Security

Top Bitcoin exchange Mt. Gox blames outage on massive DDoS attack

After an outage yesterday that helped cause Bitcoin prices to plummet, No. 1 Bitcoin market Mt. Gox said it is experiencing a major Distributed Denial of Service (DDoS) attack by people aiming to destabilize the currency or profit from it.

Bitcoin is a virtual currency that isn’t regulated by any governments, and people can use to make international monetary transfers free, easy, instantaneous, and hard to trace. The single largest exchange to buy and sell Bitcoins is Mt. Gox, which handles more than 70 percent of Bitcoin trades in the world and facilitates more than 420,000 trades per month.

But yesterday, Mt. Gox went offline, helping drive Bitcoin prices down about $30. Additionally, Bitcoin wallet service Instawallet shut down “indefinitely” due to a hacking incident, and that could have also played a role in the price of Bitcoins dropping.

Mt. Gox writes in a lengthy post on Facebook (emphasis ours):

It’s been an epic few days on Bitcoin, with prices going up as high as $142 per BTC. We all hope that this is just the beginning!

However, there are many who will try to take advantage of the system. The past few days were a reminder of this sad truth.

Mt. Gox has been suffering from its worst trading lag ever, 502 errors, and at one point some users were not able to log in their account. The culprit is a major DDoS attack against Mt.Gox.

Since yesterday, we are continuing to experience a DDoS attack like we have never seen. While we are being protected by companies like Prolexic, the sheer volume of this DDoS left us scrambling to fine-tune the system every few hours to make sure that things don’t go beyond a few 502 error pages and trading lag.

Why has Mt.Gox become the target of a DDoS attack?

It is not yet clear who is behind this DDoS and we may never know, but these actions seem to have two major purposes:

1. Destabilize Bitcoin in general.

It is not a secret Mt.Gox is the largest Bitcoin exchange with more than 80% of all USD trades and more than 70% of all currencies. Mt.Gox is an easy target for anyone that wants to hurt Bitcoin in general.

2. Abuse the system for profit.

Attackers wait until the price of Bitcoins reaches a certain value, sell, destabilize the exchange, wait for everybody to panic-sell their Bitcoins, wait for the price to drop to a certain amount, then stop the attack and start buying as much as they can. Repeat this two or three times like we saw over the past few days and they profit.

Mt. Gox said there isn’t much it can actually do about the DDoS attacks and that all sorts of companies are frequently victims of these sorts of attacks. It did say there was one thing it could do do help protect further from attacks.

“There are a few things that we can implement to help fight the attacks, such as disconnecting the trade engine backend from the Internet,” the company said. “By separating the data center from the Mt. Gox website, we will continue to be able to trade.”

Bitcoin prices are sitting at about $135 per Bitcoin as of this writing. That’s not quite the high of $142 from yesterday but it’s considering the outage and large drop in prices yesterday.

Anonymous photo via Stian Eikeland/Flickr