back to article Blimey! ANOTHER Bitcoin bleed brouhaha

A cryptocurrency exchange called Poloniex has lost more than ten per cent of its entire stash of Bitcoin after allegedly being hacked. Tristan D'Agosta, who runs Poloniex under the pseudonym Busoni, admitted to the loss and issued a comprehensive rundown of what went wrong. This approach contrasts starkly with the wall of …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Whereas if it was a bank doing these transactions

    they would be required to have an Audit process in place which would pick this discrepancy up at the end of every day.

    1. Anonymous Coward 101

      Re: Whereas if it was a bank doing these transactions

      Heresy. Bitcoin is the future, man. Screw all that boring bankster, fiat currency shit.

      1. Anonymous Coward
        Happy

        Re: Whereas if it was a bank doing these transactions

        And yet the bitcoin evangelista have gone strangely quiet.......

        1. Ben Rosenthal

          Re: Whereas if it was a bank doing these transactions

          Do "the bitcoin evangelista" really post here, or is it mostly Daily Mail reject "technophobes" these days?

          Anyway, what balls, are you saying banks have never lost money due to incompetence or been robbed? Nonsense!

          1. Ted Treen
            Flame

            @Ben Rosenthal

            "...are you saying banks have never lost money due to incompetence or been robbed?.."

            Nope, but when a bank is robbed it's generally not the customer's/depositor's loss - or it has rarely been - up until now.

            I know the banking bar stewards are in the process of changing the rules, so depositors are deemed to have 'loaned' their deposits to the bank, thus, in the event of any untoward occurrence, being given the highly desirable status of "unsecured creditor" which will mean that banks can say to their depositors "Screw you:- Tough luck:- Take a hike" even more than they do now.

            Notwithstanding government guarantee schemes, our revered leaders are so in thrall to the banks that the banks can pretty much do as they like, and show two fingers to the rest of us.

          2. Anonymous Coward
            FAIL

            Re: Whereas if it was a bank doing these transactions @Ben

            Banks are subject to both regulations (one being capital adequacy), and in quite a lot of Nation States a depositor guarantee. Thus should the bank either get it wrong, or be subject to criminal activity, there is a good chance that losses will be restored.

            Also when "robbed" what you find is a lot of places have organisations called Police. The job of these people is to go and find the people who "robbed" the bank and get the money back. It would seem questionable both if this is the job of these Police organisations, or indeed given the anonymous nature of bitcoin if this is even possible.

            A question for you Ben, are you either just naive, or sitting on a whole stack of bitcoin trying to shift them before the bubble finally bursts?

            1. Mark .

              Re: Whereas if it was a bank doing these transactions @Ben

              Question for you, do you not own anything that isn't backed by the Government's deposit guarantee?

              Bitcoin certainly isn't as secure as that, but that doesn't mean people don't have any other investments - I find it odd that Bitcoin draws such anger from some people, who presumably don't spend their time mocking people who say, took out a shares ISA this year.

              Bitcoin is not completely anonymous as all transactions are public, allowing some means to trace. Police should be interest in a theft of Bitcoin as much as anything else, though yes there is the practical issue that they either may not care, or find it harder to investigate.

              People have been claiming the bubble will burst since the price was $10. I'm still waiting for it to drop back down to that price, let alone go below.

              1. Anonymous Coward
                WTF?

                Re: Whereas if it was a bank doing these transactions @Mark

                Straw men are usually quiet.

                Having conceded that you are the 'Straw Man' ..... there is not much point discussing this further.

                I originally considered your posts to be essentially a 'pump and dump' effort from somebody sitting on a whole stack of bitcoin trying to shift them before the bubble finally bursts .

              2. I ain't Spartacus Gold badge

                Re: Whereas if it was a bank doing these transactions @Ben

                Mark .

                Does this no look bubbly to you?

                Bitcincharts.com

                It certainly does to me.

          3. David Roberts
            Linux

            Re: Whereas if it was a bank doing these transactions

            Not many banks these days lose a significant percentage of their total holdings in one robbery.

            Can you imagine someone getting away with 50% of HSBCs total holdings? (..ummm...didn't something like that happen to a bank or two a while back...money just 'vanished' and turned out not to have been real...?)

            Anyway one of the problems IMHO is that most of these exchanges were set up on a shoe string when a Bitcoin was worth only a few dollars and the whole capital structure was relatively small.

            Suddenly the 'value' has soared to ridiculous heights and tiny outfits with no real funding apart from their own Bitcoin holdings are suddenly holding 'millions' in Beta software repositories with no investment in electronic or physical security.

            Surely a much more tempting target than trying to scam a few 100 $/£/whatever by drive by infections and encryption.

            Reminds me of the Wild West when small banks held all their deposits in the vault on site and a single robbery could wipe a bank out.

            Darwin is at work - grab some popcorn and sit back and watch the natural selection.

            Linux because such obviously poor software must be running under Windows.

            [Where is the icon for a penguin getting his coat?]

        2. Mark .

          Re: Whereas if it was a bank doing these transactions

          Straw men are usually quiet.

          Paypal deals with "fiat" and has the same problem of being unregulated and good luck if they shut your account with money in it (even if it's their choosing, rather than due to an actual theft); OTOH, I and plenty of other people want anyone handling Bitcoin to improve their security, and it'd be a good thing for more mainstream use to have more regulated and secure places to manage/buy/store Bitcoin. Bitcoin as it is today obviously isn't on par with national currency or banks, and I don't think anyone claims it is; OTOH there are a lot of things that people use (Paypal, various forms of investments) that aren't either.

          1. I ain't Spartacus Gold badge

            Re: Whereas if it was a bank doing these transactions

            Paypal deals with "fiat" and has the same problem of being unregulated

            Mark .

            Paypal has a banking license. At least in Europe. Registered in Luxembourg.

          2. jonathanb Silver badge

            Re: Whereas if it was a bank doing these transactions

            PayPal is regulated, as an electronic money issuer in the EU, and as a money transfer agent in each US state. Not the same regulations as banks are subject to, but they are regulated.

      2. John Tserkezis

        Re: Whereas if it was a bank doing these transactions

        "Screw all that boring bankster, fiat currency shit."

        Yes, screw real banks, robbing BitCoin banks is MUCH easier.

    2. I ain't Spartacus Gold badge

      Re: Whereas if it was a bank doing these transactions

      Well if a major bank had lost 12% of its assets, I'd expect them not to admit it in public. At least not straight away. They'd go to the Central Bank and try to organise a rescue. In good financial times that's traditionally been a consortium of banks loaning them the cash to survive - or someone taking them over. In times when the other banks are in the poo as well, the Central Bank will do the loaning, or the government takes them over.

      What you don't do, is suspend withdrawals. Because then your dead. At that point it becomes your customers' top priority to run away from you, as fast as is humanly possible - taking their money with them, and sealing your fate.

      So he's been commendably honest.

      As Bitcoin doesn't have a Central Bank, they probably need some kind of co-operative mechanism between the exchanges. If they put a portion of their profits into some kind of slush-fund, they could bail out the reasonably well-run ones, in exchange for equity/loans and take over and try to save the crap ones. But that would require the exchanges to trust each other, which I suspect they don't - and some of them to be well run, which I suspect they aren't.

    3. TheOtherHobbes

      Re: Whereas if it was a bank doing these transactions

      >Whereas if it was a bank doing these transactions they would... be required to have an Audit process in place which would pick this discrepancy up at the end of every day. ^H^H^H

      ...get a bailout from public funds and pay their manudjment huge bonuses for being 'top talent.'

      Was no one awake during 2008? Or the more recent Rape of Cyprus? Or the news that RBS has lost more than £46bn of public bailout money, but is still paying half a bill in bonuses?

      What do you think would happen if banks had to offer the same 100% reserves that Bitcoin exchanges are supposed to, or if the public suddenly decided it would like its cash back?

      Not that I think Bitcoins are anything other than fool's gold. But let's be realistic - banks are in exactly the same game. The only difference is they've been doing it for longer, and if they want to steal your cash they'll do it by manipulating and fixing market rates, applying punitive interest rates and account charges, and by taking your tax and pension money with government support. (Sure, it will be 'protected' - you just won't be able to withdraw it 'until the crisis is over and confidence returns.')

      Mt Gox seems to have been run by criminal idiots, but in terms of absolute economic damage it's piss drops compared to the scams the banks get up to.

    4. Anonymous Coward
      Anonymous Coward

      Re: Whereas if it was a bank doing these transactions

      I once worked for a bank that misplaced $1.3 Tn (trillion!) in two transactions and then proudly advertised the fact.

      Puts even Mtgox into perspective, doesn't it?

