Feeds

back to article Blimey! ANOTHER Bitcoin bleed brouhaha

A cryptocurrency exchange called Poloniex has lost more than ten per cent of its entire stash of Bitcoin after allegedly being hacked. Tristan D'Agosta, who runs Poloniex under the pseudonym Busoni, admitted to the loss and issued a comprehensive rundown of what went wrong. This approach contrasts starkly with the wall of …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

Whereas if it was a bank doing these transactions

they would be required to have an Audit process in place which would pick this discrepancy up at the end of every day.

6
3
Silver badge

Re: Whereas if it was a bank doing these transactions

Heresy. Bitcoin is the future, man. Screw all that boring bankster, fiat currency shit.

7
3
Bronze badge
Happy

Re: Whereas if it was a bank doing these transactions

And yet the bitcoin evangelista have gone strangely quiet.......

4
4

Re: Whereas if it was a bank doing these transactions

Do "the bitcoin evangelista" really post here, or is it mostly Daily Mail reject "technophobes" these days?

Anyway, what balls, are you saying banks have never lost money due to incompetence or been robbed? Nonsense!

6
4
Silver badge
Flame

@Ben Rosenthal

"...are you saying banks have never lost money due to incompetence or been robbed?.."

Nope, but when a bank is robbed it's generally not the customer's/depositor's loss - or it has rarely been - up until now.

I know the banking bar stewards are in the process of changing the rules, so depositors are deemed to have 'loaned' their deposits to the bank, thus, in the event of any untoward occurrence, being given the highly desirable status of "unsecured creditor" which will mean that banks can say to their depositors "Screw you:- Tough luck:- Take a hike" even more than they do now.

Notwithstanding government guarantee schemes, our revered leaders are so in thrall to the banks that the banks can pretty much do as they like, and show two fingers to the rest of us.

0
2
Bronze badge
FAIL

Re: Whereas if it was a bank doing these transactions @Ben

Banks are subject to both regulations (one being capital adequacy), and in quite a lot of Nation States a depositor guarantee. Thus should the bank either get it wrong, or be subject to criminal activity, there is a good chance that losses will be restored.

Also when "robbed" what you find is a lot of places have organisations called Police. The job of these people is to go and find the people who "robbed" the bank and get the money back. It would seem questionable both if this is the job of these Police organisations, or indeed given the anonymous nature of bitcoin if this is even possible.

A question for you Ben, are you either just naive, or sitting on a whole stack of bitcoin trying to shift them before the bubble finally bursts?

7
2
Linux

Re: Whereas if it was a bank doing these transactions

Not many banks these days lose a significant percentage of their total holdings in one robbery.

Can you imagine someone getting away with 50% of HSBCs total holdings? (..ummm...didn't something like that happen to a bank or two a while back...money just 'vanished' and turned out not to have been real...?)

Anyway one of the problems IMHO is that most of these exchanges were set up on a shoe string when a Bitcoin was worth only a few dollars and the whole capital structure was relatively small.

Suddenly the 'value' has soared to ridiculous heights and tiny outfits with no real funding apart from their own Bitcoin holdings are suddenly holding 'millions' in Beta software repositories with no investment in electronic or physical security.

Surely a much more tempting target than trying to scam a few 100 $/£/whatever by drive by infections and encryption.

Reminds me of the Wild West when small banks held all their deposits in the vault on site and a single robbery could wipe a bank out.

Darwin is at work - grab some popcorn and sit back and watch the natural selection.

Linux because such obviously poor software must be running under Windows.

[Where is the icon for a penguin getting his coat?]

4
1
Gold badge

Re: Whereas if it was a bank doing these transactions

Well if a major bank had lost 12% of its assets, I'd expect them not to admit it in public. At least not straight away. They'd go to the Central Bank and try to organise a rescue. In good financial times that's traditionally been a consortium of banks loaning them the cash to survive - or someone taking them over. In times when the other banks are in the poo as well, the Central Bank will do the loaning, or the government takes them over.

What you don't do, is suspend withdrawals. Because then your dead. At that point it becomes your customers' top priority to run away from you, as fast as is humanly possible - taking their money with them, and sealing your fate.

So he's been commendably honest.

As Bitcoin doesn't have a Central Bank, they probably need some kind of co-operative mechanism between the exchanges. If they put a portion of their profits into some kind of slush-fund, they could bail out the reasonably well-run ones, in exchange for equity/loans and take over and try to save the crap ones. But that would require the exchanges to trust each other, which I suspect they don't - and some of them to be well run, which I suspect they aren't.

