enjoy none of the same protections. If someone wants to use bitcoin and understands the amount of risk they are assuming then I have no quarrel with them but let's not pretend the amount of risk is remotely comparable.

      • I hate to break this to you, but your insured deposits aren't held as coins in an outsized piggy bank like Scrooge McDuck's Money Bin. They exist only as entries in an electronic ledger.

        They also exist in the form of various transaction documents and balance statements I can present to a court with jurisdiction over the bank in question as evidence of the existence of the deposits.

    • That depends on if the US government can confiscate money held in banks like what happened in Cyprus, or not. The question is, do you trust government to honor its promises. Ask the Native Americans how the government honors its treaties.

      "I'm altering the deal, pray I don't alter it further"

      • by lgw (121541)

        The government could decide to confiscate all your bitcoins too: what's your point? Heck, the US government could decide to confiscate the money in Cypriot banks, if it wanted to. There's little you can do if the nation with the largest military starts behaving badly. But realistically, if the US starts confiscating it will be far more handy pools of money: 401Ks, university endowments, and re-insurance company assets, all of which could be taxed in some new way when the money runs out. Bank deposits ar

        • How can a government confiscate that which it has no knowledge of?

      • That depends on if the US government can confiscate money held in banks like what happened in Cyprus, or not. The question is, do you trust government to honor its promises.

        The government confiscates money all the time. It's call taxes. This version was just a little less democratic and done in an unusual way which freaks people out.

        Generally speaking, no I'm not especially worried about the US government confiscating my money ala Cyprus. Furthermore even making the comparison between the two economies is a bit absurd since the situations are about as different as possible. Put a few billion into Cyprus and you'll hose the economy when you take it out. A few billion is a ro

      • That depends on if the US government can confiscate money held in banks like what happened in Cyprus, or not. The question is, do you trust government to honor its promises.

        The thing about the unlimited power that comes with soveriegnty is that governments can confiscate computing devices as well as confiscating bank deposits or any other kind of property.

        So how is Bitcoin secure, again?

    • I applaud the creation of Bitcoin, but really, would you trust your $10,000 more on a server somewhere or in an FDIC-covered bank?

      Remember, the FDIC has about $25B in treasury notes (not cash, that's long gone) in its fund to cover about $10T in deposits, and most of the insured banks have very low ratios (perhaps 10% cash-on-hand at most). If there's ever a bank run, the FDIC can't stop it.

      What the FDIC does is give the banking class license to invest wildly, without their customers caring at all what the

      • by sjbe (173966) on Thursday April 04, 2013 @12:20PM (#43358493)

        Remember, the FDIC has about $25B in treasury notes (not cash, that's long gone) in its fund to cover about $10T in deposits, and most of the insured banks have very low ratios (perhaps 10% cash-on-hand at most). If there's ever a bank run, the FDIC can't stop it.

        The FDIC doesn't have to stop it. The purpose of the FDIC is to keep bank runs from starting in the first place, not to be able to back every dollar deposited. The FDIC is there to reassure people that even if their particular bank is having issues that they still will be able to get to their money because the government is there to back them up. Bank runs start because people think they cannot get to their money. If the money is insured there is less chance of them doing this.

        • The FDIC is there to reassure people that even if their particular bank is having issues that they still will be able to get to their money because the government is there to back them up.

          Right, this is what allows bank customers to not care at all about how risky their banks' activities are.

          Bank runs start because people think they cannot get to their money. If the money is insured there is less chance of them doing this.

          We'll see what happens once the current FDIC fund is exhausted.

      • by hedwards (940851)

        This is ignorant hogwash, the FDIC can and does take control of banks before they fail. When we say that a bank failed, it usually means that they've dripped below their margin requirements and are at risk of failure. The FDIC swoops in over night, not unlike spies actually, and assumes control of the operation before even the staff know that the bank was going to be seized.

        The reason for this is because it prevents a run on the bank and lessens the likelihood of the FDIC having to pay out non-trivial sums

      • by lgw (121541)

        There is about 20x more money deposited in banks than there is physical currency (the Fed bizarrely doesn't track
        the M3 any more).

        The thing bitcoin has going for it is that nobody can double the amount of money in circulation and make the value of your coins worth half in turn. Of course it's really volatile, so while good for money transfer, don't store too much of your wealth in it long term.

        Doubling the amount of physical currency in circulation would have little effect on inflation. Moving to gold as the US currency would have little effect on inflation. Moving to bitcoin as the US currency would have little effect on inflation. The physical (or virtual) artifact used as a barter intermediary barely matters.

        You don't need to create more instances of currency to

    • Somewhere? K K Tibanne Corp in Japan. And they already got hacked once so you'd think they'd have gotten their shit together. This may have been a DDOS or something stupid like that though since the price of BC is freaking $133! That's like 50% up from 2 weeks ago.
  • by nysus (162232) on Thursday April 04, 2013 @11:31AM (#43357949)

    Uh, no. Somehow I sleep a little better knowing my money is backed up by the FDIC if I keep it in a real bank.

    • I'm sure the customers of Laiki Bank were highly satisfied with their government-provided deposit insurance too, right up until they lost all access to their funds for a few weeks, and lost the majority of their balances [bitcointalk.org]. I'm sure the people who aren't getting paid because the company they work had payroll funds frozen are singing the praises of deposit insurance right this minute.

    • by prisoner-of-enigma (535770) on Thursday April 04, 2013 @11:52AM (#43358209) Homepage

      Uh, no. Somehow I sleep a little better knowing my money is backed up by the FDIC if I keep it in a real bank.

      And, as recently demonstrated by Cyprus, if the government arbitrarily changes the rules ex post facto and decides they're going to take your money "because we need it," how well do you sleep? You sleep well thinking the rules of the game can't be changed. They can. They are. This is a terrifying precedent.

      • I trust that the U.S. Government won't expropriate my bank account more than I trust that private Bitcoin servers won't get hacked.

        Sleeping well is relative.

      • The FDIC doesn't insure all deposits. It insures deposits up to $200K (or was this increased recently?).

        I sure as hell trust the FDIC to cover up to that limit more than I trust a bitcoin exchange to cover ... well .. anything.

      • And, as recently demonstrated by Cyprus, if the government arbitrarily changes the rules ex post facto and decides they're going to take your money "because we need it," how well do you sleep?

        I sleep just fine. Governments have always had the ability to do this (it's called taxes) and they do it all the time. The only thing different here is the means by which they did it.

        You sleep well thinking the rules of the game can't be changed. They can. They are. This is a terrifying precedent.

        I sleep well knowing that the rules of the game are the same as they have always been. I understand that taxes can go up or down and I plan accordingly. I might not like it but it is hardly a big surprise.

      • And, as recently demonstrated by Cyprus, if the government arbitrarily changes the rules ex post facto and decides they're going to take your money "because we need it," how well do you sleep?

        Governments can just as easily arbitrarily change the rules and take away:
        1) The computing devices that give me access to Bitcoins,
        2) The computing devices that Bitcoin exchanges use,
        3) The computing devices that other people accepting Bitcoins use,
        4) The bank accounts that Bitcoin exchanges use,
        5) The legal environmen

    • by ackthpt (218170)

      Uh, no. Somehow I sleep a little better knowing my money is backed up by the FDIC if I keep it in a real bank.

      I'm more comfortable with having a limited amount of my assets in silve or gold coinage - that stuff will pretty much always have value.

      And regarding Bitcoins, this not-so-old poll [slashdot.org] is relevant.

  • by Anonymous Coward

    Why does it smell like tulips in here....

  • Dwolla Also Hit (Score:5, Insightful)

    by eldavojohn (898314) * <eldavojohnNO@SPAMgmail.com> on Thursday April 04, 2013 @11:39AM (#43358049) Journal
    Also Dwolla was down for two days [techcrunch.com] but appears to be back up as they appeared to have worked a deal with CloudFlare. Mt. Gox uses Prolexic so this shouldn't affect them, right? Right? Accessing the database of Instawallet sounds like a total fail though.

    A scary reminder of how insecure ALL money is in the computer age...

    Really? My Celtic ring money is still fully intact around my wrist and still worth the silver it's made out of. All currencies have their ups and downs. Some benefits are double edged swords (just ask Renminbi traders). Nice editorial though -- the services surrounding BitCoin are clearly infantile and only now are getting DDOS protection.

    My credit union offers two factor authentication. Could a Bitcoin exchange do the same? You bet. But they haven't. The fact is that it's easier to find legit and robust exchanges and institutions in USD than BitCoin.

    • Re: (Score:3, Informative)

      by Kiwikwi (2734467)
      If you'd get off your horse for a moment, you might realize that MtGox offers two-factor authentication and has for a long time.
    • by dubdays (410710)

      My credit union offers two factor authentication. Could a Bitcoin exchange do the same? You bet. But they haven't. The fact is that it's easier to find legit and robust exchanges and institutions in USD than BitCoin.

      I believe you're correct in that the exchanges don't use two factor authentication. However, my Bitcoin wallet is an online one (yeah, not so secure, but I only do a little bit of mining...less than $50 in there right now) that definitely does use two factor authentication through the Authy [google.com] app. Quite simple really, and the exchanges should definitely use something like this.

  • target (Score:5, Interesting)

    by roman_mir (125474) on Thursday April 04, 2013 @11:40AM (#43358053) Homepage Journal

    Bitcoin exchanges are a target right now at the current exchange rates, but I was thinking just a little while back [slashdot.org], isn't it strange that somebody who released [gmane.org] the original protocol is unknown and wishes to stay anonymous? I thought about that for a little bit, there are a number of possibilities. Of-course somebody who had the original idea could run the hash generation for a much longer time before anybody started doing it as part of a mining (proof of work) network. I don't know, it's hidden in plain sight [bitcoin.it]

    This feature is then used in the Bitcoin network to secure various aspects. An attacker that wants to introduce malicious payload data into the network, will need to do the required proof of work before it will be accepted. And as long as honest miners have more computing power, they can always outpace an attacker.

