Bitcoin Trading Platform Announces Huge Downtime Following Cyber-Attack (softpedia.com)

← Back to Stories (view on slashdot.org)

Bitcoin Trading Platform Announces Huge Downtime Following Cyber-Attack (softpedia.com)

Posted by timothy on Sunday March 20, 2016 @07:17AM from the bank-holiday dept.

An anonymous reader writes: BitQuick, a US-based Bitcoin trader has announced that it will shut down its platform for up to 2 to 4 weeks following a cyber-attack this week. The platform took this step because it has not yet identified how the hackers infiltrated their systems. It is unusual for companies to take down their systems for weeks, but after the recent Cryptsy and LoanBase hacks, the company is not willing to lose millions of dollars worth of Bitcoin. BitQuick announced clients of the incident, and 97% already withdrew their funds from the platform.

51 comments

Min score:

Reason:

Sort:

again? by softnewsit · 2016-03-20 07:19 · Score: 0

another day... another bitcoin heist...

--
Go away!
1. Re:again? by Tokolosh · 2016-03-20 08:23 · Score: 1
  
  Meanwhile...
  https://next.ft.com/content/39...
  http://bfy.tw/4qlU
  
  --
  Prove anything by multiplying Huge Number times Tiny Number
2. Re:again? by Anonymous Coward · 2016-03-20 12:11 · Score: 1
  
  So much for bitcoin being "secure"
3. Re:again? by Anonymous Coward · 2016-03-20 19:21 · Score: 0
  
  Another day, another person on the internet regrets not buying when it was about $1 per BTC. Shit, I printed almost 200 of the things on a core2duo back in the day. Feels good man. Shame for people late to the ride.
4. Re:again? by Anonymous Coward · 2016-03-21 07:15 · Score: 0
  
  Um, Bitcoin != web services.
  Online banks and trading sites have the same issue. Also, ever heard of identity theft, credit card skimming, fraud, and so on, and how much money the banking industry regularly loses to that? Or steals from us? How about banks making customers pay for the privilege of lending the bank their money. If you are from the US, the only reason people trust the banks at all is because of FDIC. Otherwise many more people would prefer holding cash or commodities. If you are half-way intelligent, holding Bitcoin can be much safer and easier than holding cash or gold (as examples). It is certainly easier than storing barrels of oil or sheep.
  It is all about implementation and the market is immature. If/when Bitcoin is worth enough and accepted enough to warrant a look at by the big guys, the implementations will also become more serious. Right now its market cap is a very small blip, mostly not worth looking at. It is a catch-22 in that there need to be implementations for it to be accepted, but there needs to be acceptance for it to be valued enough to warrant better implementations.
  Buy Bitcoin, use and hold if you think it will succeed. Its value will be incredible. Otherwise its value will be nothing. Don't invest more than you can lose, and so on. I really don't think there will be any middle ground in there.
5. Re: again? by Anonymous Coward · 2016-03-21 08:14 · Score: 0
  
  The funny part will be when they regret themselves all over again. It's still super early in the game.
Someone's pulling a karpeles by Anonymous Coward · 2016-03-20 08:04 · Score: 0

3% is probably still a lot of coins.
Sounds like they are handling it well by Nkwe · 2016-03-20 08:04 · Score: 5, Insightful

From the article

The company is not yet sure what information the attacker stole, but it's certain that, due to its security system, no Bitcoins were stolen and that the attacker didn't get access to personal user details (driver's licenses, IDs, passports data, etc.) or their email addresses. One day after the attack, the company says it emailed withdrawal instructions to all sellers, that all transactions have been processed, and that only 3% of the money it stored prior to the attack has remained unclaimed.
So they found a breach, shut down everything immediately, made arrangements to refund everyone's "money", actually refunded everyone's money, and are waiting to ensure they can start back up safely.