2
0
Silver badge

Re: Whereas if it was a bank doing these transactions

"Screw all that boring bankster, fiat currency shit."

Yes, screw real banks, robbing BitCoin banks is MUCH easier.

2
1
Silver badge

Re: Whereas if it was a bank doing these transactions

>Whereas if it was a bank doing these transactions they would... be required to have an Audit process in place which would pick this discrepancy up at the end of every day. ^H^H^H

...get a bailout from public funds and pay their manudjment huge bonuses for being 'top talent.'

Was no one awake during 2008? Or the more recent Rape of Cyprus? Or the news that RBS has lost more than £46bn of public bailout money, but is still paying half a bill in bonuses?

What do you think would happen if banks had to offer the same 100% reserves that Bitcoin exchanges are supposed to, or if the public suddenly decided it would like its cash back?

Not that I think Bitcoins are anything other than fool's gold. But let's be realistic - banks are in exactly the same game. The only difference is they've been doing it for longer, and if they want to steal your cash they'll do it by manipulating and fixing market rates, applying punitive interest rates and account charges, and by taking your tax and pension money with government support. (Sure, it will be 'protected' - you just won't be able to withdraw it 'until the crisis is over and confidence returns.')

Mt Gox seems to have been run by criminal idiots, but in terms of absolute economic damage it's piss drops compared to the scams the banks get up to.

2
0
Anonymous Coward

Re: Whereas if it was a bank doing these transactions

I once worked for a bank that misplaced $1.3 Tn (trillion!) in two transactions and then proudly advertised the fact.

Puts even Mtgox into perspective, doesn't it?

0
0
Silver badge

Re: Whereas if it was a bank doing these transactions

Straw men are usually quiet.

Paypal deals with "fiat" and has the same problem of being unregulated and good luck if they shut your account with money in it (even if it's their choosing, rather than due to an actual theft); OTOH, I and plenty of other people want anyone handling Bitcoin to improve their security, and it'd be a good thing for more mainstream use to have more regulated and secure places to manage/buy/store Bitcoin. Bitcoin as it is today obviously isn't on par with national currency or banks, and I don't think anyone claims it is; OTOH there are a lot of things that people use (Paypal, various forms of investments) that aren't either.

0
0
Silver badge

Re: Whereas if it was a bank doing these transactions @Ben

Question for you, do you not own anything that isn't backed by the Government's deposit guarantee?

Bitcoin certainly isn't as secure as that, but that doesn't mean people don't have any other investments - I find it odd that Bitcoin draws such anger from some people, who presumably don't spend their time mocking people who say, took out a shares ISA this year.

Bitcoin is not completely anonymous as all transactions are public, allowing some means to trace. Police should be interest in a theft of Bitcoin as much as anything else, though yes there is the practical issue that they either may not care, or find it harder to investigate.

People have been claiming the bubble will burst since the price was $10. I'm still waiting for it to drop back down to that price, let alone go below.

0
0
Bronze badge
WTF?

Re: Whereas if it was a bank doing these transactions @Mark

Straw men are usually quiet.

Having conceded that you are the 'Straw Man' ..... there is not much point discussing this further.

I originally considered your posts to be essentially a 'pump and dump' effort from somebody sitting on a whole stack of bitcoin trying to shift them before the bubble finally bursts .

1
1
Gold badge

Re: Whereas if it was a bank doing these transactions

Paypal deals with "fiat" and has the same problem of being unregulated

Mark .

Paypal has a banking license. At least in Europe. Registered in Luxembourg.

1
0
Gold badge

Re: Whereas if it was a bank doing these transactions @Ben

Mark .

Does this no look bubbly to you?

Bitcincharts.com

It certainly does to me.

1
0
Silver badge

Re: Whereas if it was a bank doing these transactions

PayPal is regulated, as an electronic money issuer in the EU, and as a money transfer agent in each US state. Not the same regulations as banks are subject to, but they are regulated.

0
0
Anonymous Coward

poor security

seems like the main problem here is that a whole load of these cryptocurrency 'banks' or exchanges have got just poor security or coding.....not sure how many 'real' banks have poor coding in the same vein - but so far all these crypto currency thefts appear to have happened due to what seems like being written in a few days without audit...the auditing appears to happen after the fact/event :(

it hasnt affected my faith in cryptocurrency... its certainly increased my wariness of any of the sites that act as online wallets or exchanges! :(

8
0
Silver badge
IT Angle

Re: poor security

I'm a sceptic; however I concur this is poor coding, rather than an inherent flaw in bitcoin. But is the real "inherent flaw" the type of cowboy developer bitcoin attracts?

5
0
Bronze badge

Re: poor security

Poor coding and no legal responsibility.

You fix the responsibility and it's no longer the same.

0
0
Silver badge

Need more eyes

I think it's about time we get an open source bitcoin exchange solution.

6
0
Thumb Up

Re: Need more eyes

At last - the voice of reason is heard.

2
0
Silver badge

Re: Need more eyes

Given the number of people identifying as 'Bitcoin Developers', why has this not occurred before now?

2
0
Anonymous Coward

Re: Need more eyes

> Given the number of people identifying as 'Bitcoin Developers', why has this not occurred before now?

Bitcoin is like money. People who are interested in money are usually in it for the money. Those who are in it for the money don't usually subscribe to open-source philosophies, or understand its true value, IME.

0
0
Anonymous Coward

It's like the end of Fight Club. Sit back and watch all the buildings collapse.

0
0
Silver badge

@AC

Its probably Tyler Durden's army of "space monkeys" behind the whole thing!

And in more Bitcoin-related oddity the 28 year-old CEO of a Singapore-based Bitcoin exchange was found dead last week. Cause of death is suspected suicide.

http://www.cnbc.com/id/101470510

0
0
Anonymous Coward

http://www.youtube.com/watch?v=qrdpliMfoAM

Sing along!

0
0
Silver badge
Holmes

Frack

It's like the good old times of Pakistani Hacking Sprees that butthurted "Internet Explorer Optimized" sites of all kinds back in the olden bubble times.

1
0
Anonymous Coward

Re: Frack

Why "Internet Explorer Optimized" sites? Was that because they tended to run IIS (which had a bad reputation for insecurity back then)?

Also, did the compromise work best on people viewing it at 1024x768? ;-)

0
0

"Design flaw"

The system was vulnerable because anyone making a withdrawal could copy the URL into new browser tabs and press Enter really quickly. Paste it into 10 new tabs and withdraw 10x as many bitcoin because the site was cobbled together in 5 minutes by someone who had never heard of transactions or race conditions.

About typical of the 'design' spewed out by the amateur scammers who are Bitcoins's Captains of Industry.

8
1
WTF?

theft in plain sight.

If you read the forum linked in the article, there's a comment with a link to the blockchain address of the wallet containing the stolen BTC. Perhaps someone with greater bitcoin knowledge than me can explain why it's possible to steal coins while they remain in plain sight?

2
0
Silver badge

Re: theft in plain sight.

The blockchain address is not a real address, it does not enable you to find an entity.

Instead, it is an identifier. When BTC are transferred from one address to another, all you know is that ID <n> now has <x> more BTC. When <n> sees it, he adds the BTC mentioned to his wallet.

0
0

Re: theft in plain sight.

Can you follow the trail from the known 'theft' wallet through to its final destination, when the thief tries to cash out into fiat currency? E.g. could the transaction history of a 'known bad' wallet be used to identify the thief at the point where they have to provide ID and involve a bank?

0
0
Silver badge
Holmes

Hmmmm

State sponsored hacking or just regular criminal behaviour?

0
5
Bronze badge

Conspiracy Theory Time

It seems to me that bringing now down the various Bitcoin institutions is self-defeating, unless one wanted to destroy Bitcoin altogether (and who would want to do that?). It does look at the moment as if a war is being waged against Bitcoin as a whole.

Currencies survive on trust. Why would one steal something and then actively move to devalue what one has stolen? Or am I missing something fundamental, such as an inherent instability of non-governmental currencies? I am not an economist.

And, just for the record, I have no bitcoins and am merely an amused bystander.

2
1
Silver badge
Thumb Up

Re: Conspiracy Theory Time

Possible explanations

a) Criminals are stupid short-termists.

b) They have enough faith in BitCoin that they will be able to hold onto their ill gotten gains long enough to turn a profit.

c) All of the above.

4
0
Black Helicopters

Re: Conspiracy Theory Time

"unless one wanted to destroy Bitcoin altogether (and who would want to do that?)"

The Banks

Currency Traders

Scumvernments

all with the motive and clout to have it done

Still, what do you expect when you put all of your money into some vague, shady, electronically-stored 'currency' on the promise of someone you've no real reason to trust with just a half-arsed promise that you'll get it back at some time in the future but can spend some of it on the interweb and stuff.

Oh, wait. hang on...

