09:06 AM

China Slams Bitcoins: What's Next?

Chinese central bank prohibits the country's financial institutions from touching bitcoins, but plans regulation. Cue further trouble for the crypto-currency?

The value of bitcoins dropped 30% Thursday after the People's Bank of China and five other Chinese government ministries banned the country's financial institutions from handling the currency.

China's central bank issued a notice (naturally, in Chinese) that prohibits all Chinese financial and payment institutions from conducting any business using bitcoins, buying or selling bitcoins, or allowing products or services to be priced in bitcoins, and said that insurance would not cover any losses related to bitcoins.

Potentially adding insult to injury for the crypto-currency crowd's injury, China also said that because bitcoins lack "legal status and monetary equivalent," it wouldn't even deign to call the virtual payment system a currency.

After the Chinese central bank released its statement, the value of a bitcoin dropped to $870 on MtGox, the world's biggest Bitcoin exchange. That was down from this week's high of $1,240, but still well above the currency's all-time low of $1 in 2011. But by Friday, bitcoins had regained some of their value, trading at around $1,000.

[Bitcoin users: Beware attackers targeting passwords and other data. Read BitCoin Password Grab Disguised As DDoS Attack.]

Does China's stance on bitcoins signal danger for the crypto-currency? In fact, China didn't fully outlaw bitcoins. Rather, in what might be seen as akin to its approach to gambling, the government intends to regulate them. Notably, the central bank said that any site that wants to handle or process bitcoins must first register with China's telecommunications authorities, comply with anti-money laundering obligations, identify all users, and report any suspicious transactions. In short, Chinese authorities have prohibited bitcoins from being used anonymously.

China's central bank also warned that using bitcoins carries enormous risks for "ordinary investors," including a large degree of volatility, owing to a 24-hour trading window and a lack of built-in price limits. The bank further criticized the payment system's anonymity and lack of geographic restrictions, saying that made it an ideal vehicle for money laundering and financing terrorism. It also cited evidence that bitcoins were being used to finance drugs, firearms, and other criminal activities.

The bank also highlighted the risk of Bitcoin users being "exploited by criminals" and other unscrupulous -- or just clueless -- organizations, including bogus Bitcoin trading sites, as well as Bitcoin exchange operators who failed to implement proper information security controls.

When it comes to how governments view the Bitcoin phenomenon, Chinese officials' views aren't outliers. "It's a bubble," former Federal Reserve chairman Alan Greenspan told Bloomberg this week, effectively dismissing the virtual money. "It has to have intrinsic value. You have to really stretch your imagination to infer what the intrinsic value of Bitcoin is. I haven't been able to do it. Maybe somebody else can."

Similarly, Nout Wellink, the former president of the Dutch Central Bank, this week likened Bitcoin hype to the tulip mania in the early 1600s, when volatility in tulip bulb prices lead to a single bulb reportedly selling for 10 times the annual average wage of a skilled craftsman, threatening to topple the entire monetary system of some other European countries, including Great Britain. When the tulip-fueled speculative bubble burst, however, some people were left holding contracts for tulips valued at ten times what they were worth on the open market.

"Bitcoins are worse than the tulip mania," Wellink said (in Dutch). "Then, you at least got a tulip. Now, you get nothing."

Some users of bitcoins have learned that lesson the hard way. As the value of the currency has continued to rise, so has related interest from the cybercrime set. That includes the gang behind the Citadel banking malware, which was recently upgraded to capture screenshots if users browse to one of a number of virtual money sites, including not only stalwarts and, but also,, and other Bitcoin trading and mining sites.

"In addition to this new Citadel variant, Trusteer's security team has observed an increase in the number of forum posts of members looking for help in targeting a Bitcoin related site while some cybercriminals are also asking for Bitcoin users' email databases," said Trusteer's Etay Maor Thursday in a "Bitcoin: a Platform or a Target?" blog post.

Related attacks continue to occur. Earlier this week, for example, popular Bitcoin discussion forum warned its 176,584 members that their usernames and passwords may have been compromised by hackers, who apparently used a distributed denial-of-service (DDoS) attack as a smokescreen.

That followed another DDoS attack being used to hide a heist last month against Denmark-based Bitcoin payment processor Bitcoin Internet Payment System (BIPS) -- resulting in the theft of 1,295 bitcoins. Worth nearly $1 million at the time, the bitcoins had been stored in a free e-wallet service offered by BIPS. That led information security experts to recommend that anyone who uses bitcoins should never store them online, or perhaps on any Internet-connected system at all, given the ongoing risk of theft.

