Image: BTC Keychain/Flickr
Bitcoin's hit a string of bad press lately. On top of Charlie Shrem’s arrest and China and Russia banning Bitcoin over money laundering fears, the Bitcoin network got hacked. Within the last couple weeks, three major exchanges froze withdrawals after being hit with DDoS attacks.
The cyberattacks have turned the spotlight on technology itself, forcing top Bitcoin brass to admit that the digital currency is still young and immature. That could be even more troubling for the futurist money than concerns over its contraband roots. So, what the heck just happened and does it mean that Bitcoin is screwed?
The crux of the issue is a software glitch known as transaction malleability. Basically, the bug makes it possible for a hacker to change the cryptographic code of a transaction in between when it's recorded by an exchange to when it hits the Blockchain public ledger.
That means an attacker could launch mutant transactions to make it look like a withdrawal didn't occur when it really did—a big liability for an exchange service. Hackers exploited the vulnerability to wage DDoS attacks against the Mt. Gox, Bitstamp, and BTC-E exchanges.
If you're sitting on a big digital wad of BTC, any bug in the Bitcoin ecosystem's digital code is a pretty scary idea. But notably, the problem doesn't affect the Bitcoin protocol itself, it's only exposed through the transaction network—the software that's moving hundreds of millions of dollars a day.
And here's where things get more complex. Bitcoin developers have known about the transaction malleability glitch since 2011 and have been working to fix it, but they say that the process takes time. So, the Bitcoin Foundation said, the onus is on the exchanges to be prepared for fraudulent transactions by coding their own wallet software responsibility—especially Mt. Gox, where all withdrawals are automatic.
The Bitcoin Foundation explained more of the technical details:
This is exposing bugs in both the reference implementation and some exchange’s software. We (core dev team, developers at the exchanges, and even big mining pools) are creating workarounds and fixes right now. This is a denial-of-service attack; whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming. It’s important to note that DoS attacks do not affect people’s bitcoin wallets or funds.
Users of the reference implementation who are bitten by this bug may see their bitcoins “tied up” in unconfirmed transactions; we need to update the software to fix that bug, so when they upgrade those coins are returned to the wallet and are available to spend again. Only users who make multiple transactions in a short period of time will be affected.
Things got heated when in response to the glitch Mt. Gox threw Bitcoin under the bus, pissing off crypto-enthusiasts something fierce. And thus much of the story around the attacks has been a shit-slinging blame game over the past week. Mt. Gox CEO Mark Karpeles spoke out this morning in an interview with Forbes to respond to the backlash, and explained that the exchange had to create its own Bitcoin implementation system in 2011 to keep up with the unexpected flood of transactions.
And at the end of the day, it's little surprise that technology rushed through to meet explosive growth would eventually show some cracks as it tries to scale. Indeed, CoinDesk had already removed Mt. Gox from the Bitcoin Price Index for failing to meet standards. (As virtual currency expert Sarah Meiklejohn told the New York Times, the hack "just confirms what everyone in the Bitcoin community has known for a while: Don't use Mt. Gox.")
Blame game aside, the attacks are a wake up call for Bitcoiners, and an expensive one at that: In the wake of the attacks the BTC value quickly tanked to as low as $500.
"This is a good reminder that Bitcoin is still young and experimental," Bitcoin Foundation's Gavin Andresen said in a statement Monday. “To help improve both the reference implementation and third-party software, the Foundation is committed to working with companies to produce best practices to help improve software.”
Mt. Gox’s statement on the attacks echoed the warning: "It’s important to remember that Bitcoin is a very new technology and still very much in its early stages.”
The good news is that the attacks didn’t have much of an impact on everyday Bitcoin users—aside from holding up transactions, and of course deflating the value of their digital wallets. If the fallout from the attacks doesn't kill the cryptocurrency and Bitcoin rebounds—like it has before—it’ll be another testimony to the coin’s resilience. Bitcon developers are working now on workarounds and fixes to the software glitch, and expect to be back on track soon.