I find it interesting to see so many people believing that bitcoin is dead because MTGox died.
Listen: MTGox was a flaky, insecure trading platform for Bitcoins, but it isn’t bitcoin.
MTGox was killed by a couple of bots called Willy and Markus, that’s how flaky MTGox was.
However, the death of MTGox along with Ripple, the cryptocurrency alternative that everyone thought viable but now its creator is selling off all of his stake, is creating uncertainties around these virtual currency developments.
For example, there have been many, many, many people making losses with bitcoin (see article reproduced at end of blog post, from The Guardian in March), as well as gains and what this means is that the bitcoin world needs to be regulated to be trusted.
Bitcoin is described as ‘money without government’ by some of the bitcoin fraternity, but I would call that money without control.
Money without control does not last, as it’s money.
People do not like losing money, whether it is real or virtual, as the losses are real either way.
That is why banks are regulated, and why bitcoin will become regulated whether anyone likes it or not.
In fact, it is already moving to regulated status, with so many countries allowing bitcoins to be used as legal tender (countries in green allow bitcoins to be used legally):
… and over time, this will become a movement from an innovation to an incumbent.
That is why the inventor of Netscape and revered Silicon Valley venture capitalist Marc Andreessen thinks that, in twenty years, we’ll talk about Bitcoin like we talk about the internet today.
Whether that’s true or not remains to be seen but, what is 100% certain, is that whatever we are exchanging in twenty years will be regulated and licenced by banks, or an equivalent in the future.
The alternative currency has been plagued by hacks, ponzi schemes and increasingly professional thefts since 2011, explains Alex Hern
Signs on a window advertise a bitcoin ATM machine that has been installed in a Waves Coffee House in Vancouver, British Columbia. Photograph: Andy Clark/Reuters
Sometimes it seems like not a week goes by without news of some bitcoin service getting hacked and losing everything.
Thankfully, such attacks are rarer than that. But given the size of the bitcoin economy, they are still far, far more common than they have any right to be. A look at the history of bitcoin hacks is a look at the history of bitcoin itself, from its beginnings all the way to the genesis of the professionalised second generation of firms we’re seeing now.
In the interests of fairness, we haven’t covered the black market. While the disappearance of sites like Sheep and Silk Road took a lot of bitcoins with them, that says more about what happens if you dabble in drug dealing than cryptocurrencies overall.
It’s not a bitcoin service, but honorary mention has to go to Allinvain, a member of the BitcoinTalk forums who, in June 2011, became the first person to suffer a major loss owing to a bitcoin hack.
25,000 bitcoins were stolen from their wallet after hackers compromised the Windows computer they were using. Even at the time, that sum was worth more than $500,000; it would now be worth a little less than £10m.
The first MtGox hack came a little after Allinvain’s. The company, which at the time had a near-monopoly on the trade between bitcoins and real money, suffered a catastrophic hack just one week later.
An attacker with a Hong Kong IP address compromised an account on the site, and then made a massive sale of bitcoins, causing the price of the currency to drop from $32.00 per coin to mere pennies. Ironically, the hackers themselves didn’t even manage to profit from it; their attempts to withdraw the looted money hit up against Mt Gox’s withdrawal limit of $1000 a day.
That didn’t stop the attack having a catastrophic effect on confidence in the currency. It was 18 months before bitcoin would recover enough to hit the highs it had been at before MtGox’s hack.
Bitcoin Savings and Trust
Following the collapse of the first bitcoin bubble, hacking activity died down for a bit. With bitcoins worth single-digit dollars, there was less motivation to steal them. But in the summer of 2012, one of the biggest – in bitcoin terms – scams ever began to fall apart. And unlike much in the bitcoin world, no hacks were needed, just good old-fashioned fraud.
Bitcoin Savings and Trust was a bitcoin-based Ponzi scheme, that posed as a virtual hedge fund promising to pay high rates of interest to investors. In classic pyramid style, only the first people to invest ever saw those rates of return, as the money of later investors was used to pay off early ones.
The fund was started in November 2011, and by July 2012 users were expressing doubt. But new members carried on joining for another month until August 17th, when Trendon Shavers – the man behind the scheme – announced he was closing it. A year later, the SEC issued a lawsuit against Shavers for running the Ponzi. Over 700,000 bitcoins went through the trust, and Shavers creamed off 150,000 for himself – returning the rest to investors. But only those who got in there early.
At the same time as Bitcoin Savings and Trust was collapsing, a bitcoin exchange was suffering its own legal troubles. Bitcoinica had already been hacked in March 2012, and lost thousands of bitcoins. But the hack wasn’t enough to bring the company down, and Bitcoincia promised that it would pay back users in full. In May that year, the company was hacked again; that time, it was a killing blow. The company closed its website, and promised to refund 50% of customers holdings.
Five months later, that promise still hadn’t been honoured, and four San Franciscan users sued the company for the $460,000 they felt they were owed. It was the second ever US lawsuit involving Bitcoin.
The Bitcoinica story ended unresolved. The company built its service around MtGox, and so, once it shut down in May 2012, the bitcoins it had left stayed dormant in that account while the legal situation was sorted out. Which meant that when MtGox lost all its bitcoins and closed its doors, the Bitcoinica account holders finally lost everything.
The summer of 2012 was a bad time for bitcoin exchanges. BitFloor suffered its own break-in in September, losing 24,000 bitcoins when a hacker “accessed an unencrypted backup of wallet keys“.
The exchange paused operations, with the founder, Roman Shtylman,saying that “I felt it inappropriate to continue operating not having the capability to cover all account balances for BTC at the time.” The company eventually managed to pay most users back, albeit only in dollars.
If there’s one type of bitcoin business which has a bad name, it’s online wallet services. In theory, they let individual users offload the problems of securing their bitcoins to a trusted third party, while also allowing payments to be made easily and lowering the technical know-how required to get and store the currency.
In practice, they are the most tempting target for hackers in the entire ecosystem. Since they don’t interact with the traditional banking system to the same degree as bitcoin exchanges, the barrier to entry is far lower, presenting no shortage of potential opportunities.
Inputs.io was one such service. In two hacks in late October 2013, the company lost 4,100 bitcoins, worth over $1m at the time. (At current prices they would be worth $2.5m). The site’s founder, known as TradeFortress, announced the hacks – and subsequent closure of the site – in a post headlined “:(“. He subsequently recommended against anyone using services like his: “Please don’t store Bitcoins on an internet connected device, regardless of [if] it is your own or a service’s.”
That advice leads to its own problems: if users aren’t storing their bitcoins – or, more accurately, the private key to their bitcoins – on an internet connected device, spending their money becomes difficult.
A few weeks after Inputs.io, another wallet service was hacked. BIPS lost 1,295 bitcoin from its own accounts, as well as money from “several” consumer wallets. The company disclosed the theft rather quicker than Inputs.io did, but still waited 11 days from the first hack attempt to finally telling customers that they had lost money.
In that time, the value of the stolen bitcoins rose from $650,000 to over $1m – though by the end of December, the third bitcoin bubble had popped, and the value had fallen back down to $690,000.
Even niche bitcoin firms aren’t immune. Picostocks is an attempt to become one of the first bitcoin stock markets. Although it currently has just four companies trading on it – one of which is Picostocks itself – that didn’t stop hackers making off with 6000 BTC in late November 2013.
The company announced the loss on Reddit, and confirmed it would be offline for a week (a “:-(“ emoticon ended the message). Impressively, it survived the loss, worth almost $6m at the time and is still trading today.
Bitcoins are created by “mining” for them, a computationally intensive task which involves deliberately wasting processing power to prove that you aren’t an attacker bent on cheating the network. Cointerra makes hardware specifically for mining: they currently sell a $6000 computer can do the required tasks 6 trillion times a second. That could earn up to $50,000 a month – but such an investment is speculating, not only on the price of Bitcoin, but also on the number of other people trying to mine for bitcoins. Of course, you have to pay for electricity as well. The box is rated for around 2100W of power – equivalent to running an electric kettle all day every day. And it puts off that much heat as well, so try not to keep it somewhere too hot.
But making the hardware which powers the very backbone of bitcoin didn’t stop Cointerra’s email servers from getting hacked in early February. The company takes bitcoin for payments, naturally, but only through a third party company, meaning that its money was never at risk, but the firm had to warn customers to be wary of phishing attempts. “If you have placed an order and paid via bitcoin since 31 January and have been contacted via email by any person purporting to be a CoinTerra representative offering to discount your order… please contact us immediately,” the firm warned customers.
Mt Gox, part two
On February 24, MtGox closed its website and announced that it had been hacked, again. This time, it had lost everything: the sum total of its bitcoin holdings were just 2000BTC, according to a leaked crisis document, while it owed customers around 750,000BTC. It was £284m in the hole.
The immediate reaction of some was hope. Not for the money lost in the Mt Gox collapse, which represented 7% of all bitcoins in existence (for comparison, 7% of all pound notes is somewhere in the order of £4bn). That seems to be gone forever. Instead, there’s hope that it can signal the beginning of a new age for the currency, one which takes it away from hacking, crime and fly-by-night businesses and towards the professionalism of venture-backed startups like Coinbase and Bitpay, two of the most respected firms in the area.
But is that hope misplaced?
Flexcoin, Poloniex, Bitcurex & Canadian Bitcoins
The week after MtGox’s closure two more bitcoin businesses shut their doors after hacking. They even announced the news on the same day. Flexcoin, a bitcoin bank, lost almost 1000 bitcoins in a hacking attack, while bitcoin exchange Poloniex admitted that 12.3% of its reserves had been stolen due to an unbelievable error in coding (the site failed to check whether users had a negative balance, letting them withdraw more bitcoins than they had).
This week, Bitcurex, a Polish bitcoin exchange, closed its doors temporarily after a hack brought down its Zloty and Euro exchanges. The company lost “between 10 and 20%” of funds, according to a statement, but plans to re-open shortly.
And just today, Canadian Bitcoins, a Canadian bitcoin exchange, revealed it had lost almost $100,000 in the currency when a fraudster opened a chat session with the exchange’s hosting provider. “He claimed to have a problem with a server and asked the attendant to reboot it into recovery mode, allowing him to bypass security on the server,” according to the Ottawa Citizen. At no point in the two-hour session was he asked to prove his identity.
It may be that we’re just seeing the last gasps of the old bitcoin infrastructure, held together with glue and hope by coders who threw it together in a lunch break. But there is little doubt that the history of the currency to date can be told in its hacks.
Simon Taylor says
The trick will be baking the regulation into the protocol itself. Bitcoin is a fundamental shift in capability of technology. Cryptographically secure transactions on a consensus model that is verified by every node in the network should be hugely attractive to the financial services industry.
There’s a bitcoin ATM now in Old Street. Not that you can really use it for much.
The attacks typically come from one of two main flaws
1) A centralise exchange that stores Bitcoins on it’s exchange and does not protect its private key
2) Any wallet that doesn’t protect the private key
Ask any cryptographer. The whole point of PCI-DSS and Code of Connection is to prove you will protect your keys, because it’s a magic number that allows you free and unfettered access.
With any new technology it’s usually smut or crime that uses it best / first. Just look at the early days of the internet.
Still – I think people have confused entities that use the Bitcoin Protocol to hold Bitcoin (Mt Gox was a bank of bitcoins effectively) and the protocol itself.
The protocol is only as good as its users and it’s users are simply not trained to use and manage private keys. Which is where services like onename.io come in.
Also Satoshi’s original paper involved three things
1) He wanted to create a new way to ensure transactions between entities were valid. To do this he needed a consensus ledger or database where every node would validate a transaction. We call this the blockchain. Bitcoin has a blockchain, but it’s not the only one. You don’t need a coin to have a blockchain but…
2) Adding blocks to the “chain” takes a lot of time. In order to reach consensus you have to have a proof of work algorithm that is very difficult (hence Bitcoin’s difficulty rating system). To reward the people who gave up significant electricity and computing cycles for doing this work for the network he issued a “coin”. The coin’s value represents a commodity forged in electricity and that correlates roughly with the volume of transactions in the Bitcoin network
3) The bit he never released – A turing complete programming language. Creating your own coin is incredibly hard as is extracting any value from the Bitcoin (or Altcoin) ecosystem. You can do some real damage with a turing complete programming language so Satoshi decided his experiment in crptography didn’t need such a thing. This mantle has been picked up by the guys at http://www.ethereum.org – who are about the most interesting thing I’ve seen since early 1990s Internet protocols…
We’re definitely seeing the next wave of VC companies like circle and coinbase making this technology more mainstream. Still a bank of bitcoin is useless if I can’t get paid in it, or spend it anyway.
Which is why the underlying technology interests me much more than the currency aspect. Bitcoin is like gold. It’s an asset that represents the value related to its scarcity, difficulty to attain and perceived value.
Exchanges like Ripple are one time use cases for the blockchain technology. I liken blockchain development today to coding in assembler and what Ethereum are developing is C++.
The best article I’ve read on the subject:
Note the London Bitcoin meetup is on the 5th June at Google Campus, the Next Ethereum meetup is at The Escalator on Mile End Road on 13th June. If you can make it, it’s time well spent around these guys.
The Blockchain concept itself has tremendous potential. If all of my data is hiding in plain sight and only accessible using my private key, that I own and control you solve a lot of data privacy issues and unlock a lot of advertising use cases in banking that are held back by those issues.
A consensus ledger works on the principle that you can fool some of the network, some of the time, but you can’t fool all of the network, all of the time. The only way you could is if you ran 51% of that network. Which when you consider Amazon makes up less than 1% of CPU power on the internet would be pretty hard!
You also move to having no single point of failure… and once you get into autonomous corporations things get really interesting.
I know lawyers that are looking at how you’d have contracts that exist on a blockchain to automate the most basic types of lawyer based contract… I could introduce you to them later today 🙂
Well, that’s a red rag to a nerd. None of those countries in green have Bitcoin has “legal tender”. Legal tender has a very precise and limited meaning. Here’s something I wrote about it a few years ago
+10 awesome points for red rag to a nerd comment
-10 points for being a Man City fan