Hackers cripple bitcoin exchanges

Breach affects major digital currency firms' ability to process withdrawals

PUBLISHED : Thursday, 13 February, 2014, 12:15am
UPDATED : Thursday, 13 February, 2014, 7:49am

Bitcoin exchanges have been crippled by hackers exploiting a weakness in the digital currency's core network.

The biggest breach affected the ability of several major digital currency companies to process withdrawals, halting or suspending the process.

No individual or group has claimed responsibility for the distributed denial-of-service (DDoS) attack, which overwhelms websites with requests for data.

"This went from an isolated exercise that was happening to a single exchange to a relatively broad-based attack," said Andreas Antonopoulos, chief security officer of digital wallet provider Blockchain.

Antonopoulos, who first made the discovery, was not sure how many were involved in the attack or where it originated.

Top exchanges Bitstamp and BTC-e, which control more than half of bitcoin transactions, suspended or delayed withdrawals as trading platforms stepped up checks and inspections on order books.

Bitcoin prices at both companies fell, resulting in the virtual currency's value dropping by more than US$100, to its lowest for the year. The benchmark Coindesk price index slumped to US$652.93 at 10pm last night.

A smaller hacking of the Japan-based Mt Gox exchange last April saw the price fall US$20 to US$120.

London-based exchange Bitstamp said a denial-of-service attack had left it unable to check account balances.

"As such, Bitcoin withdrawal and deposit processing will be suspended temporarily until a software fix is issued," the company said.

On Monday, Mt Gox revealed it had been hit with "unusual activity" related to transaction malleability - a characteristic of the bitcoin protocol that allows transaction IDs to change - which affected all exchanges.

"You can't change where the money has come from," Antonopoulos said, trying to explain how the hackers penetrated bitcoin exchanges. "What you can do is make it appear like it's a different transaction and when a network sees that, it tries to ignore one and only process the other, and that causes confusion."

He said customer funds and exchanges were not at risk.

Lo Ken-bon, chief executive and co-founder of Hong Kong-based exchange Asia Nexgen, which has not been affected, said discussions were being held among exchanges to address the situation.

"Everybody needs to fix their networks," Lo said. "Hackers are attacking the infrastructure but you have to find a way to prevent or re-route around the problem."

Jeff Garzik, a bitcoin software developer, told Bloomberg some websites, as well as users of bitcoin wallet software, would have to update their programs to prevent attacks.

Popular wallet service Coinbase - which raised US$30 million from investors last year - said customers faced delays to "legitimate" transactions.

Garrick Hileman, an economic historian at the London School of Economics, said: "The current co-ordinated DDoS attack on exchanges appears to be more potent than past ones, and certainly the timing of this attack, which exploits the transaction malleability problem Mt Gox cited yesterday, is peculiar."