Virtual currency exchange MT Gox says that an anonymous hacker used phoney Bitcoins to flood the market and drive down prices causing a spectacular market crash last month.
The hacker used a simple SQL injection attack to take over an administrator's account, and then assigned it with $1 million in fake cash to create 2 million bogus Bitcoins. When the dummy currency was released on the market, prices crashed and the attacker was able to snap up 2000 authentic wallet-backed Bitcoins before the site was shut down to prevent further trading.
In a statement, MT Gox says the exchange was unprepared for Bitcoin's explosive growth. "Our dated system was built as a hobby when Bitcoins were worth pennies a piece. It was not built to be a Fort Knox capable of securely handling millions of dollars in transactions each day."
The exchange operator has been scrambling to raise security levels on the site, introducing SHA-512 multi-iteration, triple salted hashing and an option for users to enable a withdraw password that will be separate from their login passwords. Other security measures such as one-time password keys are planned for release "very soon".
"We are now operating under the presumption that another security breach will happen at some point in the future and we are implementing layers of fail-safe mechanisms to greatly limit the amount of damage possible," says the company.