1
2
Anonymous Coward

Re: Conspiracy Theory Time

If bitcoin value is based on the amount available then stealing (in effect, similar to Goldfinger's plan on US Fort Knox) means less in circulation so each coin is worth more as a percentage of the whole.

I'd look at the Winklevoss pair as they have plenty to gain from their holding being a greater percentage of the sum

They have a coding background (alledgedly) so could exploit the "bug"

They seem to love the spotlight

0
0
Silver badge

Re: Conspiracy Theory Time

"It does look at the moment as if a war is being waged against Bitcoin as a whole."

Could be, but I don't think so.

I think it's more likely they're easy pickings. In the ~4000 year history of real banks, they've learned a thing or two about not getting robbed, and how to handle the situation when things go wrong (remember the depression?).

The backyard boys who run bitcoin "banks" apparently haven't learned a damn thing, mainly because a lot of them are running it out of their bedrooms. The "robbers" know this, and take advange of this. Easy pickings.

2
0
Anonymous Coward

Re: Conspiracy Theory Time

I said this before, but while (AFAIK) no evidence has so far come to light indicating the involvement of the American NSA with the MtGox thefts or this one... it's worth bearing in mind that *if* they had wanted to do so, it would be straightforward bordering on trivial for them to carry out such an operation.

Snowden confirmed (as if anyone hadn't already guessed) that the NSA has spied on others to not only further government interests, but those of establishment business interests the increasingly plutocratic US government (either flavor) is closely aligned with. One can see that both the US government and the banks based there have a vested interest in damaging something that is both a potential rival to the US Dollar and to the established banking system.

Since Gox started out as a *trading card exchange* site that grew very rapidly, we can safely assume that their security didn't improve in proportion with their importance and that against the NSA- a massive intelligence agency that were involved in (and allegedly subverted) the hugely complex design of cryptographic standards- Gox's barely-souped-up amateur-designed system would present little challenge. If it was breakable by some small time-thiefs with known insecurities, it would have been like a knife through butter to the massively-funded and resourced NSA.

The value of the coins would not have been the point- the damage to Bitcoin's image (and by extension other cryptocurrencies) would.

They might well *not* have done it and there's no evidence that they did- greedy thiefs are still plausible enough- but they have both the motive and the means far in excess of anyone else.

1
0
Silver badge

'ANOTHER Bitcoin bleed brouhaha' hahaha hahaha etc.

Shed-an-freud is wonderful

(nope can't spell it)

0
1
Bronze badge
Happy

Ha! I laugh at your inability to spell it!

2
0
Silver badge
Joke

Oi - my shed's got a rather big lock on it. Nice and secure.

And no Austrian psychoanalysts are left in it overnight anyway...

0
0

OK

"it" :)

0
0

For future reference

"Schadenfreude". Useful word to know.

0
0
Anonymous Coward

The one dude/organisation/state that *first* figured this exploit out must now be sitting on a similar percentage of total bitcoin as the two aliens from the planet "Winklevosia" that live among us.

1
0
Bronze badge

anagram

I C NO BIT

0
0
Bronze badge

All this hasn't affected my faith in Bitcoin

Never had any to start with.

2
0

Meanwhile, at bit121 (UK Bitcoin exchange):

"IMPORTANT NOTICE: It is with regret that our bank has indicated that they are no longer willing to accept sterling deposits. We are seeking new banking arrangements and hope to be able to accept sterling deposits again, once agreements are in place. We wish to reassure bit121 users that all sterling currency and bitcoins are safe and can be withdrawn at any time. At this time, our customers are still able to make sterling withdrawals, deposit and withdraw bitcoins and continue trading."

0
0
Mushroom

Thats Bitcoin business 101. Build a site with spaghetti code on an amazon cluster and call yourself an exchange then run it through your personal bank account. When you get shut down scream "ITS THE NWO BANKSTER LIZARD PEOPLE CONSPIRACY".

Then start again, apply for the appropriate licenses, get turned down because you thought an ISO standard is a type of CD image and scream "SEE I TRIED BUT THE LIZARD PEOPLE WON'T LET ME THIS PROVES 9/11 WAS AN INSIDE JOB"

Then do it anyway, make a bit and lose it all when someone smarter then you(and there is always someone smarter than you) probes your systems and makes off like a bandit. Then cry "WE WUZ HACKED NO MONEY FOR YOU, IT WAS TEH NSA, ANYWAYZ I GO NOW KTHXBYE"

I am saying this as someone who actively mines Bitcoin. Unfortunately most people can't see that the world is not black and white.

0
0

Page:

This topic is closed for new posts.