    - good, what if somebody had a much longer stretch of time to work out the answers before they could even become questions? It's not like those transactions are random.

    What other motives can somebody have to release a protocol like this one potentially to be used by millions of people who see this as a way to make money? Giving people incentives to come up with faster SHA generators? Somebody who wants to break encryption mechanisms by generating huge amounts of SHA codes against various data?

    I think without actually getting into the source code it's impossible to read the answers to any of these questions, so maybe that's the next step, read the source code.

    • by Paran (28208)
      It's more likely that the author(s) value their freedom. The US government (I haven't looked at others) has a history of shutting down alternative currencies and trying to inprison the creators.
      • by roman_mir (125474)

        Yes, the US government (and other governments as well) does have a history of shutting down alternative currencies and imprisoning and even labelling the people behind them as terrorists.

        On March 18, 2011, after a 90 minute jury deliberation, von NotHaus was found guilty on various counts, including the making of "counterfeit coins" (resembling legal tender coins).

        Attorney for the Western District of North Carolina, Anne M. Tompkins, described Bernard von NotHaus and the Liberty dollar as "a unique form of

    • by pantaril (1624521)

      - good, what if somebody had a much longer stretch of time to work out the answers before they could even become questions? It's not like those transactions are random.

      This will not work. You cannot compute the answers to unknown questions. The questions are composed of all transactions in recent 10 minutes which are basically input and output addresses signed with unknown private keys. In order to successfully employ 51% attack on bitcoin you must be able to ouperform the rest of the network in real time for at least 10 minutes.

  • InstaTheft (Score:3, Interesting)

    by Anonymous Coward on Thursday April 04, 2013 @11:42AM (#43358073)

    Was InstaWallet attacked? Or is that what they want you to believe while they abscond with all the untraceable bitcoins?

  • Old news? (Score:5, Informative)

    by prisoner-of-enigma (535770) on Thursday April 04, 2013 @11:47AM (#43358137) Homepage

    This is semi-old news. Mt.Gox has been under attack for at least a couple of days but they appear to be handling it pretty well. I haven't noticed any problems with using them at least. Trades might be taking a tad longer but nothing big that I can see.

    Instawallet, on the other hand, crumbled at least a day or two (I read about it early yesterday morning). Their problem had nothing fundamental to do with BTC but more to do with the unique way Instawallet did business with (I believe) greater anonymity. The whole "we gotta rearchitect this thing" press release was that their fundamental way of doing business made them uniquely targetable by fraudsters, thus they gotta figure out something new.

  • by youn (1516637) on Thursday April 04, 2013 @12:12PM (#43358395) Homepage

    there are so many in the news, it is difficult to keep track

    • 3 exchanges were ever hacked in history, 2 were MTGox lol. But this doesn't sound like the first hack. It sounds like it just knocked them offline. The first one actually stole stuff and they thoroughly fixed that problem and sold the site to a company with better resources and a large background in banking.
      • by asylumx (881307)

        3 exchanges were ever hacked in history

        Yes, but it's a very short history and there aren't exactly a plethora of exchanges, especially not popular ones.

  • by slashmydots (2189826) on Thursday April 04, 2013 @12:41PM (#43358709)
    Hackers DDOSed just the website itself to scare people into a sell-off then bought up the cheaper coins and waited for the price to rise again. This has nothing to do with the bitcoin network or protocol, zero coins were stolen, and no security was breached at MTGox. So everyone above me, STFU and read the article or this before talking out your ass about bitcoins.
    • by Pecisk (688001)

      But a hacker's scam worked, didn't it? But this is problem in general with people and IT systems - common crowd don't even understand how it works broadly, so don't expect them to distinguish simple DDOS or network failure from bank/system going bankrupt, for example. Education and explaining - those can only limit damage in such cases in long term. In short term - be honest and leave yourself emergency information channels open.

  • I came across this not too long ago: on Reuters, Felix Salmon outlining some opinion that Bitcoin embraces anarchy a little _too_ well, and is too volatile to serve as an adequate store of value as a consequence.

    http://blogs.reuters.com/felix-salmon/2013/04/03/why-bitcoins-rise-is-nothing-to-celebrate/ [reuters.com]

    With the value of Bitcoin jumping around the way it does, I'd be leery about keeping any amount of my money in Bitcoins.

    Furthermore, if the value (or for the clever City boys, the volatility) of Bitcoin can be

  • What I enjoyed most were the headlines in the "legit" financial sites, looking for any excuse to dismiss Bitcoin. Basically, they all said that the value of Bitcoin "tanked" because it got up to $145 earlier in the day, before "crashing down" to $125. I wanted to ask them "So, it was $95 two days ago. Yesterday, it was $115. Today, it's $125... what was that about 'tanking', again?". And, of course, today, it's at $135. I'll take that tank, any day.

I am not now, nor have I ever been, a member of the demigodic party. -- Dennis Ritchie

Working...