Slashdot Mirror
More Bitcoin Exchanges Forced Out of Sync After Massive DDoS Attack
An anonymous reader tipped us to news that several Bitcoin exchanges have joined Mt Gox in suspending withdrawals after being forced out of sync with the Bitcoin network at large. After Mt Gox blamed transaction malleability for forcing them to suspend withdrawals, miscreants started flooding at least Bitpay and Btc-e with bogus transactions. Quoting the Bitcoin Foundation: "Somebody (or several somebodies) is taking advantage of the transaction malleability issue and relaying mutated versions of transactions. This is exposing bugs in both the reference implementation and some exchange’s software. We (core dev team, developers at the exchanges, and even big mining pools) are creating workarounds and fixes right now. This is a denial-of-service attack; whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming. It’s important to note that DoS attacks do not affect people’s bitcoin wallets or funds. "
If I didn't know better I would suspect that the best time to invest in BTC futures would be about five seconds before the DDoS stopped.
I'll leave you to guess who is in the best position to profit from that.
stop the transactions, you hurt the value. This is a Fed operation, because they can't control it they're trying to destroy it and make it look like script kiddies. So fucking transparent...
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
It’s important to note that DoS attacks do not affect people’s bitcoin wallets or funds.
Unless of course the exchange rates start dropping because of a declining confidence in the currency.
If Pandora's box is destined to be opened, *I* want to be the one to open it.
More like filling all the bank door's locks with glue.
Its been an interesting few days, they're lashing out in fear and attacking their own, it won't be long now, here is a recap of what we saw:
1. MtGox made public that a well known bug which was being ignored by the bitcoin "developers" was being used to steal coins.
2. Almost instantly the "foundation" and "developers" released statements indicating that only MtGox was effected by and at fault and the remainder of the bitcoin ecosystem would not be impacted.
3. We saw a flurry of requests for Mark Karpeles to step down from the "foundation".
4. Suddenly almost all the bitcoin exchanges stopped allowing withdrawls because in contrast to what the "foundation" stated, bitcoin developers were responsible for this bug and it in fact effected the whole ecosystem.
It is very clear that this situation was caused by the bitcoin "developers" lack of interest in securing their code. It is also very clear that they attempted to hide this fact and shift blame to an innocent party.
This may very well affect people's funds and online wallets. If an exchange doesn't find a transaction in the blockchain, because the exchange looks for a different transaction ID, the exchange may have reissued the transaction, effectively paying out twice. As these transactions are not reversible, but not the fault of the customer, the exchange will have to eat the losses. The current Bitcoin exchanges are not huge banks. They're not too big to fail, and when they do fail, they take your funds with them. They may not even have them anymore right now, but you don't know, because you can't withdraw.
It is far more likely for the attack's objective to be the speculation of the 0.0001% than the revenge of the 99.9999%.
No, the issue is that a bunch of fake but close-enough transactions are flooding the exchanges to de-sync them. They're trying to verify the transactions with the real blockchain, but in doing so, they fall behind, have to process a new batch of fake transactions and compare them against the real chain, etc.
Basically there's a point where the flood of fake transactions overwhelms the ability to figure out what's real and what's not. No extra money is being created unless the exchange follows the fake transactions. However, if you're trying to exchange money, it means your real transaction is now backlogged and the exchange can only get further behind as they sort out the mess.
It's like how a regular DDoS works - except the information being sent is fake and the server is bogging down under the load trying to figure out if it's real or not.
It's a classic resource starvation attack - each fake transaction consumes resources because it has to be verified against the real blockchain. But in the time to do that, more fake transactions come in so the server can do nothing but fall behind. And you intermix in real transactions which have to be processed properly as well.
I suppose a real life equivalent is a bank - where you have people trying to cash in fake cheques or exchange fake currency - it takes time to verify and fail the transaction, but even with all tellers open, there'll be a point where more people (legit and otherwise) arrive faster than they can handle so the lines get turned into crowds.
So.. Is there a way to sell BTC short?
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Everyone was saying, "Bitcoin is just like currency, man, only better."
It is, especially if you are trying to pump, dump or crash and buy the things for profit. If a DOS attack can drive the price down and DOS attacks are fairly easy to do, you can bet somebody will try it.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
"Itâ(TM)s important to note that DoS attacks do not affect peopleâ(TM)s bitcoin wallets or funds."
