Bitcoin market flash-crash and database leak from Mt.Gox
The Bitcoin market flash-crashed over the weekend due to hacker activities, causing the price of Bitcoins to drop to a penny. Though the market has recovered, what could this mean for the future of Bitcoin?
It's been a rough weekend for Bitcoin. First, new Bitcoin malware hit the Web last Friday which attempts to steal a Bitcoin user's wallet and email it to an email address. Now, Mt.Gox -- a popular Bitcoin exchange market -- is undergoing damage control after the computer of an auditor of theirs had their system compromised.
The hacker who broke into the system obtained an old Mt.Gox database consisting of user names, email addresses, and password hashes. Additionally, they used the credentials of one account which contained a large number of bitcoins to log in, sell $1000 worth of bitcoins, then buy them back and withdraw them. This series of events caused the market to flash-crash, thus taking the value of bitcoins down to one cent per bitcoin for a moment before jumping back up to ~$13 per bitcoin. Watch it happen here:
Accompanying an official announcement from Mt.Gox about the events that transpired, the official ongoing investigation thread on Mt.Gox's support forum has the following to say about matters in the aftermath:
* It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked.
* Two months ago we migrated from MD5 hashing to freeBSD MD5 salted hashing. The unsalted user accounts in the wild are ones that haven't been accessed in over 2 months and are considered idle. Once we are back up we will have implemented SHA-512 multi-iteration salted hashing and all users will be required to update to a new strong password.
* We have been working with Google to ensure any gmail accounts associated with Mt.Gox user accounts have been locked and need to be reverified.
* Mt.Gox will continue to be offline as we continue our investigation, at this time we are pushing it to 8:00am GMT.
* When Mt.Gox comes back online, we will be putting all users through a new security measure to authenticate the users. This will be a mix of matching the last IP address that accessed the account, verifying their email address, account name and old password. Users will then be prompted to enter in a new strong password.
* Once Mt.Gox is back online, trades 218869~222470 will be reverted.
As you can see, Mt.Gox is clear to spell out that the issue was not caused due to an attack on their site and they're working diligently to right any wrongs caused. So while it appears as though they are on top of the issue and reverting all the problems caused by the perpetrator(s), this is just one more mark of negativity on the perception of Bitcoin in general.
On the flip side of the coin (no pun intended), it's worth mentioning that this can be seen as an extremely positive sign for Bitcoin, too, since individuals are going to these lengths just to obtain something that many people consider to be worthless. And speaking of those who think bitcoins are worthless, the prices of bitcoins, as sold on online auction sites like eBay, goes to show that -- even if short-lived in the end -- plenty of individuals are making some decent money with them. For now, at least.
With all of the support Bitcoin is receiving from early adopters who have secured real value for bitcoins, it's clear that participating in these early stages has an ever-increasing risk past that of just monetary investment. As such, this certainly won't be the last of the Bitcoin horror stories to come to fruition.
Are you collecting bitcoins or a member of Mt.Gox? Share your opinions/experiences in the comments below!
-Stephen ChapmanSEO Whistleblower
