backtop


Print 15 comment(s) - last by BitcoinLurker.. on Oct 1 at 3:42 AM


  (Source: Zach Copley)
Hack occurred due to exchange operator leaving his keys unencrypted

Originally conceived of by science fiction writers -- most notably Neal ­Stephenson's cult science-fiction novel Snow Crash -- peer-to-peer cryptocurrency has been all over the headlines, following its leap to the real world, in the form of the Bitcoin.  Created by a shadowy individual known as "Satoshi Nakamoto", bitcoins are an inherently anarchic construct looking to free a key piece of the global economy -- specifically, currency -- from the grip of any one nation.  They're also difficult to trace, making them a popular mode of purchasing quasi-legal items.

But over the year the flowers and sunshine surrounding Bitcoin has been slightly diminished.  Last June, there was a massive devaluation, letting off inflationary steam and costing late adopters large amounts of real-world dollar value.  Later that same month Mt. Gox, the single largest Bitcoin exchange (which trades Bitcoins for real world dollars and vice versa) was hacked.  Since then we've learned about Bitcoin-stealing malware and Bitcoin Ponzi schemes.

Now BitFloor, a second exchange has been hacked, with approximately $250,000 USD in Bitcoins stolen (or more correctly, inappropriately transferred to a single account).

London-based BitFloor founder Roman Shtylman reported the theft to the U.S. Federal Bureau of Investigation (despite their anarchic nature, Bitcoins can be considered personal property and are arguably "illegal" to seize via hacking).  He's also reopened the exchange, though his volume is down substantially placing his site as the thirteenth largest exchange globally.

So how did the hack happen?

Unlike some other exchange hacks, which saw password cracking used to access individual accounts and place trades (as with the Mt. Gox hack), the BitFloor hack occurred by a direct hack on the person that holds all the Bitcoins as per the standard exchange model -- in this case Mr. Shtylman.  By obtaining Mr. Shtylman's private keys -- which he foolishly left unencrypted -- the hacker was able to divert the funds flowing into his exchange into his own account, gaining 24,000 Bitcoins.

Mr. Shtylman now says he's keeping his new keys in "cold storage" (offline computers) to prevent future hacks.

The hack cost the exchange operator all of the revenue he collected off of trading fees -- and then some.  But he vows to pay back the victims, commenting, "How long that will take I don’t know.  Certainly for me this is a long-term plan, and Im mostly doing this because I feel it's important to try and be clear of my intention to try and recover the coins."

Bitfloor
BitFloor was closed for almost a month, following the hack. [Image Source: Bitcoin Charts]

One possibility would be to catch the thief.

The person who grabbed the coins has not transferred them since the theft.  As all Bitcoin transactions are logged, if and when they do begin to make trades that information could be used in an effort to track them down -- say by looking at the IP address making the trade.  Mr. Shtylman would likely work with other exchange operators to monitor trades in the hunt for the thief.

For now, though, some more folks have lost their hard earned cash to the world of Bitcoin.  The lesson is that as grim as today's corruption prone offline economy is, digital anarchy isn't entirely danger free either.  

Eggs in one basket
Advice: don't keep all your bitcoins in one basket. [Image Source: Sophie Books Photography]

About the best advice for Bitcoin investors is similar to advice to real-world traders -- don't keep all your eggs in one basket.

Source: CIO



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Quasi-legal?
By mcnabney on 9/26/2012 9:11:31 AM , Rating: 2
Let's be honest here, while the founders had more noble intentions of creating a self-supporting currency - the realities of BC are that the demand for their use revolves around criminal transactions - buying and selling illegal items and illegal services. Now many of us disagree with the illegal nature of some of those items, but the realities are that many of the scarier criminals are greatly benefiting from BC's existence.




RE: Quasi-legal?
By MadAd on 9/26/2012 9:05:45 PM , Rating: 2
aww come on, things like this are bound to happen with a system run by amateurs, i mean your bank manager wouldnt leave his briefcase with all the account information open on the train while he goes to urinate would he?

Some exchanges will learn from this promising xyz security features and hopefully raise the bar in general for security, banks just have more experience at it (and deep pockets).

As for crime, you think banks dont have criminal activities? People got on with plenty of crime before the internet, its the same people just using a different method, lets not let a minority spoil a good thing.

Finally, some may say the control of our banking system by a bunch of self interested lunatics with nothing to lose but the taxpayers money (being bailed out, taking a dump on the economy, blah blah) is a crime in itself and whatever teething troubles BC has surely has to be worth it to create an alternative system of exchange outside of the aforesaid lunatics influence?


RE: Quasi-legal?
By dark matter on 9/27/2012 8:03:05 AM , Rating: 1
Some banks have been found to be throwing confidential waste in the garbage.

Credit card transactions, numbers, credit applications.

You think because they work in a "bank" they are not shit at their job.

Have you even SEEN the economy.

How exactly did that come about. Oh wait, shady bank transactions.

FFS, at least understand the world around you before spouting shite.


RE: Quasi-legal?
By dark matter on 9/27/2012 8:01:17 AM , Rating: 2
The REALLY scary criminals are in the office.


"We don't know how to make a $500 computer that's not a piece of junk." -- Apple CEO Steve Jobs














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki