More Bitcoin Exchanges Forced Out of Sync After Massive DDoS Attack 135
An anonymous reader tipped us to news that several Bitcoin exchanges have joined Mt Gox in suspending withdrawals after being forced out of sync with the Bitcoin network at large. After Mt Gox blamed transaction malleability for forcing them to suspend withdrawals, miscreants started flooding at least Bitpay and Btc-e with bogus transactions. Quoting the Bitcoin Foundation: "Somebody (or several somebodies) is taking advantage of the transaction malleability issue and relaying mutated versions of transactions. This is exposing bugs in both the reference implementation and some exchange’s software. We (core dev team, developers at the exchanges, and even big mining pools) are creating workarounds and fixes right now. This is a denial-of-service attack; whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming. It’s important to note that DoS attacks do not affect people’s bitcoin wallets or funds. "
revenge of the 99.9999 percent? (Score:2)
perhaps a preview of the War on Wall Street, coming someday soon before we all die?
Re: (Score:3)
George, I've never seen one before, but (Score:2)
That looks like a bank run to me.
Re:George, I've never seen one before, but (Score:4, Informative)
More like filling all the bank door's locks with glue.
Re: (Score:2)
More like someone pooping in the cheque deposit box.
Re: (Score:2)
Re: (Score:2)
Thank goodness they aren't burdened with banking regulation!
Don't we see this all the time? (Score:5, Insightful)
If I didn't know better I would suspect that the best time to invest in BTC futures would be about five seconds before the DDoS stopped.
I'll leave you to guess who is in the best position to profit from that.
Re: (Score:3)
Louis: Looking good, Billy Ray!
Billy Ray: Feeling good, Louis!
Now to corner the market on more Frozen Concentrated Orange Juice.
Re: (Score:3)
Re: (Score:2)
ywah it seems to be a known/standard thing for a while now that someone will DDOS an exchange just to drive the price down, then buy right as they let up for a while. Rinse and repeat.
Re: (Score:2)
easier than manipulating the price of Oil.. Free of any sort of real protections.. seems like an amazing market for those with money, equipment, and desire to manipulate for greed
Re: (Score:1)
Re: (Score:2)
What do you mean 'or'. how about 'And'?
Think big!
Re: (Score:3)
Though I doubt there is really a profit or political motive in this case. Many people find the BTC crowd, or at least its more vocal proponents, rather obnoxious, and when you have people who do not like a group and a tool pops up for annoying them, at least a few people will be trollish enough to use it.
Re: (Score:2)
True, just like a great time to buy BTC was during that brief window yesterday when they were trading for 100$.
Yep, that would have been a good time to buy. Unfortunately, the low for yesterday on the exchange that I use (MTGOX) shows $511, so there weren't any trades at that price on the MTGOX. I wasn't able to find that sort of information on bitstamp, but they are trading even higher than MTGOX, so it seems unlikely that they hit $100.
Re: (Score:3)
Look, if you're just going to check with primary sources and present well researched facts, why should we even bother having slashdot at all?
Try that again, but first empty your mind of everything you know about the subject and try to blame either Microsoft, Apple or Google for everything.
Re: (Score:2)
True, just like a great time to buy BTC was during that brief window yesterday when they were trading for 100$.
I happened to be watching BTC-e on monday when the $102 dip happened. It was a result of someone (or more likely, someone's misbehaving bot) dumping about 6k BTC on the market, at once. It was back over $500 in about a minute.
Those few who had set ridiculously low bids (expecting crash due to expected MtGox bad news) or bots that didn't have a failsafe to just stop when something crazy happens, probably made a good profit on that dump.
Re: (Score:2)
It's a pyramid scam baited for geek. We're the preferred prey. Of course it looks obnoxious on slashdot.
Re: (Score:2)
Re: Don't we see this all the time? (Score:1)
In IT we call it 'validating a systems robustness." And it's a good thing. Most people won't buy into a bitcoin system if they see it teeter because of a DDOS attack.
Sure, zealots and fanatics will fume over the attacks. Theirs is a sphere of faith, so it's understandable.
the value in Bitcoin is in transactions (Score:2, Funny)
stop the transactions, you hurt the value. This is a Fed operation, because they can't control it they're trying to destroy it and make it look like script kiddies. So fucking transparent...
Re:the value in Bitcoin is in transactions (Score:5, Funny)
Now that the NSA can't store and process user's private data, they have to do _something_ with those datacenters, right?
Re: (Score:3, Insightful)
I'm going to go out on a limb here and say that "+5 Funny" was probably not the moderation you were looking for.
Re: (Score:2)
um... nope, it wasn't, I was being serious like "CIA running disruption ops in the Middle East including enabling al Qaeda rebel groups" serious... but hey... :)
Re: (Score:2)
Re: (Score:1)
Risky move. Since BTC has no intrinsic value, if they push too hard, there won't be enough faith left in the BTC system for it to bounce back.
Re: (Score:2, Interesting)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Or they have a position in options.
Is this the begining of the end for BTC (Score:1)
Re: (Score:1)
Re: (Score:1)
Re: (Score:1, Insightful)
It might be, and I think your general approach might be sound if the very concept of bitcoin wasn't FUCKING RETARDED .
Re: (Score:1)
So was the idea that the earth was small enough that you could reach China by sailing east from Europe.
So was A/C electricity.
So was the idea that humans could fly.
Ideas often seem FUCKING RETARDED before they change the world. Sometimes they are fucking retarded, but Bitcoin is 5 years old and still growing.
Re: (Score:2)
Selection bias much?
So was the idea of the stars telling us our future.
So was the idea of transmutation via magic spells and elixirs.
So was the idea of curing cancer by eating baking soda.
Sorry, dude, but some ideas are fucking retarded in hindsight, the present, and in the future.
Re: (Score:2)
1) Our star tells the future of life on earth.
2) Transmutation is perfectly possible.
3) http://www.ncbi.nlm.nih.gov/pubmed/19276390
Sometimes naysayers are wrong, or at least are too limited in their frames of reference.
Is Bitcoin a stupid idea? I don't know, but Dogecoin seems like an even more stupid idea and it is growing considerably faster than Bitcoin at this point. Regardless, Bitcoin is 5 years old and growing fast
Re: (Score:2)
The obvious part is retarded (Score:3)
Re: (Score:2)
The internet makes it easier for the timid to become criminals.
Re: (Score:1)
The issue will likely be fixed by a combination of exchange software upgrade and, eventually, long term tweak
Re: (Score:2)
My understanding of the problem is that exchange's use custom wallet software that can be fooled before enough confirmations come through potentially allowing an attacker to sell coins that don't exist for dollars. This has temporarily made bitcoin less liquid (as far as exchanging for country backed currencies) which has driven the price down.
That's only Gox. AFAICT, the other exchanges do it the right way (look at address/amount/timestamp rather than transaction id), but because the former is more resource-intensive than the latter (this is presumably why Gox did it in the latter way), they're getting overwhelmed by the dust spam.
Re:Is this the begining of the end for BTC (Score:5, Informative)
No, the issue is that a bunch of fake but close-enough transactions are flooding the exchanges to de-sync them. They're trying to verify the transactions with the real blockchain, but in doing so, they fall behind, have to process a new batch of fake transactions and compare them against the real chain, etc.
Basically there's a point where the flood of fake transactions overwhelms the ability to figure out what's real and what's not. No extra money is being created unless the exchange follows the fake transactions. However, if you're trying to exchange money, it means your real transaction is now backlogged and the exchange can only get further behind as they sort out the mess.
It's like how a regular DDoS works - except the information being sent is fake and the server is bogging down under the load trying to figure out if it's real or not.
It's a classic resource starvation attack - each fake transaction consumes resources because it has to be verified against the real blockchain. But in the time to do that, more fake transactions come in so the server can do nothing but fall behind. And you intermix in real transactions which have to be processed properly as well.
I suppose a real life equivalent is a bank - where you have people trying to cash in fake cheques or exchange fake currency - it takes time to verify and fail the transaction, but even with all tellers open, there'll be a point where more people (legit and otherwise) arrive faster than they can handle so the lines get turned into crowds.
Re: (Score:2)
it takes time to verify and fail the transaction, but even with all tellers open, there'll be a point where more people (legit and otherwise) arrive faster than they can handle so the lines get turned into crowds.
A virtual description of a bank run, or at least what *looks* for all the world to be a bank run.. Cannot be a good sign if BTC is somehow seen as not easily exchanged as it should be.
Re: (Score:2)
Re: (Score:2)
Re:Is this the begining of the end for BTC (Score:5, Insightful)
Hmm. If I recall correctly, flooding a country with counterfeit currency to destabilize its financial system has actually been done (or at least proposed) before.
What's interesting about this DOS attack is it doesn't matter if every single counterfeit transaction is discovered as such and rejected... what's being attacked is the efficiency of the system itself. If transactions get inefficient enough, the currency becomes burdensome to use, so people forgo it and turn to other mediums of exchange.
(Whether you're a BTC fan or not, it's fascinating to watch Bitcoin's pristine mathematical world rocked by thousands of years of lessons-learned in real world financial competition. Vires in Numeris indeed.)
Re: (Score:2)
During World War 2 Germany was counterfeiting British currency (pounds, but not sure what the paper is called (notes?)) to destabilize what little power the British economy had left. IIRC they were still in circulation through the 50s. Germany also started printing US dollars towards the end of the war but I think by that point it was too late for anything to really come of it.
(i vaguely remember something about this in highschool world history class, but I could very well be pulling this out of my ass faik
Re: (Score:2)
Yup, that must be what I'm thinking of: Operation Bernhard. More info here: http://en.wikipedia.org/wiki/O... [wikipedia.org]
Re: (Score:2)
Re: (Score:1)
It's an opportunity for them to find faults in, and improve, the procedures that are meant to mitigate the impact of these sorts of attacks. This sort of issue is designed in to bitcoin, and therefore anticipated; consider this the first live exercise.
Re: (Score:3)
Re: (Score:3, Informative)
Re:Is this the begining of the end for BTC (Score:5, Informative)
It's not just the exchanges that have to have confidence behind them. The exchange (or, at least, some Bitcoin owner out there) has to have confidence in the short seller as well. This is because the short seller borrows BTC to sell on the exchange. The short seller is then expected at some point to pay back the lender in BTC to cover the loan. Because of the additional routes for anonymity that Bitcoin provides, the short seller could abscond with the non-BTC currency as long as they can launder it, leaving the lender high and dry.
As you noted, regulations, law enforcement, and substantial recordkeeping on the part of brokerages keep this from being particularly successful in normal equities trading. If nothing else, a brokerage might require a short seller to keep cash on hand sufficient to cover the short sale, and then call in the debt if it looks like their cash on hand is coming close to being insufficient to cover. (Some brokerages let you use a margin account for this as well, if you have good credit.) The short seller would then be unable to run off with the cash because the brokerage would not release the funds until the short sale is covered. This is a solution that some Bitcoin exchanges might have problems with, because they would be keeping government-issued cash on hand in a customer account as well as BTC, which opens up several other cans of worms.
Re: (Score:2)
Yeah right (Score:5, Interesting)
It’s important to note that DoS attacks do not affect people’s bitcoin wallets or funds.
Unless of course the exchange rates start dropping because of a declining confidence in the currency.
Re: (Score:2)
You still have exactly the same number of bitcoins regardless of what the exchange rate is. Therefor, their wallets or funds are still exactly the same. They just might not buy as much as they once did.
I didn't see everyone bitching and moaning when their value skyrocketed with absolutely no good reason, so they can't bitch and moan when they plummet under similar circumstances.
Eating their own, won't be long now... (Score:3, Interesting)
Its been an interesting few days, they're lashing out in fear and attacking their own, it won't be long now, here is a recap of what we saw:
1. MtGox made public that a well known bug which was being ignored by the bitcoin "developers" was being used to steal coins.
2. Almost instantly the "foundation" and "developers" released statements indicating that only MtGox was effected by and at fault and the remainder of the bitcoin ecosystem would not be impacted.
3. We saw a flurry of requests for Mark Karpeles to step down from the "foundation".
4. Suddenly almost all the bitcoin exchanges stopped allowing withdrawls because in contrast to what the "foundation" stated, bitcoin developers were responsible for this bug and it in fact effected the whole ecosystem.
