backtop


Print 15 comment(s) - last by BitcoinLurker.. on Oct 1 at 3:42 AM


  (Source: Zach Copley)
Hack occurred due to exchange operator leaving his keys unencrypted

Originally conceived of by science fiction writers -- most notably Neal ­Stephenson's cult science-fiction novel Snow Crash -- peer-to-peer cryptocurrency has been all over the headlines, following its leap to the real world, in the form of the Bitcoin.  Created by a shadowy individual known as "Satoshi Nakamoto", bitcoins are an inherently anarchic construct looking to free a key piece of the global economy -- specifically, currency -- from the grip of any one nation.  They're also difficult to trace, making them a popular mode of purchasing quasi-legal items.

But over the year the flowers and sunshine surrounding Bitcoin has been slightly diminished.  Last June, there was a massive devaluation, letting off inflationary steam and costing late adopters large amounts of real-world dollar value.  Later that same month Mt. Gox, the single largest Bitcoin exchange (which trades Bitcoins for real world dollars and vice versa) was hacked.  Since then we've learned about Bitcoin-stealing malware and Bitcoin Ponzi schemes.

Now BitFloor, a second exchange has been hacked, with approximately $250,000 USD in Bitcoins stolen (or more correctly, inappropriately transferred to a single account).

London-based BitFloor founder Roman Shtylman reported the theft to the U.S. Federal Bureau of Investigation (despite their anarchic nature, Bitcoins can be considered personal property and are arguably "illegal" to seize via hacking).  He's also reopened the exchange, though his volume is down substantially placing his site as the thirteenth largest exchange globally.

So how did the hack happen?

Unlike some other exchange hacks, which saw password cracking used to access individual accounts and place trades (as with the Mt. Gox hack), the BitFloor hack occurred by a direct hack on the person that holds all the Bitcoins as per the standard exchange model -- in this case Mr. Shtylman.  By obtaining Mr. Shtylman's private keys -- which he foolishly left unencrypted -- the hacker was able to divert the funds flowing into his exchange into his own account, gaining 24,000 Bitcoins.

Mr. Shtylman now says he's keeping his new keys in "cold storage" (offline computers) to prevent future hacks.

The hack cost the exchange operator all of the revenue he collected off of trading fees -- and then some.  But he vows to pay back the victims, commenting, "How long that will take I don’t know.  Certainly for me this is a long-term plan, and Im mostly doing this because I feel it's important to try and be clear of my intention to try and recover the coins."

Bitfloor
BitFloor was closed for almost a month, following the hack. [Image Source: Bitcoin Charts]

One possibility would be to catch the thief.

The person who grabbed the coins has not transferred them since the theft.  As all Bitcoin transactions are logged, if and when they do begin to make trades that information could be used in an effort to track them down -- say by looking at the IP address making the trade.  Mr. Shtylman would likely work with other exchange operators to monitor trades in the hunt for the thief.

For now, though, some more folks have lost their hard earned cash to the world of Bitcoin.  The lesson is that as grim as today's corruption prone offline economy is, digital anarchy isn't entirely danger free either.  

Eggs in one basket
Advice: don't keep all your bitcoins in one basket. [Image Source: Sophie Books Photography]

About the best advice for Bitcoin investors is similar to advice to real-world traders -- don't keep all your eggs in one basket.

Source: CIO



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

can someone explain?
By johnsonx on 9/26/2012 11:45:01 AM , Rating: 2
Since they appear to know exactly where the stolen bitcoins are, why can't they just take them back and reverse out the fraudulent transactions?




RE: can someone explain?
By darkpuppet on 9/26/2012 1:00:31 PM , Rating: 2
nope, transactions in bitcoin are non-reversible. The whole transaction chain is built up of hashes, and once you hit a certain critical mass of peers that validate your coin transaction, it's permanent.

You can't even grab the money from the hash that the money was sent to, and the user who stole the money could theoretically use a different hash to use the ooins making tracing difficult, except for the IP information.

A trail is left, but it's not an easy one to follow per se.


RE: can someone explain?
By BitcoinLurker on 10/1/2012 3:42:21 AM , Rating: 2
If a majority of the bitcoin miners agree on a software change, then that change takes effect. The software could be modified to forbid access to the stolen funds and even to transfer them back to their owner. But only if a majority of miners install and use the new version.

Of course, if most of them aren't watching carefully, then the minority of people who control release of a new software version could make the change, and it would stick as soon as over half of the miners install it, even if they don't know about the change.


"There is a single light of science, and to brighten it anywhere is to brighten it everywhere." -- Isaac Asimov














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki