backtop


Print 15 comment(s) - last by BitcoinLurker.. on Oct 1 at 3:42 AM


  (Source: Zach Copley)
Hack occurred due to exchange operator leaving his keys unencrypted

Originally conceived of by science fiction writers -- most notably Neal ­Stephenson's cult science-fiction novel Snow Crash -- peer-to-peer cryptocurrency has been all over the headlines, following its leap to the real world, in the form of the Bitcoin.  Created by a shadowy individual known as "Satoshi Nakamoto", bitcoins are an inherently anarchic construct looking to free a key piece of the global economy -- specifically, currency -- from the grip of any one nation.  They're also difficult to trace, making them a popular mode of purchasing quasi-legal items.

But over the year the flowers and sunshine surrounding Bitcoin has been slightly diminished.  Last June, there was a massive devaluation, letting off inflationary steam and costing late adopters large amounts of real-world dollar value.  Later that same month Mt. Gox, the single largest Bitcoin exchange (which trades Bitcoins for real world dollars and vice versa) was hacked.  Since then we've learned about Bitcoin-stealing malware and Bitcoin Ponzi schemes.

Now BitFloor, a second exchange has been hacked, with approximately $250,000 USD in Bitcoins stolen (or more correctly, inappropriately transferred to a single account).

London-based BitFloor founder Roman Shtylman reported the theft to the U.S. Federal Bureau of Investigation (despite their anarchic nature, Bitcoins can be considered personal property and are arguably "illegal" to seize via hacking).  He's also reopened the exchange, though his volume is down substantially placing his site as the thirteenth largest exchange globally.

So how did the hack happen?

Unlike some other exchange hacks, which saw password cracking used to access individual accounts and place trades (as with the Mt. Gox hack), the BitFloor hack occurred by a direct hack on the person that holds all the Bitcoins as per the standard exchange model -- in this case Mr. Shtylman.  By obtaining Mr. Shtylman's private keys -- which he foolishly left unencrypted -- the hacker was able to divert the funds flowing into his exchange into his own account, gaining 24,000 Bitcoins.

Mr. Shtylman now says he's keeping his new keys in "cold storage" (offline computers) to prevent future hacks.

The hack cost the exchange operator all of the revenue he collected off of trading fees -- and then some.  But he vows to pay back the victims, commenting, "How long that will take I don’t know.  Certainly for me this is a long-term plan, and Im mostly doing this because I feel it's important to try and be clear of my intention to try and recover the coins."

Bitfloor
BitFloor was closed for almost a month, following the hack. [Image Source: Bitcoin Charts]

One possibility would be to catch the thief.

The person who grabbed the coins has not transferred them since the theft.  As all Bitcoin transactions are logged, if and when they do begin to make trades that information could be used in an effort to track them down -- say by looking at the IP address making the trade.  Mr. Shtylman would likely work with other exchange operators to monitor trades in the hunt for the thief.

For now, though, some more folks have lost their hard earned cash to the world of Bitcoin.  The lesson is that as grim as today's corruption prone offline economy is, digital anarchy isn't entirely danger free either.  

Eggs in one basket
Advice: don't keep all your bitcoins in one basket. [Image Source: Sophie Books Photography]

About the best advice for Bitcoin investors is similar to advice to real-world traders -- don't keep all your eggs in one basket.

Source: CIO



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Standards
By InternetGeek on 9/26/2012 12:41:08 AM , Rating: 5
It's amazing how people running exchanges destroy their own business when they disregard risk management. There are global guidelines for managing security in financial organizations, it is logical then to follow these.

I can't also understand why people trust an exchange without reviewing their certifications and other standards. Sadly this is affecting Bitcoins as a market, delaying adoption. Until a serious player shows up, I can't see mainstream adoption.




RE: Standards
By tamalero on 9/26/2012 11:37:40 AM , Rating: 3
Well; People who are severely infected with Greed and blind hope.. will always risk everything just to attempt to get a small gain.

it happens everywhere..
and that is what caused the real life economic collapse of banks


RE: Standards
By EricMartello on 9/26/12, Rating: 0
RE: Standards
By dark matter on 9/27/2012 8:00:20 AM , Rating: 3
Digital currencies are worthless?

Aren't all currencies worthless?

Or do you really believe that bit of paper and those coins are actually worth anything?

As for the rest, it's all digital anyway.

Duh!


RE: Standards
By EricMartello on 9/27/2012 10:03:29 PM , Rating: 2
The format of the currency is irrelevant. For a currency to have value it has to be tied to a REAL economy, and an economy needs two basic things to exist - providers and consumers.

Providers make goods, services and resources available while consumers use the goods, services and resources. The currency that both parties agree upon has an intrinsic value related to the supply and demand of the particular economy that both parties are members of - this is where bitcoins fail.