It is very clear that this situation was caused by the bitcoin "developers" lack of interest in securing their code. It is also very clear that they attempted to hide this fact and shift blame to an innocent party.
But, but.... (Score:1)
Re:But, but.... (Score:5, Insightful)
Everyone was saying, "Bitcoin is just like currency, man, only better."
It is, especially if you are trying to pump, dump or crash and buy the things for profit. If a DOS attack can drive the price down and DOS attacks are fairly easy to do, you can bet somebody will try it.
Re: (Score:2)
Bullshit (Score:3, Interesting)
This may very well affect people's funds and online wallets. If an exchange doesn't find a transaction in the blockchain, because the exchange looks for a different transaction ID, the exchange may have reissued the transaction, effectively paying out twice. As these transactions are not reversible, but not the fault of the customer, the exchange will have to eat the losses. The current Bitcoin exchanges are not huge banks. They're not too big to fail, and when they do fail, they take your funds with them. They may not even have them anymore right now, but you don't know, because you can't withdraw.
Re: (Score:3)
That's the important distinction. Your wallet is your wallet. You online wallet is a pile of money you gave to someone else and hoped that they treated it well.
Money can't leave your actual wallet unless you either transfer it elsewhere or the entire mechanism that secures the blockchain breaks.
Online site FOO may be fooled into releasing money from your "online wallet," but then you've got an issue with whomever you provided your money to.
Unless money is actively being traded, there's little reason to ev
This is why we can't have nice things. (Score:1)
Government(s) intervention? (Score:2)
Some of the best hackers work for governments. This may be an attempt to destroy digital currency so that people are forced to contend with the historical money makers.
Re:Government(s) intervention? (Score:5, Insightful)
Some of the best hackers work for governments. This may be an attempt to destroy digital currency so that people are forced to contend with the historical money makers.
I'm not into conspiracy theories. Government doesn't really care about BTC, as long as you are not using it to do shady things. This is just common hacking by brighter than average people with less than ideal morals who are out to make a buck. *Somebody* has figured out that money can be made doing this. Now if they are clearing millions or just enough to pay for the pizza is the real question.
IF the government wanted to end BTC, there are better and easier ways that would be a lot less complex and straight forward. No, this is just some yahoo's who figured out how to make a few bucks by tweaking things. More will come though, as organized crime gets into this technique. The swings will get bigger and bigger until they "fix" the processing of transactions to avoid the problem (assuming they can).
I'd be (and I am) out of BTC trading with any money you cannot afford to loose.... Way too risky, even for the kids inheritance money.. If you want to use your slot machine mad money here, it might be better odds, but just barely. (Not as entertaining though.)
Re:Government(s) intervention? (Score:5, Interesting)
Interestingly enough, this potentially benefits legitimate BTC speculators.
We see what's going on. We know that BTC is under attack, and we know it's going to drop, and we suspect it's going to rebound. Time for tech-savvy legitimate investors to make a few gambles as well -- if you're the type that's already gambling on BTC.
One of the things about BTC is that, since it's unregulated, you can't just freeze the exchange rate until the storm blows over. Anarchy!
Re: (Score:3)
Problem for *everybody* though is what's really going on is they are flooding the exchanges with false transactions, which slows down *real* transactions including the one that leads to the profit for the attacker. I suppose if you know when the DOS attack is going to end (because you control it) you can time the bottom, place your (sure thing) bet, verify the transaction has cleared and stop the attack. Then you wait for the SlashDot article about the DOS attack to get a few sheep to "invest" and drive u
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Government doesn't really care about BTC
The United States government really does care about BTC and has a strong interest in killing it, because BTC enables international money transfers outside the banking network. The United States government enjoys de facto control over the interbank network, which it uses to bully countries which it doesn't like (for example, you can't transfer money to a bank in Iran). It is therefore entirely plausible that the current DDOS attack on BTC is mounted by agencies of the US government. It has the motive, it ha
Re: (Score:2)
Read the rest of the statement, we are in agreement.
The last two red flags. (Score:1, Informative)
Red Flags
High returns with little or no risk. Every investment carries some degree of risk, and investments yielding higher returns typically involve more risk. Be highly suspicious of any "guaranteed" investment opportunity.
