Tag Archives: Silk Road

Flaw in Bitcoin, exchange shutdowns, $2.7 million theft: Is the end coming?

Are the end-times coming to Bitcoin? Putting aside the wild rides in valuation, the last few days have seen the three top exchanges halting withdrawals, a reported heist of $2.7 million, and the exploitation of a flaw in the Bitcoin protocol.

Silk Road 2.0, a black market drug-trading site based on untraceable Bitcoins, reports that 4,474 Bitcoins, valued at about $2.7 million, have been stolen from the site. The virtual currency is encrypted computer code that is stored in a virtual wallet, and only a limited number of Bitcoins are created.

The site’s administrator, who goes by the name of Defcon, posted that “a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as ‘transaction malleability’ to repeatedly withdraw coins from our system until it was completely empty.” The coins were apparently stored onsite in escrow.

The flaw in the Bitcoin protocol enables an attacker to hide the transaction ID and repeatedly request a transfer of the pseudo-currency. Silk Road 2.0 used the transaction ID as the sole transaction confirmation, but the flaw was reportedly made public in 2011. The site is the successor to the original Silk Road, which the FBI shut down last year.

The three biggest Bitcoin exchanges — BitStamp, Mt. Gox and BTC-e — all halted trading temporarily in the last few days. BitStamp and Mt. Gox account for more than half of all traded Bitcoins.

‘In its infancy’

On Tuesday, Slovenia-based BitStamp, the largest Bitcoin exchange, stopped customer withdrawals after saying it was under a denial-of-service attack, which it said caused “inconsistent results reported by our Bitcoin wallet.”

The attack, the exchange said, was “made possible by some misunderstandings in Bitcoin wallet implementations,” apparently related to the same protocol flaw that Silk Road encountered. BTC-e, a Bulgaria-based exchange, also stopped trading temporarily this week. Both BitStamp and BTC-e have said they will resume trading today.

Last Friday, Mt. Gox issued a temporary ban on Bitcoin withdrawals.

The Tokyo-based exchange issued a statement that “a bug in the Bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of Bitcoins to a Bitcoin wallet did not occur when in fact it did occur.”

Mt. Gox chief executive Mark Karpeles said Thursday that there was a mismatch between the exchange’s customized Bitcoin wallet and the updates coming from the Bitcoin Foundation. The Bitcoin Foundation has disputed that assertion.

Some Bitcoin-watchers have pointed to a whole range of issues with Mt. Gox in particular and the Bitcoin system in general.

Micky Malka, a venture capitalist, told Reuters this week that “Bitcoin is still an experimental protocol in its infancy.” He added that “no one should be investing an amount they cannot afford to lose.”

Malka, by the way, is a board member of the Bitcoin Foundation.


Silk Road 2 Hacked, Over 4,000 Bitcoin Allegedly Stolen

Next Story

Silk Road 2 moderator Defcon reported in a forum post that hackers have used a transaction malleability exploit to hack the marketplace. The hackers stole over 88,000 4474.26 bitcoins worth $2,747,000, emptying the site’s escrow account.

UPDATE – Fixed estimate.

The site used a central escrow service to send bitcoins from buyers to sellers. The hackers exploited the transaction malleability bug – essentially a way users can mask transfers and ask for the same amount of BTC multiple times – to clean out this wallet. This is the same bug that forced Mt. Gox to halt all withdrawals and recent updates have made average bitcoin wallets secure against this sort of attack. According to the site, hackers used the Silk Road’s automatic transaction verification system to order from each other and then request refunds for unshipped goods. Hackers were able to use the transaction malleability bug because the Silk Road used only transaction ID to confirm the transfer of bitcoins. You can read more about the problem here.

They supposedly run an automated refund system for their vendors that relies on the TXID to verify transactions. Their claim is that six vendors colluded to exploit that system by ordering from one another and then submitting circular refund requests.

Defcon is calling on the hackers to return the bitcoin. “Given the right flavor of influence from our community, we can only hope that he will decide to return the coins with integrity as opposed to hiding like a coward,” the moderator wrote.

The site’s users are currently attempting to track down the thief. Writes Defcon:

# Attacker 1: (Responsible for 95% of theft)
Suspected French, responsible for vast majority of the thefts. Used the following six vendor accounts to order from each other, to find and exploit the vulnerability aggressively.
## Usernames used:

News of the theft has driven the price of BTC down by about 50 points and it’s currently hovering at 600. We’ll post more information on the hack and the exploit as we get it. Defcon, for his part, is calling for further decentralization of online markets and currency.

“No marketplace is perfect. Expect any centralized market to fail at some point. This is precisely why we must unite in the decision to decentralize,” he wrote.

Screen Shot 2014-02-13 at 4.39.57 PM
via DeepDotWeb


A Year In Bitcoin: Why We’ll Still Care About The Cryptocurrency Even If It Fades


It’s been up, it’s been down, but one thing’s for sure: it’s changed how we think about currency.

Lauren Orsini December 30, 2013 Reflect


ReadWriteReflect offers a look back at major technology trends, products and companies of the past year.

In mid-December 2013, Bitcoin took one of its most dramatic nosedives yet. Following a crackdown on yuan-to-bitcoin deposits in China, the price of one bitcoin dropped below as $540, less than half of its all time high in late November, $1,242. (It’s since bounced back to around $730.)

Bitcoin’s true believers aren’t treating its latest gyrations as a cause for panic. It’s not the first time Bitcoin crashed hard, and it’s not going to be the last. But it’s a further reminder, in case you needed one, that Bitcoin is volatile, and what it’s supposedly worth today may bear no relation whatsoever to what it’ll be worth tomorrow.

It’s been a big year for Bitcoin, the unlikely currency that started as a fad for cryptology nuts and ended as a mainstream obsession that had many of us all closely following its rollercoaster highs and lows. But the biggest impact of Bitcoin so far has not nothing to do with its actual value. Rather, the year of Bitcoin we’ve just been through has fundamentally changed the way we think about money.

Growing Legitimacy

In 2013, Bitcoin’s hold on the mainstream was undeniable. Even the most Luddite media organizations could no longer ignore the popular cryptocurrency. Each time Bitcoin crashed—first in April; then, after the Feds cracked down on Mt. Gox; and once more, after the Feds closed illicit marketplace Silk Road—it soon came back stronger than ever.

As mainstream coverage grew, an increasing number of small businesses hurried to accept Bitcoin, in part because it requires far lower transactions fees than credit or debit payments. On this year’s Bitcoin Black Friday, held the same day as regular Black Friday but with Bitcoin, nearly 300 merchants participated. BitPay, which processes Bitcoin transactions for business, processed more than 6,000 plus transactions in a single day and called it the most popular day in the history of Bitcoin commerce.

On January 1, 2013, the price of a single Bitcoin was $13.51. As the price fluctuated into the thousands over the course of the year, speculation drove the price and coverage into a frenzy.

Stories of Bitcoin millionaires, who’d found forgotten, unspent wallets of the cryptocurrency, only spurred an increasing number of newbies. When I bought Bitcoin in person, my seller told me that the higher Bitcoin’s profile, the more beginners enter the community.

“The membership [of the Bitcoin Users’ Group] probably has a mathematical correlation between the number of attendees and the price of Bitcoin,” he said.

In an age where people fetishize technology and convenience, banks are one of the stodgiest parts of our infrastructure. Bitcoin appealed to people who don’t see why we should still wait over the weekend for a bank to process a transaction, or why the government can deny your donation to Wikileaks. At its most successful, Bitcoin changed our global conception of what makes up a currency.

Why Bitcoin Can’t Do It Alone

However, for all the strides Bitcoin has made forward, 2013 has also shown that world governments can easily squelch the currency’s growth.

Proponents of Bitcoin are drawn to the cryptocurrency because it was designed to act outside of any governing body’s jurisdiction. Unlike dollars or yuan, which are printed and controlled by governments, bitcoins are mined by their users. And thanks to the blockchain, a ledger of every bitcoin transaction that has ever taken place, there’s no mystery about how many there are or where they’ve been. Bitcoins are private, but they aren’t secret.

But, if you’re not mining bitcoins yourself, you need to acquire them by exchanging government currency at a Bitcoin exchange such as Mt. Gox, Bitstamp, or BTC China. And when government money is involved, government cooperation is required.

Bitcoin got its biggest wake-up call in mid-December, when the People’s Bank of China froze yuan-to-bitcoin deposits to China’s largest Bitcoin exchange. The price plummeted.

Bitcoin has every ability to recover if BTC China is able to come to a compromise with the PBOC. Unfortunately, China isn’t the only country that has rejected Bitcoin as a currency. Germany, France, Korea, and Thailand have all looked unfavorably on Bitcoin. The European Banking Authority, Switzerland, Poland, and the U.S. are still undecided. Even if Bitcoin isn’t in their hands, their decisions on cash-to-bitcoin transfers could affect its future.

The U.S. indecision has already caused difficulty for Bitcoin ATMs and vending machines. While a Robocoin ATM for bitcoins is operating in Canada and a Lamassu bitcoin vending machine is now functional in Finland, neither maker has yet complied with necessary U.S. financial regulations. The companies blame the lengthy regulatory process.

In October, the first U.S. client to buy a Lamassu obtained legal counsel and began the process of registering as a money transmitter, but is still caught up in legal limbo.  The Senate’s November Bitcoin hearings helped to improve Bitcoin’s standing with lawmakers, but still proved only that government regulation is inevitable.

And at its worst, Bitcoin has given lawmakers reasons to question it. According to a 2013 users’ survey, 16 percent of Bitcoin spending went toward narcotics and other illegal goods. A Bitcoin assassination market has popped up to target world leaders—so far, fortunately, without any result. (Though you know the Secret Service must be taking a keen interest in that.)

Bitcoin has been accused of being a bubble, but it doesn’t exist in one. Outside factors could easily bring it to its knees.

The Legacy Of Bitcoin

2014 may not see the end of Bitcoin, but it will certainly see the end of Bitcoin as we know it.

Soaring valuations have made Bitcoin more of an investment asset than a transactional currency. Why spend your Bitcoin if it’s just going to increase in value the next day? And indeed, whether they’re being hoarded or lost, a full 64 percent of bitcoins have never been spent.

This just makes crashes like the mid-December one all the more upsetting to investors. Bitcoin has little intrinsic value and is backed chiefly by people’s belief in it. If that belief were to falter, investors would be left with nothing.

If you read Satoshi Nakamoto’s white paper on Bitcoin, it’s apparent that today’s inflated bitcoin-as-investment model is never what the anonymous founder(s) intended. Bitcoin was designed to be a peer-to-peer cash system with no third party arbitrator. Bitcoin wasn’t designed to be an investment asset, and it won’t last as one.

According to Andreas Antonopolous, founder of cryptocurrency company RootEleven, many of Bitcoin’s staunchest supporters believe Bitcoin is in for a change, and that’s not a bad thing. In his opinion, Bitcoin is either going to stabilize at a far lower value, or it will fail—clearing the way for a successor among the many hundreds of altcoins waiting in the wings.

Even if Bitcoin as a currency experiences more crises, he said, the invention of the blockchain—the universally shared record of all Bitcoin transactions—can support future currencies and other applications, forever changing the global culture of money.

“A trans-national currency without borders, without government interference and without political controls is now possible. As more people become aware of this, it changes the relationship between money and the state, money and individuals and eventually between individuals and their government. Bitcoin as an invention will survive even if Bitcoin the first currency fails.”

In this reporter’s opinion, Bitcoin itself won’t last. But the innovations that Bitcoin has brought to our financial transactions—increased privacy, a public ledger, censorship-free cash and freedom from a stodgy third party—are what it will truly be remembered for. Years later, when we’re using the latest and most stable digital currency yet, these inventions will still be going strong.

No matter what happens in 2014, Bitcoin has already left its mark. The cryptocurrency is not without its many flaws, but it has brought one major success: our concept of what a currency is has changed forever.

Photo by Zach Copley