Bitcoin market flash-crash and database leak from Mt.Gox

Bitcoin market flash-crash and database leak from Mt.Gox

Summary: The Bitcoin market flash-crashed over the weekend due to hacker activities, causing the price of Bitcoins to drop to a penny. Though the market has recovered, what could this mean for the future of Bitcoin?

TOPICS: Security, Malware
It's been a rough weekend for Bitcoin. First, new Bitcoin malware hit the Web last Friday which attempts to steal a Bitcoin user's wallet and email it to an email address. Now, Mt.Gox -- a popular Bitcoin exchange market -- is undergoing damage control after the computer of an auditor of theirs had their system compromised. The hacker who broke into the system obtained an old Mt.Gox database consisting of user names, email addresses, and password hashes. Additionally, they used the credentials of one account which contained a large number of bitcoins to log in, sell $1000 worth of bitcoins, then buy them back and withdraw them. This series of events caused the market to flash-crash, thus taking the value of bitcoins down to one cent per bitcoin for a moment before jumping back up to ~$13 per bitcoin. Watch it happen here:


Accompanying an official announcement from Mt.Gox about the events that transpired, the official ongoing investigation thread on Mt.Gox's support forum has the following to say about matters in the aftermath:
* It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked. * Two months ago we migrated from MD5 hashing to freeBSD MD5 salted hashing. The unsalted user accounts in the wild are ones that haven't been accessed in over 2 months and are considered idle. Once we are back up we will have implemented SHA-512 multi-iteration salted hashing and all users will be required to update to a new strong password. * We have been working with Google to ensure any gmail accounts associated with Mt.Gox user accounts have been locked and need to be reverified. * Mt.Gox will continue to be offline as we continue our investigation, at this time we are pushing it to 8:00am GMT. * When Mt.Gox comes back online, we will be putting all users through a new security measure to authenticate the users. This will be a mix of matching the last IP address that accessed the account, verifying their email address, account name and old password. Users will then be prompted to enter in a new strong password. * Once Mt.Gox is back online, trades 218869~222470 will be reverted.
As you can see, Mt.Gox is clear to spell out that the issue was not caused due to an attack on their site and they're working diligently to right any wrongs caused. So while it appears as though they are on top of the issue and reverting all the problems caused by the perpetrator(s), this is just one more mark of negativity on the perception of Bitcoin in general. On the flip side of the coin (no pun intended), it's worth mentioning that this can be seen as an extremely positive sign for Bitcoin, too, since individuals are going to these lengths just to obtain something that many people consider to be worthless. And speaking of those who think bitcoins are worthless, the prices of bitcoins, as sold on online auction sites like eBay, goes to show that -- even if short-lived in the end -- plenty of individuals are making some decent money with them. For now, at least. With all of the support Bitcoin is receiving from early adopters who have secured real value for bitcoins, it's clear that participating in these early stages has an ever-increasing risk past that of just monetary investment. As such, this certainly won't be the last of the Bitcoin horror stories to come to fruition. Are you collecting bitcoins or a member of Mt.Gox? Share your opinions/experiences in the comments below! -Stephen Chapman SEO Whistleblower Related Articles:

Topics: Security, Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • MT Gox has security issues, not Bitcoin

    I'd like to point out that the flaw was with a single exchange service. The crypto system behind Bitcoin and the ability to engage in Bitcoin transactions is completely unaffected.

    These early security issues will serve to strengthen the privacy and security measures taken by the exchanges like Mt. Gox that permit people to trade Bitcoins for other currencies such as US Dollars and Euros.

    Imagine if services like e-trade were just getting going in today's sophisticated electronic threat environment. They'd be demolished. Mt. Gox and the other primary Bitcoin exchanges are bootstrapped startups (i.e. with zero funding), who have experienced breath-taking growth in recent months.

    Someone will figure this stuff out soon enough, with enough backing to give investors the security they need to invest in Bitcoins with confidence. Will it be called "Mr. Gox"? Who knows. I personally think we'll be seeing multiple Sequoia or KPCB funded Bitcoin exchanges in the near future.
    • RE: Bitcoin market flash-crash and database leak from Mt.Gox

      @ttul This shows how dumb Bitcoin actually is. Bitcoin as a concept was to show how well electronically currency works. Well we saw how well it failed. There is no excuse it should have been thought out ahead of time.

      What gets me with this is that the folks who run Bitcoin treated this like a facebook, or twitter feed. And your attitude is illustrative. It is ok for any other website, but this is about money! We have expectations with money, which are dramatically higher. Thus I am doubtful that they even thought through all issues.

      It is a joke, and will remain something that only geeks will flock to...
  • Crash may be a good thing.

    Perhaps the loss of confidence in the bitcoin market is a good thing. People may decide to get out of bitcoins. Most people will just cash out by converting their bitcoins back to USD. But some people will inevitably decide to purchase commodities using their bitcoins. This could be the moment that jump starts the economy. You can buy just about anything with bitcoins now - from video games to porter house steak. You can use or to find vendors.
  • RE: Bitcoin market flash-crash and database leak from Mt.Gox

    Bitcoin's success will mean its demise. Someone else will come out with a more secure, flashier version (bytecoin anyone?) and then people will flock to that and then copycats will be everywhere and the whole business will be devalued.
    • RE: Bitcoin market flash-crash and database leak from Mt.Gox

      @wendellgee@... <br><br>You could be right. Good insight. However, if that happens and several become popular or the copycats don't manage to make bitcoin any less popular and continue to grow themselves as well then it might spur some kind of consolidation and even strengthening of the market. It seems like it might be the future of currency, although it might take a few decades before we have a one world digital currency which has replaced most other world currencies.
  • Message has been deleted.

  • RE: Bitcoin market flash-crash and database leak from Mt.Gox

    Massive error in your article: "they used the credentials of one account which contained a large number of bitcoins to log in, sell $1000 worth of bitcoins, then buy them back and withdraw them."

    This is false and misleading. It was 500,000 bitcoins i.e ~$7.5 MILLION worth that was sold at once! not '$1000'. $1000 is hardly enough to induce a crash... What happened is this titanic sell of drove the price down to 1 cent per coin, at which point the thief bought up 10,000 bitcoins at 1 cent and cashed them out, thereby getting around mt gox $1000 max withdraw feature ($1000 usd OR $1000 equiv. BTC!). Normally they could only get away with 50 or so coins at normal market rate, but by driving price down to 1 cent they managed to withdraw 2000x that amount. Pretty clever..