Bitcoin hackers hit Mt. Gox and Instawallet with major attacks

Mt. Gox says a DDoS attack has set off a cycle of “panic-selling" for Bitcoins
Mt. Gox says a DDoS attack has set off a cycle of “panic-selling" for Bitcoins

For its part, Mt.Gox said that it has been suffering from a massive distributed denial-of-service (DDoS) attack that has translated to unacceptable levels of trading lag, 502 errors and, at one point, users who were not able to log into their accounts.

“We are continuing to experience a DDoS attack like we have never seen,” the company said in a statement. “While we are being protected by companies like Prolexic, the sheer volume of this DDoS left us scrambling to fine-tune the system every few hours to make sure that things don’t go beyond a few 502 error pages and trading lag.”

It has also set off a cycle of “panic-selling,” it said: “Attackers wait until the price of Bitcoins reaches a certain value, sell, destabilize the exchange, wait for everybody to panic-sell their Bitcoins, wait for the price to drop to a certain amount, then stop the attack and start buying as much as they can. Repeat this two or three times like we saw over the past few days and they profit. What can be done? Believe it or not, there is pretty much nothing that can be done.”

Meanwhile, the Instawallet money-storage service has been suspended indefinitely after hackers compromised its database – a breach that it may never recover from thanks to the brand damage associated with the impact of the situation. It is employing new R&D to head the issue off at the pass if it can.

“Until we are able to develop an alternative architecture…due to the very nature of Instawallet it is impossible to reopen the service as-is,” reads a note on the company’s website.

While it works on that development, Instagram is going to open a claim process for Instawallet balance holders to claim the funds they had stored before the service interruption. Instawallet balances under 50 BTC will be refunded somewhat automatically if the submission process is followed correctly, while claims for wallets that hold a balance greater than 50 BTC will be processed on a “case-by-case and best-efforts basis.”

In addition to sheer profit motive, the Mt. Gox team postulated that the attacks have another purpose, and it's a big one: to destabilize Bitcoin in general. “It is not a secret Mt.Gox is the largest Bitcoin exchange, with more than 80% of all USD trades and more than 70% of all currencies,” it said. “Mt.Gox is an easy target for anyone that wants to hurt Bitcoin in general.”

To help fight the attacks on its system, Mt. Gox is disconnecting the trade engine backend from the internet, effectively separating the data center from the Mt.Gox website. In the meantime, it said that it is developing a new trade engine that may be more immune to DDoS gambits.

In an effort to sooth investor jitters, Mt. Gox urged traders to be realistic, noting that trading lag is part of the process even in absence of a DDoS attack.

“Lag affects everyone, not only us, but also major, world-renowned exchanges like the NASDAQ and NYSE,” it said. “We can fix lag, but we cannot eradicate lag. Only small exchanges with low volume and liquidity are immune to lag.”

Bitcoin exchanges have been hacker targets in the past, with Bitfloor and Bitcoinica both experiencing high-profile compromises last year. 

What’s hot on Infosecurity Magazine?