Huge Bitcoin sell off due to a compromised account - rollback
The bitcoin will be back to around 17.5$/BTC after we rollback all trades that have happened after the huge Bitcoin sale that happened on June 20th near 3:00am (JST).
Service should be back by June 20th 10:00am (JST, 01:00am GMT) with all the trades reversed and accounts available.
One account with a lot of coins was compromised and whoever stole it (using a HK based IP to login) first sold all the coins in there, to buy those again just after, and then tried to withdraw the coins. The $1000/day withdraw limit was active for this account and the hacker could only get out with $1000 worth of coins.
Apart from this no account was compromised, and nothing was lost. Due to the large impact this had on the Bitcoin market, we will rollback every trade which happened since the big sale, and ensure this account is secure before opening access again.
I'm interested in the fact that they can do a rollback... is that just a rollback of their transaction log? Are they buffering transactions for a significant period before submitting them back to the network?
Trades are internal to Mt. Gox until you withdraw your money either as bitcoins or as USD. The compromised account had a $1000 per day withdraw limit, so the thief could only withdraw $1000 after selling all those coins. The rest of the cash is still within Mt. Gox, and therefore the state of the Mt. Gox DB can be rolled back to before all the coins were sold.
which makes me think mtgox got very lucky. I mean the hacker could overcome $1000 limit a day (roughly 80 bitcoins) by creating thousands of bogus accounts, putting on the market bid orders at $0.01 in all accounts, drive the market to the bottom like he did to fill his orders and quickly transfer 80 bitcoins from each account out of the exchange. he could get away with bitcoins worth of millions irreversibly and completely anonymously.
The 1000 USD is relative to the current price I suppose. So if I have access to an account with 500K bitcoins and I sell 400K bitcoins so that the price drops to 0.01 (like it did), and then I transfer the 100K bitcoin left in the account to my bitcoin address(and I can with the driven down exchange price) when the price goes back up I would have made a killing.
If you trust the Mt. Gox folks, they're now claiming that there was no server hack, just a database copy that some consultant had that got stolen.
If you trust what they're saying, which might be questionable since their business is pretty much going up in flames at the moment, so they are probably desperate to make things appear better than they are...
I hope for their sake that they actually have enough USD and BTC on hand to deal with the mass withdrawals that are coming...
My understanding is that he actually withdrawn BTCs after buying them back - presumably he was not really prepared to all this and only made the hack by accident. Withdrawing dollars would be harder - because he'd need to transfer them via standard banking systems, that takes days and could be stopped on the way and also be much harder to hide traces to the real identity of the hacker. During his buy back operation the price was back around $14 - and this price was used for the $1000 daily withdraw limit - reinforcing the notion that he did not prepare the attack at all.
[Update - 2:06 GMT] What we know and what is being done.
* It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked.
* Two months ago we migrated from MD5 hashing to freeBSD MD5 salted hashing. The unsalted user accounts in the wild are ones that haven't been accessed in over 2 months and are considered idle. Once we are back up we will have implemented SHA-512 multi-iteration salted hashing and all users will be required to update to a new strong password.
* We have been working with Google to ensure any gmail accounts associated with Mt.Gox user accounts have been locked and need to be reverified.
* Mt.Gox will continue to be offline as we continue our investigation, at this time we are pushing it to 8:00am GMT.
* When Mt.Gox comes back online, we will be putting all users through a new security measure to authenticate the users. This will be a mix of matching the last IP address that accessed the account, verifying their email address, account name and old password. Users will then be prompted to enter in a new strong password.
* Once Mt.Gox is back online, trades 218869~222470 will be reverted.
I for one certainly wouldn't be going back. [MD5] is enough to tell me they only half heartedly care about securing user data, no matter how many buzz words they throw in now.
Yes, I was also worried when I saw the suspicious activity flag had been tripped on my acct., but apparently that doesn't actually mean that anyone actually tried anything, just that our e-mails appeared in the list.
Luckily I never reuse passwords for important stuff like e-mail or anything that touches money...
mtgox acts like a central authority. basically all these trades were happening in mysql database within the exchange between internal accounts, there were no actual bitcoin transactions.
Due to some US law, they restrict withdrawals to $1000/day. That includes bitcoins. Presumably, they do that to make sure they are well within the law.
Yeah, but my guess is that not many people managed to withdraw them because of the stability problems the site had/have. Mt.Gox will probably have some losses, but not that high I think.
So if you had already done a legitimate trade it's gone? "Sorry you made some money there, but someone else got affect by something else, so we've undone that". So much for "There are no chargebacks on BitCoin"
I don't understand all the anger at the idea of rolling-back. Hasn't anybody trading bitcoins been watching how major equities exchanges have worked for decades?
Take the flash-crash last year. Yes, if you were a lucky one who bought GE at $3/share then hell yes you wanted that trade to count.
But to have an exchange it takes everybody acting in the interest of the group as well as themselves. The value to that over purely selfish motivations is that it creates a liquid market which benefits everybody involved.
Part of this is the acceptance of situations like this. In cases of attack or software defect, the only real viable option is to rollback. The only people this hurts are the 1% who tried to profiteer on the situation. Not rolling back would harm the other 99%. It's an easy call.
The only real tragedy would be if they cannot rollback accurately. You'd think this wouldn't be possible, but you never know... It seems as tho this site has had a known CSRF bugs for a while. This is not a hard thing to fix. It doesn't shine well upon their competence.
Just to be clear, I'm not taking a position, only asking a question: how does the exchange layer affect the fundamental goals of bitcoin, esp. the notion that no centralized authority controls monetary policy?
In principle, it doesn't affect that goal. An exchange doesn't control monetary policy, i.e., it doesn't set interest rates or increase the quantity of currency.
Of course, an exchange can affect the value of the products it is trading. Since Mt. Gox is the biggest bitcoin exchange, if a vulnerability is found then people might stop trading there, decreasing the liquidity and consequently the value of bitcoin. But this doesn't contradict the goal you mention.
As an analogy, if company ACME only trades on Nasdaq and there's a system problem with Nasdaq, some people will be scrambling to get rid of their ACME stocks so ACME's price will go down. That doesn't mean that the exchange controls the price of ACME.
But if MtGox's technical failure effectively took USD$120M of bitcoins offline, then MtGox has reduced the supply of BTC for some period of time, no? I understand that exchanges are secondary markets, but they seem to be contrary to the philosophy of no centralized control over supply/demand. I always understood bitcoin to be a per-transaction, ad hoc currency – not an exchange-traded commodity. Of course, people are free to do whatever they want with their stuff...
Edit: I realized after posting that I called bitcoin a "currency" above. I realize that it's a controversial position, but my feeling is that, as a medium of exchange, it qualifies a currency.
Well this is trading through an intermediary, you can't really expect it to work that way otherwise something like this would have a lot more incentive for wrongdoers.
If you really want to have no chargebacks you have to go the harder route of one on one trading, with everything that comes along with that.
When designing a system like this you have to have a veil of ignorance. There may from time to time be attacks or defects that mean some people lose a lot of money while others gain some. Not knowing which will happen to you, how would you want the system to work?
You don't understand. There is a difference between the currency and the exchange. The exchange stores the trades internally without actually doing any bitcoin transactions until the time of withdrawal.