Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Bitcoin Security IT

Bitcoin Price Crashes 642

Beardydog writes "Bitcoin trading site MtGox.com has suspended operations for the rest of the day after illicit access to at least one account resulted in a steep drop in the price of Bitcoins on the site. Commenters to the support page for the event are reporting that a list of usernames and associated email addresses and password hashes have been posted online. MtGox are currently planning to roll back all of the day's trading, email notices to all affected users, and require replacement passwords for affected accounts."
This discussion has been archived. No new comments can be posted.

Bitcoin Price Crashes

Comments Filter:
  • Bitcoin [newstechnica.com] is a decentralised computer currency designed by self-righteous Ayn Rand-reading nerds who despise looters and parasites like, er, you. It is used to purchase Internet services, illegal drugs and pictures of naked women holding video cards.

    Bitcoin works by an emergent synergy of cryptography, peer-to-peer, anonymity, anarchism, libertarianism, wasting stupendous quantities of electricity, the marketing department at NVidia, the enduring exchange value of tulip bulbs and doing all of this instead of Folding@Home.

    Bitcoin successfully harnesses a hitherto-unexploited Internet resource: the vast reserves of unexamined privilege amongst computer programmers. Coins are "mined" by stealing them from people who are able to comprehend this level of computer science but still keep their Bitcoin wallet in plain text on a Windows machine.

    The Bitcoin system is robustly designed to continue past the collapse of the US dollar and the world economy, as the Internet, fast computers and reliable electricity are all expected to be readily available when barbarian hordes are wandering the burnt-out post-apocalyptic remnants of civilisation.

    It is completely incorrect to describe Bitcoin as a "pyramid scheme." Technically, it's a "pump-and-dump."

    Many common products are still inexplicably not purchasable with Bitcoins. "It's as if they don't understand the revolutionary wonder of Bitcoin," says Debian developer Hiram Nerdboy, 17. "I can't get chicks with Bitcoins either. Even with my slickest Pick-Up Artist techniques! It's as if my knowledge of economics and game theory didn't apply to real life. But that's impossible, of course. They're probably just theists. Hold on, I just gotta post to Slashdot about this."

    Bitcoin was invented by Internet libertarians, in the spirit of freely-chosen individual interpersonal interactions that will bring about the utter collapse of the oppressive taint of the dead hand of government, in order to make money at your expense.

    • by cowboy76Spain ( 815442 ) on Sunday June 19, 2011 @05:50PM (#36493726)

      The Bitcoin system is robustly designed to continue past the collapse of the US dollar and the world economy, as the Internet, fast computers and reliable electricity are all expected to be readily available when barbarian hordes are wandering the burnt-out post-apocalyptic remnants of civilisation.

      I think that you have missed the Fallout series of historic documentals.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      I absolutely agree. These worthless, abstract encrypted computer bits are WORTHLESS.

      Anybody who knows anything understands that REAL value is in small, green pieces of paper with pictures of dead people on them.

      • The pieces of paper are backed by a country of 300 million people who will do work in exchange for them.

        (One good thing about Bitcoin threads on Slashdot: plenty of opportunity to beat Econ 101 into the heads of libertoonians who think they've got the perfect zinger for every situation.)

        • by Colin Smith ( 2679 ) on Sunday June 19, 2011 @06:19PM (#36493958)

          The pieces of paper are backed by a country of 300 million people who will do work in exchange for them.

          You realise that most dollars are not paper? They make up only about 6% of money. The rest is debt based.

          There is only about ~900 billion paper and coin dollars.
          There is about ~14 trillion dollars worth of credit supplied by banks.
          There is about ~55 trillion dollars in total debt, again, supplied by banks.

          What backs the dollar is the faith that the 14 trillion dollars will some day pay the 55 trillion dollars off.

          • Money used to pay for debt isn't destroyed in the process.
            • Money used to pay for debt isn't destroyed in the process.

              Really?

              Show me.

              Now I absolutely would take your point as it applies to the ~5% physical cash, because it's physical and a credit entry is created when it is deposited in the bank meaning that credit entry is destroyed when the debt is paid... But the 95% of money which is made up of credit itself is purely a book keeping entry not physical cash and that absolutely does vanish when debts are paid.

              Where did you think all the crashes and busts came from?

              • Now I absolutely would take your point as it applies to the ~5% physical cash, because it's physical and a credit entry is created when it is deposited in the bank meaning that credit entry is destroyed when the debt is paid... But the 95% of money which is made up of credit itself is purely a book keeping entry not physical cash and that absolutely does vanish when debts are paid

                Since a % of these credits must be backed by real assets, there is an effective limit to the money in circulation (even if that

          • by artor3 ( 1344997 )

            Why on earth does it matter if most dollars aren't physical objects? And since when is the dollars based on the faith that existing assets will eventually pay off the debt? First of all, it's not as though no new wealth is being created. Secondly, why does the debt ever need to be paid off? Just because you belly-feel that debt is bad?

          • What backs the dollar is the faith that the 14 trillion dollars will some day pay the 55 trillion dollars off.

            Actually, what backs the dollar in the US is that the only legal tender for payment of taxes is USD, and if you don't pay your taxes you eventually wind up in jail.

          • by canajin56 ( 660655 ) on Sunday June 19, 2011 @06:53PM (#36494164)
            OK, lets say there is only a single gold coin in town. That's the only currency in existence. OK so far? So, I have that one coin, and I pay somebody that coin for a new window. The glassier takes that coin, and he goes to the pub and he buys a beer for that one coin. Now the bar pays the bartender with that one coin. Now he takes that coin and he buys a sandwich with that coin. Oops, so far our town as a GDP of 4 coins, but there's only one in existence. DO YOU UNDERSTAND YET THAT AN ECONOMY IS NOT A ZERO SUM GAME? I know, you should use the broken window fallacy next! Point out that if you hadn't broken my window in that above example that the GDP of my fictional town would have been 0 instead of 4! ;)
            • You had me until you talked about the broken window fallacy as if it is somehow wrong. In your example you are 1 coin poorer and all you got was the status quo before the window was broken. The glassier is now one beer richer, but the time they spent on that window could have been spent making a new window for a new house. If you had simply paid for a beer the economy would be 3 coins plus whatever the glassier got for making someone else's window. The final result is better than your original example becau
            • by emt377 ( 610337 ) on Sunday June 19, 2011 @11:20PM (#36496148)

              OK, lets say there is only a single gold coin in town. That's the only currency in existence. OK so far? So, I have that one coin, and I pay somebody that coin for a new window. The glassier takes that coin, and he goes to the pub and he buys a beer for that one coin. Now the bar pays the bartender with that one coin. Now he takes that coin and he buys a sandwich with that coin. Oops, so far our town as a GDP of 4 coins, but there's only one in existence. DO YOU UNDERSTAND YET THAT AN ECONOMY IS NOT A ZERO SUM GAME? I know, you should use the broken window fallacy next! Point out that if you hadn't broken my window in that above example that the GDP of my fictional town would have been 0 instead of 4! ;)

              To take this further, assume my company sells your company a piece of paper for $1M. You then sell me a piece of paper for $1M. All that has happened is that two pieces of paper changed hands, but economically we've produced $2M of GDP (= total value of goods and services produced, not total amount). No gold coin needed at all. If there's a 1000 of us buying and selling each others' pieces of paper we will have produced $ billions. No currency involved. It's also why an economy can grow without increasing production - there's simply an increase in demand for what it produces. More specifically, an economy that's more effective at meeting needs instead blanketing producing every conceivable product and service can have the same or bigger GDP while producing significantly less.

              • Is that all an economy is at the fundamental level is trade. I do something, you do something, we trade, that is the economy. Currency just acts like a lubricant, making the trade flow more freely, that is all. It doesn't matter what the currency is, so long as it does its job.

                The whole reason we have currency is to deal with the complexities that arise if you try and do anything more than direct barter. In a barter system you very quickly run in to two problems that hamstring an economy:

                1) Person A may wan

          • Except that's not actually true. That would be like saying that, I have two trucks because I lent it to a friend for his move. There aren't really two trucks, and if we both tried to use it at the same time, there'd be trouble.

            Likewise, there aren't really that many dollars in existence, if there were we'd see massive inflation, those are obligations, some of which will end up in a state of default and most of which will be paid off. However, they won't be paid off simultaneously, doing so would result in a

          • What exactly do you want it to be based on? The number of Jesus' hairs in the shroud?

            Drowning in debt is a wonderful horror story, but anybody who tries to collect on it will be facing a horde of nuke-equipped "non-hostile" drones.

            Its not like it is a cancer that increasing destroys everything in its path, its just a paltry concern to be taken care of when we can afford it. Clinton nearly destroyed the US by actually reducing it; and thus transferring power back to the people. Thankfully the clear thi

        • The thing about the world is that most people on it aren't americans. Right now they have to use the USD because it's the de facto standard -- but if something could replace it in a way that kept everyone honest(see, for example, bitcoin) -- there would be some incentives to switch to it to larger and larger degrees.

          Bitcoin isn't perfect -- hell, it's probably going to fail. But something like it could very well be 'the thing' that the 6 billion other people would be willing to work for. It's mostly a
      • Real currencies can be used to pay taxes and legally settle debts.
  • Enough already (Score:4, Insightful)

    by Anonymous Coward on Sunday June 19, 2011 @05:45PM (#36493698)

    Enough with this Bitcoin spam already.
    Bitcoin is stupid, unneccessary and irrelevant, we don't care for your fucking scam.

    • Re:Enough already (Score:5, Insightful)

      by hipp5 ( 1635263 ) on Sunday June 19, 2011 @05:52PM (#36493748)

      Enough with this Bitcoin spam already. Bitcoin is stupid, unneccessary and irrelevant, we don't care for your fucking scam.

      To be fair, it's nice to hear news that predictions about bitcoins being crappy are indeed true. This story is somewhat of an anti-spam.

    • Re:Enough already (Score:5, Insightful)

      by _Sprocket_ ( 42527 ) on Sunday June 19, 2011 @08:44PM (#36494938)

      Bah. Bitcoins represent a number of interesting concepts. Currency alone is a rather fascinating thing that touches on psychology, economy, history, and one of the earliest forms of information technology. Toss in some cryptography, peer-to-peer / decentralisation, etc. and there's no end to the facets of this subject.

      That doesn't mean you have to buy in to Bitcoins. Keep in mind that these Bitcoin stories are more than simple "yay Bitcoin - buy buy buy" that you would expect from advertisements / spam. There are negative sides being covered by these stories. But if you have no interest in anything remotely related to Bitcoins, then by all means... don't click on the damn article that says it is, in fact, about Bitcoins.

      • by jd ( 1658 )

        Currency is basically a form of barter that avoids having to move physical goods around of a value equal to that of the currency. The earliest currencies - often things like the iron rings used by Celts in the early Iron Age - converted to a fixed amount of some physical goods. This evolved over time into the gold standard (instead of having different coinage equate to different physical goods, all currency equated to a single physical good - gold, in this case). After a while, currency was switched to a fl

    • "Enough with this Bitcoin spam already. Bitcoin is stupid, unneccessary and irrelevant, we don't care for your fucking scam."

      Seriously. Slashdot editors: give me an option to block your idiotic Bitcoin spam, or at least post less of it. I'm so tired of every third story being a shill for this ridiculous scam that I'm going to find another technology news source if one of those two things doesn't happen.

      You are either participating in an attempt to swindle a bunch of people out of their money, or you are so

      • "Enough with this Bitcoin spam already. Bitcoin is stupid, unneccessary and irrelevant, we don't care for your fucking scam."

        Seriously. Slashdot editors: give me an option to block your idiotic Bitcoin spam, or at least post less of it. I'm so tired of every third story being a shill for this ridiculous scam that I'm going to find another technology news source if one of those two things doesn't happen.

        You are either participating in an attempt to swindle a bunch of people out of their money, or you are so deluded by this moronic idea that you're going to be among the swindled yourselves.

        Either way, it doesn't speak well for the general quality of material on the site if multiple editors here can be persuaded to post "stories" about it approximately every five minutes.

        I'm not sure if you are aware of this, but typically "shills" don't generally post stories to slashdot that demonstrate weaknesses or blunders related to themselves. Do you think the Playstation Network outage stories were by Sony shills too?

        And you want an option to block these stories? Have you considered trying to exercise enough willpower not to click on the freaking link?

        Some people here might find it to be an interesting experiment (though possibly naive), even if they aren't buying into it.

        Just bec

  • I thought each trade was part of the bitcoin history, so how can you possibly "roll back" trades? I could see sending bitcoin back to where it came from, but both parties would have to agree to everything.

  • I think that maybe its time to hit the drawing board again.
    Great idea but I think they need like 1 time key generators or some other level of security layered on transactions.

  • by simoncpu was here ( 1601629 ) on Sunday June 19, 2011 @05:51PM (#36493732)
    Found this on the Internet: http://pastebin.com/hN7PxRhc [pastebin.com]
  • How can they enforce a roll back? Once the bitcoin is transferred out to another bitcoin account, there is no charge back or getting that monkey back. One would assume that any compromised account would have its bitcoins immediately transferred out, right?
    • Presumably because the attackers were selling coins from other people's accounts, not buying them. The exchange site can contact their $$$ bank to cancel cash payments, and refund incoming bitcoins transactions from hacked accounts.

    • by Marton ( 24416 )

      RTFA?

      What they're saying is that somebody amassed a lot of coins on a single account but wasn't able to transfer them out. Just $1000 worth. The coins are there, and the transactions can be rolled back. Mostly.

      I hope that is the case - if they can't fix this then it's a huge blow to a very interesting experiment.

  • Growing pangs (Score:3, Interesting)

    by traindirector ( 1001483 ) on Sunday June 19, 2011 @05:55PM (#36493782)

    I've been watching the Bitcoin system/experiment since the beginning of last autumn, and I can't help but feel it's receiving too much attention and increasing in value too quickly for its own good.

    I really like the idea of the system and I want to see this system or one like it succeed, but with the extremely quick rise in value since last year and all the attention it's been getting, coupled with the games those with lots of bitcoins could play with the market and the somewhat unknown nature of who controls these fortunes (now in both bitcoin and USD), I felt a devastating crash is unavoidable at $.70 US / bitcoin, much less $17 / bitcoin.

    At this sort of insane value, the system is an extremely interesting experiment, but I think it's a huge roadblock for serious adoption.

  • Bitcoin people still is waiting a bailout. At least they don't pretend that bitcoins worth something like the formal banks do with the dollar.
  • Is it just me? (Score:3, Insightful)

    by Anonymous Coward on Sunday June 19, 2011 @06:06PM (#36493864)

    Is it just me, or does these comments, and everything surrounding this, AND THE FACT THAT THIS OCCURRED ON FATHER'S DAY, sound suspicious to anyone? I hate to sound like a conspiracy theories, but this sounds an aweful lot like a psy-op to me.

    After all, Bitcoin" was not hacked, nor did "Bitcoin" crash (http://bitcoincharts.com/markets/ - they are STILL WORTH MORE than the U.S. dollar). It was a SINGLE WEB SITE that was hacked. If the pirate bay was hacked, would you say that "bittorrent" was hacked? Only if you're an idiot and don't understand how bittorrent works.

  • by Animats ( 122034 ) on Sunday June 19, 2011 @06:25PM (#36493998) Homepage

    "Mt. Gox", the main Bitcoin exchange, was originally "Magic the Gathering Online Exchange". Nobody really knows who runs "Mt. Gox"; it appears to be one person in Tokyo who's only reachable via email and IRC. (He must be having a terrible night; this all happened around 3AM in Japan.) It's not like there's some real financial institution, or even a funded start-up, behind this. Most, if not all, of the Bitcoin "exchanges" and "exchangers" are somewhat flaky entities. Bitcoin's ecosystem is financially very weak.

    Understand that Mt. Gox is not just an exchange. It's a depository institution, like a bank. Customers have balances, in Bitcoins and other currencies, with Mt. Gox. But Mt. Gox is not regulated or audited as a bank or a brokerage, even though it holds other people's money. Accounts are uninsured.

    This matters when something goes wrong and somebody gets stuck with losses. Mt. Gox claims they're going to "roll back" transactions to before the theft. But some of the money is already gone, transferred out before Mt. Gox shut down. Mt. Gox is going to have to eat some of those losses if they do a rollback. Do they have the cash? Nobody knows. They're not audited by anybody.

    As for the security breach, not only is the entire file of usernames, email addresses, and encrypted passwords now widely available, so are the unencrypted passwords cracked so far. (One wonders why whomever stole the password file published it, but it may have to do with their needing help from others to crack the passwords.) As a result, TradeHill, another Bitcoin exchange based in Chile, has shut down, to avoid attacks using passwords obtained from Mt. Gox. Right now, there's no way to turn Bitcoins into dollars. (Euros, yes; right now the going rate is EUR11.51/BTC. But that market is very thin.)

    Whether or not BItcoins are a good idea, the market ecosystem behind them is far too flaky.

    • Right now, there's no way to turn Bitcoins into dollars.

      This isn't true. There are non-mtgox exchanges [bitcoinwatch.com], they just aren't very liquid/prominent.

      is far too flaky.

      Oh its' definitely flaky. But too flaky for what? 130M marketcap? Perhaps. But for all we know this is all a beta-test for 'microsoft money' -- the open source terms on bitcoin permit microsoft to basically take the code, embrace & extend and own the whole network. Every mistake that's made, every fix that's produced, every problem every solution brings us closer to a world without banks as we know them today

    • by bill_mcgonigle ( 4333 ) * on Sunday June 19, 2011 @09:21PM (#36495238) Homepage Journal

      Do they have the cash? Nobody knows. They're not audited by anybody.

      And there's your problem - no transparency. Same problem as exists on Wall St.

      One wonders why whomever stole the password file published it, but it may have to do with their needing help from others to crack the passwords.

      Perhaps, but de-anonymizing BitCoin is sufficient for the purposes of BitCoin's biggest critics (and those who stand to lose the most from it succeeding).

  • It can crash in value. That means it is a real currency and can be attacked by traders at will. Not quite the validation the inventors intended, I gather.

  • by sirwired ( 27582 ) on Sunday June 19, 2011 @06:39PM (#36494080)

    Usefulness as a currency is inversely proportional to potential as an investment. BitCoin fans, when you boast that your "currency holdings" have shot up in value by several hundred percent in a year, this is NOT A GOOD THING for BitCoins as a currency. You, Joe Merchant, would have to be a complete blithering idiot to set yourself up to accept BitCoins as a form of payment if deflation of several orders of magnitude is REQUIRED in order for your "currency" to be anything but a niche toy. In addition, credit, the lifeblood of any economy is completely impossible under such conditions; it would be the height of insanity to take out a loan if you had the potential of owing the equivalent of several hundred percent interest after a year. (As in, if you took out a loan for a thousand BitCoins a year ago, you'd be praying for an event like this to happen right now...)

    An ideal currency remains relatively stable in value in relation to something you actually want to buy. An illiquid currency that gyrates wildly in value is useless, as it makes proper pricing of goods, services, and credit impossible.

    In the end, BitCoins are no more a "currency" than Beanie Babies were. And at least Beanie Babies are cute. (And tulips were/are pretty flowers.) BitCoins are an interesting experiment in cryptography, nothing more.

    • by RobinEggs ( 1453925 ) on Sunday June 19, 2011 @08:01PM (#36494656)
      These are very good points.

      It wasn't until bitcoin that I understood the point of constant inflation: it makes credit feasible. You can only borrow safely if you can be almost certain money won't increase in relative value in the future, and to make a borrower feel truly safe currency value should have a near certainty of decreasing somewhat. With significant deflation a possibility you can't even take out a car loan without simultaneously risking indentured servitude; it would be insane to take home or business loans, and I don't mean figuratively insane, either.

      Inflation also encourages lending and investing. It's like the Red Queen hypothesis: with inflation eating the valuation of your cash you have to put it to work somehow in hopes of earning more than the rate of inflation.

      It seems no one makes loans or investment in bitcoins, and the scam artists - excuse me, properly rewarded early adopters - who minted thousands or millions of coins back when they cost 1/1000th as much processing time to generate still seem to be hoarding and not using them.

      It's technically true that they're not a ponzi scheme, but they're still basically a confidence game that at the current trajectories don't seem like any benefit to people who weren't already in the market by mid-2010. Anyone who adopted after that could use them as money laundering and anonymous payments (like Silk Road), but couldn't efficiently generate or purchase them without wasting more fiat currency than the coins are worth in service fees or electricity.
  • If you check a competing exchange, you will find that the price of bitcoins has gone from $17 to $13. How does that constitute a crash when the price of a BTC had fluctuated down to around $13 within 48 hours before the breach? This is a security breach that only affected people using MtGox to trade their bitcoins for USD, so the trust in MtGox has been undermined, not the trust in the entire BTC economy. Most traders will likely move over to tradehill.com or some other competing exchange who have hopefully
  • Disconnect (Score:4, Interesting)

    by SuperKendall ( 25149 ) on Sunday June 19, 2011 @06:54PM (#36494168)

    I'm supposed to hate electronic voting, but support a wholly electronic currency?

  • Just sayin'! (Score:4, Interesting)

    by John Pfeiffer ( 454131 ) on Sunday June 19, 2011 @06:55PM (#36494180) Homepage

    It's worth nothing that this 'price crash' was completely artificial, the result of a malicious act, and only really affects the Mt.Gox exchange site. I suppose it probably also affects any sites that set their exchange rate by Mt.Gox, but many don't do that on a real-time basis anyway. I use Bitcoin Market, another trading site, and their prices are unaffected.

  • by Gendou ( 234091 ) on Sunday June 19, 2011 @06:57PM (#36494198) Homepage

    I have an Mt.Gox account but have never actually used it for anything. I received the following e-mail earlier today.

    Dear Mt.Gox user,

    Our database has been compromised, including your email. We are working on a
    quick resolution and to begin with, your password has been disabled as a
    security measure (and you will need to reset it to login again on Mt.Gox).

    If you were using the same password on Mt.Gox and other places (email, etc),
    you should change this password as soon as possible.

    For more details, please see this:

    https://support.mtgox.com/entries/20208066-huge-bitcoin-sell-off-due-to-a-compromised-account-rollback [mtgox.com]

    The informations there will be updated as our investigation progresses.

    Please accept our apologies for the troubles caused, and be certain we will do
    everything we can to keep the funds entrusted with us as secure as possible.

    The leaked data includes the following:

    - Account number
    - Account login
    - Email address
    - Encrypted password

    While the password is encrypted, it is possible to bruteforce most passwords
    with time, and it is likely bad people are working on this right now.

    Any unauthorized access done to any account you own (email, mtgox, etc) should
    be reported to the appropriate authorities in your country.

    Thanks,
    The Mt.Gox team

    Gmail also flagged suspicious failed login attempts on my e-mail account, so I had to go through a password reset process on it. Although I used a unique password at Mt.Gox, the attacker apparently is running automated login attempts using the stolen e-mail addresses and Mt.Gox passwords, so anyone using non-unique passwords is likely in trouble.

    • by Dr. Sp0ng ( 24354 ) <{moc.liamg} {ta} {gnopsm}> on Sunday June 19, 2011 @07:57PM (#36494638) Homepage

      Gmail also flagged suspicious failed login attempts on my e-mail account, so I had to go through a password reset process on it. Although I used a unique password at Mt.Gox, the attacker apparently is running automated login attempts using the stolen e-mail addresses and Mt.Gox passwords, so anyone using non-unique passwords is likely in trouble.

      Yep. Same story for me too. Glad I enabled two-factor authentication [blogspot.com] on my Google account (and SSH to my home server while I was at it).

    • by Anonymous Coward on Sunday June 19, 2011 @08:34PM (#36494864)

      Gmail also flagged suspicious failed login attempts on my e-mail account...

      That's not an accident; Google is watching out for you.

      See http://forum.bitcoin.org/index.php?topic=19641.msg245983#msg245983 [bitcoin.org]

      Hi guys,

      The reason your Google accounts have been required to change the password is that you appeared in a list of public MtGox accounts. We do understand that you may not have been sharing your passwords, unfortunately as they were leaked in hashed form it is hard to know which ones will be found to be sharing passwords and which won't - this will be found out by brute forcers over the next 24-48 hours.

      Again, apologies for the inconvenience, we know that choosing new passwords is a pain. Requiring password rotations is not a decision we take lightly. However this is standard procedure for credentials leaks. It is to avoid accounts showing up in the black market for hacked passwords, as Gmail account access can be used to obtain access at other sites (PayPal, Facebook, etc).

      thanks,

      Mike
      Google abuse/anti-hijack team

  • by Cyberllama ( 113628 ) on Sunday June 19, 2011 @07:54PM (#36494608)

    So much as it is a MTGox story.

    About a week ago the first rumors of MtGox being compromised by a SQL injection exploit began to circulate.
    Here's one of the original claims from someone calling themselves Buttsec from June 14th. Others which I'm too lazy to dig up were more specific and named MtGox explictly:
    http://pastebin.com/4NPemHfz [pastebin.com]

    On that very same day, MTGox implemented a $1000 dollar withdrawal limit. Suspicious, right? For the past 3 days, there have been offers to sell MTGox's database of usernames and password hashes. Here's an example:

    http://pastebin.com/ui0nusuZ [pastebin.com]

    Today, there is this:
    http://pastebin.com/hN7PxRhc [pastebin.com]
    http://pastebin.com/w06pa2mB [pastebin.com] (there are many of these, the first link gives you the urls if you want to see them all)

    This confirms MTGox was indeed hacked. One of the hackers offering to sell this database that came out today had even specifically mentioned that the hole he had used was CLOSED by MTGox a couple of days ago. Today, FINALLY, MTGox admits they were hacked and has sent out emails to all their users. Here is a copy:
    http://pastebin.com/9Cx94wzs [pastebin.com]

    In light of all of the evidence (more of which I'm sure you can find on your own), I find it very hard to believe that MtGox was not aware they had been hacked, and yet they've been denying it and operating normally (aside from the newly added withdrawal limit, which they even boast about in the linked press release). In fact, I found one reddit page of many where MtGox users were complaining there accounts had been compromised (There have been many over the past week) and the employee flat out denies that they have ANY reason to suspect they've been compromised:

    Here's one such complaint among many: http://www.reddit.com/r/Bitcoin/comments/i17jd/i_just_got_ripped_off_on_mtgox/ [reddit.com]
    And here's one with an employee denial: http://www.reddit.com/r/Bitcoin/comments/i2dkn/mt_gox_has_some_serious_issues/ [reddit.com]
    Here's all that (purported) employees posts: http://www.reddit.com/user/MtGox_Adam [reddit.com]

    Long story short: For the last week (5 days at least), I've been wondering if MtGox had been truly hacked or if someone was just trying to depress the price of bitcoins by spreading rumors. Today I don't have to wonder anymore. What I do have to wonder about is why has MtGox kept silent for the past week when ALL indications were that they KNEW. They fixed the hole, added the withdrawal limit, and yet kept on denying they had an issue when dozens of users complained of account compromises. Rather than admit the issue and try to have it fixed, they apparently tried to keep it a secret. How can we trust any company that handles security issues in this manner?

    • by woolpert ( 1442969 ) on Sunday June 19, 2011 @10:00PM (#36495490)

      On that very same day, MTGox implemented a $1000 dollar withdrawal limit. Suspicious, right?

      Not so. The $1000 withdrawal limit has been in place since at least early May 2011 (when I started cashing out my holdings).

    • I should add to this that MtGox is now saying that it wasn't one of their systems that was compromised, but that of one of their auditors and that's how they were unaware of the intrusion. Given that the withdrawal limit has been around, its hard to say exactly what MtGox should have done. They had to know at least as much as I did, which was that there were rumors, an upsurge in compromised accounts and people offering to sell the database, but perhaps that's all the information they had. In that case,

news: gotcha

Working...