3 Comments

Summary:

An attack on the Bitcoin eco-system is spreading as hackers try to exploit services that have not protected themselves against a vulnerability known as transaction malleability.

Pirate, piracy, hacking
photo: Kletr

Bitcoin’s bad week got even worse on Tuesday as the chief security officer of Blockchain.info reported that hackers are launching DDoS attacks across the Bitcoin eco-system in an effort to exploit a software vulnerability that allows attackers to tamper with transaction records.

CoinDesk has further details, but the bottom line is that the core code of Bitcoin appears to be secure, but that many other services — including exchanges like BitStamp — that are built on top of it, are exposed to the vulnerability. As a result, services are locking down as they try to repel the attacks and stabilize their services.

The vulnerability itself is called “transaction malleability” and is not something new. In a blog post yesterday, Bitcoin’s lead developer Gavin Andresen explained that the issue has been around since 2011 and described it this way:

 In simplest of terms, it is a small window where transaction ID’s can be “renamed” before being confirmed in the blockchain. This is something that cannot be corrected overnight. Therefore, any company dealing with Bitcoin transactions and have coded their own wallet software should responsibly prepare for this possibility and include in their software a way to validate transaction ID’s. Otherwise, it can result in Bitcoin loss and headache for everyone involved.

Andresen’s post came in response to a new liquidity crisis at MtGox, one of the biggest exchanges, which cut off customers’ access to their bitcoins, and blamed the problem on a ‘bug’ in the software. As Andresen explains, however, it appear that MtGox — and other services now under attack — have slow to protect themselves from the known vulnerability.

Bitcoin’s value has taken a fresh beating this week. After remaining stable around $800 for over a month, it dropped below $700 on the MtGox troubles, and has sunk to around $660 today as of 2:30 ET.

The fall is unnerving for Bitcoin investors but, as I argued last week, the virtual currency is now capable of suffering a jolt — like these DDoS attacks — without incurring a spectacular crash like in the past. This latest upheaval also shows that it’s time for the Bitcoin Foundation to get serious about governance issues.

  1. Damn you bitcoin!

    Reply Share
  2. Bitcoin is still growing. Once you understand that the currency still has to make sense (no pun intended), then things change a little. Imagine that a high price right now isn’t all that advantageous. Well nothing a little shaken confidence in the SECURITY of the platform can’t fix. Think about how at first it was a flaw in Bitcoin itself and then it turned out to be the advanced software the exchange was using. The exchanges and the owners of Bitcoins need to work together. It’s as if you have your money in a bank that you own. See my blog post at deepscribe.com.

    Reply Share
  3. Ahhh now we see the REAL concerted effort of the western nations that are concerned with the crypto-currency replacing their ponzi scheme fiat money system.

    The demise of Bitcoin is nigh. Or even better they will release a replacement in order to further their goals toward a cashless system.

    Reply Share