Are the end-times coming to Bitcoin? Putting aside the wild rides in valuation, the last few days have seen the three top exchanges halting withdrawals, a reported heist of $2.7 million, and the exploitation of a flaw in the Bitcoin protocol.
Silk Road 2.0, a black market drug-trading site based on untraceable Bitcoins, reports that 4,474 Bitcoins, valued at about $2.7 million, have been stolen from the site. The virtual currency is encrypted computer code that is stored in a virtual wallet, and only a limited number of Bitcoins are created.
The site’s administrator, who goes by the name of Defcon, posted that “a vendor exploited a recently discovered vulnerability in the Bitcoin protocol known as ‘transaction malleability’ to repeatedly withdraw coins from our system until it was completely empty.” The coins were apparently stored onsite in escrow.
The flaw in the Bitcoin protocol enables an attacker to hide the transaction ID and repeatedly request a transfer of the pseudo-currency. Silk Road 2.0 used the transaction ID as the sole transaction confirmation, but the flaw was reportedly made public in 2011. The site is the successor to the original Silk Road, which the FBI shut down last year.
The three biggest Bitcoin exchanges — BitStamp, Mt. Gox and BTC-e — all halted trading temporarily in the last few days. BitStamp and Mt. Gox account for more than half of all traded Bitcoins.
‘In its infancy’
On Tuesday, Slovenia-based BitStamp, the largest Bitcoin exchange, stopped customer withdrawals after saying it was under a denial-of-service attack, which it said caused “inconsistent results reported by our Bitcoin wallet.”
The attack, the exchange said, was “made possible by some misunderstandings in Bitcoin wallet implementations,” apparently related to the same protocol flaw that Silk Road encountered. BTC-e, a Bulgaria-based exchange, also stopped trading temporarily this week. Both BitStamp and BTC-e have said they will resume trading today.
Last Friday, Mt. Gox issued a temporary ban on Bitcoin withdrawals.
The Tokyo-based exchange issued a statement that “a bug in the Bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of Bitcoins to a Bitcoin wallet did not occur when in fact it did occur.”
Mt. Gox chief executive Mark Karpeles said Thursday that there was a mismatch between the exchange’s customized Bitcoin wallet and the updates coming from the Bitcoin Foundation. The Bitcoin Foundation has disputed that assertion.
Some Bitcoin-watchers have pointed to a whole range of issues with Mt. Gox in particular and the Bitcoin system in general.
Micky Malka, a venture capitalist, told Reuters this week that “Bitcoin is still an experimental protocol in its infancy.” He added that “no one should be investing an amount they cannot afford to lose.”
Malka, by the way, is a board member of the Bitcoin Foundation.