No doubt it has been a crazy week for anyone even remotely interested in Bitcoin. Mt. Gox, once the largest Bitcoin exchange marketplace out there, has shut down, putting a bitter end to an almost month-long situation in which all withdrawals were halted because of “technical issues”.
As customers were unable to move their funds out from Mt. Gox, the world’s most famous exchange essentially became isolated from the rest of the Bitcoin ecosystem, making the Bitcoin price traded on Mt. Gox plummet to as low as $100 for 1 BTC before the exchange went completely offline. The heists of Pononix and Flexcoin likely contributed to the increased uncertainty regarding Bitcoin’s future. We can’t say it was unforeseen.
Mt. Gox BTC price evolution in February 2014, source: Clark Moody
In our forecast for 2014, we’ve stated that attacks on Bitcoin, specifically attacks on Bitcoin pools, exchanges and Bitcoin users will become one of the most high-profile topics of the year. These attacks will be especially popular with fraudsters as their cost-to-income ratio is very favorable.
While the Mt. Gox incident might be the most significant in Bitcoin history to-date, as it is rumored to be worth 744,408 Bitcoins, or more than $300 million at current BTC prices, the only question that remains unanswered is what actually caused it.
TX Malleability, short for transaction malleability, is a known issue within the Bitcoin protocol. Under specific circumstances, it can enable an attacker to issue different signatures (or TX IDs) for the same transaction, essentially making it appear as if the transaction didn’t happen. This can allow a malicious customer of an exchange to request multiple Bitcoin withdrawals of the same coins by claiming the transactions never went through.
This type of TX Malleability attack was the official reason cited by Mt. Gox when they decided to halt the withdrawals, making it seem as though they were victims of a cyber-heist, but the possibility of this incident being an inside job can’t be ruled out.
The transaction malleability attack doesn’t necessarily involve an insider, although someone with direct access to the transaction system can do it much more easily. It is, of course, possible that the attack was done entirely from the outside, although Mt. Gox should, then, have full information on the person responsible for the attack, simply because they’d be re-requesting the funds over and over, citing network errors and the fact that the withdrawal hasn’t been received.
The only thing left to do now is to wait for law enforcement agencies to finish their investigation into the incident and hope that Mt. Gox and other parties involved are co-operating with LEAs to identify the individuals responsible and try to recover the damages.
As for the future of Bitcoin – this week showed us once again that the Bitcoin ecosystem truly needs companies that understand security. Being a decentralized currency with no authority to impose security standards and regulations, it’s up to us, Bitcoin enthusiasts and the whole crypto-currency community, to raise the bar: by choosing to only work with Bitcoin companies that have an immaculate track record, a good understanding of the technology involved and especially the security required. But most importantly these companies must have the willingness to always keep innovating, to always keep going that extra mile to gain customers’ trust. Let’s make this happen and Bitcoin will be just fine!