Bitcoin collapses on malicious trade

Mt Gox scrambling to raise the Titanic


The fragility of the Bitcoin peer-to-peer crypto-currency has been thrown into sharp relief when a large sell transaction sent the trade value of Bitcoins to zero.

According to the Mt Gox exchange, the sell order came from a compromised account. Mt Gox has taken its exchange offline (however, a screen grab of Bitcoins’ collapse is here) and is attempting to recover.

Its approach is to roll back all transactions to their state before the sell order was placed.

“The bitcoin will be back to around 17.5$ / BC after we rollback all trades that have happened after the huge Bitcoin sale that happened on June 20th near 3:00am (JST)”, (sic) says the Mt Gox posting.

As the comments beneath that posting reveal, not all users are pleased about the rollback attempt – for example, those who spotted the collapse happening and decided to load up with cheap Bitcoins.

El Reg Comment: This attack on the Bitcoin follows increasing instability in the crypto-currency. After quietly making its own way in the world for a couple of years, sudden attention from mainstream media started driving large rises and falls in Bitcoin value.

Last week, what was called “the first” Bitcoin heist was reported (whether it was the first is impossible to verify), after which malware came to light that’s designed to steal users’ credentials and wallets.

This latest crisis, however, is a disaster for Bitcoin boosters, many of whom considered themselves “Bitcoin millionaires”. Their status – and the viability of Bitcoins as a genuine alternative currency – depends wholly on the ability to trade out of Bitcoins at a given exchange rate.

Bitcoin’s design is supposed to make its value self-regulating. The supply of Bitcoins is limited by their underlying algorithm: the more Bitcoins exist, the slower new ones will be created.

This purely-internal mechanism doesn’t regulate how Bitcoins interact with the outside world, once a user tries to trade out Bitcoins for “real-world” currencies. Those trades are outside the scope of Bitcoin’s design.

This attack on Bitcoins may simply reflect the stupidity of the thief: instead of trading out quietly and slowly, he attempted a double-grab: first, steal the Bitcoin account, then use a large trade to drive the value down, buy the coins back at the new, lower value, and then try to trade out completely.

However, it illustrates the problem confronting Bitcoin users. Not only do they have to implement personal security better than the likes of Sony, Nintendo or RSA can manage: they also know that only a relatively small transaction – $1,000 worth of coins, which at the pre-collapse level was fewer than 60 Bitcoins – constitutes a “run” on the currency.

How well the Bitcoin recovers in the short term depends on how well Mt Gox can restore the currency to its state before the attack. In the long term, however, Bitcoins will have to solve the kinds of problems that confront currencies in the real world. ®

Update: Since I began writing this, it has emerged that details of more than 60,000 users have been stolen from the Mt Gox exchange. The compromised information includes hashed passwords.

A reader has suggested El Reg post links to lists of cracked passwords. I'll pass on that, but if you want to know how users feel about the Bitcoin crash, the forums are here. ®

Similar topics

Broader topics


Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022