Second Bitcoin Hack Highlights Challenges, Resilience of Anarchic E-Currency
September 25, 2012 8:02 PM
comment(s) - last by
(Source: Zach Copley)
Hack occurred due to exchange operator leaving his keys unencrypted
Originally conceived of by science fiction writers -- most notably Neal Stephenson's cult science-fiction novel
-- peer-to-peer cryptocurrency has been all over the headlines, following its leap to the real world, in the form of
. Created by a shadowy individual known as "
", bitcoins are an inherently anarchic construct looking to free a key piece of the global economy -- specifically, currency -- from the grip of any one nation. They're also difficult to trace, making them a popular mode of purchasing quasi-legal items.
But over the year the flowers and sunshine surrounding Bitcoin has been slightly diminished. Last June, there was
a massive devaluation
, letting off inflationary steam and costing late adopters large amounts of real-world dollar value. Later that same month Mt. Gox, the single largest Bitcoin exchange (which trades Bitcoins for real world dollars and vice versa)
. Since then we've learned about
Bitcoin Ponzi schemes
, a second exchange
has been hacked
, with approximately $250,000 USD in Bitcoins stolen (or more correctly, inappropriately transferred to a single account).
London-based BitFloor founder Roman Shtylman reported the theft to the U.S. Federal Bureau of Investigation (despite their anarchic nature, Bitcoins can be considered personal property and are arguably "illegal" to seize via hacking). He's also reopened the exchange, though his volume is down substantially placing his site as the thirteenth largest exchange globally.
So how did the hack happen?
Unlike some other exchange hacks, which saw password cracking used to access individual accounts and place trades (as with the Mt. Gox hack), the BitFloor hack occurred by a direct hack on the person that holds all the Bitcoins as per the standard exchange model -- in this case Mr. Shtylman. By obtaining Mr. Shtylman's private keys -- which he foolishly left unencrypted -- the hacker was able to divert the funds flowing into his exchange into his own account, gaining 24,000 Bitcoins.
Mr. Shtylman now says he's keeping his new keys in "cold storage" (offline computers) to prevent future hacks.
The hack cost the exchange operator all of the revenue he collected off of trading fees -- and then some. But he vows to pay back the victims, commenting, "How long that will take I don’t know. Certainly for me this is a long-term plan, and Im mostly doing this because I feel it's important to try and be clear of my intention to try and recover the coins."
BitFloor was closed for almost a month, following the hack. [Image Source: Bitcoin Charts]
One possibility would be to catch the thief.
The person who grabbed the coins has not transferred them since the theft. As all Bitcoin transactions are logged, if and when they do begin to make trades that information could be used in an effort to track them down -- say by looking at the IP address making the trade. Mr. Shtylman would likely work with other exchange operators to monitor trades in the hunt for the thief.
For now, though, some more folks have lost their hard earned cash to the world of Bitcoin. The lesson is that as grim as today's corruption prone offline economy is, digital anarchy isn't entirely danger free either.
Advice: don't keep all your bitcoins in one basket. [Image Source: Sophie Books Photography]
About the best advice for Bitcoin investors is similar to advice to real-world traders -- don't keep all your eggs in one basket.
This article is over a month old, voting and posting comments is disabled
can someone explain?
9/26/2012 11:45:01 AM
Since they appear to know exactly where the stolen bitcoins are, why can't they just take them back and reverse out the fraudulent transactions?
RE: can someone explain?
9/26/2012 1:00:31 PM
nope, transactions in bitcoin are non-reversible. The whole transaction chain is built up of hashes, and once you hit a certain critical mass of peers that validate your coin transaction, it's permanent.
You can't even grab the money from the hash that the money was sent to, and the user who stole the money could theoretically use a different hash to use the ooins making tracing difficult, except for the IP information.
A trail is left, but it's not an easy one to follow per se.
RE: can someone explain?
10/1/2012 3:42:21 AM
If a majority of the bitcoin miners agree on a software change, then that change takes effect. The software could be modified to forbid access to the stolen funds and even to transfer them back to their owner. But only if a majority of miners install and use the new version.
Of course, if most of them aren't watching carefully, then the minority of people who control release of a new software version could make the change, and it would stick as soon as over half of the miners install it, even if they don't know about the change.
"It's okay. The scenarios aren't that clear. But it's good looking. [Steve Jobs] does good design, and [the iPad] is absolutely a good example of that." -- Bill Gates on the Apple iPad
"Pirateat40" Makes Off $5.6M USD in BitCoins From Pyramid Scheme
August 28, 2012, 4:11 PM
Malware Authors Get Boost from Apple's Sluggish Updates, Infect 600K Macs
April 6, 2012, 8:40 AM
Inside the Mega-Hack of Bitcoin: the Full Story
June 19, 2011, 6:40 PM
Cracking the Bitcoin: Digging Into a $131M USD Virtual Currency
June 12, 2011, 7:35 PM
Digital Black Friday: First Bitcoin "Depression" Hits
June 10, 2011, 7:05 PM
Twitter Senior VP: "Diversity is Important, But We Can’t Lower the Bar"
November 9, 2015, 9:59 AM
CNN Resorts to Internet Censorship to Promote Clinton Over Senator Sanders
October 15, 2015, 2:47 PM
Breaking Bad: How to Crash Google's Chrome Browser With Just 8 Characters
September 23, 2015, 11:08 AM
Quick Note: Amazon UK Offers £10 Back on Any Order £50 or Over
August 3, 2015, 12:05 PM
Editorial: Reddit Allows Itself to be Hijacked as a Hate Platform For Racist Bigots
July 21, 2015, 6:32 PM
Mozilla and Facebook to Adobe: It's Time to Kill Flash
July 20, 2015, 6:30 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2016 DailyTech LLC. -
Terms, Conditions & Privacy Information