Kaspersky: Mt. Gox Data Archive Contains Bitcoin-Stealing Malware 169
itwbennett writes "An archive containing transaction records from Mt. Gox that was released on the Internet last week also contains bitcoin-stealing malware for Windows and Mac, say researchers at Kaspersky Lab who have analyzed the 620MB file called MtGox2014Leak.zip. The files masquerade as Windows and Mac versions of a custom, back-office application for accessing the transaction database of Mt. Gox. However, they are actually malware programs designed to search and steal Bitcoin wallet files from computers, Kaspersky security researcher Sergey Lozhkin said Friday in a blog post."
Slowpoking hard, aren't we? (Score:3, Insightful)
This was known minutes after the leak was released. You disappoint me, slashdot.
Re:Really? (Score:5, Insightful)
How often does someone break into a bank vault? Almost never. When someone "robs a bank" they're just taking a couple thousand bucks from a teller drawer, which is negligible.
When someone steals real money from a bank, it is insured by the FDIC.
The impact is way, way worse with bitcoin.
Re:Really? (Score:3, Insightful)
Real coin has worked for thousands of years. Bitcoins are a new, totally unproven currency.
Except "real coin" isn't what we have --- we have fiat, which is no longer backed by anything. The fed and the banks just will "federal reserve" monopoly bucks into existence.
When you go to a store, and swipe your credit card.... you think those are "real coins" you are paying with??
NOPE! And I assure you, this mode of payment is not thousands of years old.
For every one of your dollars you put in the bank, your bank lent out 10 imaginary ones. Chances are you didn't even put in "real dollars though" ---- you received money through DD or "deposited a check" probably from an employer or customer corresponding to a "digital balance", that never had to be realized as real physical anything, because they were also most likely all paid by credit card, checo or DD.
Re:Really? (Score:4, Insightful)
Other than the collective agreement and binding contracts by the most powerful governments and private individuals on Earth, and a deep market for liquid and tradable property as well as productive real property.
Fiat currency is not "by fiat" automatically exchangable for a certain quantity of a certain kind of property with no market fluctuation allowed. But that doesn't mean it's not 'backed' by anything.
Bitcoin isn't by fiat exchangable for anything either---it only has constructed scarcity.
| The fed and the banks just will "federal reserve" monopoly bucks into existence.
Not quite "at will" but in specific economic & financial circumstances deemed to be legal and essential parts of commerce & business.
Re:Really? (Score:5, Insightful)
As I understand it, the Mt.Gox fiasco was due in part to a hacker's ability to exploit transaction malleability in Bitcoin. Yes, Gox should have updated their software, but the Bitcoin protocol had a known weakness in it, and we've seen the result. But let's leave that aside for a minute:
The real problem is that people have been able to exploit the Bitcoin ecosystem, which does not yet have the resilience to deal with the way human beings expect to be able to work with money.
If you want to create a currency for everyone, then that currency has to be simple and secure even for new adopters. Part of creating a good system (of any sort) is shielding users from serious consequences. If someone in another state charges $3000 to my credit card to buy pharmaceuticals, I'll get a call. If a legitimate vendor charges my card but fails to deliver the promised goods, Visa or MasterCard will give me my money back after one phone call and a followup letter. If my bank is robbed, my deposits are FDIC insured.
Bitcoin enthusiasts are describing exchanges as being "just like banks", and then blaming the users for treating them like banks and keeping their coins there. Instead of castigating folks for not solely printing their wallets out on computers that have been rebooted while disconnected from the Internet for that express purpose, maybe the Bitcoin community could take a step back and find a way to make the entire ecosystem more human-proof.
Re:Really? (Score:5, Insightful)
And yet, people are able to go to credit card companies and banks, dispute the fraudulent transactions, and get the money back. Because our commerce systems have evolved to cope with the reality of fraud and, consequentially, the necessity of insuring deposits through mechanisms like FDIC.
Like it or not, the Mt.Gox fiasco demonstrates that Bitcoin is not yet ready to serve as a desirable system of currency for the masses. For all the talk about the transparency of the blockchain, no one has been able to restore those stolen coins to the hands of their rightful owners.
Maybe someday people will be able to say, "thank God I used cryptocurrency for those transactions!". But that day is not today.
Re:Really? (Score:4, Insightful)
lol...have you ever heard of FDIC? Consumer protections? None of these things apply to bicoin and never will. My bank can be vaporized out of existence and it wouldn't do shit to me.
Not from the customer's point of view (Score:4, Insightful)
...except this was no different from someone doing the same thing to a bank. Your arguement is invalid
Except that the current banking system has failsafes to protect the depositor, even if the bank is at risk. For those who still use it, bank books and pass books record how much is in your bank account. Ditto for the monthly statements sent to depositors who have an electronic account, which is a hard copy in your hand. In many jurisdictions, these are legal evidence of a debt owed by the bank to you. Most banks are insured, both privately and by their respective governments.
If you are just a normal depositor stashing your cash in a bank account, you are much more likely to recover something in the event a bank is (electronically) robbed. Take for example the relatively recent collapse of Barings Bank [numa.com] - according to the Bank Of England Report on the Collapse of Barings, the interests of depositors and creditors were still protected although the bank was closed. Compare this with the uncertain fate of the Bitcoin depositors of Mt. Gox which just recently filed for bankruptcy.
The truth is that depositing funds in Bitcoins right now involves taking a substantial risk which is much higher than putting it into the current banking system. Deluding uninformed investors that investing in Bitcoins is "no different" from putting it in a bank is untrue and is likely to greatly harm the Bitcoin cause once these investors are burnt.
Re: Really? (Score:5, Insightful)
BitCoin exchanges are where banks were, pre-Great Depression. They go under, you lose your savings, period. It was only under FDR that bank losses were covered by the US government under FSLIC/FDIC/NCUA insurance.
The BitCoin protocol has not had any attacks. It has been exchanges that were poorly run or attacks on the computers/endpoints storing BitCoin wallets. The BitCoin core protocol has proven to be secure, although there is always concern about one single party reaching the magic 51% mark.