Sounds pretty professional to me.
1. Re:Sounds like they are handling it well by Anonymous Coward · 2016-03-20 08:12 · Score: 1
  
  I was under the impression that you need to wait at least a year before sending breach notifications if you're a professional organization. Seems to be the standard procedure in the industry.
2. Re:Sounds like they are handling it well by KGIII · 2016-03-20 10:57 · Score: 2
  
  It does sound reasonable and professional. Is it? I'd like to think so.
  At first blush, and compounded with other happenings of late, people are thinking/opining that the cracks in the façade are starting to appear. That's one way to look at it. However, it seems the cracks are being repaired as they appear and are less drastic than many of the naysayers speculated they would be. That is, of course, the least popular way to look at it - especially in these parts where anger, mockery, and indignant outrage are the typical responses to everything. To be fair, that's kind of what we do and have always done.
  
  --
  "So long and thanks for all the fish."
3. Re: Sounds like they are handling it well by Anonymous Coward · 2016-03-20 23:54 · Score: 0
  
  When rand corporation called for attacks on bitcoin networks to help solve the dollar.
  I think the assumption was that those attacks would be successful.....
  Oooooooooppppps
97% has been withdrawn ..by hackers or the owners? by Anonymous Coward · 2016-03-20 08:05 · Score: 0

Is this already clear yet at all?
... while in Wall Street ... by Anonymous Coward · 2016-03-20 08:07 · Score: 1

the heist happens every single micro second ...
Re:No support from developer.... by Anonymous Coward · 2016-03-20 08:25 · Score: 2, Informative

"BitCoins were never convertible to dollars"
You should maybe do some more research on the subject.... What do you think bitcoin exchanges are for? Not only can you *easily* convert bitcoin to dollars.. you can quickly and easily convert it to many currencies all over the world.
So... by fyngyrz · 2016-03-20 08:55 · Score: 1

BitQuick announced clients of the incident
...and so Slashdot's tradition of great editing continues apace.
We're so fortunate. :/

--
I've fallen off your lawn, and I can't get up.
1. Re:So... by Anonymous Coward · 2016-03-20 09:51 · Score: 0
  
  I thought the new owners were going to fire Timothy?
2. Re:So... by KGIII · 2016-03-20 10:49 · Score: 1
  
  You thought wrong. They did not give any indicator that they'd be doing so. In fact, the only official words given about Timothy were, specifically, that he is a "real person" and that he was still there.
  Why would you think that? Nobody official told you that. Nobody with any insider knowledge told you that. Nobody gave any good reasons (that I can think of) to think that. You concocted it in your head or listened to someone else who did. Then, rather than relying on the source of that, decided that it was true. I've no idea why you'd do that but it does say a few things about your reasoning abilities and may say a few things about your intelligence level.
  There have been, literally, zero statements that could even be remotely misinterpreted as indicating an intent to get rid of Timothy. If it seems like I'm biased then, perhaps I am. I am kind of partial to him and I am rather biased against people who are not willing to take the time to verify rumors or to make up stuff in their head and thus think it's true and applicable for everyone else.
  
  --
  "So long and thanks for all the fish."
Bank Insurance for Bitcoin? by supremebob · 2016-03-20 08:59 · Score: 2

After all of these high profile failures of various Bitcoin trading platforms, I'm thinking that Bitcoin really needs some sort of equivalent of FDIC or NCUA bank account insurance for deposits. The mainstream is really going to have trouble accepting Bitcoin as a currency when their account balances can magically disappear overnight with no legal recourse.
1. Re:Bank Insurance for Bitcoin? by The+New+Guy+2.0 · 2016-03-20 09:25 · Score: 2
  
  FDIC/NCUA requires that the banks know who they have deposits from and gave loans to, and BitCoin is designed to be anonymous. Lost BitCoins are like lost cash, and exchanges not lasting long prove how illiquid this "currency" is.
2. Re: Bank Insurance for Bitcoin? by Anonymous Coward · 2016-03-20 09:56 · Score: 0
  
  Oh please. In the real world, mainstream doesn't know what FDIC is nor do they give a fuck about it. People aren't putting their government checks into the bank. They spend then at the liquor store, their weed dealer, and mcdonalds. Until those entities accept bitcoin (bunkcoin), it isn't going to catch on with mainstream.
3. Re:Bank Insurance for Bitcoin? by Anonymous Coward · 2016-03-20 09:56 · Score: 0
  
  " BitCoin is designed to be anonymous" no it is not.
4. Re:Bank Insurance for Bitcoin? by wbr1 · 2016-03-20 10:56 · Score: 2
  
  FDIC/NCUA requires that the banks know who they have deposits from and gave loans to, and BitCoin is designed to be anonymous. Lost BitCoins are like lost cash, and exchanges not lasting long prove how illiquid this "currency" is.
  Bitcoin is NOT designed to be anonymous. It is psuedonymous. Why do people stick to this?
  I am not a miner nor a speculator. I am interested in cryptocurrencies because I think they -could- fundamentally change how economies work.
  Bitcoin stores details of every transaction forever. That is what the blockchain does! This puts all transactions out in the open for analysis. Sure you can mix between a billion wallets, but how long before someone detangles the block chain and sees that the guy who bout 2 kilos of coke also used the same wallet to buy his daughter a barbie powerwheels?
  If we wanted to have insured bitcoins we could, you would give up your pseudoanonumty though to do so.
  
  --
  Silence is a state of mime.
5. Re:Bank Insurance for Bitcoin? by KGIII · 2016-03-20 11:04 · Score: 1
  
  This is the second time, in one thread, you've made some very backwards statements about BTC. BTC is not anonymous and was never intended to be. Your ID can be obfuscated, to some extent, but it is not (nor has it ever been) anonymous. Why would you think so?
  I mean that as a question. I'd really like an answer. Who told you it was anonymous or even meant to be? Why did you listen to them? Did you check their credentials? Did you bother to look for yourself?
  I do not use BTC. I do not own any BTC. I have problems with BTC (nothing major) and I did mine some but those were donated to EFF after I'd forgotten I had done so and some kind soul reminded me that they existed and had gained a lot of value. I had 48 of 'em and donated 'em to EFF when they were a bit over $600 each so it's nice that I was reminded.
  At any rate, why would you think they're anonymous? Nobody has ever suggested they are - at least nobody that knows anything about them. By their very nature, they're tracked, that's what the block-chain does. Up above, you said that they were not only not exchangeable for cash but that they never would be. That's just silly talk. Why the hell would you believe that or state that?
  
  --
  "So long and thanks for all the fish."
6. Re:Bank Insurance for Bitcoin? by Anonymous Coward · 2016-03-20 13:39 · Score: 0
  
  Because the distinction between anonymous and psuedonymous is a meaningless distinction that gets trotted out with the same self-satisfied smug expression as anyone who delights in pointing out that "technically north and south korea are still at war" whenever any discussion goes on about that region.
7. Re:Bank Insurance for Bitcoin? by witherstaff · 2016-03-20 13:43 · Score: 2
  
  New York state set some rules for Bitcoin Exchanges that are being used by all the major bitcoin companies. Bitcoin exchanges, which allow people to store bitcoin on their servers, and/or can convert to USD, need all the same information on users that a bank does. They also have reporting to do. A few of the big ones have their own insurance.
  
  Of course a user doesn't need to use an exchange. A user can easily use one of the many wallets that don't have a central company keeping everything for you. You can use bitcoin without any other company involved, no way for a high profile hacking, etc.
  
  A few sloppy companies messed up
8. Re:Bank Insurance for Bitcoin? by ArsenneLupin · 2016-03-21 03:28 · Score: 1
  
  Because the distinction between anonymous and psuedonymous is a meaningless distinction that gets trotted out
  If you don't understand these words, they are indeed meaningless to you, but that doesn't mean they're meaningless for everybody.
  Anonymous: no identity whatsoever attached to a transaction => they are fully untraceable
  Pseudonymous: an "identity" is attached to the transaction, but this "identity" is not the real name of the person. However, this identity allows to see (given some amount of effort) which transactions belong together and were executed for the same "economic beneficiary". And if even one of these transactions leads to the "economic beneficiary's address or civil name, then his civil name can be attached to all of them.
9. Re:Bank Insurance for Bitcoin? by JesseMcDonald · 2016-03-21 10:07 · Score: 1
  
  However, this identity allows to see (given some amount of effort) which transactions belong together and were executed for the same "economic beneficiary".
  Only if by "economic beneficiary" you mean a single Bitcoin address, and not an actual person. Reusing addresses is, of course, already considered poor security practice. If your pseudonymous identity is only attached to a single transaction, you might as well be anonymous. There is no real difference between "ephemeral identity used exactly once" and "no identity".
  
  --
  "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
10. Re:Bank Insurance for Bitcoin? by ArsenneLupin · 2016-03-21 10:23 · Score: 1
  
  Only if by "economic beneficiary" you mean a single Bitcoin address, and not an actual person.
  "economic beneficiary" is bank-speak for "person who really is behind a given account" (rather than the straw man or shell company's officer who showed up at the branch to open the account).
  
  Reusing addresses is, of course, already considered poor security practice.
  But people do make errors. Especially when trying to operate for a continued period of time.
  
  If your pseudonymous identity is only attached to a single transaction, you might as well be anonymous. There is no real difference between "ephemeral identity used exactly once" and "no identity".
  Except of course, that this ephemeral identity is used at least twice. Indeed, before being able to spend money from a wallet, you must first put money into that wallet, and there's your second transaction. Done from another wallet, which also had at least 2 transactions. Following the trail, eventually you get to a wallet having done much more than 2 transactions, and from there you can draw conclusions...
  (Ok, theoretically you could spend the proceeds of mining, but I somehow doubt that many potheads buying from the silk road are miners...)
11. Re:Bank Insurance for Bitcoin? by JesseMcDonald · 2016-03-22 03:21 · Score: 1
  
  "economic beneficiary" is bank-speak for "person who really is behind a given account" (rather than the straw man or shell company's officer who showed up at the branch to open the account).
  That's that I thought it meant, but the Bitcoin blockchain doesn't provide that information. It only includes Bitcoin addresses, which are generally ephemeral and used only for a single transaction output.
  
  Except of course, that this ephemeral identity is used at least twice. Indeed, before being able to spend money from a wallet, you must first put money into that wallet, and there's your second transaction. Done from another wallet, which also had at least 2 transactions.
  I assume that by "wallet" you actually mean "Bitcoin address", since a "wallet" is really just a collection of addresses and there is no way to observe which addresses make up a single wallet just by observing the blockchain.
  I would count that as one use, not two, since the address is associated with a single transaction output. The output does appear in two transactions, first as an output and then as an input when it is spent, so you can observe the funds being transferred between different addresses. This suggests that the source and destination addresses are related somehow (barring automatic mixing protocols like CoinJoin), but full anonymity of the participants would not preclude traffic analysis either, so I do not see this as an argument against anonymity.
  
  Following the trail, eventually you get to a wallet having done much more than 2 transactions, and from there you can draw conclusions...
  This once again assumes that someone is reusing addresses, contrary to best practices. Moreover, this "transaction nexus" probably doesn't represent the same "economic beneficiary" as the other transactions. More likely it's a merchant, exchange service, or mining pool interacting with many otherwise-unrelated accounts. Even if you identify who this entity is in the real world, they may not be willing (or able) to tell you anything about the other addresses.
  
  --
  "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
Cringe.. by Anonymous Coward · 2016-03-20 09:07 · Score: 0

They got bit.
LOL, fer sure by JustAnotherOldGuy · 2016-03-20 09:17 · Score: 1

Can you imagine this news article?
"Bank Of America, a US-based banking conglomerate has announced that it will shut down its banks and all operations for up to 2 to 4 weeks following a cyber-attack this week. The bank took this step because it has not yet identified how the hackers infiltrated their systems."
No, of course not. And this is reason #67,866,371, 485 why I won't mess around with bitcoins. Banks can't get away with this kind of nonsense, but Bitcoin? Sure, why not?
Yeah, see, you don't really need your money for the next couple of weeks. That's why Bitcoins are so much better than everything else in the world, d00d, because they're always available no matter what (except when they're not), and umm, err, wait, they're safer than umm, err, wait...

--
Just cruising through this digital world at 33 1/3 rpm...
1. Re:LOL, fer sure by Anonymous Coward · 2016-03-20 09:47 · Score: 0
  
  I've always figured that someone using Bitcoin is a sign of lesser intelligence.
2. Re:LOL, fer sure by Holi · 2016-03-20 09:59 · Score: 2
  
  We shut down trading on the stock market or on individual stocks when necessary for various reasons, how is this any different?
  
  --
  Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
3. Re:LOL, fer sure by Anonymous Coward · 2016-03-20 10:02 · Score: 1
  
  The vegans of IT.
4. Re:LOL, fer sure by JustAnotherOldGuy · 2016-03-20 10:57 · Score: 0
  
  We shut down trading on the stock market or on individual stocks when necessary for various reasons, how is this any different?
  When was the last time the Stock Market was closed for a month because they'd had a break in and they couldn't figure out how the perpetrators did it?
  Answer: That would be "never".
  So, yeah, there's your difference.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
5. Re:LOL, fer sure by jandrese · 2016-03-20 13:47 · Score: 1
  
  Nah, BoA would just let them drain your account and then blame you for trusting their security.
  
  --
  
  I read the internet for the articles.
6. Re:LOL, fer sure by golgotha007 · 2016-03-20 16:11 · Score: 1
  
  >>Can you imagine this news article?
  You really don't know anything about using bitcoins, do you?
  Instead of this reply, I wish I had modpoints to mark you "-1 Clueless".
7. Re: LOL, fer sure by Anonymous Coward · 2016-03-21 00:01 · Score: 0
  
  The folks who run the stock market have nearly infinite resources. These folks don't. There's your difference.
8. Re:LOL, fer sure by JustAnotherOldGuy · 2016-03-21 03:41 · Score: 1
  
  Can you imagine this news article?
  You really don't know anything about using bitcoins, do you?
  I know enough to stay the fuck away from them and not pour my money down a digital toilet.
  -
  
  Instead of this reply, I wish I had modpoints to mark you "-1 Clueless".
  Well then you must be feeling very frustrated and unhappy right about now. :)
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
"2 to 4 weeks" by Anonymous Coward · 2016-03-20 09:22 · Score: 0

...actually means forever. The only thing left to do is to "account" for what assets remain whose disappearance will be hard to blame on theft. What a scam.
1. Re:"2 to 4 weeks" by Anonymous Coward · 2016-03-20 09:42 · Score: 1
  
  nothing was stolen, read the article, the attack was detected just in time
Re:97% has been withdrawn ..by hackers or the owne by Anonymous Coward · 2016-03-20 09:39 · Score: 0

no funds were stolen... the attack was stopped in time...bitquick told clients, and most emptied out their accounts, except 3%
Waves good bye.. by wbr1 · 2016-03-20 10:52 · Score: 0

See subject...

--
Silence is a state of mime.
Re:No support from developer.... by witherstaff · 2016-03-20 13:34 · Score: 2

Totally wrong. The original blocks mined by satoshi are still sitting there untouched. It'd be major news if they were moved. This exchange is not one of the big ones. It'd be like some online webstore being hacked and claiming ecommerce is done with. There are arbitration services for bitcoin if both parties want to pay the fee. If you use some of the large pre-made bitcoin shopping cart systems tied to exchanges they also have ways to handle bad business practices. Bitcoin companies have done a lot to make it a viable payment system. Also when banks do fail and/or freeze accounts, like in Cyprus, or Greece, bitcoin works fine.
Props for being solvent by Anonymous Coward · 2016-03-20 13:37 · Score: 0

The real story here is that the exchange actually -had- the bitcoins for those 97% who withdrew.
Usually when something like this happens, you find the founders have run off with the bitcoins (or 'lost' them in a 'cyberheist' that reeks of being an inside job)
Mostly that it is 2-4 weeks by Sycraft-fu · 2016-03-20 14:34 · Score: 0

A stock market shutdown happens for part of a day, triggered by well defined events.
Amount of time matters.
Uh oh. 97%? by Anonymous Coward · 2016-03-20 22:13 · Score: 0

BitQuick notified["announced"] clients of the incident, and 97% already withdrew their funds from the platform.
Let's hope that those withdrawals were actually done by clients. 97% is a suspiciously high percentage for the "I could still do this tomorrow if I wanted to" populace.