Edited by Vani Rao
Recent attacks on the virtual currency have left it vulnerable
The rise in the value of the Bitcoin offers irresistible hacking opportunities to cyber criminals, and hackers continue to pick holes in the online security of Bitcoin trading sites.
The virtual currency community was reeling from the news where Bitcoin bank site Flexcoin was forced to close down after hackers stole 896 bitcoins stored in the hot wallet, resulting in a loss of around US$600,000, depending on current bitcoin trading value. Bitcoin is not backed by deposit insurance since it is a cryptocurrency.
More recently, the Poloniex Bitcoin exchange reported the theft of 12.3% of its Bitcoin stocks through loop-holes in its withdrawals code. Poloniex is a Bitcoin exchange and the company has committed to operating at a fractional reserve until it can replenish the losses itself. Fortunately for Poloniex, security measures were already in place. These measures froze its Bitcoin transactions before hackers could do any more damage.
Flexcoin was able to restrict the damage being done from hackers by keeping Bitcoins offline, or in “cold storage,” to remain secure. Cold storage is separated from a hot wallet, or a bitcoin wallet, which is online and connected to the internet. Those bitcoins are safe, but only users who explicitly requested their bitcoins be held in cold storage (and paid a 0.5% fee) benefit from such an exercise. The company is now asking investors who have kept their money in the exchange to provide their identification details in order to return the money.
Last week, Mt Gox filed for bankruptcy in a Tokyo district court after the exchange’s computer system was exposed to fraudulent transactions and technical failures. Mt Gox once claimed to host nearly 80% of the overall Bitcoin transactions worldwide, and was the primary source cited for bitcoin prices. Its failure wiped out 6% of the currency’s total circulation.
Its collapse came after Mt. Gox, once the world’s dominant bitcoin exchange, filed for bankruptcy protection in Japan and said it may have lost some 850,000 bitcoins due to hacking. After Mt Gox crashed on February 24, the value of bitcoin fell to $440 – a three-month low after the currency reached highs above $1,000 at the end of November.
The theft of almost US$500 million worth of Bitcoins from the Japanese exchange Mt Gox dragged the company into bankruptcy last week. It cited weak internal control that allowed opportunistic fraudsters to steal coins by manipulating transactions.
Beyond highlighting the need to store Bitcoins offline, as Mt Gox failed to do so effectively, the hacks also revealed weaknesses in front-end security. By not checking for negative balances and allowing for the processing of simultaneous transactions, hackers have been able to exploit the systems involved and make off with Bitcoins before checking procedures were able to notice that something was amiss.
The Rise in Bitcoin Greed
Goh Su Gim, from Finnish-based security software firm F-Secure, said Zero Access, a virus of the type known as a “Trojan horse”, was a serious threat to the virtual currency.
He said the use of malicious viruses in Bitcoin thefts had contributed to a rise in virus cases. Over the past two years, nobody cared about Bitcoin when people used to pay less than a dollar a coin. However, when the value of the Bitcoin rose to US$600, hackers are trying new things.
Zero Access has been used to implant bitcoin mining software into computers to siphon off bitcoins. It was one of F-Secure’s 10 most commonly detected web-based attacks last year. Between June and December, the virus had been reported in 3% of hacking attacks, according to F-Secure research. The collapse of two bitcoin companies in the past week has raised further doubts about the virtual money’s future as a viable alternative currency.
Nations still Undecided on How to Tackle Bitcoins
Japan is setting out new rules for handling Bitcoins, the first sign that the government is taking action after last week’s collapse of Tokyo-based Mt. Gox. Banks and securities firms will not be able to handle Bitcoin as part of their main business, suggesting the crypto-currency will be treated more as a commodity, like gold.
Indeed, Bitcoin has inspired creativity among the criminal class, from outright theft by hacking to potentially using the crypto-currency in money laundering and bribery.
Japan is thinking of taxing bitcoin transactions, given that one of Bitcoin’s attractions is the anonymity of transactions. Also, the Finance Ministry of Japan has declined to get involved, saying that Bitcoin is not a currency and hence doesn’t fall under its purview.
Japan doesn’t want to go it alone in trying to get a grip on Bitcoin. Any regulation of the crypto-currency should involve international cooperation to avoid loopholes, Vice Finance Minister Jiro Aichi said last week.
US Federal Reserve Chair Janet Yellen has said that the Congress should look into legal options for regulating virtual currencies such as Bitcoin.
Shanghai-based BTC China, the world’s largest Bitcoin exchange by volume, has imposed regulations to curb Bitcoin trade weeks after Beijing banned financial institutions from trading in bitcoin due to the risks involved. In the same vein, Israeli and Russian authorities have issued warnings against using Bitcoin, saying treating it as a parallel currency is illegal. Britain, however, has supported Bitcoin and is preparing to abort plans to tax Bitcoin trading.
Despite the efforts of hackers, Bitcoin continues to thrive and the passing of names like Mt. Gox seems to denote a shift within the Bitcoin community, with traders becoming more like their fiat currency-centric counterparts than coding geeks made good.
In relative terms, Bitcoin is still very much in its infancy and the community moving forward strive to learn from glaring weaknesses in online Bitcoin storage and transactions. It’s pertinent to remember that the safest place to hold your cryptocurrency is offline. Following recent high-profile attacks, some Hong Kong Bitcoin users are keeping cybercriminals at bay by storing the verification codes that allow them to access the currency only on pieces of paper.
Even though Bitcoin or the virtual community champions for being online, being technical or virtual, “Paper” still rules the roost ….