09:06 AM

China Slams Bitcoins: What's Next?

Chinese central bank prohibits the country's financial institutions from touching bitcoins, but plans regulation. Cue further trouble for the crypto-currency?

The value of bitcoins dropped 30% Thursday after the People's Bank of China and five other Chinese government ministries banned the country's financial institutions from handling the currency.

China's central bank issued a notice (naturally, in Chinese) that prohibits all Chinese financial and payment institutions from conducting any business using bitcoins, buying or selling bitcoins, or allowing products or services to be priced in bitcoins, and said that insurance would not cover any losses related to bitcoins.

Potentially adding insult to injury for the crypto-currency crowd's injury, China also said that because bitcoins lack "legal status and monetary equivalent," it wouldn't even deign to call the virtual payment system a currency.

After the Chinese central bank released its statement, the value of a bitcoin dropped to $870 on MtGox, the world's biggest Bitcoin exchange. That was down from this week's high of $1,240, but still well above the currency's all-time low of $1 in 2011. But by Friday, bitcoins had regained some of their value, trading at around $1,000.

[Bitcoin users: Beware attackers targeting passwords and other data. Read BitCoin Password Grab Disguised As DDoS Attack.]

Does China's stance on bitcoins signal danger for the crypto-currency? In fact, China didn't fully outlaw bitcoins. Rather, in what might be seen as akin to its approach to gambling, the government intends to regulate them. Notably, the central bank said that any site that wants to handle or process bitcoins must first register with China's telecommunications authorities, comply with anti-money laundering obligations, identify all users, and report any suspicious transactions. In short, Chinese authorities have prohibited bitcoins from being used anonymously.

China's central bank also warned that using bitcoins carries enormous risks for "ordinary investors," including a large degree of volatility, owing to a 24-hour trading window and a lack of built-in price limits. The bank further criticized the payment system's anonymity and lack of geographic restrictions, saying that made it an ideal vehicle for money laundering and financing terrorism. It also cited evidence that bitcoins were being used to finance drugs, firearms, and other criminal activities.

The bank also highlighted the risk of Bitcoin users being "exploited by criminals" and other unscrupulous -- or just clueless -- organizations, including bogus Bitcoin trading sites, as well as Bitcoin exchange operators who failed to implement proper information security controls.

When it comes to how governments view the Bitcoin phenomenon, Chinese officials' views aren't outliers. "It's a bubble," former Federal Reserve chairman Alan Greenspan told Bloomberg this week, effectively dismissing the virtual money. "It has to have intrinsic value. You have to really stretch your imagination to infer what the intrinsic value of Bitcoin is. I haven't been able to do it. Maybe somebody else can."

Similarly, Nout Wellink, the former president of the Dutch Central Bank, this week likened Bitcoin hype to the tulip mania in the early 1600s, when volatility in tulip bulb prices lead to a single bulb reportedly selling for 10 times the annual average wage of a skilled craftsman, threatening to topple the entire monetary system of some other European countries, including Great Britain. When the tulip-fueled speculative bubble burst, however, some people were left holding contracts for tulips valued at ten times what they were worth on the open market.

"Bitcoins are worse than the tulip mania," Wellink said (in Dutch). "Then, you at least got a tulip. Now, you get nothing."

Some users of bitcoins have learned that lesson the hard way. As the value of the currency has continued to rise, so has related interest from the cybercrime set. That includes the gang behind the Citadel banking malware, which was recently upgraded to capture screenshots if users browse to one of a number of virtual money sites, including not only stalwarts and, but also,, and other Bitcoin trading and mining sites.

"In addition to this new Citadel variant, Trusteer's security team has observed an increase in the number of forum posts of members looking for help in targeting a Bitcoin related site while some cybercriminals are also asking for Bitcoin users' email databases," said Trusteer's Etay Maor Thursday in a "Bitcoin: a Platform or a Target?" blog post.

Related attacks continue to occur. Earlier this week, for example, popular Bitcoin discussion forum warned its 176,584 members that their usernames and passwords may have been compromised by hackers, who apparently used a distributed denial-of-service (DDoS) attack as a smokescreen.

That followed another DDoS attack being used to hide a heist last month against Denmark-based Bitcoin payment processor Bitcoin Internet Payment System (BIPS) -- resulting in the theft of 1,295 bitcoins. Worth nearly $1 million at the time, the bitcoins had been stored in a free e-wallet service offered by BIPS. That led information security experts to recommend that anyone who uses bitcoins should never store them online, or perhaps on any Internet-connected system at all, given the ongoing risk of theft.

