Top 5 Stories


Bitcoin hackers hit Mt. Gox and Instawallet with major attacks

04 April 2013

Bitcoin, the virtual currency employed for various web-related transactions, has been enjoying an epic valuation the last few days, reaching an all-time high of $142 per BTC this week according to trading platform Mt. Gox. That translates into $1 billion in BTC circulation, and the smell of money has apparently attracted hackers to the well: Two separate attacks, aimed at Mt. Gox as well as Instawallet, have caused major Bitcoin service interruptions.

For its part, Mt.Gox said that it has been suffering from a massive distributed denial-of-service (DDoS) attack that has translated to unacceptable levels of trading lag, 502 errors and, at one point, users who were not able to log into their accounts.

“We are continuing to experience a DDoS attack like we have never seen,” the company said in a statement. “While we are being protected by companies like Prolexic, the sheer volume of this DDoS left us scrambling to fine-tune the system every few hours to make sure that things don’t go beyond a few 502 error pages and trading lag.”

It has also set off a cycle of “panic-selling,” it said: “Attackers wait until the price of Bitcoins reaches a certain value, sell, destabilize the exchange, wait for everybody to panic-sell their Bitcoins, wait for the price to drop to a certain amount, then stop the attack and start buying as much as they can. Repeat this two or three times like we saw over the past few days and they profit. What can be done? Believe it or not, there is pretty much nothing that can be done.”

Meanwhile, the Instawallet money-storage service has been suspended indefinitely after hackers compromised its database – a breach that it may never recover from thanks to the brand damage associated with the impact of the situation. It is employing new R&D to head the issue off at the pass if it can.

“Until we are able to develop an alternative architecture…due to the very nature of Instawallet it is impossible to reopen the service as-is,” reads a note on the company’s website.

While it works on that development, Instagram is going to open a claim process for Instawallet balance holders to claim the funds they had stored before the service interruption. Instawallet balances under 50 BTC will be refunded somewhat automatically if the submission process is followed correctly, while claims for wallets that hold a balance greater than 50 BTC will be processed on a “case-by-case and best-efforts basis.”

In addition to sheer profit motive, the Mt. Gox team postulated that the attacks have another purpose, and it's a big one: to destabilize Bitcoin in general. “It is not a secret Mt.Gox is the largest Bitcoin exchange, with more than 80% of all USD trades and more than 70% of all currencies,” it said. “Mt.Gox is an easy target for anyone that wants to hurt Bitcoin in general.”

To help fight the attacks on its system, Mt. Gox is disconnecting the trade engine backend from the internet, effectively separating the data center from the Mt.Gox website. In the meantime, it said that it is developing a new trade engine that may be more immune to DDoS gambits.

In an effort to sooth investor jitters, Mt. Gox urged traders to be realistic, noting that trading lag is part of the process even in absence of a DDoS attack.

“Lag affects everyone, not only us, but also major, world-renowned exchanges like the NASDAQ and NYSE,” it said. “We can fix lag, but we cannot eradicate lag. Only small exchanges with low volume and liquidity are immune to lag.”

Bitcoin exchanges have been hacker targets in the past, with Bitfloor and Bitcoinica both experiencing high-profile compromises last year. 

This article is featured in:
Business Continuity and Disaster Recovery  •  Data Loss  •  Identity and Access Management  •  Industry News  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×