Bitcoin Trading Platform Announces Huge Downtime Following Cyber-Attack (softpedia.com)

← Back to Stories (view on slashdot.org)

Bitcoin Trading Platform Announces Huge Downtime Following Cyber-Attack (softpedia.com)

Posted by timothy on Sunday March 20, 2016 @07:17AM from the bank-holiday dept.

An anonymous reader writes: BitQuick, a US-based Bitcoin trader has announced that it will shut down its platform for up to 2 to 4 weeks following a cyber-attack this week. The platform took this step because it has not yet identified how the hackers infiltrated their systems. It is unusual for companies to take down their systems for weeks, but after the recent Cryptsy and LoanBase hacks, the company is not willing to lose millions of dollars worth of Bitcoin. BitQuick announced clients of the incident, and 97% already withdrew their funds from the platform.

26 of 51 comments (clear)

Min score:

Reason:

Sort:

Sounds like they are handling it well by Nkwe · 2016-03-20 08:04 · Score: 5, Insightful

From the article

The company is not yet sure what information the attacker stole, but it's certain that, due to its security system, no Bitcoins were stolen and that the attacker didn't get access to personal user details (driver's licenses, IDs, passports data, etc.) or their email addresses. One day after the attack, the company says it emailed withdrawal instructions to all sellers, that all transactions have been processed, and that only 3% of the money it stored prior to the attack has remained unclaimed.
So they found a breach, shut down everything immediately, made arrangements to refund everyone's "money", actually refunded everyone's money, and are waiting to ensure they can start back up safely.

Sounds pretty professional to me.
1. Re:Sounds like they are handling it well by Anonymous Coward · 2016-03-20 08:12 · Score: 1
  
  I was under the impression that you need to wait at least a year before sending breach notifications if you're a professional organization. Seems to be the standard procedure in the industry.
2. Re:Sounds like they are handling it well by KGIII · 2016-03-20 10:57 · Score: 2
  
  It does sound reasonable and professional. Is it? I'd like to think so.
  At first blush, and compounded with other happenings of late, people are thinking/opining that the cracks in the façade are starting to appear. That's one way to look at it. However, it seems the cracks are being repaired as they appear and are less drastic than many of the naysayers speculated they would be. That is, of course, the least popular way to look at it - especially in these parts where anger, mockery, and indignant outrage are the typical responses to everything. To be fair, that's kind of what we do and have always done.
  
  --
  "So long and thanks for all the fish."
... while in Wall Street ... by Anonymous Coward · 2016-03-20 08:07 · Score: 1

the heist happens every single micro second ...
Re:again? by Tokolosh · 2016-03-20 08:23 · Score: 1

Meanwhile...
https://next.ft.com/content/39...
http://bfy.tw/4qlU

--
Prove anything by multiplying Huge Number times Tiny Number
Re:No support from developer.... by Anonymous Coward · 2016-03-20 08:25 · Score: 2, Informative

"BitCoins were never convertible to dollars"
You should maybe do some more research on the subject.... What do you think bitcoin exchanges are for? Not only can you *easily* convert bitcoin to dollars.. you can quickly and easily convert it to many currencies all over the world.
So... by fyngyrz · 2016-03-20 08:55 · Score: 1

BitQuick announced clients of the incident
...and so Slashdot's tradition of great editing continues apace.
We're so fortunate. :/

--
I've fallen off your lawn, and I can't get up.
1. Re:So... by KGIII · 2016-03-20 10:49 · Score: 1
  
  You thought wrong. They did not give any indicator that they'd be doing so. In fact, the only official words given about Timothy were, specifically, that he is a "real person" and that he was still there.
  Why would you think that? Nobody official told you that. Nobody with any insider knowledge told you that. Nobody gave any good reasons (that I can think of) to think that. You concocted it in your head or listened to someone else who did. Then, rather than relying on the source of that, decided that it was true. I've no idea why you'd do that but it does say a few things about your reasoning abilities and may say a few things about your intelligence level.
  There have been, literally, zero statements that could even be remotely misinterpreted as indicating an intent to get rid of Timothy. If it seems like I'm biased then, perhaps I am. I am kind of partial to him and I am rather biased against people who are not willing to take the time to verify rumors or to make up stuff in their head and thus think it's true and applicable for everyone else.
  
  --
  "So long and thanks for all the fish."
Bank Insurance for Bitcoin? by supremebob · 2016-03-20 08:59 · Score: 2

After all of these high profile failures of various Bitcoin trading platforms, I'm thinking that Bitcoin really needs some sort of equivalent of FDIC or NCUA bank account insurance for deposits. The mainstream is really going to have trouble accepting Bitcoin as a currency when their account balances can magically disappear overnight with no legal recourse.
1. Re:Bank Insurance for Bitcoin? by The+New+Guy+2.0 · 2016-03-20 09:25 · Score: 2
  
  FDIC/NCUA requires that the banks know who they have deposits from and gave loans to, and BitCoin is designed to be anonymous. Lost BitCoins are like lost cash, and exchanges not lasting long prove how illiquid this "currency" is.
2. Re:Bank Insurance for Bitcoin? by wbr1 · 2016-03-20 10:56 · Score: 2
  
  FDIC/NCUA requires that the banks know who they have deposits from and gave loans to, and BitCoin is designed to be anonymous. Lost BitCoins are like lost cash, and exchanges not lasting long prove how illiquid this "currency" is.
  Bitcoin is NOT designed to be anonymous. It is psuedonymous. Why do people stick to this?
  I am not a miner nor a speculator. I am interested in cryptocurrencies because I think they -could- fundamentally change how economies work.
  Bitcoin stores details of every transaction forever. That is what the blockchain does! This puts all transactions out in the open for analysis. Sure you can mix between a billion wallets, but how long before someone detangles the block chain and sees that the guy who bout 2 kilos of coke also used the same wallet to buy his daughter a barbie powerwheels?
  If we wanted to have insured bitcoins we could, you would give up your pseudoanonumty though to do so.
  
  --
  Silence is a state of mime.
3. Re:Bank Insurance for Bitcoin? by KGIII · 2016-03-20 11:04 · Score: 1
  
  This is the second time, in one thread, you've made some very backwards statements about BTC. BTC is not anonymous and was never intended to be. Your ID can be obfuscated, to some extent, but it is not (nor has it ever been) anonymous. Why would you think so?
  I mean that as a question. I'd really like an answer. Who told you it was anonymous or even meant to be? Why did you listen to them? Did you check their credentials? Did you bother to look for yourself?
  I do not use BTC. I do not own any BTC. I have problems with BTC (nothing major) and I did mine some but those were donated to EFF after I'd forgotten I had done so and some kind soul reminded me that they existed and had gained a lot of value. I had 48 of 'em and donated 'em to EFF when they were a bit over $600 each so it's nice that I was reminded.
  At any rate, why would you think they're anonymous? Nobody has ever suggested they are - at least nobody that knows anything about them. By their very nature, they're tracked, that's what the block-chain does. Up above, you said that they were not only not exchangeable for cash but that they never would be. That's just silly talk. Why the hell would you believe that or state that?
  
  --
  "So long and thanks for all the fish."
4. Re:Bank Insurance for Bitcoin? by witherstaff · 2016-03-20 13:43 · Score: 2
  
  New York state set some rules for Bitcoin Exchanges that are being used by all the major bitcoin companies. Bitcoin exchanges, which allow people to store bitcoin on their servers, and/or can convert to USD, need all the same information on users that a bank does. They also have reporting to do. A few of the big ones have their own insurance.
  
  Of course a user doesn't need to use an exchange. A user can easily use one of the many wallets that don't have a central company keeping everything for you. You can use bitcoin without any other company involved, no way for a high profile hacking, etc.
  
  A few sloppy companies messed up
5. Re:Bank Insurance for Bitcoin? by ArsenneLupin · 2016-03-21 03:28 · Score: 1
  
  Because the distinction between anonymous and psuedonymous is a meaningless distinction that gets trotted out
  If you don't understand these words, they are indeed meaningless to you, but that doesn't mean they're meaningless for everybody.
  Anonymous: no identity whatsoever attached to a transaction => they are fully untraceable
  Pseudonymous: an "identity" is attached to the transaction, but this "identity" is not the real name of the person. However, this identity allows to see (given some amount of effort) which transactions belong together and were executed for the same "economic beneficiary". And if even one of these transactions leads to the "economic beneficiary's address or civil name, then his civil name can be attached to all of them.
6. Re:Bank Insurance for Bitcoin? by JesseMcDonald · 2016-03-21 10:07 · Score: 1
  
  However, this identity allows to see (given some amount of effort) which transactions belong together and were executed for the same "economic beneficiary".
  Only if by "economic beneficiary" you mean a single Bitcoin address, and not an actual person. Reusing addresses is, of course, already considered poor security practice. If your pseudonymous identity is only attached to a single transaction, you might as well be anonymous. There is no real difference between "ephemeral identity used exactly once" and "no identity".
  
  --
  "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
7. Re:Bank Insurance for Bitcoin? by ArsenneLupin · 2016-03-21 10:23 · Score: 1
  
  Only if by "economic beneficiary" you mean a single Bitcoin address, and not an actual person.
  "economic beneficiary" is bank-speak for "person who really is behind a given account" (rather than the straw man or shell company's officer who showed up at the branch to open the account).
  
  Reusing addresses is, of course, already considered poor security practice.
  But people do make errors. Especially when trying to operate for a continued period of time.
  
  If your pseudonymous identity is only attached to a single transaction, you might as well be anonymous. There is no real difference between "ephemeral identity used exactly once" and "no identity".
  Except of course, that this ephemeral identity is used at least twice. Indeed, before being able to spend money from a wallet, you must first put money into that wallet, and there's your second transaction. Done from another wallet, which also had at least 2 transactions. Following the trail, eventually you get to a wallet having done much more than 2 transactions, and from there you can draw conclusions...
  (Ok, theoretically you could spend the proceeds of mining, but I somehow doubt that many potheads buying from the silk road are miners...)
8. Re:Bank Insurance for Bitcoin? by JesseMcDonald · 2016-03-22 03:21 · Score: 1
  
  "economic beneficiary" is bank-speak for "person who really is behind a given account" (rather than the straw man or shell company's officer who showed up at the branch to open the account).
  That's that I thought it meant, but the Bitcoin blockchain doesn't provide that information. It only includes Bitcoin addresses, which are generally ephemeral and used only for a single transaction output.
  
  Except of course, that this ephemeral identity is used at least twice. Indeed, before being able to spend money from a wallet, you must first put money into that wallet, and there's your second transaction. Done from another wallet, which also had at least 2 transactions.
  I assume that by "wallet" you actually mean "Bitcoin address", since a "wallet" is really just a collection of addresses and there is no way to observe which addresses make up a single wallet just by observing the blockchain.
  I would count that as one use, not two, since the address is associated with a single transaction output. The output does appear in two transactions, first as an output and then as an input when it is spent, so you can observe the funds being transferred between different addresses. This suggests that the source and destination addresses are related somehow (barring automatic mixing protocols like CoinJoin), but full anonymity of the participants would not preclude traffic analysis either, so I do not see this as an argument against anonymity.
  
  Following the trail, eventually you get to a wallet having done much more than 2 transactions, and from there you can draw conclusions...
  This once again assumes that someone is reusing addresses, contrary to best practices. Moreover, this "transaction nexus" probably doesn't represent the same "economic beneficiary" as the other transactions. More likely it's a merchant, exchange service, or mining pool interacting with many otherwise-unrelated accounts. Even if you identify who this entity is in the real world, they may not be willing (or able) to tell you anything about the other addresses.
  
  --
  "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
LOL, fer sure by JustAnotherOldGuy · 2016-03-20 09:17 · Score: 1

Can you imagine this news article?
"Bank Of America, a US-based banking conglomerate has announced that it will shut down its banks and all operations for up to 2 to 4 weeks following a cyber-attack this week. The bank took this step because it has not yet identified how the hackers infiltrated their systems."
No, of course not. And this is reason #67,866,371, 485 why I won't mess around with bitcoins. Banks can't get away with this kind of nonsense, but Bitcoin? Sure, why not?
Yeah, see, you don't really need your money for the next couple of weeks. That's why Bitcoins are so much better than everything else in the world, d00d, because they're always available no matter what (except when they're not), and umm, err, wait, they're safer than umm, err, wait...

--
Just cruising through this digital world at 33 1/3 rpm...
1. Re:LOL, fer sure by Holi · 2016-03-20 09:59 · Score: 2
  
  We shut down trading on the stock market or on individual stocks when necessary for various reasons, how is this any different?
  
  --
  Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
2. Re:LOL, fer sure by Anonymous Coward · 2016-03-20 10:02 · Score: 1
  
  The vegans of IT.
3. Re:LOL, fer sure by jandrese · 2016-03-20 13:47 · Score: 1
  
  Nah, BoA would just let them drain your account and then blame you for trusting their security.
  
  --
  
  I read the internet for the articles.
4. Re:LOL, fer sure by golgotha007 · 2016-03-20 16:11 · Score: 1
  
  >>Can you imagine this news article?
  You really don't know anything about using bitcoins, do you?
  Instead of this reply, I wish I had modpoints to mark you "-1 Clueless".
5. Re:LOL, fer sure by JustAnotherOldGuy · 2016-03-21 03:41 · Score: 1
  
  Can you imagine this news article?
  You really don't know anything about using bitcoins, do you?
  I know enough to stay the fuck away from them and not pour my money down a digital toilet.
  -
  
  Instead of this reply, I wish I had modpoints to mark you "-1 Clueless".
  Well then you must be feeling very frustrated and unhappy right about now. :)
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
Re:"2 to 4 weeks" by Anonymous Coward · 2016-03-20 09:42 · Score: 1

nothing was stolen, read the article, the attack was detected just in time
Re:again? by Anonymous Coward · 2016-03-20 12:11 · Score: 1

So much for bitcoin being "secure"
Re:No support from developer.... by witherstaff · 2016-03-20 13:34 · Score: 2

Totally wrong. The original blocks mined by satoshi are still sitting there untouched. It'd be major news if they were moved. This exchange is not one of the big ones. It'd be like some online webstore being hacked and claiming ecommerce is done with. There are arbitration services for bitcoin if both parties want to pay the fee. If you use some of the large pre-made bitcoin shopping cart systems tied to exchanges they also have ways to handle bad business practices. Bitcoin companies have done a lot to make it a viable payment system. Also when banks do fail and/or freeze accounts, like in Cyprus, or Greece, bitcoin works fine.