Post MtGox, another Bitcoin exchange suffers massive hack
It's been a rough week for Bitcoin—and it just got worse. Shortly after the troubled cryptocurrency exchange MtGox closed its doors following a reported hack that funneled over $300 million from the Tokyo-based site, another Bitcoin exchange has halted operation–albeit, it insists, temporarily—due to a similar theft.
As of Wednesday, this message greeted visitors to Crypto-Trade, a Bitcoin exchange located in Hong Kong:
The message reads:
"We discovered a bug in our system which allowed someone to hack around $30 000. All coins are safe and we will pay ourself for the lost in order that any user doesn't suffer a lost. Crypto-trade.com will open back in 24-48 hours with trading halted. You will be able to withdraw your coins, USD and EUR. When all users will have been refunded, we will close the website for an undetermined period (2-3 weeks estimated) in order to fix our software and make a security audit to reopen later in best conditions. We hope you will keep trust in us, any user will have his money back within next days."
While Crypto-Trade’s management did not immediately respond to requests for comment, there has been some speculation that the issue may be related to the one that affected MtGox.
MtGox’s problem, which has been termed ‟transaction malleability,” allows a user to alter the unique code identifying each Bitcoin individual transaction that occurs over the virtual currency’s network. If used maliciously, someone could use transaction malleability to make it appear as if a given transaction didn’t occur even though it actually did.
Transaction malleability isn’t technically a flaw in the Bitcoin protocol itself per se, but it does have the potential to compromise security of sites, like exchanges that process a high volume of transactions where users can swap swap their bitcoins for dollars or euros. An attacker could use this bug to make it appear as though the money they withdrew from an exchange was never received, leading the exchange to send them additional funds.
Spread out over a long period of time, as reportedly occurred during the multi-year campaign to bleed MtGox dry, this technique can produce shockingly large results. The MtGox hack allegedly resulted in the theft of 3.4 percent of all the bitcoins that will ever be mined.
According to the message on its website, the amount of money stolen from Crypto-Trade was far smaller than what was taken from MtGox. The exchange’s proprietors plan on refilling their customers' accounts out of their own pockets.
On the exchange’s Facebook page, Crypto-Trade’s management attempted to quell the fears its users who are worried about never getting their money back. In the comments to the post, however, many of those users were understandably skeptical:
Interestingly, when Crypto-Trade briefly took its servers down for maintenance earlier this month, the exchange’s Facebook page made a snarky reference to the transaction malleability problems that caused MtGox to suspend withdrawals for nearly a month before it finally shut down altogether:
The joke here is that the name MtGox doesn’t actually refer to a mountain. It’s an acronym for Magic: The Gathering Online Exchange; the site originally started as a place for fans of of the tabletop fantasy card game to buy and sell their cards.
Unlike traditional currency exchanges that exclusively traffic in government-backed currencies, deposits in cryptocurrency exchanges typically aren’t insured by governments or private third-party insurers. As a result, if the money in one of them disappears for good, there’s not much an aggrieved party can do other than attempt to file a lawsuit.
In the midst of all this tumult, financial firm Second Market—the operator of the world’s only cryptocurrency ETF, the Bitcoin Investment Trust—announced it intends on launching the first United States-based Bitcoin exchange that would be much more intensely regulated, as well as far more integrated into the traditional global financial system than other exchanges.
Even so, the issues surrounding security at Bitcoin exchanges has led many in the media to ponder if the string of recent problems represent a death knell for the virtual currency.
If you’re curious, here’s one website that can tell you pretty definitively whether or not Bitcoin is dead.
Photo by Tupolev und seine Kamera/Flickr (CC By 2.0) | Remix by Fernando Alfonso III