Overly consistent returns. Investments tend to go up and down over time. Be skeptical about an investment that regularly generates positive returns regardless of overall market conditions.
Unregistered
Re: (Score:2)
Umm, what's the point of any of that? That's like saying banks are a ponzi scheme because they constantly screw up paperwork, and don't like to let people withdraw large amounts of money.
Bitcoins are assets. This (DDOS) situation is somewhat like if the bridges to a warehouse/shopping center were deliberately destroyed. The assets are still there, you just can't get to them. Hell, they even have futures markets for the things. The problem is that it's very easy to create you're own exchange, but hard t
Re: (Score:3, Insightful)
When will the gullible finally wise up?
When their money is gone of course. (Or more to the point, when THEY cannot get their money back when they need it.)
Just remember though, only THEN they will demand government regulation. Before that it is all about the government not having any business regulating what they want to do. After they are fleeced, they will demand a bail out and rules.
Re: (Score:2)
Re: (Score:2, Insightful)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Competition will not be tolerated (Score:2)
Because if there is one thing that organized crime WILL NOT TOLERATE, it is competition. And damned if the Fed and their masters on Wall Street will allow this activity to continue for much longer.
Re: (Score:2)
You have no idea how things work, do you?
If bitcoin works, then they will adopt it.
Of course, Bitcoin is not a good currency. Currency needs to last for decades, preferable centuries.
"You can't hide secrets from the future with math"
The government can just pass laws (Score:4, Insightful)
You can bet your ass that this is state funded, if not directly state sponsored.
Right. Let's see, what's more likely? The US government going to the trouble to hire hackers all hush hush to screw around with bitcoin exchanges using annoying but ultimately pointless attacks OR the government simply exercising its law making powers? (hint, the answer is the second one)
No, this sort of attack is the work of criminals of some sort. Maybe of the organized crime sort or maybe simply the bored hacker kind. I don't pretend to know. It makes no sense whatsoever to think this was state sponsored.
The government doesn't have to engage in hacking to mess with bitcoin in underhanded ways that aren't going to have any lasting effect. If the government decides to go after bitcoin it will be more shock and awe, not ineffective commando raids.
So relieved... (Score:3, Insightful)
"Itâ(TM)s important to note that DoS attacks do not affect peopleâ(TM)s bitcoin wallets or funds."
Oh good. That should make folks feel so much better. I know I always feel safe when my bank goes down cascading with other banks to know my funds are "safe", I've just had my access to them taken away for an unspecified time frame due to their theoretical safeguards that are largely untested and fall prey to the most basic, grade-school level Internet "hacking" (DDoS) which is more akin to a prank when compared to a real attack.
Ladies and gentlemen, may I present to you - the beginning of the end of the Bitcoin bubble. When those exchanges go back up those Bitcoins are going to be ripped out of there and anyone who isn't completely daft will sell them off , take what cash they can get and run.
Re: (Score:1)
If you're anti-Bitcoin, fair enough. Nobody's forcing you.
But please explain how this is any different to "normal" banking, for example.
Just the other day several banks in the UK went out of action and you couldn't get to your money. It's so common that it barely merits a news story any more, except to warn people not to try to put things on their card that day etc.
I have real trouble finding what's *unique* about a perceived problem with Bitcoin, compared to anything else.
Re: (Score:2)
Re: So relieved... (Score:2)
I can't speak to the UK, I live in the United States. I have never once lost access to my money for an unspecified period of time. There is zero regulation on BitCoin, but in the US our funds are insured by the FDIC up to 100K. Though, I've never had to take advantage of such a thing. The USD may fluctuate in value like any currency, but unless you are gambling in the stock market or mutual funds, our money is as safe as it is possible for money to be if it's in a savings or checking account. And the
Re: (Score:2)
How much did you get out of the Iceland banks when they failed? What about the banks rescued by the UK government? We had exactly the same things said and lots of people lost LOTS of money thinking their savings/pensions/life insurance/current account was actually worth something and would be rescued to that degree.
And government bailouts are NOT guaranteed. At least one such bank used by UK people was refused a government bailout. Such rules about how much a bank must hold in reserve are now stricter i
Re: So relieved... (Score:2)
Not so hard to figure this one out (Score:2)
NSA and GCHQ almost certainly at the behest of the Fed and BoE.
