For a virtual currency, Bitcoin is under very real siege.
Two of Bitcoin's biggest exchanges — Slovenia's Bitstamp and Bulgaria's BTC-e — have halted withdrawals. Both have experienced "denial of service attacks," whereby hackers shut down a website by burying it under a landslide of bogus requests for information. The attacks came only a day after Japan's Mt. Gox exchange halted withdrawals due to a similar attack. Hackers also stole $2.7 million worth of Bitcoin from customers of the Silk Road black market website.
Bitcoin is what's called a "cryptocurrency," and is "mined" on a worldwide network of personal computers using a highly sophisticated algorithm. The flaw in the code linked to these recent attacks is called "transaction malleability." Users can exploit the flaw to make it appear that a Bitcoin transaction never took place. Hackers reportedly took advantage of this vulnerability to empty the recently revived Silk Road site’s escrow account. Alternatively, transaction malleability can be exploited by hackers to launch denial of service attacks of the kind that prompted the freeze on withdrawals from the three Bitcoin exchanges.
According to Bitcoin Foundation chief scientist and lead developer Gavin Andresen, the current situation is well in hand. "You can be rest assured [sic] that we have identified the issue and are collectively and collaboratively working on a solution," Andresen said in a blog post on the Bitcoin Foundation's website. "We (core development team, developers at the exchanges, and even big mining pools) are creating workarounds and fixes right now." Andresen is adamant that no one's Bitcoin accounts are at risk, and that the withdrawal freezes are a temporary precaution.
There's a New Sheriff in Town
Transaction malleability was a known issue with the Bitcoin software, one that was identified several years ago. When the Mt. Gox story broke, Andresen claimed in another blog post that, while transaction malleability was involved, "The issues that Mt. Gox has been experiencing are due to an unfortunate interaction between Mt. Gox’s implementation of their highly customized wallet software ... and their unpreparedness for transaction malleability." In other words, it was Mt. Gox's fault, not Bitcoin's. But when the Bitstamp and BTC-e story broke the next day, Andresen quickly backtracked.
We already live in a world of electronic money. Digital transactions of all sorts are now commonplace. Cash, for many, is the exception and not the rule. And the banks and related companies that manage this world of electronic transactions are all vulnerable to cyber assault, as evidenced most recently by the Target credit-card hack.
Of course, even hard currency is vulnerable to fraud. But the fact that Bitcoin is a private currency — with no government or central bank to step in if things go awry — and is built around a software program so complex that even the designers of its top exchange couldn't foresee all the potential ramifications of a known bug, makes people nervous. The Silk Road hack — and the fact that the Bitcoins stolen can’t be recovered — only adds to the nervousness.
"No one would deny [Bitcoin] was the wild, wild west," Bitcoin backer Cameron Winkelvoss recently told a New York state financial services committee. "The wild west attracts cowboys, and I don't think anybody here would deny a sheriff would be a good thing."
"Was" the wild, wild west? More like "still is," as the recent hacks demonstrate. Wyatt Earp is on the way, though, or is at the very least saddling up. Regulators from New York State, and from countries around the world, are looking to tame the wild west of Bitcoin. How they aim to do that — and whether they can succeed without crushing Bitcoin and other cryptocurrencies — remains unclear.
Top Reads from The Fiscal Times:
