Bitcoin Exchange Mt.Gox Suffers Serious Attack, Instawallet Offline

Bruce66423 writes "The BBC reports that Mt.Gox, the main exchange dealing with Bitcoins, has been attacked, and other resources are off line. A scary reminder of how insecure ALL money is in the computer age..." Also at TechWeekEurope. A message at bitcoin storage service Instawallet's site begins "The Instawallet service is suspended indefinitely until we are able to develop an alternative architecture. Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is."

Is it?

[paiute]

"A scary reminder of how insecure ALL money is in the computer age...."

I applaud the creation of Bitcoin, but really, would you trust your $10,000 more on a server somewhere or in an FDIC-covered bank?

Re:Is it?

And if you did trust it on a server somewhere, would that server be "Magic The Gathering Online Exchange"?

(Or are we supposed to forget that that's what "MtGOX" stands for?)

Re:Is it?

[camperdave]

The big sack of pennies under my bed is as secure as ever.

Security through bad-guys-not-carrying-a-forklift... Clever.

target

[roman_mir]

Bitcoin exchanges are a target right now at the current exchange rates, but I was thinking just a little while back, isn't it strange that somebody who released the original protocol is unknown and wishes to stay anonymous? I thought about that for a little bit, there are a number of possibilities. Of-course somebody who had the original idea could run the hash generation for a much longer time before anybody started doing it as part of a mining (proof of work) network. I don't know, it's hidden in plain sight

This feature is then used in the Bitcoin network to secure various aspects. An attacker that wants to introduce malicious payload data into the network, will need to do the required proof of work before it will be accepted. And as long as honest miners have more computing power, they can always outpace an attacker.

- good, what if somebody had a much longer stretch of time to work out the answers before they could even become questions? It's not like those transactions are random.

What other motives can somebody have to release a protocol like this one potentially to be used by millions of people who see this as a way to make money? Giving people incentives to come up with faster SHA generators? Somebody who wants to break encryption mechanisms by generating huge amounts of SHA codes against various data?

I think without actually getting into the source code it's impossible to read the answers to any of these questions, so maybe that's the next step, read the source code.

Old news?

[prisoner-of-enigma]

This is semi-old news. Mt.Gox has been under attack for at least a couple of days but they appear to be handling it pretty well. I haven't noticed any problems with using them at least. Trades might be taking a tad longer but nothing big that I can see.

Instawallet, on the other hand, crumbled at least a day or two (I read about it early yesterday morning). Their problem had nothing fundamental to do with BTC but more to do with the unique way Instawallet did business with (I believe) greater anonymity. The whole "we gotta rearchitect this thing" press release was that their fundamental way of doing business made them uniquely targetable by fraudsters, thus they gotta figure out something new.

Re:A reminder of how insecure ALL money is?

[prisoner-of-enigma]

Uh, no. Somehow I sleep a little better knowing my money is backed up by the FDIC if I keep it in a real bank.

And, as recently demonstrated by Cyprus, if the government arbitrarily changes the rules ex post facto and decides they're going to take your money "because we need it," how well do you sleep? You sleep well thinking the rules of the game can't be changed. They can. They are. This is a terrifying precedent.