Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacked Bitcoin Financial Site Had No Backups

Posted by timothy on from the harsh-lessons dept.

An anonymous reader writes "A fortnight ago the Bitcoin financial website Bitcoinica was hacked and the hacker stole $87,000 worth of Bitcoins. At the time the owner promised that all users would have their Bitcoins and US dollars returned in full, but one of the site developers has just confirmed that they have no database backups and are having difficulty figuring out what everyone's account balance should actually be. A failure of epic proportions for a site holding such large amounts of money."

17 of 331 comments (clear)

  1. Re:Honestly... by Anonymous Coward · · Score: 5, Funny

    How are situations like this still happening?

    I think 17 year olds running online currency exchanges is a fairly recent phenomenon.

  2. Re:Let me be first to say... by IamTheRealMike · · Score: 5, Interesting

    This is what happens when you deal with an unregulated currency supply.

    Regulation of currency has nothing to do with this. In fact shortly before it closed Bitcoinica was boasting that it had recently come under regulatory supervision. And do you think dollars and euros are immune from incompetence leading to massive losses? If so, where have you been in the last few years?

    The underlying problem here is simple, and actually has little to do with Bitcoin itself. The problem is that Bitcoin has grown so extremely fast that almost anyone who sets up a unique financial service, as Bitcoinica and MtGox did, is immediately flooded with users and vast sums of money. These guys are then plunged into the pain of scaling up their operations from zero almost overnight .... setting up customer support, dealing with bugs and new features, figuring out the relevant regulations so they can start to comply with them and attempting to secure their operations.

    It does not help that many of these operations started out being run by rank amateurs. MtGox was written in amateurish PHP and had to be almost completely rewritten from scratch by Mark Karpeles, who appears to be fairly competent. Their big security breach came when the previous owner (the amateur) got hacked, he had retained too much access to the business internals. Bitcoinica was, notoriously, set up by a Chinese 17 year old who was able to build a nice UI and working trading platform, but quickly realized he was in over his head with regards to building a rock solid secure operation.

    Securing IT systems is hard and Bitcoin as it stands today doesn't do much to help you with it. It's worth noting here that if you just want to sell things for coins (the common merchant case) your server does not need to have the ability to spend the received money at all. You can use a split wallet (also called a "watching wallet") on the server, and then only a totally diffferent secure machine of your choosing can actually move the money. So the difficulty mostly affects companies that need to automatically receive and send large sums of money. The community knows how to make improvements - the protocol allows for money to require multiple signatures to move it, so a framework for having an independent second system that verifies/risk-analyses a transaction stream before signing it would be a good step forward. Using trusted computing platforms like Intel TXT + the TPM chip allows you to secure your wallet in such a way that root level compromise of the machine cannot be used to extract the keys. And the use of "cold storage" wallets is already commonplace. Etc, etc.

    The Bitcoin world is going through a period of rapid evolution in which amateur wildcat operations prove demand and are then rapidly replaced by companies designed by highly paranoid people. If you are skilled at computer security and willing to do a lot of paperwork, there's golden opportunities for you right now.

  3. Re:Ha! by jamesh · · Score: 4, Insightful

    Cash doesn't need backups.

    Close. Cash is the equivalent of no backups. Having your money in a regulated, underwritten by government, bank is having your money well backed up. An unregulated industry like bitcoin (as illustrated in TFA) is the worst of both worlds.

  4. Re:Honestly... by goodmanj · · Score: 5, Insightful

    If the attacker deleted your backup, you didn't actually have a backup.

  5. Re:Ha! by J'raxis · · Score: 5, Insightful

    Until the government decides to steal that money from you: "Freezing your assets" because they suspect you of some crime, "garnishing" or "levying" your bank account because you didn't "voluntarily" pay their taxes, and so on. And then of course, the government can just decide to print more money at will, stealing wealth from everyone, through inflation.

    The risk of theft or loss with government-backed banks is the same; the thieves are just more organized. And if you consider inflation, the slow, persistent, and inexorable theft of your banked USDs is all but certain.

    --
    Liberty in your lifetime
  6. Irony by J'raxis · · Score: 5, Insightful

    Meanwhile, the EUR is imploding due to abject irresponsibility on the part of its government backers, banks, and investors, and the USD is probably not far behind. I wonder how long off until we see wheelbarrows full of euros and dollars being used to feed woodstoves rather than as currency. The growing sovereign debt crises and $700T (yes, that's a "T") derivatives market going tits-up are going to make BTC's problems look like a joke.

    Yet I see comment after comment of how irresponsible and amateurish BTC is, and how we should only trust regulated, state-backed currencies. Yeah.

    --
    Liberty in your lifetime
  7. This story is completely overblown by Beautyon · · Score: 5, Insightful

    This story about the woes of Bitcoinica is grossly overblown. The amount of money is comparatively very small, and the Bitcoin network itself is nothing to do with this theft and is sound.

    To put some perspective on the Bitcoinica incidents, in 2008, the estimated UK bank fraud level was £52.5 million; that is 990.28441 times the amount of this Bitcoin theft:

    http://www.themoneystop.co.uk/042009/online-banking-fraud-is-on-the-rise-in-the-uk.html

    There are people on many sides who want Bitcoin to fail, and who will do anything to stop it from growing. The banks hate it, because it will disintermediate and replace their business. The Statists dont like it because it will defund their socialist dreams. The gold bugs loathe it because it is not gold. Keynesian journalists bristle at the fact that the money supply in Bitcoin is limited, and dream of seeing it destroyed.

    None of these people will matter in the end, and they do not understand Bitcoin.

    Bitcoin will continue to grow, and events like this will winnow out the weak services and strengthen the existing ones. Each theft, disaster and problem are iterations that add to the unpublished "how to run a safe Bitcoin service" manual. Bitcoin and the services that will grow up around it cannot be stopped, just like Bittorrent cannot be stopped, and the latter is responsible for 53.3% of upstream traffic:

    http://torrentfreak.com/bittorrent-still-dominates-global-internet-traffic-101026/

    It doesn't take much to see how important Bitcoin is going to become once the core public facing interfaces are solidified, refined and reliable. Bitcoinica is not Bitcoin, and neither are any of the services that are built on it. Bitcoin is a protocol. Events like this are nothing more than a bump in the road, and a vanishingly small one at that.

    --
    ATH0 Bitcoin: 1DnwFLXczVZV8kLJbMYoheUrpqHesjxrSi
    1. Re:This story is completely overblown by RogerWilco · · Score: 5, Insightful

      I don't think Bitcoin will work in the long run. The main reason is that it's designed to be limited to a fixed amount. This leads to three problems:

      1) And financial transaction that requires interest is a problem. Anything from a business loan to a mortgage is basically impossible in a fixed money supply.

      2) Assuming the economy grows, there would be deflation, which will mean people try to hoard their bitcoins instead of spending them. This in turn increases the deflation.

      3) Related to the first two points: One person can over time become the owner of all bitcoins if this person has a sizeable initial stack of bitcoins, and lends them out at interest, and keeps spending well below the gained interest, you end up gaining a larger and larger share of the total bitcoin supply.

      These effects feed into each other, enforcing the effects and if kept unchecked will lead to a situation where a few players own the vast majority of the bitcoin supply. The pool of bitcoins not in their hands will dwindle as more and more of it is paid as interest to the large lenders, given continuous deflation and ultimately concludes in a credit crunch of epic proportions.

      A successful bitcoin is a setup for a major economic disaster, a failed bitcoin can be ignored. I choose the second option because I think the first one would create problems much bigger than the economy has now.

      --
      RogerWilco the Adventurous Janitor
  8. Re:Let me be first to say... by __aaltlg1547 · · Score: 4, Informative

    Regulation has a good deal to do with it. Regulations on financial transactions shouldn't allow semi-competent 17 year olds to handle large amounts of other peoples' money, for instance, or to design software for such. They should require that data and transactions be recorded, backed up and auditable and audits should be required. AND insured. If you let a person not sufficiently insured hold your money, you are a fool.

  9. Re:rsync by Anonymous Coward · · Score: 4, Insightful

    Blacks are a net drain on society.

    And you, sir, are an unacceptable drain on the Earth's supply of breathable air.

  10. Re:Ha! by Anonymous Coward · · Score: 5, Funny

    Right on; say what you want, at least Bitcoins don't change in value.

  11. Re:Ha! by bill_mcgonigle · · Score: 4, Informative

    Good luck getting any bank in America regulated if the Republicans all three branches.

    Like they did in 2002 when the Sarbanesâ"Oxley Act was passed? You're delusional if you think Republicans don't love regulation. Look at their actions, not their words.

    Seriously, look into starting a new bank as a startup (I have). It's not possible without massive capitalization and regulation. Upwards of $5M in legal fees alone.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  12. Re:Honestly... by Lumpy · · Score: 5, Insightful

    Bingo!

    It sounds like the people running the place are I.T. morons.

    Rsync to second server, both servers then have offline backup that is cycled to a safe onsite AND offsite. THAT is a backup, not what most idiot business owners think a backup is.

    I recently had this discussion with our CEO. "We dont need to spend $12,500 on a backup system...."

    Me: so all our data is worth less than $12,500? if we lost ot all right now it would not matter at all to the business?
    CEO: No, we would be devistated and out of business!
    Me: so the whole business is only worth $12,500??!? Why are you keeping this from everyone that we are about to go under!
    CEO: No! No! We are doing fine, well over $10million in sales last quarter...

    Me: and you are unwilling to spend $12,500 to protect that money....... Really.....

    CEO: go and order the backup server and tape Drive robot.

    --
    Do not look at laser with remaining good eye.
  13. Re:Let me be first to say... by Lumpy · · Score: 4, Insightful

    "Bitcoins are not currently money. They're more like arcade tokens, really. No value outside the venues honoring them.

    Currency, on the other hand..."

    Feel free to try and use North Korean currency in the United state or europe to buy something.

    Currency has NO VALUE outside the venues honoring them.

    --
    Do not look at laser with remaining good eye.
  14. Re:Ha! by rthille · · Score: 5, Insightful

    Cash (or "money") is not a store of value, it's a lubricant for exchange. A monetary system without inflation (small, predictable) encourages people to store wealth in "money", as opposed to investing it in productive uses. Monetary systems with a small amount of inflation will encourage investment of wealth to earn a return at least as good as the inflation being experienced. Which is why virtually every economy on the planet left the gold standard; the economies with "inflatable" currencies will outperform those without.

    --
    Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
  15. Re:this, ladies and gents... by metacell · · Score: 4, Insightful

    Right. Because we regulate traditional banks, they're never hacked or robbed.

    Oh wait...

  16. Re:rsync by bmo · · Score: 4, Insightful

    Your statement assumes the previous AC deserves rational argument in return. The problem is doing so gives too much importance to something that has actual negative intellectual value.

    âoeTo argue with a man who has renounced the use and authority of reason is like administering medicine to the dead.â - Thomas Paine

    --
    BMO