Attacks/Breaches
3/3/2014
12:55 PM
50%
50%

Mt. Gox Bitcoin Meltdown: What Went Wrong

Transaction malleability attacks and cold-storage software bugs both cited after nearly $500 million worth of bitcoins vanish.

Mt. Gox, recently the world's third-largest bitcoin exchange, has melted down in spectacular fashion, triggering an investigation by Japanese authorities. The CEO of Tokyo-based Mt. Gox, Mark Karpeles, filed for bankruptcy protection Friday, revealing that about $500 million in bitcoins stored by the exchange have been stolen, comprising 750,000 bitcoins deposited by users of the site, and 100,000 owned by Mt. Gox.

But in the bankruptcy filing, the exchange reported that it doesn't know what technique -- or techniques -- attackers used to steal the bitcoins, exactly how many were stolen, or when the thefts occurred. While Mt. Gox suspects that the exchange was hacked, it's reviewing transaction reports to establish what happened. "As of this date, we cannot confirm the exact amount of missing deposit funds and the total amount of bitcoins which disappeared," it said.

Karpeles, speaking Friday at a Tokyo press conference called to announce the company's bankruptcy, said that unspecified weaknesses were to blame. "We had weaknesses in our system, and our bitcoins vanished. We've caused trouble and inconvenience to many people, and I feel deeply sorry for what has happened," he said, reported Wired.

[Don't count on antivirus software to protect your electronic wallet. See Bitcoin-Stealing Malware: Now In 100 Flavors.]

One likely explanation for the missing bitcoins is that hackers employed transaction malleability attacks. On February 10, Mt. Gox issued a statement -- now no longer available online -- warning that due to a "design issue," attackers could take the hashes of recent trades and claim them as their own before they'd been committed to the Bitcoin blockchain, which serves as the world's master ledger for all bitcoin transactions.

But Mikko Hypponen, chief research officer at F-Secure, said that the weaknesses may involve coding flaws that were only discovered after the exchange came under attack. "My current theory is that [Karpeles], who seemingly runs it as a dictatorship, somehow -- because he's written himself most of the code for storing the coins -- he screwed up the code, and he never really tested if he can recover the coins from the cold storage," he said in an interview Thursday in San Francisco. He was in the city presenting at TrustyCon, which was organized by RSA conference boycotters. "When they had these malleability problems, he needed to access the cold storage coins, and he realized that he'd screwed up something five years ago, and for the last five years he's been storing coins that he can't recover."

(Image: PerfectHue)
(Image: PerfectHue)

Mt. Gox, which allowed users to convert bitcoins to dollars, and dollars to bitcoins, first halted withdrawals on February 7, before going offline entirely last Monday and deleting all posts from its Twitter feed.

That shutdown triggered an investigation by Japanese authorities. "I understand that ministries and agencies concerned -- financial services, police and the finance ministry -- are looking into the matter to learn the full scope of the issue," Yoshihide Suga, Japan's chief cabinet secretary, said last week prior to Mt. Gox declaring bankruptcy, the BBC reported. "Once we have full knowledge of what happened, we will take action if necessary."

Coindesk.com reported that federal prosecutors in New York City have subpoenaed Mt. Gox and requested that it retain copies of all documents that might be relevant to a criminal investigation. But a Department of Justice spokeswoman, reached by phone, declined to comment on that report.

Mt. Gox's filing for bankruptcy came after Karpeles quit the Bitcoin Foundation last Sunday after he blamed the Bitcoin protocol itself for having allowed hackers to empty Mt. Gox's coffers. He had held one of its three elected industry-member seats.

But Gavin Andresen, chief scientist at the Bitcoin Foundation, told the BBC last month that the related design problem isn't with the Bitcoin protocol, but rather the software built by some exchanges to process transactions. "The issues that Mt. Gox has been experiencing are due to an unfortunate interaction between Mt. Gox's highly customized wallet software, their customer support procedures, and an obscure -- but long-known -- quirk in the way transactions are identified and not due to a flaw in the Bitcoin protocol," he said.

Penetration testing expert Dan Kaminsky, chief scientist of White Ops, echoed that assessment, saying that whoever built the Bitcoin protocol made it incredibly secure. "In 2011, I spent four months trying to break Bitcoin and failed, and this was very interesting, because it shouldn't have failed," he said in an interview at last week's RSA conference.

Having a wealth of data is a good thing -- if you can make sense of it. Most companies are challenged with aggregating and analyzing the plethora of data being generated by their security applications and devices. This Dark Reading report, How Existing Security Data Can Help ID Potential Attacks, recommends how to effectively leverage security data in order to make informed decisions and spot areas of vulnerability. (Free registration required.)

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
gev
50%
50%
gev,
User Rank: Moderator
3/5/2014 | 8:56:04 AM
Transactions are not free
And those who do not want to hedge their bets by paying transaction fees to third parties - such as banks or clearing houses - are left high and dry when things go wrong.
moarsauce123
50%
50%
moarsauce123,
User Rank: Apprentice
3/4/2014 | 6:53:43 PM
No dreams in the land of makeblieve
The entirely made up currency only is as good as the hype that surrounds it and keeps any imaginary value high. Bitcoin is the transfer rubel of the new age, utterly useless and benefiting only very few people. Now a trading house comes along that is utterly clueless and has inept management. As quickly as the virtual money came as quickly it disappeared.

And people still trust this? I must be in the wrong movie....
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
3/3/2014 | 1:47:27 PM
Business ops
Business op 1: Bitcoin buyers need ways to become informed about the security and reliability of exchanges. It's clearly unfeasible for each person who wants to use Bitcoins to do that analysis.

Business op 2: An entity willing to take an FDIC-type role and promise to make good on losses. Payments would come from fees from exchanges wanting to join up.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7402
Published: 2014-12-17
Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.

CVE-2014-5437
Published: 2014-12-17
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php,...

CVE-2014-5438
Published: 2014-12-17
Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php.

CVE-2014-7170
Published: 2014-12-17
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

CVE-2014-7285
Published: 2014-12-17
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.