31 October 2014

Bitcoin plunges again after dark market Web hack

14 February 2014  |  5004 views  |  7 bitcoins

The price of bitcoin plunged again overnight after the operator of dark market Web site Silk Road 2 claimed to have lost $2.7 million in a scam exploiting a known vulnerability in he crypto-currency.

Defcon, a Silk Road 2 moderator, informed users that the site had fallen victim to a massive hack in which 4476 bitcoins were stolen. He blamed the exploit on the "transaction malleability" loophole, which forced exchanges MT Gox and Bitstamp to suspend operations earlier this week.

The vulnerability makes it possible for someone to use the network to alter transaction details to make it seem like a sending of coins to a wallet did not occur when in fact it did occur. Since the transaction appears as if it has not proceeded correctly, the bitcoins may be resent.

In a post on the Tor network, Defcon writes: "I should have taken MtGox and Bitstamp's lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too sceptical of the possible issue at hand."

While many users are sceptical of the claims, writing off the theft as an insider scam, the news spooked the market, sending the price of Bitcoin back below the $600 mark, to a low of $532. At the time of writing, bitcoin values have staged a modest recovery, reaching $608 at pixel time.

Comments: (7)

Alexander Peschkoff - TEDIPAY - London | 14 February, 2014, 10:31

Everyone says "Bitcoin is incredible - and intrinsically - safe system". Yet, I wonder whether any reputable security experts conducted any thorough independent security review of BTC?..

I.e. any secure system has vulnarabities, one way or another (at least via the insider route). Why didn't anyone question who actually conclusively determined that BTC is secure?..

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member | 14 February, 2014, 10:52

Oh the irony that a site known for its "we can get you anything you want" is compainling about fraud and the loss of it's bitcoins...

There are two types of people who say it's secure, those who have a vested interest with everything to lose e.g. convincing themselves they are investing in the right comodity.  And those who just like to go against the "man" man... The ones who hate the current banking system, and would have all their money under their bed if they could.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Russell Bell - Fastbase Ltd - Wellington | 17 February, 2014, 04:39

The tech folk in the Bitcoin world seem to have known about this particular vulnerability for about two years, but they didn't think it posed any "real world" risk.  Obviously events have shown it's indeed a real risk, though more a denial-of-service vulnerability than vulnerability to theft.

There's serious incentive already for independent review whether driven by academic interest or by baser motives.  What nobody can predict is if some newly discovered flaw will prove fatal, or whether it's past the "what doesn't kill you makes you stronger" hump.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member | 17 February, 2014, 13:00

BTC is back up to $660 (or should we say $ is down to 0.00152) at time of posting.  Recovery is positive, but you'll say volatility isn't.  The problem is that BTC vs fiat still represents a tiny but growing proportion of the economy, so greater volatility is inevitable.  Powerful vested intersts are working overtime to discredit BTC by all means available, but the value keeps bouncing back, more retailers join the throng of those "getting it" and the first ever bank (Standard Bank of South Africa) is now offering BTC based services.  Vast swathes of what we take for grated today will gradually be disintermediated or made irrelevant in the coming years.

What BTC represents is decentralisation and a move away from traditional power bases.  For the peoples of the world to chose to trade using a non-inflationary money is terrifying the central bankers witless.  It was various of the Rothschilds who famously said:

“Let me issue and control a nation’s money and I care not who writes the laws.” Mayer Amschel Rothschild (1744-1812), founder of the House of Rothschild.

“The few who understand the system will either be so interested in its profits or be so dependent upon its favours that there will be no opposition from that class, while on the other hand, the great body of people, mentally incapable of comprehending the tremendous advantage that capital derives from the system, will bear its burdens without complaint, and perhaps without even suspecting that the system is inimical to their interests.” The Rothschild brothers of London writing to associates in New York, 1863.

So, you need to stand back and see the really big picture here.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member | 18 February, 2014, 23:27

Many people, particularly technology-oriented ones, tend to focus their attention on the technical attributes of a solution when judging how secure it is. Thus they will look at Bitcoin's algorithms and protocols and say "that is secure". On purely that level they are probably indeed correct, but this ignores the uncomfortable truth that the real weak points in any given system are  usually at the edges - where protocols meet the meat - and that good technology poorly implemented equals a poor system.

In the end the real security of a system will be heavily dependent on how easy it is to game. Unfortunately in Bitcoin's case we are now seeing that it has drawn the attention of bad guys who are adept at gaming systems, and it will not be long before we will find out whether its underlying technology proves a help or a hindrance in developing defences.

My instinct tells me that Bitcoin's decentralized nature and user culture & expectations will make effective defences difficult to implement, but if nothing else the experience will teach us a lot about what we should be really looking for in a mature crypto currency. In the mean time let's enjoy the show!

 

 1 thumb up! (Log in to thumb up)
A Finextra member | 18 February, 2014, 23:42

Any system has bad actors and good actors.  When the good actors out number the bad, it becomes more difficult to discredit the system.  Is the internet discredited by pornographers and paediphiles ?  Is the credit card system discredited by frequent fraud and theft of credit card information (the fact that such data needs to be provided in order to effect a transaction being it's supreme flaw) ?  Is the entire banking system discredited by a certain global bank recently fined $2billion for money laundering for South American drig cartels and thereby being indirectly linked to the untimely death of 80,000 people ?

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Alexander Peschkoff - TEDIPAY - London | 19 February, 2014, 06:11 Henry, with BTC we are talking about (potential) systemic risk that can undermine the platform itself, not individual transactions. Take a look at what Sky had to deal with (on a mass scale) before they introduced smartcards (btw, subscriber cards in satellite receivers are generally using a more secure chip than bank cards - Sky knows the pain...)
Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related blogs

Create a blog about this story (membership required)

Related stories

11 February, 2014
10 February, 2014
07 February, 2014
27 January, 2014
24 January, 2014
17 January, 2014
06 January, 2014
18 December, 2013
29 November, 2013
27 November, 2013

Featured job

Find your next job