Sophos Cloud Optix
Two years ago, in 2009, an open-source, peer-to-peer digital cash system launched.
Cutely called Bitcoin, it was based on an academically-flavoured paper entitled “Bitcoin: A Peer-to-Peer Electronic Cash System”.
The paper’s author, and the creator of the Bitcoin project, was the enigmatically-named Satoshi Nakamoto.
No-one seems to know – or, more accurately, no-one is saying – who Nakamoto is, where he (or she) lives, what his real name might be, or any other background information. That’s hardly unexpected for someone who’s passionate about on-line anonymity.
The benefits of an anonymous worldwide digital currency are obvious. A reliable system would be more useful than traditional cash, as it could be used on-line and between countries. No need to post banknotes overseas, visit currency dealers, pay exorbitant commissions and worry about arbitrage.
Better still, anonymous digital cash means that you don’t need to worry about leaving an eternal trail of information about your buying habits which might get sold on to less-than-scrupulous marketing companies, or used to bombard you with credit offers you don’t want, or incorrectly recorded and held against you later, leaked in a hack, or abused by an authoritarian government to bundle you off to a re-education camp for buying “unsuitable” stuff.
For just the same reasons, many governments and law enforcement agencies are publicly opposed to cash of all sorts, or at least to its unregulated anonymous use. Most countries now have strict reporting regulations concerning withdrawals, deposits, or even just the possession, of amounts of cash more than a few thousand dollars. And as long as the “unsuitable” stuff some fans of cash are buying and selling is a threat to public order – illegally-manufactured drugs, unlicensed weapons, human traffic – you can see their point.
Furthermore, most countries have strict controls on the issue of official cash currency, relying on a central bank to regulate how, and in what quantity, official currency is created.
Done properly, central regulation helps prevent both counterfeiting and devaluation. Done badly, of course, it can have catastrophic results.
So the Bitcoin experiment has always been controversial. It’s a currency, of sorts, but it’s not regulated by any official authority, and it’s (almost entirely) anonymous.
Sadly – whatever your viewpoint on anonymity in purchasing – the experiment has just suffered a huge setback.
Bitcoin’s own site still isn’t saying what happened, but it looks as though the servers of one of its “Bitcoin-to-real-money” gateways, known as Mt. Gox, were hacked. Badly-hashed passwords were stolen and useable logins recovered. Uncontrolled fraudulent trades then quickly pushed the real-world value of Bitcoins close to zero.
And a Bitcoin user calling himself Kevin claims legitimately (if rather fortunately) to have spotted the plunge in the Bitcoin market, and to have snuck in a bid – at $0.0101 per Bitcoin – apparently just 1% above the market-manipulator’s own “bottom of the market” bid.
Kevin ended up with Bitcoins recently worth nearly $5,000,000 for just under $3000.
But the Mt. Gox operators rolled back the seemingly fraudulent transactions which caused the currency to crash, restoring the value of each Bitcoin to about $17.50.
That’s probably a satisfactory result for most people – except, perhaps for Kevin, assuming he’s telling the truth. He won’t make the killing he might have hoped. (On the other hand, he won’t be stuck with $3000 of worthless Bitcoins, which might have happened if the system had imploded altogether.)
Nevertheless, this sort of interventionist “regulated market correction” isn’t quite what you’d expect from a worldwide, anonymous, libertarian-style digital cash market. Whatever happens from now on, it’s a blow to the sustainability of the Bitcoin experiment.
And the Mt. Gox response contains some interesting wording, such as:
It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked.
It’s probably more accurate to say that the site was indeed, in effect, hacked. After all, the effect of the breach was unauthorised access and the theft of a critical database.
So what are the lessons to be learned?
* Trust is hard to win and easy to lose.
* Passwords should NEVER be stored in plaintext or poorly-hashed.
* Contractors must always be required to meet or exceed your own data security standards. You can’t outsource your accountability.
* If you are breached, you should be prompt, clear and open in your response. Skip the excuses – they just waste time.
* If you’re an unofficial upstart who wants to compete with strongly-regulated financial institutions, you need to outdo them in the value you give to the security of your customer’s information.
The last point applies to us all.
The sooner we start seeing information security as something to do well because it adds value, rather than merely as a drain on expenditure which we need to minimise, the better!
This has nothing to do with the core bitcoin system. In fact, you conveniently forget that the price REBOUNDED immediately after the fraudulent trade (up to $15 within 1 min of the trade). The system is nothing short of resilient.
MtGox will be back more secure than ever. Competing exchanges (tradehill, britcoin,…) will continue to strengthen. This episode represents growing pains, but the bitcoin economy will continue to reach new heights.
Technically, the price didn't rebound at all, since Mt. Gox (if I understand its comments correctly) repudiated a bunch of transactions back in time until _before_ the price crash-and-rebound.
So, according to the official historical record of the market's value, the BTC implosion never happened. The price never officially went to 1c, and never sprang back to $15. Ergo, there was no rebound.
