Bitcoin Exchange Bitfinex Says It Was Hacked, Roughly $60M Stolen

An anonymous reader quotes a report from Reuters: Hong Kong-based digital currency exchange Bitfinex said late on Tuesday it has suspended trading on its exchange after it discovered a security breach, according to a company statement on its website. The company said it has also suspended deposits and withdrawals of digital currencies from the exchange. "We are investigating the breach to determine what happened, but we know that some of our users have had their bitcoins stolen," the company said. "We are undertaking a review to determine which users have been affected by the breach. While we conduct this initial investigation and secure our environment, bitfinex.com will be taken down and the maintenance page will be left up." The company said it has reported the theft to law enforcement. It said it has not yet determined the value of digital currencies stolen from customer accounts. CoinDesk reports that the company confirmed roughly 120,000 BTC (more than $60 million) has been stolen via social media. "In response, bitcoin prices fell to $560.16 by 19:30 UTC, $530 by 23:30 and $480 at press time, CoinDesk USD Bitcoin Price Index (BPI) data reveals," reports CoinDesk. "This price was roughly 20% lower than the day's opening of $607.37 and 27% below the high of $658.28 reached on Saturday, July 30th, when the digital currency began pushing lower."

We were hacked, honest

[Fwipp]

I feel like I've heard this story before, from other BitCoin exchanges. I'm sure these guys are super honest and trustworthy, though.

Re:We were hacked, honest

Why are you being assumptive? One story from 6 months ago does not affect this one unless they're related, and so far the only relation is the coin medium. You provide no missing link, just a dull half-guess.

Re:We were hacked, honest

[murdocj]

Yes, it was a hack, just like when a pro athlete sends out an inappropriate picture because their twitter was hacked.

Re:We were hacked, honest

[JustAnotherOldGuy]

I feel like I've heard this story before, from other BitCoin exchanges. I'm sure these guys are super honest and trustworthy, though.

Bitcoin exchanges seem to be hacked on a regular basis. Whether it's a genuine hack or insider funny-business hardly matters at this point. The take-away is that Bitcoin exchanges just aren't a safe place to keep your virtual money, which means there doesn't seem to be a safe place to store virtual money.

Yes yes, I know, "but banks get robbed every day!" the Bitcoin enthusiasts will say.

And that's true, but when a bank gets robbed you don't lose your money. This, to me, is what keeps me away from doing anything with Bitcoin (or any other virtual currency, for that matter). Go ahead, rob my bank. I won't lose any money. When Bitcoin reaches that level of security, then I'll consider it as a viable medium of exchange.

Re:We were hacked, honest

[chris2net23]

I've never lost any BitCoins. People are just stupid. Stop handing your BitCoins over to third parties. This isn't an issue with BitCoins. It's an issue with stupid. I store my BitCoins on *MY* computer. Not someone else's computer. I have some control over the level of security I wish to maintain. Now I don't run Apple's OS X or Microsoft's Windows OS so it's not like I am taking a big risk here. It's not that you can't compromise GNU/Linux... but the reality is I don't install random software on my computer either. I stick to which has been evaluated by the experts and is properly or semi-properly maintained.

Re:We were hacked, honest

[Antique+Geekmeister]

> Bitcoin exchanges seem to be hacked on a regular basis.

I'm not sure it's regular. It's definitely frequent, and often by the owners of hte Bitcoin exchange themselves.

Re:We were hacked, honest

[iggymanz]

hope you have robust offisite backups that are secured

The linux kernel and software ecosystem is a bit sloppy from security and maturity perspective, there are better open source OS with better security libraries

Re:We were hacked, honest

[Applehu+Akbar]

Yes, it was a hack, just like when a pro athlete sends out an inappropriate picture because their twitter was hacked.

In the case you're thinking of, today's news is that some porn producer saw the picture and signed the kid up for a contract. This, plus a starring basketball career. Who said there are no more opportunities for today's young people?

Re:We were hacked, honest

[murdocj]

somehow I think Draymond is going to make a little more money playing b-ball than he will in the porn industry. Unless he's got something that no other guy has.

Re:We were hacked, honest

[Frosty+Piss]

I'm not sure it's regular. It's definitely frequent...

That's kind of what "regular" means.

Re:We were hacked, honest

zip up and encrypt (with all the bits and a super complex password) your wallet keys, store the 2kb file on google drive.

Now you have your coins safe; backed up offsite!

Or use one of those memory wallets; that generate the wallet from your password. Use that as your wallet; and you don't need to store anything to "save" your coins. your coins are literally stored in your head.

Re:We were hacked, honest

[Kjella]

Bitcoin exchanges seem to be hacked on a regular basis. Whether it's a genuine hack or insider funny-business hardly matters at this point. The take-away is that Bitcoin exchanges just aren't a safe place to keep your virtual money, which means there doesn't seem to be a safe place to store virtual money.

Since we're already using wallet analogies, would you walk around with your life's savings in your wallet? Do you expect all stores to stop handling cash because you got mugged in a back alley or tricked by a pickpocket? Money you have on exchanges is like money you've taken to the marketplace, it's where you can spend them but you also run a risk of losing them. If you want a secure wallet, create a cold storage wallet and burn it to a CD and put it in a bank vault, then you'll have the security of a bank vault. Just make sure that if you ever need it you access it from a secure device, for example a live CD like Tails to transfer as much as needed to a "hot" wallet. Like putting money in the real wallet we once used to have.

Re:We were hacked, honest

[ASDFnz]

That's kind of what "regular" means.

Not really.

A train that leaves the station at 12:00 every day is regular. If it leaves 7 times a week (at whatever time or day) it departs frequently.

Re:We were hacked, honest

[chris2net23]

I'd agree that there is no completely secure system, but nobody is breaking into GNU/Linux systems en mass. Not of individual users. Targeted attacks maybe. But that's not likely against low-level BitCoin users. These third parties could spend a lot more energy securing there own setups to thwart these attacks too, but they don't.

Re:We were hacked, honest

How do you get your display name to be different than your username?

Re: We were hacked, honest

Sounds convenient /s

Re:We were hacked, honest

seems this story appears quite a few times

Re:We were hacked, honest

and some more

seems this is an epidemic

Re:We were hacked, honest

If I could carry all my life savings in my wallet in as portable, backed up, and password protected way as bitcoins I'd very likely do it. Cash is a lousy analogy. I don't keep my money at a currency exchange either which would be at least an attempt at a reasonable one.

Re:We were hacked, honest

[naughtynaughty]

Yes, really

regular
reylr/
adjective

1. arranged in or constituting a constant or definite pattern, especially with the same space between individual instances.

2. done or happening frequently.

Re:We were hacked, honest

[JustAnotherOldGuy]

Since we're already using wallet analogies, would you walk around with your life's savings in your wallet?

No, I use a bank (several banks, actually) to store my money. That way if the bank gets robbed, I still have my money.

-

If you want a secure wallet, create a cold storage wallet and burn it to a CD and put it in a bank vault, then you'll have the security of a bank vault

I already have a secure wallet- it's called a "bank vault". That's where my "large" money and certain valuables are stored.

-

Just make sure that if you ever need it you access it from a secure device

My "secure device" is a bank vault, backed by the FDIC. Works pretty well, to be honest.

Re:We were hacked, honest

[JustAnotherOldGuy]

I store my BitCoins on *MY* computer.

What if your computer crashes or gets stolen or is destroyed in a fire?

I know what happens to my money if my bank is robbed or hacked or burns down: nothing. Nothing at all.

I'm no fan of banks, but the way things are structured they seem like a pretty safe place to store your money.

Re:We were hacked, honest

[aNonnyMouseCowered]

"hope you have robust offisite backups that are secured

The linux kernel and software ecosystem is a bit sloppy from security and maturity perspective, there are better open source OS with better security libraries"

Maybe you mean offlne not offsite. There's this thing cryptocoiners call paper wallet which stores the crypto keys in printed forms, which are naturally kept offline until the moment you import them into your wallet program by scanning their machine-readable QR codes or if you're incredibly patient manually inputting the alphanumeric codes.

The wallet programs of most if not all Bitcoin-like crypocurrencies are open source so can be ported to ANY operating system that has a compiler/build system built for it, your choice of poison.

Re:We were hacked, honest

[Donwulff]

Stop using BitCoins! If only people weren't using BitCoins for anything, it would be a perfect currency!

Re:We were hacked, honest

Claiming "hack" is code for either "we're the crooks and are absconding with the money" or "we have no clue what really happened and are therefore criminally irresponsible".

Meaning there is no such thing as a "genuine" hack, as it's all shenanigans, starting with flagrant failure to put into words what was really going on.

And yes, banks usually compensate for losses, unless the losses are so big they are bankrupt anyway. That comes out of their bottom line, so they'll jack up fees and you'll end up paying for it anyway. This is also why ATMs are still vulnerable to all sorts of attacks: They figure it's cheaper to stump up for the occasional loss rather than properly secure the things.

Or, if they can get away with it, they'll have the tax payer stump up for the losses, especially the losses they cause themselves. "Bitcoin exchanges" can't do that, so it doesn't happen.

Re:We were hacked, honest

There are problems keeping your money in either bitcoin or banks..

For banks... Look at greece... how many % did they take from everyone's bank-account during their crisis?? Look at Island, i think that some got up to 80% back from what they had in their accounts...

I could save my wallet in a few different places if i wanted..... It depends on how much you have and what security you would need.
- One copy in encrypted form on my laptop.
- One copy in paper form at home.
- One copy in paper form at a friend.
- One copy in paper form in a bank-vault.

Paper-copy can of course be in encrypted form so you would need a password to be able to import it too.

Right now for this wallet i only have a few $100 so it does not require that much security... so i have it in paper-form at home and encrypted form on my PC.

Re:We were hacked, honest

You definitely don't need to use an exchange to use bitcoins. At this point you should definitely assume any exchange is going to blow up soon enough.

Re:We were hacked, honest

[lindseyp]

I'll have a regular coke, please.

Re:We were hacked, honest

[mccalli]

The reason the Greek bank thing is notable is because it's a once in a generation thing, likely longer in fact. The reason this isn't is because Bitcoin appears to be a twice weekly thing...

Re:We were hacked, honest

[horza]

Actually when banks get robbed you can lose your money. It happens all the time. Sometimes you get a portion back, in the UK the government guarantees up to £75,000, or in the case where the Spanish banks where supposed to be holding your money for property investment you get none back. Try looking up what happened to those with their money in the Cyprus and Icelandic banks.

Phillip.

Re:We were hacked, honest

[horza]

Not just the Greeks but people lost their money in Iceland and Cyprus. People get their accounts hacked, card cloned, etc, all the time. Credit card fraud is way more than Bitcoin, and that cost just gets passed onto the bank customer (ie you).

It's amazing that people like JustAnotherOldGuy think banks are still safe. In the UK, anybody that has any sense spreads their money amongst multiple banks keeping under £75,000 (the amount guaranteed by the government) in each one.

For under $1000 I wouldn't even keep a backup more effort than a USB stick.

Phillip.

Re:We were hacked, honest

[horza]

If the bank gets robbed, the insurance replaces your money. You pay for this in bank fees. Nothing to stop somebody starting a Bitcoin insurance, so your money will be as safe as in a bank. That way you get the security without all the extortionate transfer fees.

Phillip.

Re:We were hacked, honest

"I store my money under my mattress. Nobody wants to rob my house. And if they do, they won't find the money."

Probably true. Probably.

I have enough money that even a mattress with a key is not secure enough for me.

Re:We were hacked, honest

[umghhh]

and then imagine keeping all these places in sync.

Re:We were hacked, honest

[bloodhawk]

I don't pay bank fees. if you do enough business with a bank generally they will pay you with perks and the like to ensure they keep your business and the first thing they do is remove fees. And enough business is generally not all that much, a credit card that you keep paid off and your income going in is usually enough for most of them, they make their money from the fees they charge places you shop at.

Re: We were hacked, honest

Dictionaries, like thesauruses, list synonyms. Synonyms are words that are similar. They rarely mean exactly the same thing and often one cannot be substituted for another without changing the meaning.

Re:We were hacked, honest

How about you learn how bitcoins work before preaching about it.

Re:We were hacked, honest

Keeping them in sync??!?

I use a deterministic wallet.. No need to keep them in sync, just don't lose that initial seed.
https://en.bitcoin.it/wiki/Det...

Please refrain from making incorrect statements in areas where you lack in knowledge..

Re:We were hacked, honest

[GLMDesigns]

So. If a bank robbery occurs in the US does that mean that the dollar is worth less, or is to blame?

What about if there is a robbery in France? Does the Euro suffer?

Thefts of this nature are thefts. Pure and simple. Why go after the exchanges? Because that's where the bitcoin is.

See Willie Sutton:" I Rob Banks Because That's Where the Money Is "

Re:We were hacked, honest

[h4ck7h3p14n37]

How do you trade your Bitcoins if they are in a wallet on your computer? Your suggestion doesn't help people who trade on the exchanges.

Re:We were hacked, honest

[JustAnotherOldGuy]

Actually when banks get robbed you can lose your money.

The FDIC limit here in the US is $250,000 per account. Deposits held in different ownership categories are separately insured, up to at least $250,000, even if held at the same bank. You can rob my bank every day if you like, and I'll still have my money (it's spread across multiple accounts).

Show me a Bitcoin exchange or bank with this level of security or insurance. Until that happens, I'll have no interest in Bitcoin.

Honestly, sometimes I think Bitcoin is just a very clever, long-running scam that acquired a life of its own and a thin patina of legitimacy. There are probably a couple of people sitting in a mansion somewhere laughing their asses off about it, and marveling that the scam is still viable.

"Hey, let's create some untraceable super-money and get people to use it, and then we'll start raiding the "banks" where they store it."

Charles Ponzi would blush with envy if he was still alive.

Re:We were hacked, honest

[JustAnotherOldGuy]

If the bank gets robbed, the insurance replaces your money. You pay for this in bank fees.

Except I pay no bank fees. None. In fact, the bank offers me goodies like a free safety deposit box to hopefully prevent me from moving my money to another bank.

-

Nothing to stop somebody starting a Bitcoin insurance, so your money will be as safe as in a bank.

LOL! Have you been paying attention? Saying that "your money will be as safe as in a bank" is absolutely untrue, and the fact that we're discussing this in a thread titled "Bitcoin Exchange Bitfinex Says It Was Hacked, Roughly $60M Stolen" makes me think you have serious issues with reading comprehension.

If it's such a great idea, feel free to start your Bitcoin insurance company, and do be sure to let us know how that goes.

The problem is that you can rob a dozen Bitcoin exchanges in a day without leaving your house. You just can't rob that many brick-and-mortar banks and get away with it. The FBI will see to that, believe me.

Also, you're never going to net $60 million dollars by robbing banks...you'd need a fleet of trucks to move that much money and the guards are unlikely to stand around as your convoy pulls up to the bank. In addition, NO BANK has $60 million on hand, except maybe Fort Knox.

Starting a Bitcoin insurance company is like starting a "It'll Never Rain On Wednesday" insurance company. Eventually you will get fucked, period.

Re:We were hacked, honest

[um...+Lucas]

> You pay for this in bank fees. Nothing to stop somebody starting a Bitcoin insurance, so your money will be as safe as in a bank. That way you get the security without all the extortionate transfer fees.

I can't imagine what the insurance rates could be for Bitcoin exchanges. Definitely a specialty insurance product, if it even exists.

First off, the underwriter would do their due diligence, and see a number of catastrophic losses at Bitcoin exchanges. An exchange gets hacked, it loses EVERYTHING. Compare that to a bank - a bank gets robbed, it loses whatever was in their tellers cash drawers, if that. Maybe thieves make it into the vault (but that's mostly a scenario that happens in Hollywood movies compared to real life). But they certainly don't get the banks balances that are at the Fed, nor do they take over ownership of the banks loan portfolio.

So, looking at Bitcoin exchanges and realizing that when they do get robbed, they lose it all. How do you price that risk? 5% of assets annually? 10%? 20%? And those are fees that exchanges would have to recoup from customers to pay for. Maybe venture capital would pay for it for some time, but eventually that's a cost that will have to be passed on.

Even more alarmingly from an insurance perspective, there is absolutely no guarantee that the private key securing an exchanges funds actually secure. All they can do is infer that it might be secure, since funds haven't been moved in an unauthorized manner. But that doesn't mean that a hacker hasn't found their way into the exchanges computer system and is just waiting for when the time is right. Heck, there could even be a key collision. The math is against that actually happening, but flaws occur.

Point is, if you tally the maximum amount of coins stored at the top exchanges at any given point over the last 5 years, and the amount of coins stolen from exchanges over that time period, it's likely a horrifyingly high proportion. What insurer is going to risk their (and their investors) money on that?

Re:We were hacked, honest

I've never lost any BitCoins. People are just stupid.

According to the article you lost about 37% of your Bitcoins.

Re:We were hacked, honest

The common practice is to have encrypted offsite backups. Not just for your bitcoins, but pretty much all of your important data.

Re:We were hacked, honest

[david_thornley]

Offsite is also important. If my house burns down, I still have my offsite assets. If I had an offline bitcoin wallet there, those bitcoin would be gone.

Re:We were hacked, honest

[david_thornley]

In other words, accounts with less than 75K pounds in them are safe in the UK. I have no doubt that, if I have some amount less than $100K in a US bank that I'll get it no matter what (it may be delayed).

In what way do I pay for credit card fraud? Some businesses make less than they would have, but if they could have recouped losses by raising prices they would have already raised prices to get extra profit.

Re:We were hacked, honest

Show me a Bitcoin exchange or bank with this level of security or insurance. Until that happens, I'll have no interest in Bitcoin.

Circle and Coinbase have deposit insurance for their customers' bitcoins. Bitstamp got hacked recently too but they use self-insurance, personally that's what I use for my own savings too. After MtGox this should be expected, but evidently some people won't learn until they lose their own money.

But that's just the insurance. I'm not disputing that the security of their computer systems is probably still inferior to that of a major bank.

Re:We were hacked, honest

You are paying fees, just not directly. The bank is getting a return on your money and offering you a small piece of that in the form of interest. If you invested the money yourself you would get more interest. But you are willing to let them take a piece of the interest to provide you with banking services.

Re:We were hacked, honest

Actually banks get robbed electronically too. You don't think that they have a little stack of cash in a drawer with your name on it right? The difference is that exchanges have been robbed for much larger amounts of untraceable money.

Re: We were hacked, honest

[Frosty+Piss]

You, sir, are a "moron". What's the synonym for that?

Re:We were hacked, honest

[PatientZero]

The fine print: I am absolutely not claiming that setting up a Bitcoin insurance scheme like the FDIC would be tenable or easy. But for all your snark and slam on the OP's reading comprehension ability, you certainly haven't been paying much attention.

Except I pay no bank fees. None. In fact, the bank offers me goodies like a free safety deposit box to hopefully prevent me from moving my money to another bank.

You definitely pay for the FDIC. As usual, peace of mind doesn't come for free. Without FDIC fees, your bank would pass out more freebies to attract customers. They make so much money on the interest they earn using the money you park there that they don't need to pass those fees directly on to you. You just don't see them.

Nothing to stop somebody starting a Bitcoin insurance, so your money will be as safe as in a bank.

Saying that "your money will be as safe as in a bank" is absolutely untrue, and the fact that we're discussing this in a thread titled "Bitcoin Exchange Bitfinex Says It Was Hacked, Roughly $60M Stolen" makes me think you have serious issues with reading comprehension.

You do know how FDIC works, right? If money gets stolen from a bank, that money is lost. Gone. Same as with the Bitcoin exchange hacks. The difference is that the FDIC reimburses the bank for the loss. Exactly as it would work with a Bitcoin insurance company. Your money would be just as safe as in a bank because it would be replaced if stolen in both cases.

The problem is that you can rob a dozen Bitcoin exchanges in a day without leaving your house. You just can't rob that many brick-and-mortar banks and get away with it. The FBI will see to that, believe me.

When the FDIC came along, it brought with it a whole slew of security requirements and regulations for banks. The same thing would be done for Bitcoin exchanges. Just as bank robberies declined and became less effective over the years, so too would Bitcoin exchange hacks—at least those covered by the FBIC. Foreign exchanges would have to make due themselves. Again, I'm not saying it would be easy, just doable.

Also, you're never going to net $60 million dollars by robbing banks...

Really?

Re:We were hacked, honest

[Jeremi]

Now I don't run Apple's OS X or Microsoft's Windows OS so it's not like I am taking a big risk here.

Not to disagree, but perhaps your biggest security advantage is that the hackers of the world have no particular reason to suspect there is a significant profit to be gained by hacking your (as far as anyone knows) random computer.

The computers at SomeWellKnownBitcoinExchange.com, OTOH, are assumed to be holding large amounts of bitcoin, since they need to do so in order to fill their function, and thus they are going to be hacker magnets 24/7/365. And all it takes is one security hole (or dishonest employee), and presto, it's game over...

Re:We were hacked, honest

[iggymanz]

no I meant offsite, for when your home and QR paper burn to the ground or get flooded, etc.

Re:We were hacked, honest

> Now I don't run Apple's OS X or Microsoft's Windows OS so it's not like I am taking a big risk here.

Stopped reading right there. Comments like this are why people like you aren't taken seriously.

Re: We were hacked, honest

[rmdingler]

Imbecile was a medical category of people with moderate to severe intellectual disability, as well as a type of criminal. The term arises from the Latin word imbecillus, meaning weak, or weak-minded. It included people with an IQ of 26–50, between "idiot" (IQ of 0–25) and "moron" (IQ of 51–70).

Give or take... Three idiots?

Fraud and Bicoin

I'm shocked!!

Shocked that there's gambling going on in this establishment.

Re:Fraud and Bicoin

[bobbied]

Here are your winnings sir!

LOL

I'm still LOLing at the BitCrap apologists today...

Shocked, shocked I say

Another "hacked" exchange, another XX million in "secure digital currency" lost to the ether -- or perhaps a bitexchange's owner?

"some users have lost their money"

[aliquis]

What?!

The users upload their wallets to the site and keep them there?
It doesn't use real bitcoins?

If they were only offering the trading then how can someone have THEIR money stolen? Isn't it THEIR bitcoins and whatever other currency which they use as an intermediate / medium for faster transactions if any which was stolen?

Re:"some users have lost their money"

[e432776]

but...but..the cloud!

Re: "some users have lost their money"

[hackwrench]

They keep all the Bitcoin they have in one wallet and record transactions between members separately to save on the calculations necessary to commit them to the blockchain

Re: "some users have lost their money"

[aliquis]

Ok.
And the users are stupid enough to let them keep their money obviously?
Otherwise it sound like they lost THEIR money and now have to find a lot of new bitcoins so they can give the value back to the people they owe.

Time for a hard fork.

Amirite?

Seriously? Are people this stupid?

[bobbied]

YET ANOTHER exchange get's taken to the cleaners and looses scads of other folk's coin? Fools and their money are too soon parted.

For Pete's sake folks, DON'T keep your coin on deposit on some exchange, either buy something or convert it back into cash because *all* digital currency things are hacking magnets... And what do you think the hackers do with your coins when they steal them? Why they convert them to cash or buy something ASAP...

Would you keep your money in a bank if they kept getting robbed and YOU where the one who lost? Or if you kept gold coins in their vault and it kept getting broken into would you keep your coins there? No way. So why keep your BitCoin someplace where somebody else provides the security and YOU take the risk? Keep them on your own devices OFF LINE, until you need to use them.

Re:Seriously? Are people this stupid?

[110010001000]

I agree. What kind of loosers get's taken to the cleaners like that? Derp.

Re:Seriously? Are people this stupid?

[JustAnotherOldGuy]

Would you keep your money in a bank if they kept getting robbed and YOU where the one who lost?

Exactly.

Basically you have to hope that no one robs the exchange, because then you're screwed. And whether it's a real robbery by an outside entity or it's the owners stealing the coins, you're still screwed either way.

This glaring vulnerability has always made me leery of Bitcoin. You bear ALL the risk with no insurance whatsoever. Why would anyone agree to that?

Re:Seriously? Are people this stupid?

Better yet - divest any current funds and ignore this failed example of techno-anarchy reflecting the failure of all libertarian ideas in practice.

Re:Seriously? Are people this stupid?

[Cyberax]

Except that your local wallet can also be lost, eaten by a virus or cleaned out by Bitcoin-savvy malware.

Re:Seriously? Are people this stupid?

Buuuutttt....Bitcoin was supposed to be safe, unhackable, secure and never stolen !

I have a unicorn for sale in a break-proof cage....only 1,000 bitcoins....trust me ! lolololololol

Re:Seriously? Are people this stupid?

It is.

This wasn't bitcoin getting hacked. This was a website that got hacked. The website just happened to have access to a very big wallet that the hackers then emptied out.

Re: Seriously? Are people this stupid?

Offline wallet (airgap device) with paper backup. Simple. Secure.

Re: Seriously? Are people this stupid?

That's called cash - been around for a few thousand years in various semi-rigid forms. Bit-whatever is a failed concept searching for a justification.

Re: Seriously? Are people this stupid?

[Cyberax]

So you'll have to re-digitize the wallet each time you want to use it, update the paper copy and then carefully make sure that no copies of the wallet are left on the hard drive. Yeah, it'd work well.

Re:Seriously? Are people this stupid?

[AmiMoJo]

You have to keep your bitcoins with an exchange if you want to, you know, exchange them. Exchanges work by matching buyers and sellers and adding their percentage. To sell your bitcoins for fiat currency you put them in your account on the exchange and set a sell price. When someone comes along offering at least that much, the exchange transfers the bitcoins to them and the cash to you.

Keeping your bitcoins offline is fine, as long as you don't want to swap them for real money. Since the range of goods and services you can pay for in BTC is limited, exchanges are popular.

Re: Seriously? Are people this stupid?

[St.Creed]

I have one like that right now! And for additional security, the paper backup is watermarked and uses special inks to prove validity to other people. I can even exchange them directly with everyone and they give me goods in exchange.

Bitcoin has sure come a long way!

Re:Seriously? Are people this stupid?

[bobbied]

Oh I understand the meaning of "exchange" and why they are a necessary evil. But I am saying that you use said evil only as much and only when necessary. You are a fool if you keep any digital currency on deposit at one for extended periods of time where it is at risk. You are quite literally better off stuffing your BitCoin (or any other digital currency) in your mattress on USB thumb drives...

You see the problem here is that "exchanges" are NOT "banks" and you are letting somebody you don't know hold something of value for you, something that is easily stolen. When the exchange gets hacked, it's not their money they risk, but yours. So an exchange's security boils down to a business decision driven by profit in a situation where they have little more than a domain name and some used server hardware to lose.

Banks, on the other hand, have a requirement to pay you back, even if they lose securities to a robbery, it's literally not your money. Banks also are required to own significant assets compared to what their customers have on deposit and usually have insurance/government backing that means you get your money back even in the face of severe conditions for the bank. They are not 100% secure, nothing really is, but compared to a BitCoin exchange it's no contest.

Re:Seriously? Are people this stupid?

