Cyber attack on bitcoin a big warning to currency's users

NEW YORK Wed Feb 12, 2014 5:51pm EST

Some of Bitcoin enthusiast Mike Caldwell's coins are pictured at his office in this photo illustration in Sandy, Utah, January 31, 2014. REUTERS/Jim Urquhart REUTERS/Jim Urquhart

Some of Bitcoin enthusiast Mike Caldwell's coins are pictured at his office in this photo illustration in Sandy, Utah, January 31, 2014.

Credit: Reuters/Jim Urquhart REUTERS/Jim Urquhart

Related Topics

NEW YORK (Reuters) - A massive cyber attack from unknown sources that has been spamming bitcoin exchanges is highlighting some of the dangers people can encounter when they exchange cash for digital currencies like the bitcoin, experts said on Wednesday.

The attack, which is technically known as a distributed denial of service attack, involved thousands of phantom transactions, forcing at least three of the online platforms that store bitcoins and trade them for traditional currencies to halt withdrawals of bitcoins until they can determine which transactions were real.

It showed that bitcoin, which exists solely in cyberspace and operates on a software code written by an unknown programmer or group of programmers, is as vulnerable to such an assault as any other Internet-based business. It exposes the higher risks involved in owning and trading the instrument compared with the dollar and other traditional currencies. Bitcoins slumped in value as a result of the disruptions.

"Bitcoin is still an experimental protocol in its infancy," said Micky Malka, a venture capitalist who is on the board of Bitcoin's trade group, the Bitcoin Foundation.

"It will grow and mature over time," he added. "No one should be investing an amount they cannot afford to lose."

This week's attack was not the first, said Andreas Antonopoulos, chief security officer for blockchain.info, a website that tracks bitcoin activity and provides online storage services for bitcoin users.

Antonopoulos is also a member of a group of core bitcoin programmers and is part of an emergency response team of programmers who have been working to fix the flaws in the code governing some bitcoin transactions that the attackers were exploiting. He said that work that should be completed by the middle of next week, echoing an estimate provided by a spokeswoman for the Bitcoin Foundation who said its core developers were all participating in the effort to fix the code.

Bitcoin is a decentralized digital system of value transfers that is not governed by any central bank, company or government. No assets back the bitcoin, whose value has fluctuated widely as its visibility has increased. Last September, a bitcoin was worth around $150. By late December the value was near the $1,000 mark.

Regulators around the world are struggling how to categorize the bitcoin. Some want to call it an asset class, others a commodity. Bitcoin users call it a currency and many advocate for its mass adoption, claiming it can help solve problems created by expensive and time-consuming bank transactions.

Early adopters also liked the anonymity bitcoin has offered, since it can be transferred between users without any exchange of personal identification information. However, moves by various authorities to pursue bitcoin users who they say have laundered money using the currency and attempts to regulate bitcoin exchanges could soon lower the level of anonymity in transactions.

On Tuesday, Slovenia-based Bitstamp became the second major bitcoin exchange to halt customer withdrawals in the past several days, citing "inconsistent results" and blaming a denial-of-service attack.

That was a day after Mt. Gox, based in Tokyo and the best-known digital marketplace operator, said a halt on withdrawals would continue indefinitely. Traders reacted to the halt by sending the bitcoin value to its lowest level in nearly two months.

A Bulgaria-based bitcoin exchange also had to halt withdrawals, Antonopoulos said.

The price of bitcoins, which have gained wider acceptance in recent months, dropped in the wake of the attacks from around $850 late last month. On Wednesday, they were quoted down nearly 2 percent for the day at $656 per coin on the bitcoin tracking website CoinDesk.

"Anyone who plays in this space, you better have a plan for when an attack happens because it's going to be a when, not an if," said Brian Krebs, a Washington-based cyber security expert who runs the blog KrebsOnSecurity.com.

The lesson for investors was that the bitcoin wasn't as liquid as initially advertised, said Jason Scharfman, a financial due diligence expert and managing partner at consulting firm Corgentum.

"These types of attacks, they're effectively freezing some of the accounts because the exchanges don't want to pay out to the wrong person," he said. "If something's frozen or there's a question about me being able to redeem my bitcoins, the value of them drops."

"Does this spook financial investors?" he added. "The answer is yes."

Scharfman said one way to mitigate the risks of such attacks would be to spread holdings of bitcoins out among several different online storage facilities. That way if one were attacked the other might still have a chance at being safe.

Scharfman said the more regulatory scrutiny that bitcoin exchanges received, the safer they were likely to be.

"Regulation will sort of normalize which exchanges are the most secure. They'll mandate security measures and smaller exchanges just won't be able to afford it," he said.

(Reporting by Emily Flitter; Editing by Leslie Adler)

FILED UNDER:
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (8)
sabrefencer wrote:
risk investment, is just that…risk in a bitcoin..risk in depending on THEIR security, to safeguard YOUR investment….risk prevails

Feb 12, 2014 6:08pm EST  --  Report as abuse
thevinci wrote:
There is not a huge security issue with Bitcoins. The issue is with Mtgox because they are not correctly verifying Bitcoin transactions. Because of that they go blame Bitcoin. The issue is that someone could “fake” a transaction id and Mtgox immediately accepts transactions without waiting for verification. Mtgox then gets angry and launches cyber attacks on the other exchanges because they are such sore losers. To summarize it all, Bitcoin security is safe while exchanges are questionable.

Feb 13, 2014 12:39am EST  --  Report as abuse
IfYouSeeK wrote:
In the years ahead, who will be surprised to find out that it was your own government behind these attacks because they are afraid of the currency? Not this gentleman.

Feb 13, 2014 2:17am EST  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.