Bitcoin Box

Ads

The Bitcoin Security Challenge, Part I

author: Vitalik Buterin
published: 2011-06-23 19:08:36 UTC

Within two weeks of Bitcoin's sudden rise to new heights of popularity, Bitcoin has also begun to attract attention from certain less savory elements of society. No, I am not referring to people selling psychoactive substances that some governments do not approve of, or even the possibility of the Eastern European criminal underground using Bitcoin for their own purposes. There new individuals are the black-hat computer hackers intent on attacking Bitcoin users themselves. Here is an overview of what we have seen so far:

• A Bitcoin-stealing Trojan has appeared, which attempts to steal Bitcoin wallets. There are also social engineering tactics being employed against Bitcoin users, such as a wallet inspector site which "verifies" your Bitcoin wallet, uploading it to the scammer (this particular one may or may not be a joke, but regardless this is a strategy that members of the mainstream public will be highly susceptible to in the future).
• A bitcoin user had his computer compromised and 25000 BTC stolen from his wallet.
• A CSRF vulnerability was found on the MtGox website, although the bugs in question, once brought to the public's attention, were quickly fixed. One forum post also reported an SQL vulnerability. There is plenty of disagreement over the extent of these vulnerabilities, with MtGox claiming that the damage was minimal, and others claiming that their own accounts were stolen from. Similar vulnerabilities were quickly discovered in a whole host of Bitcoin-related sites.
• A financial auditor hired by MtGox was compromised, leading to the leakage of a large database of account usernames, emails and unsalted hashed passwords, which can often be converted into the passwords themselves through a lookup table. One of the compromised accounts contained a very large number of bitcoins, and hundreds of thousands of BTC were immediately sold on the market, sending the price crashing down to 0.01 BTC. Someone managed to put in a 250000 BTC buy order at a very low price during the selloff, and then immediately withdrew 643 BTC, the daily limit at the time imposed by MtGox. Many are suspicious about the veracity of this story, and some are suggesting that the buyer and the hacker are the same person or working together.
• Naturally, thanks to Tradehill's viral marketing referral code system, many are aggressively proselytizing Tradehill and providing links with their referral code in an attempt to get a portion of the commission from all the accounts that sign up through their links, using the leaked MtGox database emails to increase the size of their audience. Tradehill has distanced itself from these activities, saying that they "cannot condone using stolen information to promote TradeHill".
• Ubitex accidentally released the emails of all 117 of its customers by sending a message (ironically a warning about MtGox's security issues) with the email addresses visible in the CC field.

Technology review has called Bitcoin "an insecure economy built on a super secure currency", and this comment does accurately reflect the current state of Bitcoin security. It is widely known that MtGox originally stood for "Magic the Gathering Online eXchange", and a site originally intended for trading Magic cards is now, with some parts of the code minimally altered, serving as the center of an economy with a $60 million market capitalization. Other Bitcoin-related sites are, as we have seen, even less secure.

It is important to keep in mind that Bitcoin rose from obscurity into the center of the tech media over the course of merely a month, and the infrastructure has not had time to mature to keep up with the now much larger audience, but this is not an excuse for the state of Bitcoin security. People, including Bitcoin Box ourselves, have been complaining about this issue for months. If Bitcoin will, as its proponents hope, grow to become a significant force in the world market, this will not be the last or even the second last of its growth spurts, so Bitcoin security can no longer afford to be reactive and must instead be proactive. Bitcoin site operators must now prepare themselves for assaults not only by individual hackers with trojans and internet scripting vulnerabilities, but also by million-computer botnets and powerful underground organizations, potentially including those supported by hostile governments.

It is also important to keep in mind that Bitcoin itself has survived the crisis unscathed. Some consider the crisis evidence that Bitcoin is not resilient, and some even see this as the end of Bitcoin - the image of Bitcoin's "value" plummetting to 0.01 USD is being reposted on dozens of anti-Bitcoin articles as a symbol of doom and gloom for the currency, but there is a distinction between the institutions based on Bitcoin and Bitcoin itself. It is worth reiterating Technology Review's comment: "an insecure economy built on a super secure currency". The issue is that the Bitcoin economy has grown too centralized, with store prices being based directly on the MtGox exchange rate, and the perceived value of Bitcoin is also far too closely based on the exchange rate. Hopefully the crisis will convince stores to base their prices off of more stable markers, such as an average across multiple markets or a 7-day moving average, stabilizing the market, and perhaps even convince Bitcoin owners to see themselves as owning the potential to buy not only USD but also actual products. If this happens, then the greatest vulnerability of the Bitcoin economy, the centralization around MtGox, will be, if not removed, at least mitigated, and Bitcoin will grow out of the crisis stronger than before. And the market realizes this: the value of Bitcoin on other exchanges is staying stable at $12-$16 throughout the crisis, which clearly shows that Bitcoin is, despite the opinions of Doug Casey, a durable store of value - Casey himself was misled by the MtGox value plunging to 0.01, but Bitcoin clearly has value not just on a computer screen but also in the minds of its users, and that's what matters.

The security situation with Bitcoin is improving: there is a pull request for the Bitcoin wallet to be encrypted and require a passphrase to access. There is also the possibility of storing bitcoins in an online account at MyBitcoin or InstaWallet, although the security policies of these sites are unknown (edit: since the original writing, MyBitcoin has described their security policies in detail). There will be more secure options available, for those willing to give up control over their own wallets in exchange for peace of mind. "The big difference here is that people will have a real option," Patrick Strateman says. "Everyone has the options offered by the old system, plus they have new options as well. Even if many users turn to bank-like organizations to keep their bitcoins safe, it will still be possible to use the less controlled (if riskier) methods that prevail today". MtGox and some other exchanges are willing to work with governments to police the Bitcoin economy, and on top of cryptographic security (which, to partially exonerate MtGox, is not much better in the conventional economy) we may see some traditional regulatory protection. Bitcoin users are not forced to interact with the government; regardless of what any Bitcoin business does, the currency itself still has the option of pseudonymity and near-untraceability. Ideas to improve the state of Bitcoin security have existed for a long time, but what is important is that they are finally gaining traction. Hopefully, the Bitcoin community has learned its lesson, and will work hard to establish standards for security that respect the fact that once a criminal steals some Bitcoins he can immediately launder and disappear with them - standards much higher than even those used in the conventional financial world.

The next part of this series will discuss in detail the human element in Bitcoin security.

Random Articles

blog comments powered by Disqus