To survive in the bad ol’ Wild West, you not only had to carry a six-shooter or two, but you also had to be quicker on the draw than your opponent. If his draw was quicker than yours, you were a goner.
If you’re a Bitcoin investor, you had better brush up on your speed because the same can happen to you. From the moment you enter into a Bitcoin transaction, you are in a race against robbers and villains who see your electronic transfer on their computers and try to intercept it before you can collect.
Which of you has the faster computer? Which of you has the faster hands? Do you have a finely tuned eye? Do you even know what to look for?
Flinch just a little and your electronic wallet can end up being shot full of holes.
Last week, we watched as the reincarnated black market drug site Silk Road 2.0 was hacked and $2.7 million worth of Bitcoin was stolen. It was like a train robbery by masked bandits…
The Latest Attacks
It’s hard to say exactly when the latest spree of thefts and attacks across the Bitcoin frontier actually started. But if you look at charts, the BTC price started plunging early on February 6th.
In the eight days following, Bitcoin lost more than 25% of its value on the Bitstamp exchange, where it has fallen from $800 to $600, and more than 58% of its value on the MtGox exchange, where it has fallen from $900 to $375.
If you tried to process any withdrawals from these exchanges over that period, you were out of luck. All withdrawals have been halted due to “mutant transactions,” “Distributed Denial of Service (DDoS) attacks,” “Trojan malware,” “malleability attacks,” and a few other barely understandable terms.
Basically, the Bitcoin system was hacked.
It all boils down to this: “inconsistent results… caused by a denial-of-service attack using transaction malleability to temporarily disrupt balance checking,” Bitstamp exchange administrators stated.
OK. Let’s see if we can get through this without blowing too many gaskets in our brains.
Malleability Attacks
Whenever a Bitcoin transaction is made — a store purchase, a deposit, a withdrawal — that transaction is assigned a unique code of 64 scrambled numbers and letters called a “hash.”
Part of that transaction ID contains the sender’s digital signature, indicating where those Bitcoins came from. The problem with this digital signature, however, is that the Bitcoin system doesn’t check to see if it is properly formatted. All a thief has to do is change the format of the sender’s digital signature, and a whole new transaction ID is created.
Changing the signature’s format doesn’t change the sender’s identity — only the way his/her identity is encoded into the hash.
Once the sender’s signature has been re-written in a different format, the system thinks it’s a new transaction and will produce a new hash. There will now be two completely different hashes for the same transaction. Both hashes contain exactly the same information — same sender, same receiver, same Bitcoin amount. But because the signature is written two different ways, two different IDs are generated.
This is when the race begins to see who can draw the quickest. The thief has to get this second hash verified by the “block chain” first, before the original hash gets verified. (The block chain is a network of computers that posts transactions online for all other computers to see as proof these transactions existed. It’s like a time stamp on an envelope that proves when a letter was mailed.)
If the thief manages to get the second hash posted first (which he can do if he has access to powerful Bitcoin “mining” computers), the system will process the second hash first, and Bitcoins will be transferred from the sender to the receiver.
When the original hash finally shows up on the system, the block chain will notice it bares the same information that was recently processed and will reject the hash. The original hash, therefore, never registers in the system.
All the thief has to do now is go back to the sender and say, “I didn’t receive the Bitcoins you sent me.” When the sender checks the block chain, he’ll be looking for the original hash. He doesn’t know the thief created a second hash bearing the exact same information. Nor does he know the receiver already has the Bitcoins.
Even if the sender notices a withdrawal in the exact same amount has been made under a spurious hash, there is no way the sender can prove that the receiver actually received the coins.
But there’s more… Thieves can also “disrupt balance checking,” Bitstamp informed. They can process multiple withdrawals and prevent the system from checking for sufficient coins.
E-Pickpocketing
We have “e-wallets,” so it’s only logical we should have “e-pickpocketing.” Since last December, hackers have introduced software programs into people’s computers through computer downloads of Bitcoin charts and price data. The programs sit on your hard drive, waiting for you to log in to your Bitcoin wallet or exchange account, capture your password and other data, and forward them to the pick-pockets.
There is also pick-pocketing on a much larger scale, when exchanges themselves are hacked into. Thieves have even hacked into the MtGox exchange, as well as the “den of all thieves” at the new Silk Road 2.0 — the alleged illegal online marketplace where drug and weapon dealers trade their illegal wares under complete anonymity using the untraceable Bitcoin payment system.
Problem? What Problem?
This latest rash of thefts and software attacks over the past two weeks has reignited a firestorm of skepticism and suspicion. This time, it’s more damaging than ever — made so by the acknowledgement that serious “design issues” within the Bitcoin system have been known from the start.
In a BBC interview, Gavin Andresen, chief scientist at the Bitcoin Foundation, stressed, “The issues that MtGox has been experiencing are due to an unfortunate interaction between MtGox’s highly customized wallet software, their customer support procedures, and an obscure — but long-known — quirk in the way transactions are identified and not due to a flaw in the bitcoin protocol.”
If this “quirk” produces unintended consequences resulting in security breaches and the unauthorized altering of data, it’s a flaw. Call it what you want, it’s a flaw.
But what is more disturbing is that insiders acknowledge it has been “long-known.” So you have to ask yourself… if they designed the system to check, re-check, and check again every other piece of data coded into the hash, why skip the checking of the sender’s signature?
Ask yourself this too… who stands to benefit? People send Bitcoin to their exchange accounts too. If the exchange alters the hash, it can collect the coins from its customers under a new hash without having to credit clients’ accounts.
Exchanges can also “claim” to have been hacked by DDoS attacks, erasing untold amounts of Bitcoin from their clients’ accounts without anyone being able to investigate it.
No Sherriff? Get Out of Town
Love it or hate it, regulation is the only thing that will make BTC a viable currency and means of barter. Consider this…
If a large auto manufacturer released a vehicle with a design flaw that was known to them from the beginning but was simply ignored, resulting in loss of or damage to property or even life, what do you think would happen? It would be sued. That’s why they don’t release vehicles with “known” flaws. I say again… “known” flaws.
Not so with Bitcoin. They can’t be sued, and they know it. Is there a quirk in the system? You haven’t received your money? What are you going to do about it?
That’s just it. There is nothing you can do about it. Perhaps all we can do is simply leave this lawless town and put our hard-earned money somewhere else.
Do You Really Need Bitcoin?
Looking at these failed transactions, security breeches, and the subsequent collapse of the Bitcoin price over the past week, we have just one more critical question to ask ourselves: Why do we even need it?
Do you know of any shop — whether at street level or in cyber space — that does not accept cash, debit, credit card, or PayPal? That accepts only Bitcoin and no other form of payment? (Besides Silk Road 2.0. You don’t shop there, do you? Careful how you answer that.)
Is it really worth the volatility, the long wait times for deposits, and the now impossible withdrawals?
Isn’t paying with Bitcoin at your local coffee shop just a symbol or an image? Just a way of saying, “Hey, look everyone. I’m ultra-modern. Watch me as I pay with Bitcoin.”
You might not be so excited about it when you log on to your e-wallet or Bitcoin exchange to find that your BTC have lost 50% of their value over the past two weeks. That is, if you still have any BTC left at all.
Do yourself a favor: Open an investment account with a legitimate, regulated investment firm and store your savings in a well-structured diversified portfolio of growth, value, and dividend stocks.
Yes, your funds will be subject to fluctuations there, too. But you still collect dividends from it, and it will grow over time. Plus, you’ll have legal recourses at your disposal should there ever be a dispute.
Until next time,
Joseph Cafariello for Wealth Daily