Since bitcoins are not tied to any one economy their value is entirely arbitrary and inconsistent. The exchange rate of a country's currency are based on relative buying power, and buying power is a factor of a country's economic output. Bitcoin value is determined by the exchanges themselves - which creates an atmosphere where the largest coin exchange gets to control the overall value of the currency.

If you compare bitcoins to another digital currency like World of Warcraft gold, you can see that the value of WoW gold is tied to the particular economy within the fictitious game world.

For something like bitcoins to work, the entire world would need to have a single unified economy where everything costs the same throughout the world. This socialist wet dream will never happen.


RE: Standards
By morob05 on 9/28/2012 2:10:19 PM , Rating: 2
The black market is a very real economy and the way i see it bitcoins are very much tied to this economy. This is also the reason that i think it will prevail for the time being. However i suspect that future legislation will put an end to bitcoins, eventually... I'm having difficulty understanding how a currency like that could be legal in the first place.


Quasi-legal?
By mcnabney on 9/26/2012 9:11:31 AM , Rating: 2
Let's be honest here, while the founders had more noble intentions of creating a self-supporting currency - the realities of BC are that the demand for their use revolves around criminal transactions - buying and selling illegal items and illegal services. Now many of us disagree with the illegal nature of some of those items, but the realities are that many of the scarier criminals are greatly benefiting from BC's existence.




RE: Quasi-legal?
By MadAd on 9/26/2012 9:05:45 PM , Rating: 2
aww come on, things like this are bound to happen with a system run by amateurs, i mean your bank manager wouldnt leave his briefcase with all the account information open on the train while he goes to urinate would he?

Some exchanges will learn from this promising xyz security features and hopefully raise the bar in general for security, banks just have more experience at it (and deep pockets).

As for crime, you think banks dont have criminal activities? People got on with plenty of crime before the internet, its the same people just using a different method, lets not let a minority spoil a good thing.

Finally, some may say the control of our banking system by a bunch of self interested lunatics with nothing to lose but the taxpayers money (being bailed out, taking a dump on the economy, blah blah) is a crime in itself and whatever teething troubles BC has surely has to be worth it to create an alternative system of exchange outside of the aforesaid lunatics influence?


RE: Quasi-legal?
By dark matter on 9/27/2012 8:03:05 AM , Rating: 1
Some banks have been found to be throwing confidential waste in the garbage.

Credit card transactions, numbers, credit applications.

You think because they work in a "bank" they are not shit at their job.

Have you even SEEN the economy.

How exactly did that come about. Oh wait, shady bank transactions.

FFS, at least understand the world around you before spouting shite.


RE: Quasi-legal?
By dark matter on 9/27/2012 8:01:17 AM , Rating: 2
The REALLY scary criminals are in the office.


can someone explain?
By johnsonx on 9/26/2012 11:45:01 AM , Rating: 2
Since they appear to know exactly where the stolen bitcoins are, why can't they just take them back and reverse out the fraudulent transactions?




RE: can someone explain?
By darkpuppet on 9/26/2012 1:00:31 PM , Rating: 2
nope, transactions in bitcoin are non-reversible. The whole transaction chain is built up of hashes, and once you hit a certain critical mass of peers that validate your coin transaction, it's permanent.

You can't even grab the money from the hash that the money was sent to, and the user who stole the money could theoretically use a different hash to use the ooins making tracing difficult, except for the IP information.

A trail is left, but it's not an easy one to follow per se.


RE: can someone explain?
By BitcoinLurker on 10/1/2012 3:42:21 AM , Rating: 2
If a majority of the bitcoin miners agree on a software change, then that change takes effect. The software could be modified to forbid access to the stolen funds and even to transfer them back to their owner. But only if a majority of miners install and use the new version.

Of course, if most of them aren't watching carefully, then the minority of people who control release of a new software version could make the change, and it would stick as soon as over half of the miners install it, even if they don't know about the change.


Only 2 hacks?
By dark matter on 9/27/2012 7:59:19 AM , Rating: 2
And that's a problem?

How often do you think bank customers get their accounts hacked, or cards cloned or fraudulent credit card transactions.

And that's going as far as the investment banks who employ people who get pissed and go on a spending spree causing 500 million worth of damage.

But of course, the high street banks are safe, aren't they?

Yeah, right.




not snow crash
By lolmuly on 9/30/2012 6:19:23 AM , Rating: 2
The book you are looking for is Cryptonomicon, not Snow Crash.

Please bother to read the synopsis of a book before recommending it to people based on it's supposed relationship to current events, you might find that it has nothing to do with what you're talking about.




"We don't know how to make a $500 computer that's not a piece of junk." -- Apple CEO Steve Jobs














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki