Bitcoin hacks and frauds
Luiz Firmino, CISSP, CISM, CRISC, CCISO
Global CISO, Information Security Director at FEMSA Proximity and Health
There are more than 1000 digital currencies. Bitcoin is one of them that's not tied to any bank or government. Like cash, it lets users spend or receive money anonymously, or mostly so; like other online payment services, it also lets them do so over the internet. There are several other virtual currencies, such as ethereum, but bitcoin is the most popular. Bitcoins are basically lines of computer code that are digitally signed each time they travel from one owner to the next. Transactions can be made anonymously, making the currency popular with libertarians as well as tech enthusiasts, speculators — and criminals.
Tech-savvy users called "miners" use their computers to make complex calculations that verify transactions in bitcoins. This so-called blockchain is a global running tally of every bitcoin transaction. The miners receive bitcoins in exchange according to a set of established rules. In this way, the bitcoin network harnesses individuals' greed for the collective good.
Because the tally of bitcoin transactions, or blockchain, is verified constantly by a network of miners, rogues cannot spend the same bitcoin twice. As long as miners keep the blockchain secure, counterfeiting shouldn't be an issue.
Bitcoin was launched in 2009 by a person or group of people operating under the name Satoshi Nakamoto. Bitcoin was then adopted by a small clutch of enthusiasts. Nakamoto dropped off the map as bitcoin began to attract widespread attention. But proponents say that doesn't matter: The currency obeys its own internal logic.
Bitcoin is a dangerous speculative bubble and have been a juicy target for hackers since 2011. I've never seen a chart of a security where the price really has a vertical pattern to it. Bitcoin has surged more than 1,000 percent this year, accelerated by rising interest from retail and institutional investors who view the digital currency as a possible future means of exchange and store of value.
Holders of large amounts of bitcoin are often known as whales. And they’re becoming a worry for investors. They can send prices plummeting by selling even a portion of their holdings. And those sales are more probable now that the cryptocurrency is up nearly twelvefold from the beginning of the year.
About 40 percent of bitcoin is held by perhaps 1,000 users; at current prices, each may want to sell about half of his or her holdings. What’s more, the whales can coordinate their moves or preview them to a select few. Many of the large owners have known one another for years and stuck by bitcoin through the early days when it was derided, and they can potentially band together to tank or prop up the market. As in any asset class, large individual holders and large institutional holders can and do collude to manipulate price.
Because bitcoin is a digital currency and not a security, there’s no prohibition against a trade in which a group agrees to buy enough to push the price up and then cashes out in minutes. Regulators have been slow to catch up with cryptocurrency trading, so many of the rules are still murky. If traders not only pushed the price up but also went online to spread rumors, that might count as fraud.
Many investors admit to not understanding the technicalities of the instrument or the blockchain technology that underpins its existence, hoping instead to profit on the expectation that bitcoin as an investment will simply continue to rise. Like all bubbles, they burst. They go down, and the one who's made the last investment gets hurt the most, there's no question about it.
There's a lot of excitement about Bitcoin right now, with the value of the cryptocurrency recently soaring above $15,000—more than 10 times its value at the start of the year. This has caused many people to wonder if they should be getting involved in the Bitcoin craze but don’t expect to trade your cryptocurrency at busy times. The recent rise in its price is hard to explain because bitcoin has no intrinsic value.
But it's important to keep in mind that participating in the Bitcoin economy comes with big risks. Over the years, the Bitcoin world has been plagued by hacks, scams, and abusive practices. Users who don't take appropriate precautions can lose everything.
It's worth noting that all of these attacks were against Bitcoin-related services, not the core Bitcoin software. As far as we know, the Bitcoin network itself is highly secure, though of course that's little comfort if you entrust your bitcoins to a third party that gets hacked.
Also, the list seems to skew toward older incidents. Users seem to have faced greater dangers of hacking and fraud in 2011 and 2012 than they do today.
Still, the dangers haven't gone away by any means. The Bitcoin economy is still lightly regulated, and fraud is a constant danger. While it might seem tempting to buy some bitcoins in hopes they'll go up in value, the risks are high—perhaps too high for most people. If you do decide to acquire bitcoins, do your research and be careful.
June 2011: Bitcoin user loses $500,000 in bitcoin to hackers
In early 2011, Bitcoin had been a tight-knit community of hobbyists. Mining bitcoins was easier back then: people could generate thousands of bitcoins using a conventional home PC.
That's what allinvain, a user on the Bitcoin Talk forums, claimed to have done, amassing a fortune of 25,000 bitcoins. Bitcoins were worth pennies in 2010, but, by early June 2011, the price of bitcoins had soared to $20, making his bitcoins worth around $500,000.
Then, on June 13, disaster struck for allinvain. "I just woke up to see a very large chunk of my Bitcoin balance gone," he wrote. Allinvain believed that someone had hacked into his PC and stolen the bitcoins from his hard drive, transferring them to an account controlled by the hackers.
If those coins had not been stolen—and he'd held on to them until today—they would be worth around $250 million.
August 2011: Wallet service MyBitcoins disappears from the Web
Bitcoin wallet services offer to store bitcoins on users' behalf. These were initially portrayed as a convenience to the customer, but many of them turned out to be either insecurely run or outright frauds (it can be hard to tell, since the frauds tend to claim they were hacked).
One wallet service that was popular in Bitcoin's early days, for example, was called MyBitcoin. In August 2011, the company disappeared from the Web, claiming the site was hacked.
This and similar experiences have made the Bitcoin community suspicious of online wallet services. With no real regulation, there's no way for users to verify that a wallet service is reliable.
An exception to this is client-side Web wallets like the one offered by Blockchain.info. In these services, customer data is only stored in encrypted form on the server. Data is encrypted on the client side with a customer-provided password. That approach makes users less vulnerable than traditional wallet services where the service provider has direct control of the bitcoins.
March 2012: Hacked Web host leads to stolen bitcoins
Hackers exploited a vulnerability in the shared online web host Linode to steal at least 46,703 bitcoins—then worth more than $200,000—from several Linode users. That included more than 43,000 bitcoins stolen from Bitcoinica, an early Bitcoin exchange.
Bitcoinica suffered a second hack in May 2012 that cost the company another 18,000 bitcoins. It was then taken offline for a security audit. Bitcoinica didn't survive these incidents. In August 2012, the site was sued by several users seeking the return of $460,000 in deposits.
One lesson of the Linode debacle is that Bitcoin-related businesses have to be extremely careful when operating on shared hosting providers. Bitcoins are secured by encryption keys. If any third party—either other customers or rogue employees—has access to customer data, they will be able to read the encryption keys and use them to transfer bitcoins away from their owners.
August 2012: Bitcoin Ponzi scheme is shut down
The Bitcoin Savings and Trust was a classic Ponzi scheme. Customers were lured in with a promise of high returns—seven percent per week—and new customers' deposits were used to pay profits to previous customers.
The scheme shut down in August 2012, and a year later the government indicted organizer Tendon Shavers. The government accused him of raising more than 700,000 bitcoins from gullible customers. In 2014, a judge ordered Shavers to repay victims more than $40 million. The judge found the scheme had cost victims 265,678 bitcoins.
September 2012: More exchanges get hacked, shut down
In September 2012, a Bitcoin exchange called Bitfloor suffered a catastrophic attack. Attackers stole 24,000 bitcoins, then worth around $250,000. Bitfloor didn't have $250,000 in reserves, so the theft effectively made Bitfloor insolvent.
Bitfloor resumed operations a few weeks later, hoping to earn enough in fees to repay earlier customers. But the effort was unsuccessful; Bitfloor closed its doors for good in April 2013, leaving frustrated users in its wake.
February 2014: Hackers bring down the world’s then-largest exchange
The Bitcoin world's biggest financial fiasco was the collapse of Mt. Gox—then the world's leading Bitcoin exchange—in 2014. Operated by French-born CEO Mark Karpelès from a headquarters in Japan, Mt. Gox was the main way people bought and sold Bitcoins from its foundation in 2010 until February 2014. Then Mt. Gox announced that 850,000 bitcoins had gone missing—likely stolen by hackers, the company said.
At early 2014 prices, those bitcoins were worth around $450 million. Today, they'd be worth $8.5 billion.
In July, US law enforcement officials announced they had arrested a suspect in the massive theft. A Russian man named Alexander Vinnik was the owner and operator of a competing Bitcoin exchange called BTC-e. The feds allege that he knowingly accepted stolen bitcoins from Mt. Gox and laundered them through his own bitcoin exchange.
The collapse of Mt. Gox left no shortage of angry customers. Ironically, the continued appreciation of Bitcoin's value means that the bankrupt company could eventually be able to repay its debts in full—with piles of money left over. Mt. Gox's assets and liabilities were frozen while the company worked through the bankruptcy process. The liabilities were frozen in terms of Japanese yen, while the company's remaining bitcoins have ballooned in value—from around $400 each at the time of the bankruptcy to around $11,000 today.
Obviously, Mt. Gox's former creditors believe they should be repaid in appreciated bitcoins, but Japanese law might not be on their side.
January 2015: Bitstamp exchange is hacked
In January 2015, the popular Bitcoin exchange Bitstamp reported that it had lost around 19,000 bitcoins, then worth about $5 million. The exchange survived the attack and remains a leading Bitcoin exchange today.
August 2016: Another exchange loses 120,000 bitcoins to hackers
In August 2016, the Bitcoin exchange Bitfinex announced that hackers had stolen $77 million worth of bitcoins. The company foisted these costs on to users, forcing them to take a 36-percent reduction in the value of their deposits.
Bitfinex is still around, but there are big questions about the company's credibility. As the New York Times puts it, Bitfinex is an "opaque operation that provides no information on its website about where it is or who operates the company."
Chief Technology Officer, CIO, CISO
6 年December 6, 2017 - 4700+ BTC stolen from nicehash valued over $78 million