Attacks/Breaches
3/3/2014
12:55 PM
Connect Directly
RSS
E-Mail
50%
50%

Mt. Gox Bitcoin Meltdown: What Went Wrong

Transaction malleability attacks and cold-storage software bugs both cited after nearly $500 million worth of bitcoins vanish.

Mt. Gox, recently the world's third-largest bitcoin exchange, has melted down in spectacular fashion, triggering an investigation by Japanese authorities. The CEO of Tokyo-based Mt. Gox, Mark Karpeles, filed for bankruptcy protection Friday, revealing that about $500 million in bitcoins stored by the exchange have been stolen, comprising 750,000 bitcoins deposited by users of the site, and 100,000 owned by Mt. Gox.

But in the bankruptcy filing, the exchange reported that it doesn't know what technique -- or techniques -- attackers used to steal the bitcoins, exactly how many were stolen, or when the thefts occurred. While Mt. Gox suspects that the exchange was hacked, it's reviewing transaction reports to establish what happened. "As of this date, we cannot confirm the exact amount of missing deposit funds and the total amount of bitcoins which disappeared," it said.

Karpeles, speaking Friday at a Tokyo press conference called to announce the company's bankruptcy, said that unspecified weaknesses were to blame. "We had weaknesses in our system, and our bitcoins vanished. We've caused trouble and inconvenience to many people, and I feel deeply sorry for what has happened," he said, reported Wired.

[Don't count on antivirus software to protect your electronic wallet. See Bitcoin-Stealing Malware: Now In 100 Flavors.]

One likely explanation for the missing bitcoins is that hackers employed transaction malleability attacks. On February 10, Mt. Gox issued a statement -- now no longer available online -- warning that due to a "design issue," attackers could take the hashes of recent trades and claim them as their own before they'd been committed to the Bitcoin blockchain, which serves as the world's master ledger for all bitcoin transactions.

But Mikko Hypponen, chief research officer at F-Secure, said that the weaknesses may involve coding flaws that were only discovered after the exchange came under attack. "My current theory is that [Karpeles], who seemingly runs it as a dictatorship, somehow -- because he's written himself most of the code for storing the coins -- he screwed up the code, and he never really tested if he can recover the coins from the cold storage," he said in an interview Thursday in San Francisco. He was in the city presenting at TrustyCon, which was organized by RSA conference boycotters. "When they had these malleability problems, he needed to access the cold storage coins, and he realized that he'd screwed up something five years ago, and for the last five years he's been storing coins that he can't recover."

(Image: PerfectHue)
(Image: PerfectHue)

Mt. Gox, which allowed users to convert bitcoins to dollars, and dollars to bitcoins, first halted withdrawals on February 7, before going offline entirely last Monday and deleting all posts from its Twitter feed.

That shutdown triggered an investigation by Japanese authorities. "I understand that ministries and agencies concerned -- financial services, police and the finance ministry -- are looking into the matter to learn the full scope of the issue," Yoshihide Suga, Japan's chief cabinet secretary, said last week prior to Mt. Gox declaring bankruptcy, the BBC reported. "Once we have full knowledge of what happened, we will take action if necessary."

Coindesk.com reported that federal prosecutors in New York City have subpoenaed Mt. Gox and requested that it retain copies of all documents that might be relevant to a criminal investigation. But a Department of Justice spokeswoman, reached by phone, declined to comment on that report.

Mt. Gox's filing for bankruptcy came after Karpeles quit the Bitcoin Foundation last Sunday after he blamed the Bitcoin protocol itself for having allowed hackers to empty Mt. Gox's coffers. He had held one of its three elected industry-member seats.

But Gavin Andresen, chief scientist at the Bitcoin Foundation, told the BBC last month that the related design problem isn't with the Bitcoin protocol, but rather the software built by some exchanges to process transactions. "The issues that Mt. Gox has been experiencing are due to an unfortunate interaction between Mt. Gox's highly customized wallet software, their customer support procedures, and an obscure -- but long-known -- quirk in the way transactions are identified and not due to a flaw in the Bitcoin protocol," he said.

Penetration testing expert Dan Kaminsky, chief scientist of White Ops, echoed that assessment, saying that whoever built the Bitcoin protocol made it incredibly secure. "In 2011, I spent four months trying to break Bitcoin and failed, and this was very interesting, because it shouldn't have failed," he said in an interview at last week's RSA conference.

Having a wealth of data is a good thing -- if you can make sense of it. Most companies are challenged with aggregating and analyzing the plethora of data being generated by their security applications and devices. This Dark Reading report, How Existing Security Data Can Help ID Potential Attacks, recommends how to effectively leverage security data in order to make informed decisions and spot areas of vulnerability. (Free registration required.)

Mathew Schwartz is a freelance writer, editor, and photographer, as well the InformationWeek information security reporter. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
gev
50%
50%
gev,
User Rank: Moderator
3/5/2014 | 8:56:04 AM
Transactions are not free
And those who do not want to hedge their bets by paying transaction fees to third parties - such as banks or clearing houses - are left high and dry when things go wrong.
moarsauce123
50%
50%
moarsauce123,
User Rank: Apprentice
3/4/2014 | 6:53:43 PM
No dreams in the land of makeblieve
The entirely made up currency only is as good as the hype that surrounds it and keeps any imaginary value high. Bitcoin is the transfer rubel of the new age, utterly useless and benefiting only very few people. Now a trading house comes along that is utterly clueless and has inept management. As quickly as the virtual money came as quickly it disappeared.

And people still trust this? I must be in the wrong movie....
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
3/3/2014 | 1:47:27 PM
Business ops
Business op 1: Bitcoin buyers need ways to become informed about the security and reliability of exchanges. It's clearly unfeasible for each person who wants to use Bitcoins to do that analysis.

Business op 2: An entity willing to take an FDIC-type role and promise to make good on losses. Payments would come from fees from exchanges wanting to join up.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0972
Published: 2014-08-01
The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write ...

CVE-2014-2627
Published: 2014-08-01
Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job execution via unknown vectors.

CVE-2014-3009
Published: 2014-08-01
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct ph...

CVE-2014-3302
Published: 2014-08-01
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.

CVE-2014-3534
Published: 2014-08-01
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a c...

Best of the Web
Dark Reading Radio