If there were, "Kevin" would have made himself a small fortune. And if he hadn't, the person who'd pitched to buy at 1 cent would have made it instead.
(A market which can be tricked into dropping almost instantly more than three orders of magnitude, thanks to some hacked passwords, and yet recover in a minute is surely a bit too volatile – and thus too easily exploited – to be considered safe?)
Whilst I loosely agree that this has nothing to do with the internal mechanics of Bitcoin – it wasn't an attack on its crypto, for example – it's surely an acute failure in the Bitcoin ecosystem.
And it seems to be the side-effect of a contractor. (An auditor, no less!) Ouch. As you say, it represents growing pains – rather painful ones. So I think we actually agree.
Actually, the price at another exchange, Tradehill, is $15 right now, so the Mtgox hack had very little effect on the price.
Umm, no. You're confusing the currency with the exchange. This was a Mt. Gox problem, not a Bitcoin problem. People are likely going to move from Mt. Gox to a competing exchange like Tradehill (where Bitcoins continued to be traded even after Mt. Gox went down). Other exchanges will pop up. They will all compete to earn your trust and this in turn will make them all more secure. This is exactly what you'd expect from a libertarian-style market.
So is this an "enormous blow to the sustainability of the Bitcoin experiment"? I don't think so. It will only serve to make Bitcoin infrastructure more secure. Mt. Gox indeed may go away and get replaced by something better. But Bitcoin lives on….
Help me here. IIRC the Bitcoin currency supply is algorithmically regulated so that the increase in supply will predictably slow down and "asymptotically" stop.
So a catastrophic failure in one exchange – a failure which puts it at absurd odds with others buying and selling from the same regulated supply – can't be good for overall faith in the ecosystem. Can it?
(I have removed the word "enormous" in the hope that will satisfy your sense of propriety. The article can do just as well without it.)
Yes, the amount of Bitcoins in existence is controlled by apredetermined algorithm.I'm just saying that the failure of Mt. Gox has a small negativeeffect in the short term (one guy lost about $1000, the value ofBitcoin as measured by the price on functioning exchanges dropped~25%). But in the long term this will make the ecosystem strongerthrough competition. I don't think it's possible for the wholeBitcoin infrastructure to improve if some players don't fail along theway.But I'm not sure what your point is about the Bitcoin supply beingregulated and how that pertains to faith in the ecosystem. Could youexpand on that?
jeff obviously can't read too well, so i'll quote the bit he skipped
"But the Mt. Gox operators rolled back the seemingly fraudulent transactions which caused the currency to crash, restoring the value of each Bitcoin to about $17.50."
most serious traders on the net who study these things consider bitcoins as an experiment. they're not backed by anything solid. they are a faith based currency. this is all great if you have faith. i don't if fiat currency can't work then how will imaginary currency?
When the headline says "Bitcoin Currency Collapse" but the currency hasn't collapsed, that's definitely worth a comment, whatever is buried in the text.
Hello,
You don't get it… MTGox is just a market place where people trade BitCoins. There are other market places around. And in fact you don't need a market place if you want to sell or buy BitCoins: go to IRC, post an ad in newspaper…
BitCoin transactions CANNOT be reversed, per design. MTGox is just rollbacking trades inside MTGox.
BitCoin itself cannot be down, because there's no company or organisation behind it. with MTGox crashed, it doesn't mean that BitCoin is dead, or not viable like you are saying.
Cheers,
Anonymous reader
Ahem. Dead? Not viable?
As my article might suggest, I get the need for anonymous digital cash as a means for keeping at least _some_ transactional secrets in an increasingly online world.
I'm just expressing a suggestion that the ecosystem may suffer a setback as a result. As the title asks, "What next for digital cash?"
If you agree that homemade currencies inevitably attract the excitement of the regulators and the interest of the cybercrooks, then…it's a fair question after a glitch of this sort, is it not?
Regardless of whether an exchange failure affects the entire ecosystem, I have to wonder why are you treating this from the perspective of Bitcoin being a stable currency?
It's a new currency, one that's still struggling to settle down. There will be setbacks. There will be attacks. There will be slowdowns and bubbles and everything. It's normal. Anyone who chooses to invest into Bitcoins expecting to have the same stability of a century-old currency is pure and simply dumb.
Those who invest in Bitcoins for the long term are probably aware of these risks and accept them, while those who go in for short term speculative reasons are also aware that it could go both ways.
Saying that Bitcoin has collapsed is probably a gross overstatement. No one expects it to be stable at this point so stop judging it as it's supposed to be. Everyone (well, everyone with a little common sense) knew that the $20-something all-time-high value was just a bubble caused by positive press and temporary buzz. Everybody was expecting it to go back. At least I hope they were, otherwise I'm sorry for them.
Is it not possible that someone from the Central Banking System coordinated this attack?
Yeh it is true that most countries have strict controls on the issue of official cash currency, relying on a central bank to regulate how, and in what quantity, official currency is created.
Up to $233 per coin last night. I'm holding out for $1000 bitcoins. Going to buy a new car with mine.