Bitcoin plunges again after dark market Web hack

Bitcoin plunges again after dark market Web hack

The price of bitcoin plunged again overnight after the operator of dark market Web site Silk Road 2 claimed to have lost $2.7 million in a scam exploiting a known vulnerability in he crypto-currency.

Defcon, a Silk Road 2 moderator, informed users that the site had fallen victim to a massive hack in which 4476 bitcoins were stolen. He blamed the exploit on the "transaction malleability" loophole, which forced exchanges MT Gox and Bitstamp to suspend operations earlier this week.

The vulnerability makes it possible for someone to use the network to alter transaction details to make it seem like a sending of coins to a wallet did not occur when in fact it did occur. Since the transaction appears as if it has not proceeded correctly, the bitcoins may be resent.

In a post on the Tor network, Defcon writes: "I should have taken MtGox and Bitstamp's lead and disabled withdrawals as soon as the malleability issue was reported. I was slow to respond and too sceptical of the possible issue at hand."

While many users are sceptical of the claims, writing off the theft as an insider scam, the news spooked the market, sending the price of Bitcoin back below the $600 mark, to a low of $532. At the time of writing, bitcoin values have staged a modest recovery, reaching $608 at pixel time.

Comments: (7)

A Finextra member
A Finextra member 14 February, 2014, 10:31Be the first to give this comment the thumbs up 0 likes

Everyone says "Bitcoin is incredible - and intrinsically - safe system". Yet, I wonder whether any reputable security experts conducted any thorough independent security review of BTC?..

I.e. any secure system has vulnarabities, one way or another (at least via the insider route). Why didn't anyone question who actually conclusively determined that BTC is secure?..

A Finextra member
A Finextra member 14 February, 2014, 10:52Be the first to give this comment the thumbs up 0 likes

Oh the irony that a site known for its "we can get you anything you want" is compainling about fraud and the loss of it's bitcoins...

There are two types of people who say it's secure, those who have a vested interest with everything to lose e.g. convincing themselves they are investing in the right comodity.  And those who just like to go against the "man" man... The ones who hate the current banking system, and would have all their money under their bed if they could.

Russell Bell
Russell Bell - Fastbase Ltd - Wellington 17 February, 2014, 04:39Be the first to give this comment the thumbs up 0 likes

The tech folk in the Bitcoin world seem to have known about this particular vulnerability for about two years, but they didn't think it posed any "real world" risk.  Obviously events have shown it's indeed a real risk, though more a denial-of-service vulnerability than vulnerability to theft.

There's serious incentive already for independent review whether driven by academic interest or by baser motives.  What nobody can predict is if some newly discovered flaw will prove fatal, or whether it's past the "what doesn't kill you makes you stronger" hump.

A Finextra member
A Finextra member 17 February, 2014, 13:00Be the first to give this comment the thumbs up 0 likes

BTC is back up to $660 (or should we say $ is down to 0.00152) at time of posting.  Recovery is positive, but you'll say volatility isn't.  The problem is that BTC vs fiat still represents a tiny but growing proportion of the economy, so greater volatility is inevitable.  Powerful vested intersts are working overtime to discredit BTC by all means available, but the value keeps bouncing back, more retailers join the throng of those "getting it" and the first ever bank (Standard Bank of South Africa) is now offering BTC based services.  Vast swathes of what we take for grated today will gradually be disintermediated or made irrelevant in the coming years.

What BTC represents is decentralisation and a move away from traditional power bases.  For the peoples of the world to chose to trade using a non-inflationary money is terrifying the central bankers witless.  It was various of the Rothschilds who famously said:

“Let me issue and control a nation’s money and I care not who writes the laws.” Mayer Amschel Rothschild (1744-1812), founder of the House of Rothschild.

“The few who understand the system will either be so interested in its profits or be so dependent upon its favours that there will be no opposition from that class, while on the other hand, the great body of people, mentally incapable of comprehending the tremendous advantage that capital derives from the system, will bear its burdens without complaint, and perhaps without even suspecting that the system is inimical to their interests.” The Rothschild brothers of London writing to associates in New York, 1863.

So, you need to stand back and see the really big picture here.

A Finextra member
A Finextra member 18 February, 2014, 23:271 like 1 like

Many people, particularly technology-oriented ones, tend to focus their attention on the technical attributes of a solution when judging how secure it is. Thus they will look at Bitcoin's algorithms and protocols and say "that is secure". On purely that level they are probably indeed correct, but this ignores the uncomfortable truth that the real weak points in any given system are  usually at the edges - where protocols meet the meat - and that good technology poorly implemented equals a poor system.

In the end the real security of a system will be heavily dependent on how easy it is to game. Unfortunately in Bitcoin's case we are now seeing that it has drawn the attention of bad guys who are adept at gaming systems, and it will not be long before we will find out whether its underlying technology proves a help or a hindrance in developing defences.

My instinct tells me that Bitcoin's decentralized nature and user culture & expectations will make effective defences difficult to implement, but if nothing else the experience will teach us a lot about what we should be really looking for in a mature crypto currency. In the mean time let's enjoy the show!


A Finextra member
A Finextra member 18 February, 2014, 23:42Be the first to give this comment the thumbs up 0 likes

Any system has bad actors and good actors.  When the good actors out number the bad, it becomes more difficult to discredit the system.  Is the internet discredited by pornographers and paediphiles ?  Is the credit card system discredited by frequent fraud and theft of credit card information (the fact that such data needs to be provided in order to effect a transaction being it's supreme flaw) ?  Is the entire banking system discredited by a certain global bank recently fined $2billion for money laundering for South American drig cartels and thereby being indirectly linked to the untimely death of 80,000 people ?

A Finextra member
A Finextra member 19 February, 2014, 06:11Be the first to give this comment the thumbs up 0 likes Henry, with BTC we are talking about (potential) systemic risk that can undermine the platform itself, not individual transactions. Take a look at what Sky had to deal with (on a mass scale) before they introduced smartcards (btw, subscriber cards in satellite receivers are generally using a more secure chip than bank cards - Sky knows the pain...)