No, it's not a conspiracy. (Score:5, Insightful)
This isn't a "government conspiracy" sending out bogus transactions. It's some jerk.
If you need to sell Bitcoins right now, Coinbase and Kraken are still up and running. Bitstamp is off line, and Mt. Gox is, as usual, screwed up. Mt. Gox hasn't paid out US dollars since June 2013. Whether they are incompetent, broke, or crooked is a subject of considerable speculation.
There's a technical fix in the works, but it will have the annoying side effect that when you spend Bitcoins in your own wallet, some Bitcoins you are not spending will be tied up for an hour or so. Bitcoin wallets don't really have an "account balance". What they have is a collection of items of different values. When you spend Bitcoins, the wallet software tries to put together a set of items that's over the value to be spent, with one output to the recipient and one output ("change") sent back to you.
Until now, you could can spend that "change" immediately, even though the distributed network hadn't yet confirmed it. It looks like that will be disallowed, and only confirmed items will be usable. The way this looks to the user with a wallet program is that you have a "Balance" and an "Unconfirmed" amount. Soon, when you spend, the "Unconfirmed" amount (which you can't spend) will go up for a while, then go to zero when the network catches up. Bitcoin is a distributed "consistent eventually" system. "Eventually" is about an hour. Longer during busy periods. (That's the next Bitcoin problem. The whole network has a limit of about 7 transactions per second. A few times in 2013, that limit was hit.)
Expect everyone except Mt. Gox to have this straightened out in a few days.
Re: (Score:2)
Re: Transaction limits (Score:5, Informative)
That limit is set by the finite size of a transaction (~ 250 bytes), and the hard limit of 1 MB per block in the block chain. Thus you can fit 4,000 transactions/block. Blocks are generated every 10 minutes (600 seconds) on average, thus ~7 per second.
The block size limit is intended to not overwhelm average PC's running a full bitcoin client (i.e. a node on the bitcoin network). There are several ways to deal with this limit. One is simply to gradually increase it, and migrate from user PC's to a distributed network of servers with more processing capacity. Another is "off chain transactions". For example, Coinbase.com has both 940,000 consumer wallets and 23,000 merchant accounts. So if a Coinbase user shops at a Coinbase merchant, the transfer is internal to their books, and does not need to hit the network. Eventually other aggregators can bundle up multiple user transactions and send it on the public block chain as a single large transaction to another aggregator. The details of who gets what amount can travel as a separate data file between them.
That's pretty much what happens in the traditional banking system. Banks settle up with each other once a day at a clearing house (usually the district Federal Reserve Bank). They add up all the day's checks going between a pair of banks, and then one of them pays the other the net difference. The actual payment goes across a private payment network (FEDwire) that only financial institutions have access to. In the old days, they had to swap piles of physical checks at the clearing house. With modern debit cards and electronic payments, it goes through an "Automated Clearing House" (ACH) which tallies up the amounts, but it is the same idea - lots of small transactions aggregated into one big daily clearing of the net balance between banks.
Re: (Score:2)
Another is "off chain transactions". ... clearing house ... That's pretty much what happens in the traditional banking system.
You've now replicated the costs and headaches of the traditional banking system, added on top of the costs and headaches of Bitcoin. The whole point of Bitcoin was supposed to be to eliminate the need for centralized, trusted organizations.
Probably GCHQ (Score:2)
How does this not? (Score:2)
How does this not affect wallets and funds.
When there is a DDOS, faith in the system will go down, people will want to panic-sell to get their value, if they think there will be a technical problem getting their value in the future. This will trigger divestment, and will reduce the monetary value of bitcoins - which affects the value of those who held instead of selling.
The main flaw of bitcoin (Score:2)
The problem with Bitcoin (Score:2, Funny)
Totally decentralised systems, looked at through the viewpoint of 19th century analysis and stats, can seem to work by limiting the control to infinity. in reality there is no infinity to limit it to, this is just a useful figment of mathematicians imaginations when counting stuff is impractical. Somebody's actions will always control the balance of the random behaviours that lie behind bitcoin. The problem then is that this control point will move around essentially near-chaotically. The bitcoin netwo
Re: (Score:2)