'Bitcoin exchange halts withdrawals after cyber-attack' diff viewer (0/1)

This article is from the source 'bbc' and was first published or seen on February 12, 2014 14:06 (UTC). It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.bbc.co.uk/news/technology-26155157

The article has changed 2 times. There is an RSS feed of changes available.

Previous version 1 Next version

Previous version 1 Next version

Version 0	Version 1
Bitcoin exchange halts withdrawals after cyber-attack	Bitcoin exchange halts withdrawals after cyber-attack
2014-02-12 14:10:12 UTC	2014-02-12 14:45:06 UTC (35 minutes later)
Bitstamp - one of the world's largest Bitcoin exchanges - has halted withdrawals after coming under cyber-attack.	Bitstamp - one of the world's largest Bitcoin exchanges - has halted withdrawals after coming under cyber-attack.
The Slovenia-based firm said the culprits had exploited a bug in the virtual currency's underlying software to carry out the assault.	The Slovenia-based firm said the culprits had exploited a bug in the virtual currency's underlying software to carry out the assault.
It is the second exchange to suspend operations. Tokyo's MtGox took a similar measure on Friday.	It is the second exchange to suspend operations. Tokyo's MtGox took a similar measure on Friday.
A third, Bulgaria's BTC-e, has warned that some transactions may be delayed.	A third, Bulgaria's BTC-e, has warned that some transactions may be delayed.
Like Bitstamp, it cited a denial-of-service (DoS) attack as the cause.	Like Bitstamp, it cited a denial-of-service (DoS) attack as the cause.
The Bitcoin Foundation - a group of developers who maintain and promote the cryptographic code on which the currency relies - said that it was creating workarounds and fixes to tackle the issue.	The Bitcoin Foundation - a group of developers who maintain and promote the cryptographic code on which the currency relies - said that it was creating workarounds and fixes to tackle the issue.
It added that people who had funds stored with the affected exchanges should know that their savings were safe, albeit "tied up" for the time being.	It added that people who had funds stored with the affected exchanges should know that their savings were safe, albeit "tied up" for the time being.
"This is a denial-of-service attack; whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming," wrote Gavin Andresen, chief scientist at the foundation.	"This is a denial-of-service attack; whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming," wrote Gavin Andresen, chief scientist at the foundation.
"It's important to note that DoS attacks do not affect people's Bitcoin wallets or funds."	"It's important to note that DoS attacks do not affect people's Bitcoin wallets or funds."
Mutated IDs	Mutated IDs
The cause of the problem is an issue called transaction malleability.	The cause of the problem is an issue called transaction malleability.
It involves someone changing the cryptographic code - known as a transaction hash - used to create an ID for the exchange of funds before it is recorded in the blockchain - a database of every transaction carried out in the currency.	It involves someone changing the cryptographic code - known as a transaction hash - used to create an ID for the exchange of funds before it is recorded in the blockchain - a database of every transaction carried out in the currency.
On Monday, MtGox had suggested that this technique could be used to fool its systems into repeatedly making a payout because it would seem that it had not occurred.	On Monday, MtGox had suggested that this technique could be used to fool its systems into repeatedly making a payout because it would seem that it had not occurred.
The Bitcoin Foundation's initial response was that transaction malleability had been known about since 2011, and that MtGox should have prepared for this when developing its own customised software, which was now proving vulnerable.	The Bitcoin Foundation's initial response was that transaction malleability had been known about since 2011, and that MtGox should have prepared for this when developing its own customised software, which was now proving vulnerable.
"This is something that cannot be corrected overnight," wrote Mr Andresen.	"This is something that cannot be corrected overnight," wrote Mr Andresen.
But while other exchanges are not complaining about the risk of making unauthorised payouts, it appears their systems can become overwhelmed if they receive too many "mutated versions" of the transaction IDs.	But while other exchanges are not complaining about the risk of making unauthorised payouts, it appears their systems can become overwhelmed if they receive too many "mutated versions" of the transaction IDs.
"This is a denial-of-service attack made possible by some misunderstandings in Bitcoin wallet implementations," said Bitstamp's blog.	"This is a denial-of-service attack made possible by some misunderstandings in Bitcoin wallet implementations," said Bitstamp's blog.
"These misunderstandings have simple solutions that are being implemented as we speak, and we're confident everything will be back to normal shortly."	"These misunderstandings have simple solutions that are being implemented as we speak, and we're confident everything will be back to normal shortly."
The Bitcoin Foundation now says its members and developers from a number of exchanges are working "collectively and collaboratively" to tackle the problem and allow withdrawals to resume.	The Bitcoin Foundation now says its members and developers from a number of exchanges are working "collectively and collaboratively" to tackle the problem and allow withdrawals to resume.
'Wake-up call'	'Wake-up call'
One bitcoin is currently trading for about $665 (£402). That is well below the $830 level it was at last Thursday, reflecting investors' concern at the news.	One bitcoin is currently trading for about $665 (£402). That is well below the $830 level it was at last Thursday, reflecting investors' concern at the news.
However, one expert said the virtual currency should emerge from the attacks more robust than before.	However, one expert said the virtual currency should emerge from the attacks more robust than before.
"Obviously it's a bit more serious than was initially thought - it was originally believed that it was just a problem at MtGox because of the way they had set up their systems," Emily Spaven, editor of the news site Coindesk, told the BBC.	"Obviously it's a bit more serious than was initially thought - it was originally believed that it was just a problem at MtGox because of the way they had set up their systems," Emily Spaven, editor of the news site Coindesk, told the BBC.
~~"But~~ ~~the~~ ~~wider~~ view from developers is that it ~~will~~ be ~~resolved~~ in the ~~next~~ 48 to 72 ~~hours.~~	"The view from developers is that the exchanges should be processing bitcoin withdrawals again within 48-72 hours, though the wider issue of transaction malleability will take longer to address.
~~"It's been a bit of a wake-up call to get this issue ~~fixed~~ ~~straight~~ ~~away.~~ I suppose they previously thought it wasn't that big a deal."~~	"It's been a bit of a wake-up call to get this issue fixed. I suppose they previously thought it wasn't that big a deal."