  2. Anonymous Coward
    Anonymous Coward

    poor security

    seems like the main problem here is that a whole load of these cryptocurrency 'banks' or exchanges have got just poor security or coding.....not sure how many 'real' banks have poor coding in the same vein - but so far all these crypto currency thefts appear to have happened due to what seems like being written in a few days without audit...the auditing appears to happen after the fact/event :(

    it hasnt affected my faith in cryptocurrency... its certainly increased my wariness of any of the sites that act as online wallets or exchanges! :(

    1. Brewster's Angle Grinder Silver badge
      IT Angle

      Re: poor security

      I'm a sceptic; however I concur this is poor coding, rather than an inherent flaw in bitcoin. But is the real "inherent flaw" the type of cowboy developer bitcoin attracts?

      1. solo

        Re: poor security

        Poor coding and no legal responsibility.

        You fix the responsibility and it's no longer the same.

  3. Ole Juul

    Need more eyes

    I think it's about time we get an open source bitcoin exchange solution.

    1. I Am Spartacus
      Thumb Up

      Re: Need more eyes

      At last - the voice of reason is heard.

      1. Anonymous Coward 101

        Re: Need more eyes

        Given the number of people identifying as 'Bitcoin Developers', why has this not occurred before now?

        1. Anonymous Coward
          Anonymous Coward

          Re: Need more eyes

          > Given the number of people identifying as 'Bitcoin Developers', why has this not occurred before now?

          Bitcoin is like money. People who are interested in money are usually in it for the money. Those who are in it for the money don't usually subscribe to open-source philosophies, or understand its true value, IME.

  4. Anonymous Coward
    Anonymous Coward

    It's like the end of Fight Club. Sit back and watch all the buildings collapse.

    1. Anonymous Coward
      Anonymous Coward

      @AC

      Its probably Tyler Durden's army of "space monkeys" behind the whole thing!

      And in more Bitcoin-related oddity the 28 year-old CEO of a Singapore-based Bitcoin exchange was found dead last week. Cause of death is suspected suicide.

      http://www.cnbc.com/id/101470510

    2. Anonymous Coward
      Anonymous Coward

      http://www.youtube.com/watch?v=qrdpliMfoAM

      Sing along!

  5. Destroy All Monsters Silver badge
    Holmes

    Frack

    It's like the good old times of Pakistani Hacking Sprees that butthurted "Internet Explorer Optimized" sites of all kinds back in the olden bubble times.

    1. Anonymous Coward
      Anonymous Coward

      Re: Frack

      Why "Internet Explorer Optimized" sites? Was that because they tended to run IIS (which had a bad reputation for insecurity back then)?

      Also, did the compromise work best on people viewing it at 1024x768? ;-)

  6. Mark McC

    "Design flaw"

    The system was vulnerable because anyone making a withdrawal could copy the URL into new browser tabs and press Enter really quickly. Paste it into 10 new tabs and withdraw 10x as many bitcoin because the site was cobbled together in 5 minutes by someone who had never heard of transactions or race conditions.

    About typical of the 'design' spewed out by the amateur scammers who are Bitcoins's Captains of Industry.

  7. Justin Stringfellow
    WTF?

    theft in plain sight.

    If you read the forum linked in the article, there's a comment with a link to the blockchain address of the wallet containing the stolen BTC. Perhaps someone with greater bitcoin knowledge than me can explain why it's possible to steal coins while they remain in plain sight?

    1. Tom 38

      Re: theft in plain sight.

      The blockchain address is not a real address, it does not enable you to find an entity.

      Instead, it is an identifier. When BTC are transferred from one address to another, all you know is that ID <n> now has <x> more BTC. When <n> sees it, he adds the BTC mentioned to his wallet.

      1. ragnar

        Re: theft in plain sight.

        Can you follow the trail from the known 'theft' wallet through to its final destination, when the thief tries to cash out into fiat currency? E.g. could the transaction history of a 'known bad' wallet be used to identify the thief at the point where they have to provide ID and involve a bank?

  8. Winkypop Silver badge
    Holmes

    Hmmmm

    State sponsored hacking or just regular criminal behaviour?

  9. deadlockvictim

    Conspiracy Theory Time

    It seems to me that bringing now down the various Bitcoin institutions is self-defeating, unless one wanted to destroy Bitcoin altogether (and who would want to do that?). It does look at the moment as if a war is being waged against Bitcoin as a whole.

    Currencies survive on trust. Why would one steal something and then actively move to devalue what one has stolen? Or am I missing something fundamental, such as an inherent instability of non-governmental currencies? I am not an economist.

    And, just for the record, I have no bitcoins and am merely an amused bystander.

    1. Gordon 10
      Thumb Up

      Re: Conspiracy Theory Time

      Possible explanations

      a) Criminals are stupid short-termists.

      b) They have enough faith in BitCoin that they will be able to hold onto their ill gotten gains long enough to turn a profit.

      c) All of the above.

      1. Anonymous Coward
        Anonymous Coward

        Re: Conspiracy Theory Time

        If bitcoin value is based on the amount available then stealing (in effect, similar to Goldfinger's plan on US Fort Knox) means less in circulation so each coin is worth more as a percentage of the whole.

        I'd look at the Winklevoss pair as they have plenty to gain from their holding being a greater percentage of the sum

        They have a coding background (alledgedly) so could exploit the "bug"

        They seem to love the spotlight

    2. dervheid
      Black Helicopters

      Re: Conspiracy Theory Time

      "unless one wanted to destroy Bitcoin altogether (and who would want to do that?)"

      The Banks

      Currency Traders

      Scumvernments

      all with the motive and clout to have it done

      Still, what do you expect when you put all of your money into some vague, shady, electronically-stored 'currency' on the promise of someone you've no real reason to trust with just a half-arsed promise that you'll get it back at some time in the future but can spend some of it on the interweb and stuff.

      Oh, wait. hang on...

    3. John Tserkezis

      Re: Conspiracy Theory Time

      "It does look at the moment as if a war is being waged against Bitcoin as a whole."

      Could be, but I don't think so.

      I think it's more likely they're easy pickings. In the ~4000 year history of real banks, they've learned a thing or two about not getting robbed, and how to handle the situation when things go wrong (remember the depression?).

      The backyard boys who run bitcoin "banks" apparently haven't learned a damn thing, mainly because a lot of them are running it out of their bedrooms. The "robbers" know this, and take advange of this. Easy pickings.

    4. Anonymous Coward
      Anonymous Coward

      Re: Conspiracy Theory Time

      I said this before, but while (AFAIK) no evidence has so far come to light indicating the involvement of the American NSA with the MtGox thefts or this one... it's worth bearing in mind that *if* they had wanted to do so, it would be straightforward bordering on trivial for them to carry out such an operation.

      Snowden confirmed (as if anyone hadn't already guessed) that the NSA has spied on others to not only further government interests, but those of establishment business interests the increasingly plutocratic US government (either flavor) is closely aligned with. One can see that both the US government and the banks based there have a vested interest in damaging something that is both a potential rival to the US Dollar and to the established banking system.

      Since Gox started out as a *trading card exchange* site that grew very rapidly, we can safely assume that their security didn't improve in proportion with their importance and that against the NSA- a massive intelligence agency that were involved in (and allegedly subverted) the hugely complex design of cryptographic standards- Gox's barely-souped-up amateur-designed system would present little challenge. If it was breakable by some small time-thiefs with known insecurities, it would have been like a knife through butter to the massively-funded and resourced NSA.

      The value of the coins would not have been the point- the damage to Bitcoin's image (and by extension other cryptocurrencies) would.

      They might well *not* have done it and there's no evidence that they did- greedy thiefs are still plausible enough- but they have both the motive and the means far in excess of anyone else.

  10. Elmer Phud

    'ANOTHER Bitcoin bleed brouhaha' hahaha hahaha etc.

    Shed-an-freud is wonderful

    (nope can't spell it)

    1. BongoJoe
      Happy

      Ha! I laugh at your inability to spell it!

      1. Anonymous Custard
        Joke

        Oi - my shed's got a rather big lock on it. Nice and secure.

        And no Austrian psychoanalysts are left in it overnight anyway...

      2. Captain Obvious

        OK

        "it" :)

    2. kraut

      For future reference

      "Schadenfreude". Useful word to know.

  11. Anonymous Coward
    Anonymous Coward

    The one dude/organisation/state that *first* figured this exploit out must now be sitting on a similar percentage of total bitcoin as the two aliens from the planet "Winklevosia" that live among us.

  12. Scott Broukell

    anagram

    I C NO BIT

  13. Tromos

    All this hasn't affected my faith in Bitcoin

    Never had any to start with.

  14. MaXimaN

    Meanwhile, at bit121 (UK Bitcoin exchange):

    "IMPORTANT NOTICE: It is with regret that our bank has indicated that they are no longer willing to accept sterling deposits. We are seeking new banking arrangements and hope to be able to accept sterling deposits again, once agreements are in place. We wish to reassure bit121 users that all sterling currency and bitcoins are safe and can be withdrawn at any time. At this time, our customers are still able to make sterling withdrawals, deposit and withdraw bitcoins and continue trading."

