Bitcoin Services Under Attack

Friday, April 5, 2013 @ 06:04 PM gHale


The virtual currency Bitcoin, which hit a high of $142 earlier this wee, has a value of all Bitcoins in circulation of more than $1 billion. That will catch the eye of any cyber thief.

So, it is no surprise two different Bitcoin services, an exchange and an online storage service, experienced service disruptions because of a distributed denial-of-service attack (DDoS) and a database hack.

RELATED STORIES
Skype Malware Helps Mine for Bitcoins
Live Kelihos Botnet Takedown
Stronger, Smarter Botnet Appears
Nap Trojan Copies Times Attack

The trading exchange Mt. Gox and the storage service Instawallet, are encouraging customers not to panic sell.

Mt. Gox, a Tokyo-based exchange, issued a statement saying it was blaming a trading lag that resulted in 502 errors and users not being able to reach their accounts.

Mt. Gox said it was unaware who was behind the attack and speculated the attackers could have two motives: Destabilize Bitcoin as a virtual currency; or cash in for a large profit once the currency’s value drops by buying low.

Mt. Gox said it will continue to be able to trade, and it hired security company Prolexic, which specializes in DDoS mitigation.

“There are a few things that we can implement to help fight the attacks, such as disconnecting the trade engine backend from the Internet,” the company said in a release. “By separating the data center from the Mt. Gox website, we will continue to be able to trade.”

Mt. Gox said it is the largest Bitcoin exchange and handles more than 80 percent of all U.S. dollar trades and 70 percent of all currencies. Prior to this year, the company said an average of 9,000 new accounts started up monthly; that number jumped during the first three months of the year when 57,000 new accounts came to life. The company said it can fix, but won’t be able to eradicate, a lag in trading because, as is the case with all currency exchanges, it will always be in the attackers’ crosshairs.

The company also said it is working on a new trade engine that will scale its infrastructure to accommodate spikes in trade volume. “Lag will always be there, but our mission is to make lag as small as possible,” the statement said.

Meanwhile, Instawallet, an online Bitcoin storage service put a notice on its website saying it would suspend its services indefinitely because of a database hack.

“Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is,” the notice said. “In the next few days we are going to open the claim process for Instawallet balance holders to claim the funds they had stored before the service interruption.”

The notice gave no indication how many Bitcoins ended up stolen in the attack. It said any account with a balance of fewer than 50 Bitcoins would get a refund, and any with more than 50 would undergo review on a case by case basis.

Bitcoin exchanges have endured hits before. Bitcoinica suffered compromise last May and more than $87,000 in Bitcoins ended up stolen; the exchange said user currency was not stolen, only the company’s. In September, BitFloor lost $250,000 to hackers, which was most of the currency the company had on hand. Hackers were able to access a backup copy of wallet encryption keys in an unencrypted area of the server, the company said.



Leave a Reply

You must be logged in to post a comment.