In October, meanwhile, two attacks against Australia-based free e-wallet service netted attackers about $1.3 million in bitcoins. The same month, a scam Bitcoin exchange set up in China tricked about 1,000 people into depositing bitcoins. But whoever was behind the site -- and the site itself -- disappeared in October, leaving someone about $4.1 million richer.

Even Bitcoin exchange MtGox was hacked -- via a SQL injection attack -- in June 2011, after which some senior members in the Bitcoin community claimed to have been offered the site's entire user database.

While the Bitcoin debate -- as Vice magazine summarized it -- often veers between "crypto-anarchist dreams" and "Ponzi scheme fears," for anyone who wants to use bitcoins without their wallets or payment processors being robbed, the overriding question remains: Can the Bitcoin ecosystem be secured?

InformationWeek 500 companies take a practical view of even trendy tech such as cloud, big data analytics, and mobile. Read all about what they're doing in our big new special issue. Also in the Information Week 500 issue: A ranking of our top 250 winners, profiles of the top five companies, and 20 great ideas that you can steal. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
12/8/2013 | 9:03:50 AM
Re:value of bitcoins
@virsiingh211 even at $680, it is still over quadruple what it was this past summer, so anyone who bought it back then still has a most impressive return on the investment. 
User Rank: Apprentice
12/8/2013 | 1:32:23 AM
Re:value of bitcoins
I would not say threat to democracy but yes its increasing popularity has made Bitcoin, a kind of universal currency due to which China think that this can disturb image of natural currency. Also due to this act of China Bitcoin Price Index has dropped i.e. now the price of each bitcoin is just about $680.
User Rank: Apprentice
12/7/2013 | 11:37:26 PM
Re:value of bitcoins
I dont understand why but is it that China feels, Bitcoin is threat to democracy, on other part Baidu (local serach engine) has stopped accepting Bitcoins, is it time for Google to join the Market.
User Rank: Apprentice
12/7/2013 | 6:47:04 PM
Re:value of bitcoins
I'm surprised that Greenspan would assert, "It has to have intrinsic value. You have to really stretch your imagination to infer what the intrinsic value of Bitcoin is. I haven't been able to do it. Maybe somebody else can." The basic definition of money is that it is a medium of exchange, a meaure of value, and a store of value. Intrinsic value has nothing to do with it. 
User Rank: Apprentice
12/7/2013 | 3:13:03 PM
Well of course BITCOINS can be secured.  Diamond Circle offers a complete solution for obtaining and disposing of them.  Like any financial system security controls are essential and the methods of ensuring control require a form of centralisation from a trusted authority.

The decision by the Chinese Government is responsible because it seeks to force parties like ours to put in the right types of controls such as identifying and recording transactions.  Excluding the Banking system means that costs will be lower for our Merchants that accept Bitcoins for trade and exchange.

Our NFC readers allow our merchants to charge customers in Bitcoins, and to provide Bitcoin ATMs that can be used to issue new wallet tags as well as top up and withdraw funds from Bitcoin accounts.

The NFC tags can be affixed to the back of a mobile phone and are used to store the owner's Bitcoin balance and their private key. They are encoded using our proprietary technology which prevents a 'man in the middle' attack — where vital data is stolen or manipulated during transfer.

Merchants can then use a standard NFC reader attached to a PC to read a tag's balance and transfer the cost of a purchase from a customer's Bitcoin tag to their own account.

The software will automatically adjust the amount of Bitcoins the customer pays For example, if a coffee costs $3.50, the system works out how much $3.50 is in Bitcoins immediately and in your currency.

The NFC reader can also be used to load credit onto a tag. In this scenario a consumer may present their cash or credit card to a merchant, who transfers bitcoin to the consumer's tag.

The Bitcoin ATMs are designed to be installed in shopping centres as standalone units, enabling users to purchase NFC tags pre-loaded with their choice of Bitcoin balance as well as top up the balance on their existing tag by tapping it to the machine. The ATMs will accept payment for Bitcoins via debit or credit card and will also allow customers to withdraw Bitcoins stored on their NFC tag in the form of a cashier's cheque.

By using NFC devices which are low cost and flexible, we are able to offer users a simple and safe way of storing and transacting Bitcoin. In the case of a lost or stolen tag our web portal can be used by a consumer to cancel and transfer the balance to another tag.  The readers can be used at home also. 

Using Banking Level Security means that the issue of loss is negated.  It is unfortunate that Banks are excluded from this process, however non-banking organisations like ours are able to offer innovations which make dealing with bitcoins safe and secure.

Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.