An actual DDOS?
Or just everybody trying to get through to get their bitcoins out?
A Japanese newspaper is reporting that during the spectacular collapse of the Mt Gox Bitcoin exchange, the operation's servers were also suffering a large-scale DDOS attack. The Yomiuri Shimbun's English-language Japan News reports that the attacks in early February reached 150,000 DDOS hits per second, “mostly from servers in …
...since in military parlance, "fielding" something means bringing it into combat. So the headline "Mt Gox fielded MASSIVE DDOS attack before collapse" (emphasis added by commentard) implies that Mt Gox itself started a DDOS attack, not that it was the subject of one.
Many years ago, on a holiday to the US, I was sitting at a bar and discussing with some of the locals the merits of different sports when I happened to mention that Baseball was played in the UK, known as Rounders and normally played my young girls.
My innocent comment nearly started a bar fight!
>It later emerged that attackers had found a way to exploit
>the Mt Gox code to steal 850,000 Bitcoins worth hundreds of millions of dollars.
Zero evidence of this and Mt Gox themselves said the coins were stolen via "transaction malleability" over years.
The fact that coins that Mt Gox moved and hasn't touched since 2011 were moving all over the place over the weekend suggests that there is a little bit more to this story than Mt Gox have been making out.
"850,000 Bitcoins worth hundreds of millions of dollars"
I love how the press throws around numbers like this when there is a loss or a crime. For instance, every time a shipment of illegal drugs is seized by the police in America, the press quickly declares that the shipment "had a street value of $50 million dollars" or some such.
It should be noted that "hundreds of millions of dollars" would be maximum value under ideal conditions. Just like selling street drugs in America for $50 million would be "maximum value under ideal conditions". The fact is, those ideal conditions are unlikely ever to be met either in the case of a failed drug sale or a flopped bitcoin exchange. Buyers may not have been willing to part with maximum price for questionable coin from MtGox - so the "hundreds of millions" might be a totally bogus number in the first place.
I love how the press throws around numbers like this when there is a loss or a crime. For instance, every time a shipment of illegal drugs is seized by the police in America, the press quickly declares that the shipment "had a street value of $50 million dollars" or some such.
Blank cheque found . . . worth billions of dollars. (until you cash it)
According to BitcoinAverage.com, which gives a weighted average of the current/recent prices on several exchanges, at the time of writing, the price of one bitcoin is $627.
$627/BTC x 850,000 BTC = $532,950,000
This is assuming you were able to shift those coins at a reasonable rate without causing the exchange to collapse. Given that the daily volume appears to be around 30,000 BTC, it would probably take some months to convert those to cash, but the exhange rate does seem to have stayed pretty constant over the last few weeks.
I think that falls pretty well into the 'hundreds of millions of dollars' bracket, either way, without any need to start waffling about 'street drugs', which has absolutely no relevance.
When spread over their various owners, the value could easily be the stated amount, since they wouldn't all spend them at once, and they'd spend them in different places.
So, the *loss to the owners* was $850m (at the given exchange rate); the *value to the thieves* would be substantially less due to the above-mentioned concerns.
Except that a very recent leak revealed that MtGox had over 950,000 Bitcoins?
Considering MtGox's "trustworthiness" then (oh who am I kidding, this is the same MtGox which had parsed usernames and passwords in plaintext through URL's when the site first launched) I wouldn't be surprised if MtGox DDoS'd themselves in order to portray a false image of MtGox being the victim.
Anything to it?
The claim that Mt. Gox was operating with fractional reserves came as shocking to some. After all, the exchange functioned by providing a shared wallet for depositors. Each time a deposit was made in bitcoin, the proceeds were moved to the shared wallet. This wallet was safely stored offline (“cold storage”) so that hackers could not gain access to them. In addition, a very high percentage of bitcoin was supposedly stored in this way – up to 98% by some claims – with only a small amount held online to facilitate withdrawals and other transactions.
In theory, since almost all of the bitcoin were held safely offline by Mt. Gox, the “bitcoin bank” should have been behaving like any standard full-reserve bank. The evidence over the past months proved this to be anything but the reality of the situation.
...
Mt. Gox is a little different. Despite holding the vast majority of its bitcoin securely in cold storage, its claim is that somehow these were stolen by someone. In standard fractional-reserve banking theory, the reason a less than 100% reserve is held is because the bank has knowingly made use of the deposited goods, not because hackers have prevailed in cracking an impervious safe. The dust will settle on what happened to the bitcoins deposited with Mt. Gox. For now I will let Occam´s razor prevail in providing me with an answer to the whereabouts of the missing coins.
Or just the safe being emptier than it should be in the first place: loaning out the money one should keep in the vault so that dosh can be made for oneself --- while praying that not all the depositors will demand their money back at the same time.
The reason for why "bank runs" happen and, today, basically large orders are suddenly placed to printshops by politicians getting the cold sweats.
"transaction malleability" sounds suspiciously like exactly that. I have no idea whether bitcoin technically allows this.
>Or just the safe being emptier than it should be in the first place:
>loaning out the money one should keep in the vault so that dosh
>can be made for oneself
That's called "fractional reserver banking". That's what the words mean.
"transaction malleability" sounds suspiciously like exactly that. I have no idea whether bitcoin technically allows this.
"Transaction melleability" refers to a vulnerability in the bitcoin protocol known about in 2011, and for which a fix was done then in the standard bitcoin client. For MtGox not to have applied this fix to their own code suggests a severe level of incompetence on their own part, akin to running a bank's servers on a public-facing unpatched WinXP box.
http://www.theregister.co.uk/2013/08/21/cyberheist_ddos_smokescreen/
"Cybercrooks are running distributed denial of service attacks as a smokescreen to distract bank security staff while they plunder online banking systems"
http://www.theregister.co.uk/2013/10/17/bitcoin_exchange_ddos_flood/
"mystery DDoSers tried to take down Bitcoin exchange with 100Gbps crapflood"
http://www.theregister.co.uk/2013/11/29/uk_banks_cyber_threat_warning/
"Concerns that high-volume DDoS attacks of the type that interrupted the operations of US banks last year might easily be deployed against Britain banks to similar effect have fortunately proved groundless"