Bitcoin Thefts Surge, DDoS Hackers Take Millions

CowboyRobot writes "In November, Denmark-based Bitcoin Internet Payment System suffered a DDoS attack. Unfortunately for users of the company's free online wallets for storing bitcoins, the DDoS attack was merely a smokescreen for a digital heist that quickly drained numerous wallets, netting the attackers a reported 1,295 bitcoins — worth nearly $1 million — and leaving wallet users with little chance that they'd ever see their money again. Given the potential spoils from a successful online heist, related attacks are becoming more common. But not all bitcoin heists have been executed via hack attacks or malware. For example, a China-based bitcoin exchange called GBL launched in May. Almost 1,000 people used the service to deposit bitcoins worth about $4.1 million. But the exchange was revealed to be an elaborate scam after whoever launched the site shut it down on October 26 and absconded with the funds. The warnings are all the same: 'Don't trust any online wallet', 'Find alternative storage solutions as soon as possible', and 'You don't have to keep your Bitcoins online with someone else. You can store your Bitcoins yourself, encrypted and offline.'"

A limited number of Bitcoins

[fustakrakich]

Pretty soon they'll all be stolen, kinda like land

Re:A limited number of Bitcoins

[kthreadd]

Then someone will invent a new currency and the cycle repeat itself.

Re:A limited number of Bitcoins

a reported 1,295 bitcoins — worth nearly $1 million

No they aren't really worth that much. Sure, you can extract $1 million from the market now, but if everyone does that the prices will fall to zero, the liquidity is pathetic compared to the $15 billion capitalization. And the only reason people don't run to crash the market is because they hope they will be able to earn even more in the future - a.k.a "The Greater Fool Game".

Re:A limited number of Bitcoins

[PopeRatzo]

They could easily sell all 1295 bitcoins and pocket $1 million due to buyers betting on the greater fool game.

It depends. Will someone have the $1mil to buy them all? If they start selling in smaller lots, the value will go down with each transaction.

The only difference between bitcoins and tulips is that at least you could smell the tulips.

Re:A limited number of Bitcoins

[daninaustin]

If you can sell them for $1 million, then by definition they are worth $1 million.

Re:A limited number of Bitcoins

[daninaustin]

$1 million isn't all that much now. There are multiple exchanges processing 80k+ bitcoins per day.

Re:A limited number of Bitcoins

[Bram+Stolk]

The effect of selling is less than you think.
mtgox is not the biggest exchange, but it can easily do a $1M exchange without affecting price in a too dramatic way.

The nice thing is that their bid book is open for every one to see, so you can predict what happens to price at large orders.
See: http://mtgoxlive.com/orders
At the time of writing, a $1M sell or buy would move the mtgox exchange price 5% in either direction.

If you sell in the largest exchange in the world, which I understand is in China, it would move the market less than this.

Re:A limited number of Bitcoins

[schnell]

If you can sell them for $1 million, then by definition they are worth $1 million.

It seems pretty simple on the surface but it's actually not. The point that the GP post was trying to make is that in a small or illiquid market, large sales volumes can actually depress prices by introducing too much inventory to sell vs. people willing to buy. This is a somewhat different example, but back in the day when Bill Gates still had a meaningful percentage of all Microsoft's shares, he would be said in the media to be worth "[his share total] x [current MSFT quote]." But people who knew the market actually understood that if he ever decided to liquidate his shares all at once they would be worth far less because he would actually flood the market (leaving aside the fact that if people figured out that Bill Gates was selling all his MSFT shares, they would flee the stock in droves assuming he knew something they didn't.)

So long story short - if I have a trivial number of [shares, rare items, whatever] compared to the market size, then, yes, they are worth [quantity] x [going price]. But if I have a quantity that is significant to the size of the ability to make markets and I try to sell it all at once, it will invariably be worth far less.

Re:A limited number of Bitcoins

[PopeRatzo]

If the price goes down too much, the exchanges will halt trading and blame it on DDoS

You don't have any problem with that?

You talk about the Bitcoin marketplace as if it was some mature, regulated system. It's not. It's value is purely based on how loudly the proponents of Bitcoin are willing to clap. As soon as it can be traded for other currencies, other commodities, at a large scale, Bitcoin enthusiasts are in for a rude awakening.

Besides, I'll bet that there will be subsequent private currencies that will replace Bitcoin as the flavor of the week and then you'll see fluctuations that make the current 50% swings look like child's play.

Something I've been ruminating about all day

[astralagos]

Somebody more familiar with bitcoin can answer this for me, undoubtedly, but based on my limited understanding, if the wallet file is lost or destroyed, the coins within it are effectively gone, correct? If so, then at some point there's an expected loss over time (fraction of the population who don't back up their wallet, expected size of wallet, drive failure rate), and at some point that's going to intersect with the size at which the pool expands, so that the total supply of bitcoins over time actually decreases. Theoretically, we'd hit some point where bitcoins are just being destroyed through loss. The situation will be exacerbated with thefts and personal storage.

Re:Something I've been ruminating about all day

[rasmusbr]

Somebody more familiar with bitcoin can answer this for me, undoubtedly, but based on my limited understanding, if the wallet file is lost or destroyed, the coins within it are effectively gone, correct? If so, then at some point there's an expected loss over time (fraction of the population who don't back up their wallet, expected size of wallet, drive failure rate), and at some point that's going to intersect with the size at which the pool expands, so that the total supply of bitcoins over time actually decreases. Theoretically, we'd hit some point where bitcoins are just being destroyed through loss. The situation will be exacerbated with thefts and personal storage.

Yep, that's correct. Bitcoin is designed to be ridiculously scarce in the long run.

Re:Something I've been ruminating about all day

obligatory xkcd

Extrapolating
http://xkcd.com/605/

Without knowing rate of loss vs rate of pool expansion there is no way to theoretically mark a point where bitcoin loss>bitcoin gain. Theft still leaves bitcoins in the system, so no real loss there (to the system). I can see a clever developer/maker creating a usb/sd bitcoin wallet. Keep the assets stored off the computer, in a safe place and no risk of government seisure.

Re:Something I've been ruminating about all day

[shaitand]

Of course. That's why bitcoin divides to trillions of units. The idea that trade will involve smaller and smaller units. For instance when the price hit $1000 for a BTC it made more sense to think of Bitmils .001 than Bitcoins for transactions because a bitmil was essentially a dollar.

Re:Something I've been ruminating about all day

We don't need to know the rate of pool expansion. We already know that there is an upper limit to the number of available coins. When that limit is reached we will only lose bitcoins due to the exact reasons the GP raised.

So your "obligatory xkcd" is not appropriate at all. Back to your drawing board.

Re:Something I've been ruminating about all day

[Jack9]

> But each of those bitcoins can be subdivided into ten million pieces

100 million. Not that it makes a big difference right now.
https://en.bitcoin.it/wiki/Myths

Re:Something I've been ruminating about all day

[fastest+fascist]

They *might* be worth more tomorrow. There's no guarantee of that. You will, however, definitely need to eat regularly. Usually spending money is involved in that.

Look at it this way, computers get better all the time. If you wait a while, you can get better value for your money. Somehow, people still buy computers all the time.

Re:Something I've been ruminating about all day

[Athrac]

That is true. However, it is not really a problem in the long run unless every last bitcoin is lost. You can divide bitcoin in infinity and trade with micro-bitcoins or pico-botcoins instead. So at first though this seems like an issue but I argue it isn't.

You can't divide it infinitely. The smallest unit ("satoshi") is 10^-8 bitcoins, so in total, there will only be 2.1*10^15 units of money. For reference, the total M1 money supply in the world is equivalent to about $25 trillion, or 2.5*10^15 dollar cents. If bitcoin becomes a major world currency and we assume a currency loss rate of couple of percent per year, it's gonna become a problem within couple of decades.

There could of course be a change in the protocol so that let's say any bitcoins not used in 50 years could be remined. But it's something that requires acceptance from majority of miners.

Re:Something I've been ruminating about all day

[petermgreen]

The rate of production is laregely known and is not significantly affected* by changes in mining power.

The rate of loss is a trickier one, it is not possible for an analysist to tell the difference between a permanently bitcoins (one where all copies of the private key have been destroyed), temporally lost bitcoins (where the private key still exists and may be found but the owner has forgotten where it's stored or is having difficulty remembering the passphrase or whatever), and hoarded bitcoins (where the owner knows how to access the bitcoins but has decided not to do anything with them).

* Short term fluctuations can happen since the difficultry takes time to adjust.