Oh good. That should make folks feel so much better. I know I always feel safe when my bank goes down cascading with other banks to know my funds are "safe", I've just had my access to them taken away for an unspecified time frame due to their theoretical safeguards that are largely untested and fall prey to the most basic, grade-school level Internet "hacking" (DDoS) which is more akin to a prank when compared to a real attack.
Ladies and gentlemen, may I present to you - the beginning of the end of the Bitcoin bubble. When those exchanges go back up those Bitcoins are going to be ripped out of there and anyone who isn't completely daft will sell them off , take what cash they can get and run.
Some of the best hackers work for governments. This may be an attempt to destroy digital currency so that people are forced to contend with the historical money makers.
I'm not into conspiracy theories. Government doesn't really care about BTC, as long as you are not using it to do shady things. This is just common hacking by brighter than average people with less than ideal morals who are out to make a buck. *Somebody* has figured out that money can be made doing this. Now if they are clearing millions or just enough to pay for the pizza is the real question.
IF the government wanted to end BTC, there are better and easier ways that would be a lot less complex and straight forward. No, this is just some yahoo's who figured out how to make a few bucks by tweaking things. More will come though, as organized crime gets into this technique. The swings will get bigger and bigger until they "fix" the processing of transactions to avoid the problem (assuming they can).
I'd be (and I am) out of BTC trading with any money you cannot afford to loose.... Way too risky, even for the kids inheritance money.. If you want to use your slot machine mad money here, it might be better odds, but just barely. (Not as entertaining though.)
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
When will the gullible finally wise up?
When their money is gone of course. (Or more to the point, when THEY cannot get their money back when they need it.)
Just remember though, only THEN they will demand government regulation. Before that it is all about the government not having any business regulating what they want to do. After they are fleeced, they will demand a bail out and rules.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
In theory yes, there are exchanges that support short sells, in practice I have heard that they are not terribly reliable and trying to collect generally does not work. Shorting regular commodities tends to work because you have the weight of federal regulation and law enforcement behind it, but few of the exchanges are really mature enough to have that kind of confidence behind them.
Hmm. If I recall correctly, flooding a country with counterfeit currency to destabilize its financial system has actually been done (or at least proposed) before.
What's interesting about this DOS attack is it doesn't matter if every single counterfeit transaction is discovered as such and rejected... what's being attacked is the efficiency of the system itself. If transactions get inefficient enough, the currency becomes burdensome to use, so people forgo it and turn to other mediums of exchange.
(Whether you're a BTC fan or not, it's fascinating to watch Bitcoin's pristine mathematical world rocked by thousands of years of lessons-learned in real world financial competition. Vires in Numeris indeed.)
Koans and fables for the software engineer
You can bet your ass that this is state funded, if not directly state sponsored.
Right. Let's see, what's more likely? The US government going to the trouble to hire hackers all hush hush to screw around with bitcoin exchanges using annoying but ultimately pointless attacks OR the government simply exercising its law making powers? (hint, the answer is the second one)
No, this sort of attack is the work of criminals of some sort. Maybe of the organized crime sort or maybe simply the bored hacker kind. I don't pretend to know. It makes no sense whatsoever to think this was state sponsored.
The government doesn't have to engage in hacking to mess with bitcoin in underhanded ways that aren't going to have any lasting effect. If the government decides to go after bitcoin it will be more shock and awe, not ineffective commando raids.
Interestingly enough, this potentially benefits legitimate BTC speculators.
We see what's going on. We know that BTC is under attack, and we know it's going to drop, and we suspect it's going to rebound. Time for tech-savvy legitimate investors to make a few gambles as well -- if you're the type that's already gambling on BTC.
One of the things about BTC is that, since it's unregulated, you can't just freeze the exchange rate until the storm blows over. Anarchy!
Problem for *everybody* though is what's really going on is they are flooding the exchanges with false transactions, which slows down *real* transactions including the one that leads to the profit for the attacker. I suppose if you know when the DOS attack is going to end (because you control it) you can time the bottom, place your (sure thing) bet, verify the transaction has cleared and stop the attack. Then you wait for the SlashDot article about the DOS attack to get a few sheep to "invest" and drive up the price.
Or for the attacker who plans ahead, sell short, launch DOS attack, when the drop starts to slow - cover, wait for transaction to really clear and stop attack. PROFIT! Wait for awhile, rinse repeat until enough Profit is realized or you destroy BTC.
There are a number of "virtual currencies" you can do this with. I'll bet they all get hit the same way soon.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
This isn't a "government conspiracy" sending out bogus transactions. It's some jerk.
If you need to sell Bitcoins right now, Coinbase and Kraken are still up and running. Bitstamp is off line, and Mt. Gox is, as usual, screwed up. Mt. Gox hasn't paid out US dollars since June 2013. Whether they are incompetent, broke, or crooked is a subject of considerable speculation.
There's a technical fix in the works, but it will have the annoying side effect that when you spend Bitcoins in your own wallet, some Bitcoins you are not spending will be tied up for an hour or so. Bitcoin wallets don't really have an "account balance". What they have is a collection of items of different values. When you spend Bitcoins, the wallet software tries to put together a set of items that's over the value to be spent, with one output to the recipient and one output ("change") sent back to you.
Until now, you could can spend that "change" immediately, even though the distributed network hadn't yet confirmed it. It looks like that will be disallowed, and only confirmed items will be usable. The way this looks to the user with a wallet program is that you have a "Balance" and an "Unconfirmed" amount. Soon, when you spend, the "Unconfirmed" amount (which you can't spend) will go up for a while, then go to zero when the network catches up. Bitcoin is a distributed "consistent eventually" system. "Eventually" is about an hour. Longer during busy periods. (That's the next Bitcoin problem. The whole network has a limit of about 7 transactions per second. A few times in 2013, that limit was hit.)
Expect everyone except Mt. Gox to have this straightened out in a few days.
It's not just the exchanges that have to have confidence behind them. The exchange (or, at least, some Bitcoin owner out there) has to have confidence in the short seller as well. This is because the short seller borrows BTC to sell on the exchange. The short seller is then expected at some point to pay back the lender in BTC to cover the loan. Because of the additional routes for anonymity that Bitcoin provides, the short seller could abscond with the non-BTC currency as long as they can launder it, leaving the lender high and dry.
As you noted, regulations, law enforcement, and substantial recordkeeping on the part of brokerages keep this from being particularly successful in normal equities trading. If nothing else, a brokerage might require a short seller to keep cash on hand sufficient to cover the short sale, and then call in the debt if it looks like their cash on hand is coming close to being insufficient to cover. (Some brokerages let you use a margin account for this as well, if you have good credit.) The short seller would then be unable to run off with the cash because the brokerage would not release the funds until the short sale is covered. This is a solution that some Bitcoin exchanges might have problems with, because they would be keeping government-issued cash on hand in a customer account as well as BTC, which opens up several other cans of worms.
Selection bias much?
So was the idea of the stars telling us our future.
So was the idea of transmutation via magic spells and elixirs.
So was the idea of curing cancer by eating baking soda.
Sorry, dude, but some ideas are fucking retarded in hindsight, the present, and in the future.
That limit is set by the finite size of a transaction (~ 250 bytes), and the hard limit of 1 MB per block in the block chain. Thus you can fit 4,000 transactions/block. Blocks are generated every 10 minutes (600 seconds) on average, thus ~7 per second.
The block size limit is intended to not overwhelm average PC's running a full bitcoin client (i.e. a node on the bitcoin network). There are several ways to deal with this limit. One is simply to gradually increase it, and migrate from user PC's to a distributed network of servers with more processing capacity. Another is "off chain transactions". For example, Coinbase.com has both 940,000 consumer wallets and 23,000 merchant accounts. So if a Coinbase user shops at a Coinbase merchant, the transfer is internal to their books, and does not need to hit the network. Eventually other aggregators can bundle up multiple user transactions and send it on the public block chain as a single large transaction to another aggregator. The details of who gets what amount can travel as a separate data file between them.
That's pretty much what happens in the traditional banking system. Banks settle up with each other once a day at a clearing house (usually the district Federal Reserve Bank). They add up all the day's checks going between a pair of banks, and then one of them pays the other the net difference. The actual payment goes across a private payment network (FEDwire) that only financial institutions have access to. In the old days, they had to swap piles of physical checks at the clearing house. With modern debit cards and electronic payments, it goes through an "Automated Clearing House" (ACH) which tallies up the amounts, but it is the same idea - lots of small transactions aggregated into one big daily clearing of the net balance between banks.
I'm not the above poster, but I find the idea of getting on board with an obvious pyramid scheme retarded. If you are not one of the original perpetrators you are probably just going to get sucked dry for their benefit unless you are lucky enough to come yo your senses and bail out early.