DNS Hijack Leads To Bitcoin Heist 126
First time accepted submitter FearTheFez writes "Social Engineering and poor DNS Security lead to a Bitcoin heist worth about $12000. Bitcoin broker Bitinstant was robbed after thieves managed to take over ownership of their domains. While Bitinstant claims that no customers lost any money, without 2 factor authentication all it took was a place of birth and a mothers maiden name to gain access. This looks like poor security from everyone involved."
Re:Conviction for stealing bitcoins (Score:4, Informative)
Re:Non story (Score:5, Informative)
There's nothing stopping you from conducting a Bitcoin transaction in person, aside from the other party needing to hold and/or be able to receive BTC as well. For the holding part, new solutions providers such as Coinbase [coinbase.com] are starting to focus on merchant gateway style solutions. Progress is being made.
Re:Conviction for stealing bitcoins (Score:5, Informative)
The court ruled that:
*) Virtual items have value in virtual of the effort and time invested in obtaining them
*) The value in Virtual items is recognised by those that play the game (including the defendents who went to the trouble to take them)
*) The Virtual items were under the exclusive control of the player – who was relieved of this control
The court made reference to cases of electricity theft which is a similar intangible good but certainly has properties of power and control, and consequently can be stolen.
http://www.virtualpolicy.net/runescape-theft-dutch-supreme-court-decision.html [virtualpolicy.net]
Re:Non story (Score:4, Informative)
I think you're missing some of the benefits of BTC-based transactions. First, they're rather difficult to forge by virtue of reliance upon math for integrity verification. The same can't be said of cash, and the average man on the street would be hard pressed to discern half decent counterfeit paper currency from the real deal. While this particular example may represent a corner case for some, I happen to know two people who have been defrauded with counterfeit currency.
Second, Internet connected devices are everywhere. It's getting rather hard to find people without basic web access via a smart-ish phone in many areas, and full fledged BTC apps are popping up for those with anything fairly modern in terms of radio handsets. I wouldn't be terribly shocked to find devices that cater to simple apps and BTC transactions popping up in developing areas in the near future either.
With respect to waiting for confirmation, most transactions are verified on the BTC network within one hour. If you're willing to pay a small transaction fee to the network, verification can come more quickly. As a side effect of this state of affairs, you might just gain the benefit of meeting up with your transactional counterpart at a coffee house and having a tasty beverage. I call that an excuse to take a break, and welcome it.
Re:Conviction for stealing bitcoins (Score:5, Informative)
bitcoins aren't data per se. A person's private key for their bitcoin wallet that is used to transfer ownership of bitcoins is data. It's just a long number. The proof of work used to establish a bitcoin is data. The transaction history of each bitcoin is data.
A bitcoin is more than just the data underlying it. There are may thousands of copies of each bitcoin, but at any given time only one person has the authority to transfer a bitcoin to someone else.
A bitcoin itself cannot be copied. To copy a bitcoin would mean copying it's ability to be spent (allowing it to be spent twice). This would ruin any currency. And much of the design of bitcoin is prevention of double spending.
This is similar to how xeroxing your bank statement doesn't double the amount of money you have in the bank.