After reaching a new all-time high just three weeks ago, the Bitcoin ecosystem has since weathered a security breach and a software “glitch” that resulted in what some have labeled a “flash crash.”
Hackers were able to swindle $12,480 worth of bitcoins from BitInstant, a company that manages Bitcoin transfers. The attack knocked the firm offline over the weekend. Meanwhile, a glitch in the Bitcoin transactions blockchain saw the digital currency’s value tumble 23 percent. It’s a familiar tale of fear, uncertainty, and doubt for Bitcoin, which remains in the nascent stages of development and adoption. Two years ago, fears spawned from multiple security breaches prompted its value to tumble below $2.
This time around, however, Bitcoin has maintained its value. The hacker story was largely ignored in the markets and while the glitch caused a temporary plummet back into the 30s, it bounced back almost immediately. One BTC can currently get you $47.25 worth of USD on the MtGox exchange with a 30-day average of $35.76. A sign of newfound resiliency?
Security is clearly an ongoing concern, especially when so much money is involved, but recent hacks are more a reflection of an inexperienced ecosystem rather than an underlying issue. The BitInstant heist, for instance, was a classic case of social engineering, an issue that plagues organizations at all levels.
The “hackers” were able to obtain control over BitInstant’s Domain Name Service through its DNS provider, Site5. “Armed with knowledge of my place of birth and mother’s maiden name alone (both facts easy to locate on the public record) they convinced Site5 staff to add their email address to the account and make it the primary login,” BitInstant explained in a blog post detailing the theft. With DNS access, they were able to take control of BitInstant’s email. A password reset later, the thieves were able to empty BitInstant’s account on Bitcoin exchange Virwox.
All of this could have been avoided if BitInstant had used 2-step verification, a security feature Virwox offers. We can only assume that they do now, given the costly lesson. But that’s less a Bitcoin problem than it is a general problem when dealing in an online world. 2-step verification has been available on Google since 2011 yet only a tiny fraction of users actually use it, the company concedes. The Federal Trade Commission released its annual list of top categories of consumer complaints received by the agency in February and identity theft topped the list of complaints for the 13th year in a row.
From a Bitcoin perspective, credibility must be earned and over time, the successful Bitcoin companies will be the ones who take security seriously and have a great track record. For those who own bitcoins, it will be their responsibility to keep them safe, like you would do with any of your valuables. After all, they're worth a lot of money now. That will only get easier and safer over time. In terms of its developmental cycle, it's still the Wild West for Bitcoin and during the real Wild West, banks (and individuals) were robbed too.
The software glitch is more worrying since its an issue that's uniquely Bitcoin. Ars Technica does an able job explaining what went down.
The core of the Bitcoin network is a shared transaction register known as the blockchain. Approximately every 10 minutes, a new block is created containing a record of all Bitcoin transactions that occurred since the previous block. Nodes in the network, known as miners, race to "discover" this next block by solving a cryptographic puzzle. The winner of this race announces the new block to the other nodes. The other nodes verify that it complies with all the rules of the Bitcoin protocol and then accepts it as the next official entry in the block chain, starting the race anew.
It's essential for all miners to enforce exactly the same rules about what counts as a valid block. If a client announces a block that half the network accepts and the other half rejects, the result could be a fork in the network. Different nodes could disagree about which transactions have occurred, potentially producing chaos.
That's what happened on Monday evening. A block was produced that the latest version of the Bitcoin software, version 0.8, recognized as valid but that nodes still running version 0.7 or earlier rejected.
The problem was ultimately “minor,” as Bitcoin developer and Avalon founder Yifu Guo described to me. (Avalon recently shipped the world’s first ASIC-based Bitcoin miners.) As soon as the incident arose, a fix was proposed in minutes. While this may inspire confidence in the ability of Bitcoin’s tight-knit community of developers, it also highlights one of the movements key issues.
More than a technical problem, it’s an organizational one. As Guo concedes, “there really isn’t a quality assurance department.” For Bitcoin, it’s also a philosophical dilemma. Given the project’s open source, decentralized ideals, no one is technically in charge. How the community ends up dealing with these kinds of issues and incorporating key failsafes like quality assurance will determine the success of Bitcoin’s future. For now, markets don’t seem to mind as demand still well outstrips supply, fueling the peer-to-peer cryptocurrency’s steady ascendancy.
But Bitcoin’s popularity is also part of the problem, says Guo. Hype comes in waves, but development is an incremental, organic process and the community is constantly playing catch up. In terms of adoption and mainstream interest, that’s probably a good thing, but it’s also an understandable source of uncertainty. And so for now, Bitcoin remains controversial. On the one hand, we have one Finnish company that is now offering to pay its employers in bitcoins. On the other, renewed calls of a Bitcoin bubble. But after four years of weathering the storm, it’s difficult to deny Bitcoin's resiliency.