In October, meanwhile, two attacks against Australia-based free e-wallet service netted attackers about $1.3 million in bitcoins. The same month, a scam Bitcoin exchange set up in China tricked about 1,000 people into depositing bitcoins. But whoever was behind the site -- and the site itself -- disappeared in October, leaving someone about $4.1 million richer.

Even Bitcoin exchange MtGox was hacked -- via a SQL injection attack -- in June 2011, after which some senior members in the Bitcoin community claimed to have been offered the site's entire user database.

While the Bitcoin debate -- as Vice magazine summarized it -- often veers between "crypto-anarchist dreams" and "Ponzi scheme fears," for anyone who wants to use bitcoins without their wallets or payment processors being robbed, the overriding question remains: Can the Bitcoin ecosystem be secured?

InformationWeek 500 companies take a practical view of even trendy tech such as cloud, big data analytics, and mobile. Read all about what they're doing in our big new special issue. Also in the Information Week 500 issue: A ranking of our top 250 winners, profiles of the top five companies, and 20 great ideas that you can steal. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
12/8/2013 | 9:03:50 AM
Re:value of bitcoins
@virsiingh211 even at $680, it is still over quadruple what it was this past summer, so anyone who bought it back then still has a most impressive return on the investment. 
User Rank: Apprentice
12/8/2013 | 1:32:23 AM
Re:value of bitcoins
I would not say threat to democracy but yes its increasing popularity has made Bitcoin, a kind of universal currency due to which China think that this can disturb image of natural currency. Also due to this act of China Bitcoin Price Index has dropped i.e. now the price of each bitcoin is just about $680.
User Rank: Apprentice
12/7/2013 | 11:37:26 PM
Re:value of bitcoins
I dont understand why but is it that China feels, Bitcoin is threat to democracy, on other part Baidu (local serach engine) has stopped accepting Bitcoins, is it time for Google to join the Market.
User Rank: Apprentice
12/7/2013 | 6:47:04 PM
Re:value of bitcoins
I'm surprised that Greenspan would assert, "It has to have intrinsic value. You have to really stretch your imagination to infer what the intrinsic value of Bitcoin is. I haven't been able to do it. Maybe somebody else can." The basic definition of money is that it is a medium of exchange, a meaure of value, and a store of value. Intrinsic value has nothing to do with it. 
User Rank: Apprentice
12/7/2013 | 3:13:03 PM
Well of course BITCOINS can be secured.  Diamond Circle offers a complete solution for obtaining and disposing of them.  Like any financial system security controls are essential and the methods of ensuring control require a form of centralisation from a trusted authority.

The decision by the Chinese Government is responsible because it seeks to force parties like ours to put in the right types of controls such as identifying and recording transactions.  Excluding the Banking system means that costs will be lower for our Merchants that accept Bitcoins for trade and exchange.

Our NFC readers allow our merchants to charge customers in Bitcoins, and to provide Bitcoin ATMs that can be used to issue new wallet tags as well as top up and withdraw funds from Bitcoin accounts.

The NFC tags can be affixed to the back of a mobile phone and are used to store the owner's Bitcoin balance and their private key. They are encoded using our proprietary technology which prevents a 'man in the middle' attack — where vital data is stolen or manipulated during transfer.

Merchants can then use a standard NFC reader attached to a PC to read a tag's balance and transfer the cost of a purchase from a customer's Bitcoin tag to their own account.

The software will automatically adjust the amount of Bitcoins the customer pays For example, if a coffee costs $3.50, the system works out how much $3.50 is in Bitcoins immediately and in your currency.

The NFC reader can also be used to load credit onto a tag. In this scenario a consumer may present their cash or credit card to a merchant, who transfers bitcoin to the consumer's tag.

The Bitcoin ATMs are designed to be installed in shopping centres as standalone units, enabling users to purchase NFC tags pre-loaded with their choice of Bitcoin balance as well as top up the balance on their existing tag by tapping it to the machine. The ATMs will accept payment for Bitcoins via debit or credit card and will also allow customers to withdraw Bitcoins stored on their NFC tag in the form of a cashier's cheque.

By using NFC devices which are low cost and flexible, we are able to offer users a simple and safe way of storing and transacting Bitcoin. In the case of a lost or stolen tag our web portal can be used by a consumer to cancel and transfer the balance to another tag.  The readers can be used at home also. 

Using Banking Level Security means that the issue of loss is negated.  It is unfortunate that Banks are excluded from this process, however non-banking organisations like ours are able to offer innovations which make dealing with bitcoins safe and secure.

'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2018-06-23
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
PUBLISHED: 2018-06-23
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.
PUBLISHED: 2018-06-23
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.
PUBLISHED: 2018-06-23
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.
PUBLISHED: 2018-06-23
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.