Cloud

Over 700,000 Bitcoin missing in Mt. Gox security flaw

Mt. Gox, formerly the world's largest Bitcoin exchange, has abruptly halted all trades amid a security breach. This is a cautionary tale about trusting an offsite data store.

 

bitcoin-coin-satoshi_610x435.jpg
 

Mt. Gox, the Japan-based Bitcoin exchange, has had a remarkably bad month. All withdrawals from the service were halted on February 7, 2014; the CEO, Mark Karpeles, resigned from the board of the Bitcoin Foundation on February 23, 2014; and there was an indefinite closure of all transactions "for the time being" as of two days later. There has been a slow unraveling of the digital currency's valuation since February 1, 2014, though it has been on the mend at the time of writing. This problem is one that those closely monitoring the market or the news likely saw coming months ago, with discussions about unreasonable delays in transaction processing dating back to April 2013.

The root of the problem at hand, according to a leaked document, is that "transaction malleability" (i.e., the modification of a transaction such that the associated hash is invalidated) is responsible for the loss of 744,408 BTC (Bitcoin, compare USD for U.S. dollars), which occurred unnoticed over the course of several years. This leaked document provides a roadmap for dealing with the crisis of having lost approximately 6 percent of all minted Bitcoins, and how best to inoculate the Bitcoin digital currency from the damage of the insolvency of Mt. Gox—assuming that such an undertaking is possible. Among the recommended actions include a renaming of the service from Mt. Gox, which originally stood for Magic: The Gathering Online Exchange to simply Gox, with a logotype reminiscent of cloud storage service Box.

While Bitcoin isn't the only available cryptocurrency, and Mt. Gox isn't the only exchange on which Bitcoin can be traded, both of these are the most high-profile platforms on which such transactions occur, due in large part to the media exposure following the closure of Silk Road and seizure of the Bitcoin wallet of Dread Pirate Roberts. The success of Silk Road is inextricably tied to Bitcoin, as Dread Pirate Roberts freely admitted in an interview before his arrest, "We've won the State's War on Drugs because of Bitcoin."

Perhaps the lesson to be learned here is that trusting an offsite data store—whether it is a Bitcoin exchange such as Mt. Gox, or a file storage service such as OneDrive—with information that, if lost or stolen, would cause the user thousands of dollars in damages is a bad idea. With Mt. Gox, poor security practices and (what appears to be) institutional incompetence is responsible for the loss of a digital currency already fraught with risk, considering the volatile valuation of the currency.

There are services that handle the electronic storage of money and processing of financial transactions, and these services are, more often than not, actual brokerages, or actual banks, or at least heavily-regulated non-bank websites. These institutions have (typically) properly maintained security, and someone to which they are accountable. This isn't to say that other Bitcoin exchanges are inherently inferior, but, for a lack of governmental accountability of such platforms, the digital currency community should use any means necessary to police itself (to an extent such an activity is possible) to prevent a massive industry-damaging absconsion of funds. To simplify, people acting in bad faith should be called out quickly to preserve the confidence in the currency.

As with any nascent technology, digital currencies like Bitcoin face a turbulent start, but they fill a void and serve a market shunned by others. Purchases of goods and services from established companies using Bitcoin are limited, but online retailers TigerDirect and Overstock offer payment via Bitcoin, as well as some hosting providers, such as Ontario-based Canaca. Bitcoin is also accepted as payment by the makers of premium soft drink Clearly Canadian in a bid to re-launch that product.

While the reputation of Bitcoin may well take a tumble given the present problems facing Mt. Gox, the fact remains that it has the biggest mindshare in digital currency, second only to Dogecoin, a currency that originated mostly as a joke referencing an image macro, and as an alternative to Bitcoin without the reputation of being connected to Silk Road. As the official Dogecoin webpage states, "Desktop wallets are more secure as they don't rely on a third-party server in the cloud." Those who have just lost the equivalent of thousands of dollars in the shutdown of Mt. Gox would likely agree.

Speak out

Have you lost bitcoins in the closure of Mt. Gox? Does your business accept payment in digital currencies such as Bitcoin or Dogecoin? Would you like to tip the author in Dogecoin? Let us know in the comments.

Also read

Disclaimer: TechRepublic and CNET News are CBS Interactive properties.

 

About James Sanders

James Sanders is a Java programmer specializing in software as a service and thin client design, and virtualizing legacy programs for modern hardware.

Editor's Picks

Free Newsletters, In your Inbox