# Bitcoin exchanges halt withdrawals as “massive” attack spreads

Bitcoin’s bad week got even worse on Tuesday as the chief security officer of Blockchain.info reported that hackers are launching DDoS attacks across the Bitcoin eco-system in an effort to exploit a software vulnerability that allows attackers to tamper with transaction records.

CoinDesk has further details, but the bottom line is that the core code of Bitcoin appears to be secure, but that many other services — including exchanges like BitStamp — that are built on top of it, are exposed to the vulnerability. As a result, services are locking down as they try to repel the attacks and stabilize their services.

The vulnerability itself is called “transaction malleability” and is not something new. In a blog post yesterday, Bitcoin’s lead developer Gavin Andresen explained that the issue has been around since 2011 and described it this way:

In simplest of terms, it is a small window where transaction ID’s can be “renamed” before being confirmed in the blockchain. This is something that cannot be corrected overnight. Therefore, any company dealing with Bitcoin transactions and have coded their own wallet software should responsibly prepare for this possibility and include in their software a way to validate transaction ID’s. Otherwise, it can result in Bitcoin loss and headache for everyone involved.

Andresen’s post came in response to a new liquidity crisis at MtGox, one of the biggest exchanges, which cut off customers’ access to their bitcoins, and blamed the problem on a ‘bug’ in the software. As Andresen explains, however, it appear that MtGox — and other services now under attack — have slow to protect themselves from the known vulnerability.

Bitcoin’s value has taken a fresh beating this week. After remaining stable around $800 for over a month, it dropped below$700 on the MtGox troubles, and has sunk to around \$660 today as of 2:30 ET.

The fall is unnerving for Bitcoin investors but, as I argued last week, the virtual currency is now capable of suffering a jolt — like these DDoS attacks — without incurring a spectacular crash like in the past. This latest upheaval also shows that it’s time for the Bitcoin Foundation to get serious about governance issues.