Re:Something I've been ruminating about all day

[ArbitraryName]

You can't divide it infinitely.

Yes, you can. Eight decimal places is just a fairly arbitrary number. If it becomes necessary, smaller transaction can be supported.

Re:Something I've been ruminating about all day

[lxs]

If there's a way to reclaim lost bitcoins (crack the encryption), then you can get a stability point.

The public keys and contents of all addresses that have been involved in transactions are public knowledge through the blockchain.
If someone cracks the encryption, no bitcoin is safe from theft any more not even those stored on paper locked in a safe.
But I guess a value of zero is a stability point too.

Savings Accounts

[lgw]

Ever wonder why banks can pay less than inflation for savings accounts and still get customers? Government insurance against the bank getting robbed / going broke / just absconding with the cash lets them provide a service that's worth a small cost.

In a way, Bitcoin is a bet that the risk of the government itself being the ones to take your money exceeds the risk that individuals will do so. History shows plenty of risk both ways, but I could certainly see the value in banks offering Eurobitcoin accounts.

Re:Savings Accounts

[lgw]

There are many other choices than "savings account" or "mattress". There are a wide variety of bond investments, bond ETFs and mutual funds, money market accounts, and so on. But you pay a lot for safety, and you also pay for the convenience of liquidity, trading in very small amounts, and retail convenience.

The Internet has nearly removed those last two concerns, however. If you educate yourself on the risks of bonds (both inflation and default risks), which is no harder than educating yourself about how bitcoin works, it's easy to match inflation with funds with daily liquidity, ability to move small amounts, and really quite small risk. But if you want that government backing against default risk, you're going to lose vs inflation - you have to pay for that insurance.

Re:Savings Accounts

In the UK you can save with the government and cut out the middle man. The UK government owns a bank named the National Savings Bank (actually they own several banks, but this is the only one that offers savings accounts to regular people) which offers a middling interest rate and various long-term bonds. When you "invest" in the government's bank instead of it lending the money to somebody else like a regular bank it just spends it on government projects. The money to pay you back later comes from taxation. So in effect it allows the government to borrow from the ordinary consumer at a better rate than they'd get from a foreign bank, and it lets the consumer save with a 100% trustworthy bank.

Anyway, for long term savings the National Savings Bank will give you points over inflation. They will promise to track better than the rate of inflation in interest. They can do this because they are, after all, the government, if they can't make it worthwhile to borrow money at points over inflation they definitely shouldn't be borrowing from foreign banks! Of course "worthwhile" gets to be over a long view when you're a government. Money spent today ensuring a five year old is healthy and well educated pays off twenty, forty, sixty years down the line.

(You might say, what if the government can't pay it back? Maybe the tax base collapses, or the country is invaded or something. But in this case the country will default, EVERYBODY in the UK gets screwed if that happens, regardless of whether they use the government owned bank).

Mine are safe

[raftpeople]

in the couch

Idiots

[wbr1]

Keep...your...own...fucking...wallet...

I do. Encrypt and backup your wallet.dat file. When you restore it, even if it is old, you can rescan the block chain and have all your funds. Except for transfers, why hand your entire wallet to someone? Would you do that on the subway, or in walmart?

Re:Idiots

[timeOday]

Actually it is idiots that keep all their savings in their own wallets, or in paper bag in the freezer, or buried in the yard. Whereas normal people do entrust their saving to complete strangers, all the time, in a thing called a "bank." This turns out to be much safer than holding it yourself, thanks to "regulations" enforced by "governments." Kind of impressive if you step back and think about it.

Re:Bitcoin hype over?

[SuperKendall]

but I have worked in academic level IT & networking so I know what's going on...

Only at the level of how you store it, not in any aspects of how it works as a currency.

The problem is exchanging Bitcoin for real currency

But in theory you don't need to do that often, the idea is that it is a currency you can accept and use for payments.

It's a bit tricky for me to convert USD into some other currency also, but since I don't do so very often it doesn't matter.

As more places accept BitC for payment that concern becomes much less an issue.

Re:Idiots .. use a VM

[Billly+Gates]

... and use a VM just for that purpose. Since I do IT I have a copy of VMware workstation and will utilize this for just that purpose to play it safe.

I have one for porn and one I am going to make for litecoin trading as bitcoin is too expensive already :-(

Firefox and Chrome with flash can get you just as infected as IE under Windows in this day and age so any browser is bad. A VM is the only way to stay safe sadly.

Re:Idiots .. use a VM

[wbr1]

If you are really paranoid, you can use whonix, which puts a vm in a vm, piping everything through tor and preventing just about any leak of IP information or exposure of OS exploits.

The Real World

[SuperKendall]

***UNLESS I CAN SEE IT PLACED IN MY $$$ BANK ACCOUNT IN REAL TIME***

Which goes to show you are missing the point of using it as a currency. A real currency is something you hold onto, not exchange at first opportunity.

You only think you need to do that because you think the exchange rate of BitC against some other currency is too high. Why? Are you SURE about that? Because lots of people were saying the same thing all along, at much lower values. What if BitC doubles in value again? Then you would have been an idiot to exchange it away.

I'm not even a huge BitC proponent, I have only a tiny amount myself. But I can see that worry about the value of BitC against other currencies seems overblown, and there is a constant track-record of underestimating BitC, with every action that is supposed to bring the hammer down on exchange rates (like the closure of Silk Road) having the opposite effect instead. And I see real merchants slowly adopting payment using this currency. If there are enough real objects I can use BitC to buy then I am insulated from swings in value, and it makes more sense to hold than to get rid of right away.

Re:The Real World

[SuperKendall]

I know because I don't know. What I mean is, the ammount of uncertainty in BTC is much, much higher than in dollars.

Really? I actually don't know that at all. In fact the value of USD could go haywire in a lot of ways, in case you hadn't noticed the price of metals like gold and platinum has skyrocketed, meaning a lot of other people think so too.

Just because the USD HAS been more stable, does not mean it has to continue to do so.

The **CORE** of that uncertainty is the number of BTC awarded per transaction mined.

Not sure I follow that statement, in a transaction you get a specific amount of BitC from someone else. When mining you get a specific amount of BitC per block. Where is the uncertainty in ether aspect? The only uncertainty is how much other currency someone is willing to give you for BitC. But as more people want and use it, the more the value will rise.

the number of BTC awarded to who finds the proper number/transaction is arbitrary.

Again, how is this arbitrary? I do mine (slowly) and it seems no arbitrary at all.

Re:The Real World

[DaveV1.0]

Which goes to show you are missing the point of using it as a currency. A real currency is something you hold onto, not exchange at first opportunity.

Um, no. A currency is, by definition, a medium of exchange. "Something you hold onto" is an investment vehicle, not a currency. Bitcoin is supposed to be a currency, not an investment vehicle.

Mostly, yes

[DrYak]

As a small addendum to what rasmusbr has already said:

if the wallet file is lost or destroyed, the coins within it are effectively gone, correct?

The short answer is yes. The long answer is a little bit more complicated.
If hacker still has copy of the wallet.dat file, the coin could still be stolen (in theory the file can optionnally be encrypted. In practice we all know how good humans are at picking good passwords).

key pairs in a wallet can also be generated using passphrases (so called brain wallet).
in theory the owner is the only one to know the passphrases generating the key pair and thus the only one able to use the private key.
in practice, again, we all know how good humans are at that task
(and before you ask: yes someone has decided to make a keypair using xkcd's "correct horse battery staple" comic).

worst citizens are the web services. they use their own wallet to process coin. you sent an amount to them, and then they process on your behalf. (some even allow you to upload key pairs). You have to trust that they are honnest people. You have also to trust their security measures that their key don't get stolen.

So out of all the various "lost" coins, some are possibly going to re-appear due to poor password strategies, or due to less scrupulous online companie which will decide to re-purpose un-claimed bitcoin account, or outright scam people into giving them coins and then running away with them.

Re:Bitcoin hype over?

[faedle]

> Mt. Gox? Seriously? How do you even pronounce it?

"Magic the Gathering Online Exchange."

That should scare you.

So... you are actually insane, what is that like?

[SmallFurryCreature]

You are talking of a single transaction shifting the market 5% and you call that small?

Real economic markets panic of fractions of a percent shift with billions in transactions.

If a real currency could suffer a 5% inflation with the selling of a single million, everyone would conclude that currency is totally non-viable.

Basically you are saying that if you own bitcoins, you could lose 5% anytime someone sells a single million of a currency supposedly worth billions. That is NOT a stable reliable currency.