[bobbied]

Except that your local wallet can also be lost, eaten by a virus or cleaned out by Bitcoin-savvy malware.

But your local wallet when off line and stuffed in your mattress is more secure than being on an exchange where it's grouped together with other hapless users' BitCoin to make a bigger target. In fact, as bad as stuffing money in a mattress is for both security and return on investment, BitCoin is worse. Why use them?

This is one of the PRIMARY reasons I do not recommend BitCoin for ANYTHING except quick online transactions for amounts you can afford to lose. It's just not safe compared to the other options available for moving funds around.

Re:Seriously? Are people this stupid?

At least keep it in your own bitcoin wallet. Not in a bitcoin exchange - numpties.

Re:Seriously? Are people this stupid?

[countach]

On any given day is there really $60 million worth waiting to exchange?

Exchanges are not good for storing coins

I used to store coins on exchanges so I could do margin trading for fun. Fortunately, I missed the mt gox failure, but lost some funds when bter was hacked, I fortunately did not lose any when mintpal went down. Then i lost over 5btc when cryspty failed and decided to give up and pulled all my funds to a cold storage wallet. Thankfully I did not lose on this bitfinex exchange hack. I think pretty much the only exchange that I used that has yet to be hacked is btce and poloniex.

Re:Exchanges are not good for storing coins

[Scottingham]

Wow, this almost reads like a joke. I had heard of 1/2 of the exchanges you had coins on that got hacked.

Yet another reason why it's a joke.

That's just another nail in the bitcoin coffin. The fad died down a while ago, now we just need the hardcore bitcoin users to realize how stupid they are for wasting actual money on some imaginary currency that has no real value if the "market" crashes tomorrow.

After hack, Bitcoin to consider name change

The top idea floated thus far: Bullshitcoin

Prepare schadenfreude generator!

[Applehu+Akbar]

Let's all hope this was ransomware proceeds.

We were hacked!

.... by me...
Thanks for your $60M though
I've already sold it and I'll use that money to buy more bitcoin in a few days time, after the temporary crash in value when we tell everyone about it..

Not even risk, loss virtually guaranteed with BTC

[raymorris]

Really it's not even a RISK that you MIGHT lose your money in bitcoin, it is virtually guaranteed if you hold bitcoin long enough. Bitcoin depends on the security of the SHA-2 hash algorithm. Once SHA-2 is broken, everyone can generate all the BTC they want easily, sending the value to zero.

There have been dozens of hash algorithms. A few which have been popular over the years include RIPEMD, MD5, DES-based (crypt()), SHA-0, SHA-1, and now SHA-2. The first four listed have all been cracked. SHA-1 is mostly cracked and SHA-2 about 35% cracked. Betting that SHA-2 will be the first hash function in history to not be cracked, by holding Bitcoin, is an awefully optimistic bet. Presumably these are the same people who keep thinking you can make uncrackable DRM. Everything is cracked, and when SHA-2 is cracked the rest of the way there goes any value Bitcoin had.

ahahahahaha

1849. hahahahahaha

Re:Not even risk, loss virtually guaranteed with B

[JustAnotherOldGuy]

Really it's not even a RISK that you MIGHT lose your money in bitcoin, it is virtually guaranteed if you hold bitcoin long enough. Bitcoin depends on the security of the SHA-2 hash algorithm. Once SHA-2 is broken, everyone can generate all the BTC they want easily, sending the value to zero.

That's a very good point.

I'm curious to know what the Bitcoin enthusiasts have to say about this eventuality, because you're right: sooner or later, SHA-2 will be cracked.

PHP?

Let me guess - PHP

Probably happens for real money, too

[thisisauniqueid]

This probably happens all the time in real banks, given how antiquated their IT systems are. You just don't hear about it, because the bank doesn't want to undermine your confidence, and can ask the Federal Reserve to bail them out. Not so with Bitcoin.

Re:Probably happens for real money, too

Antiquate IT systems and procedures are not necessarily unsafe.

Re:Probably happens for real money, too

Even if it happens, there's a reason you don't hear about it. The state, that evil robber lord, insures the banks, but there's no FDIC for Bitfinex.

Re:Probably happens for real money, too

[h4ck7h3p14n37]

Yes, it does happen all the time to regular banks too! The Incredible Story Of How Hackers Stole $100 Million From The New York Fed

Re:Probably happens for real money, too

Bitcoin exchanges can (and sometimes do) buy private deposit insurance. There's just no lender of last resort who will resort to taxing people who wanted nothing to do with these exchanges.

Clearly, our benevolent state should pick a few insurance companies in a toooootally neutral manner and require us all to buy it.

Growing pains of a new technology

[golodh]

I'm happy to hear that yet another piece of "alternative", "stick-it-to-The-Man" payment infrastructure has been burgled. Really.

It injects a much needed note of caution and realism into the dream of technologically focused, realism-challenged (and therefore irresponsible) amateur social engineers.

You see, a large part of the appeal of bitcoin comes from its aura of "under the radar", "the authorities need never find out" financial transactions.

This holds an attraction for several groups, of which two are problematic: outright criminals and their "lets-dodge-the-system" libertarian cousins.

I believe that outright criminals like the possibility of doing financial transactions without giving out your real name. Think "dark net" transactions involving in cybercrime services, malware, botnet control, stolen data, stolen credentials, drugs, weapons, etc. Think suppliers in "Silk Road" transactions.

I think that "lets-dodge-the-system" libertarians, who often figure as end-users of illegal goods and services are attracted to the possibility of doing "under the radar" financial transactions for the same reason: their real name can be kept undisclosed. In part they're happy to purchase illegal goods, in part they're ideologically motivated (as in "we need to grow alternative economy that's outside "government" or "system" control because all government is bad and "the system" is designed to screw us over").

For the first group (criminals) I believe it serves as a useful deterrent, or at least a risk and a complication.

For the second group it serves as a salutary reminder that their fellow citizens are at least as reprehensible as "the government" and just as capable of screwing them over as any "institution". After all, the institutions we have have evolved over several centuries, if not millennia, to strike a balance between freedom, safeguards, responsibility, accountability and free-for-all banditry. Something that starry-eyed, technology fixated "bash-the-system" enthusiasts will only appreciate if hammered home by personal or close-to-personal experience.

Where and how new technologies like bitcoin should fit into our society remains to be seen (and experimentally determined). However, our existing institutions have very real merits and safeguards that have evolved because of human nature itself. Such safeguards (which we all too often take for granted) are lacking from new technological developments and are just as important as the basic functionality. A reminder of which can only be positive.

Re:Growing pains of a new technology

[horza]

I'm happy to hear that yet another piece of "alternative", "stick-it-to-The-Man" payment infrastructure has been burgled. Really.
Then you are rather a sick individual.

You see, a large part of the appeal of bitcoin comes from its aura of "under the radar", "the authorities need never find out" financial transactions.
No it isn't. A large part of the appeal of mobile phones to terrorists is ease of communication, however most people are not terrorists. I think a lot of people are interested because you can transfer money anywhere in the world instantly with no transaction charge. No VISA, Western Union, Paypal, etc. You can access your money for free too. I pay through the nose in bank charges for access to my own money. In France, you even pay a monthly charge to own a credit card!

For the first group (criminals) I believe it serves as a useful deterrent, or at least a risk and a complication.
Er no, I don't think criminals keep their money on Bitcoin exchanges.

So to summarise, we should wait outside your house and then kick the crap out of you and take all your belongings so you get a personal reminder that there are not so nice people out there? Enjoy living in YOUR world. And no don't bother talking about the police as your "safeguard", you know there is a 99.99% chance they won't do anything.

Phillip.

Re:Growing pains of a new technology

[AmiMoJo]

The really easy fix is for the exchange to have insurance. If they don't have insurance, don't do business with them.

Re:Growing pains of a new technology

"I'm happy to hear that yet another piece of "alternative", "stick-it-to-The-Man" payment infrastructure has been burgled..." Bwahahahaha! Yeah, that's a hoot, eh?

Although I wonder how people in country's where their financial system has collapsed (or is in near collapse - like Cypress), might feel about losing what little life savings they have.

Don't worry though, you'll get your way eventually - as all good statists usually do, as governments will continue to phase out cash altogether.

Re:Growing pains of a new technology

you can transfer money anywhere in the world instantly with no transaction charge.

I'm 100% on your side and appreciate that you're taking the time to address the schadenfreude and authoritarian "nothing to hide" arguments, but this part simply isn't true anymore. Bitcoin fees are going up very quickly and this trend will probably continue for at least a few months until better scaling solutions are implemented.

Re:Growing pains of a new technology

Whoa whoa whoa you can't go doing basic research and thinking during a good old fashioned bitcoin bash! Libertards lol!

Re:Not even risk, loss virtually guaranteed with B

[Donwulff]

Or, if you were really concerned, you could just Google it: https://eprint.iacr.org/2016/167.pdf
"Broken SHA256: For a broken SHA256, meaningful
collisions or pre-images suggest that new transactions
should not be accepted. However, as we saw in Sec-
tion 4.3, unless a broken hash results in majority power,
an adversary cannot alter historical blocks or transactions.
The same can be said for hard-coding known public keys
with unspent outputs: even if the adversary gets a differ-
ent key that hashes to the same value, deriving the private
key should be infeasible if the signature scheme is still
strong. The plans for SHA256 thus seem to be more pru-
dent than necessary, but since they necessitate a hard fork,
rehashing the entire blockchain to add new checkpoints
or hardcoding public keys can only increase the security
of the transition period, but perhaps at a cost of efficiency."

A little plain-english translation would also be, that BitCoin and other cryptocurrencies (As well as, arguably, the security of every credit card in your pocket and bank transaction and online login and...) doesn't rely on the hash being "unbreakable", it just relies on it being non-trivial, and barring a general quntum computer, we know it to be non-trivial. In fact, the credit-card in your pocket is more vulnerable to single hash being broken, and the whole working principle of BitCoin (mining) is "cracking SHA-2".

The threat-model for BitCoin isn't that the hash will be broken, but that it will become significantly easier for one party; this is a special case of the general majority-hashing-power threat, where the "adversary" covertly through subterfuge or technology obtains majority hashing power. This in fact has happened before (Multiple times at least if you include Satoshi Nakamoto himself) and the world didn't come to an end.

This is not to say that I'm a BitCoin enthusiast, or even that I'm saying it's unbreakable, I'm just saying it's far more complicated and also analyzed, at least by other people than the BitCoin core developers, than a simple "OMGZORZS they gonna crack da hash!!!!111" :)

If they were paying attention

[raymorris]

If they were paying attention, they would probably say that can switch to a new version which uses SHA-3 or another hash. That's true IF they make the switch BEFORE SHA-2 is broken the rest of the way.

However, five years ago, in 2011, a preimage attack was demonstrated 52 out of 64 rounds. It's ALREADY half broken, so the next step will probably be a complete compromise and there is no indication that BTC intends to upgrade before they are fucked.

A preimage may not break some applications that have long inputs, but for a short input like BTC uses, the preimage result will very likely be the desired bytes.

Why do you all care?

Do you guys actually care about this stuff? Can't you see that Bitcoin currently has NO utility, outside of buying illegal items? And that the whole thing is an unregulated currency which will be plagued by all the problem they created regulations for?

Exchanges getting hacked ( or "hacked") is going to remain routine until there's some big change. Until then, why waste your time and your attention on these stories?

Re:Why do you all care?

I use it to pay for a number of online services, and have even used it to pay for physical goods from a well known store here..

Exchanges will continue to be exploited until security gets taken seriously.... Exchanges should be forced to have a liability-insurance that would cover 100% of the deposited money. Insurance company to make the rules about what security is needed.

The security on *most* of the existing exchanges are big jokes..... A few exceptions do exists..

Re:Not even risk, loss virtually guaranteed with B

If SHA got broken and someone started hacking it, then the admins would probably refuse to checkpoint the chain block that contained the transfers, so it would never be accepted. They could even checkpoint a sidechain where nothing happened.

Of course, that would amount to political control of the currency, but when the alternative is the whole coin falling apart, what do you think will be stronger? Pragmatism or ideology?

There actually is uncrackable DRM

[Zontar_Thing_From_Ve]

Presumably these are the same people who keep thinking you can make uncrackable DRM.

I don't disagree with your post in general, but there actually is uncrackable DRM. Nobody yet has cracked Cinavia protection for Blu Ray discs. Cinavia is an audio watermark that is optional for Blu Ray and DVD discs. No player is required to support it for DVD but all Blu Ray players are now required to support it on Blu Ray discs. It's expensive so it's not used by most studios. Now there is one company (DVD Ranger I think) who claims they cracked it but testing showed that all they did was find a way to replace the audio during ripping with a Cinavia free AC-3 file that they had previous stored on a server somewhere and secretly downloaded it during the ripping process. AnyDVD HD did find a way to put something in rips that causes some PC software players to ignore Cinavia on playback (in theory software players are supposed to detect that the copy or rip has Cinavia and stop playback) but they didn't remove it. To date nobody has found a way to remove it from a disc that has it. All you can do is ignore it or replace it with the audio from another disc (usually DVD) that doesn't have it.

Re:There actually is uncrackable DRM

[david_thornley]

There is DRM that hasn't been cracked yet, and there is DRM that's very hard to crack. I don't think there is uncrackable DRM. To use a Blu-Ray, I have to have the contents and keys in my possession somehow.

Bug Bounty

[gustep12]

Bitcoin: The ultimate bug bounty program.

nothing of real value was lost

nothing of real value was lost, really.

The new image of bank robbery

[jmcwork]

Reports say the thieves made their getaway using a silver, late model laptop

Bitcoin is a tax on tin-foil

[Brannon]

It's a truly spectacular way to take money away from paranoid anti-establishment off-the-grid people.

Re:Bitcoin is a tax on tin-foil

[JustAnotherOldGuy]

It's a truly spectacular way to take money away from paranoid anti-establishment off-the-grid people.

Yep, except they can't even be off the grid to use it, lol.

Re:Not even risk, loss virtually guaranteed with B

[raymorris]

> doesn't rely on the hash being "unbreakable", it just relies on it being non-trivial, and barring a general quntum computer, we know it to be non-trivial. ... the whole working principle of BitCoin (mining) is "cracking SHA-2".

Indeed Bitcoin is based on the presumption that preimage of a complete SHA-256 is very, very hard - infeasible. The difficulty level is how many bits of the hash need to match. Unfortunately, it's not true that "we know it to be non-trivial". We have strong evidence that there IS an attack which makes it easy. In 2012 Sony demonstrated an attack on 52 rounds. Extending that to the full 64 rounds is exceedingly likely. It's just a matter of when someone wants to put in the time AND go public with the results. I'd be surprised if ONI or NSA hasn't already extended it past 52 rounds, if they aren't at perhaps 60 rounds, just four left to go.

Blu Rays get copied. Slysoft did what DVD Ranger

[raymorris]

"Protected" Blu Ray discs do in fact get copied. So it is not an uncrackable DRM.

> there is one company (DVD Ranger I think) who claims they cracked it but testing showed that all they did was find a way to replace the audio during ripping with a Cinavia free AC-3 file

Maybe. Unless you can point to some updated information, people *speculated* that *maybe* that's what DVD Ranger does. DVD Ranger said no, they remove it. We can't be sure. However later, in 2015, Slysoft was removing it, and I haven't seen even speculation that they weren't.

I suspect most people looking at it may have made it too complicated. As you know, all Blu Ray players after a certain date are required to be able to read the Cinavia water mark, which is in the analog audio signal so that it plugs the "analog hole". One bit of digital mark takes five seconds of audio. Anyway, the point is you can get the reader code out of any firmware update to a Blu Ray enabled device - the format of the watermark isn't a secret. We know that to embed an "A" bit you apply the function to the audio in one direction, for the opposite bit ^A the opposite direction. (I'm using A and ^A rather than 0 and 1 to avoid confusing 0 with the original audio).

It should therefore be quite possible to add your own Cinavia watermark to the audio. Suppose the "theatrical release only" bits are AA^AA^A^AA. You could probably embed those bits yourself, right, given that you have access to the code that reads them? Similarly, you should be able to embed the bits ^A^AA^AAA^A - the opposite bits. When the detector finds that the signal is neither A nor ^A, but halfway in between, that's going to look a lot like the original audio - like there never was any Cinavia watermark. I haven't actually coded that and tested it, but that general approach seems like it will likely work, when someone does it.