    1. Aldous
      Mushroom

      Thats Bitcoin business 101. Build a site with spaghetti code on an amazon cluster and call yourself an exchange then run it through your personal bank account. When you get shut down scream "ITS THE NWO BANKSTER LIZARD PEOPLE CONSPIRACY".

      Then start again, apply for the appropriate licenses, get turned down because you thought an ISO standard is a type of CD image and scream "SEE I TRIED BUT THE LIZARD PEOPLE WON'T LET ME THIS PROVES 9/11 WAS AN INSIDE JOB"

      Then do it anyway, make a bit and lose it all when someone smarter then you(and there is always someone smarter than you) probes your systems and makes off like a bandit. Then cry "WE WUZ HACKED NO MONEY FOR YOU, IT WAS TEH NSA, ANYWAYZ I GO NOW KTHXBYE"

      I am saying this as someone who actively mines Bitcoin. Unfortunately most people can't see that the world is not black and white.

  15. wolfetone Silver badge

    It's funny how "Bitcoin" rhymes with "Ponzi" isn't it?

  16. Jason Bloomberg Silver badge

    The costs of obtaining Bitcoins

    It seems to me it is now cheaper to invest in robbery than it is to invest in mining and this will continue to be the case until exchanges and other third-party wallet holders get their acts together. I expect we will see a lot more Bitcoin heists coming soon, big grabs and slow trickle thefts.

  17. Anonymous Coward
    Anonymous Coward

    That middle ground

    needs to be found where safety (regulation?) of transactions, storage and use can be achieved with no more risk involved than when dealing with traditional banks.

    While the majority of these exchanges are run by people with little or no real experience, little or no significant capital behind them and even less resource in terms of hardware, software and security to run a million pound effort, as well as the shadier exchages where the people are complete unknowns, they will always be the target of drive by and determined hackers on the lookout for easy money.

    Bitcoin has the potential for a very bright future but theres many things to do to get its public image back in order as well as parts of its infrastructure for consumerisation. Theres some cool stuff on the horizon, BTC isnt going away anytime soon, as to its increasing value? Who knows?!

  18. Anonymous Coward
    Anonymous Coward

    P O N Z I

    Sounds to me like Poloniex should have stuck to trading cards for magic the gathering online

  19. Anonymous Coward
    Anonymous Coward

    This is why you have transactional systems.

    When you are dealing with valuable stuff, you are an idiot if you allow concurrent, non-transactional 'transactions', and it is only a matter of time before you fail, big time!

    Bitcoin is an in-your-face Ponzi scheme, rather like that Tulip craze ages ago, and this maybe by design, as a test trial, so that a currency owned by banks or other corporations can replace cash, with less resistance.

    I own real physical money, and that is a damned sight harder to steal than any currency; no, money is not the same as currency.

    1. Tom 38

      Re: This is why you have transactional systems.

      Tulip Mania wasn't a ponzi scheme, it was a pricing bubble. Your "real physical" money is exactly the same as tulips, prone to fluctuations in value.

    2. deadlockvictim

      Re: This is why you have transactional systems.

      AC» I own real physical money

      Do you mean Krugerrands and Swiss Vrenelis?

  20. Lamont Cranston

    Probably a silly question, as I know next to nothing about BitCoin,

    but is it possible to invalidate the stolen BitCoins? I would have thought that they carried some sort of unique ID and, being virtual, it's the unique ID that gets stolen?

    I'm probably wrong, as usual.

  21. MotorcyclesFish

    Silly robbers

    Hit a man too hard and you can only rob him once.

    Hit a man just hard enough and you can rob him every day for the rest of his life.

  22. Anonymous Coward
    Anonymous Coward

    Perfect time for owners of an exchange to scam their customers

    Not saying that's what happened here, but considering the recent news with several of these "hacks" it would be pretty easy to transfer bitcoins out of customer accounts to elsewhere (with however large of a chain as necessary to hide who you are if it is trackable) and then claim "we were hacked".

    After apologies and the company goes bankrupt, the owner can cash out all the bitcoins, obtain a new identity, and retire happily to anywhere in the world he likes.

    Since most of the owners of exchanges keep out of the public eye and wouldn't be recognized, this would be pretty easy to do. If it hasn't been done already, I'm sure some plans are being made as you read this.

    1. Gray Ham Bronze badge

      Re: Perfect time for owners of an exchange to scam their customers

      Alternatively, it could be a third party who wants to exert some control over the Bitcoin exchange market. Driving smaller and/or vulnerable players out of the market, then setting up your own exchange in opposition (with the backing of the stolen BC), could that be a possibility?

This topic is closed for new posts.

Other stories you might like