How many hacking scandals and frauds will it take to dampen enthusiasm in the alternative digital currency, Bitcoin?
Enthusiasts attending the first ever Bitcoin conference in Melbourne this week insist that even with hundreds of millions hacked or stolen from exchanges and 'bitcoin banks' the world over during the last few years, Bitcoin is a horse they are still keen to take a gamble on.
Bitcoin is a cryptographic currency. Bitcoin 'miners' throw significant computing power at solving the next chapter of an unfolding mathematical puzzle in order to generate currency, which can then be traded.
Interest in Bitcoin has seen the total value of the alternative currency exceed US$8 billion (A$8.5 billion) at the time of writing.
The currency has also piqued the interest of security researchers - first for its innovative use of cryptography, but increasingly because hackers have managed to steal millions from the bitcoin trading community over the past four years.
Security researcher Kayne Naughton of Asymmetric Security was drawn to Bitcoin, intrigued by the technology that underpins the Bitcoin system.
In some ways, Naughton said, Bitcoin is akin to a commodity in that the value assigned to it comes from proof of work.
“You demonstrate you went through the hardware and power [to solve the puzzle],” he told the AusCERT conference in May, "which means the Bitcoin is yours. Other transactional systems can learn a lot from the crypto side of Bitcoin.”
But after studying the Bitcoin trading sector, he warns that the currency remains "essentially unregulated”.
“I used to see banks as being too harsh on Bitcoin people,” he said, but after researching the techniques used in a spate of attacks, feels different today.
“People have lost their life savings," he said.
Bitcoin's security record
At this stage, the cryptography behind Bitcoin hasn’t been compromised in such a way that the entire system can be corrupted. But many organisations that store or exchange the currency have been undermined.
The most famous example, the hacking of the Mt Gox exchange, resulted in a loss of several hundred million dollars worth of the digital currency. But while it's the biggest, the MtGox hack was one of many. They include:
The ‘theft’ of US$228,000 (A$242,500) of Bitcoin from trading platform Bitcoinica, who claimed its hosting provider Linode had been hacked in March 2010. Customers were told the “customer support interface was used to access your account” - it’s assumed a staff insider reset root passwords on eight customer servers and downloaded their Bitcoin wallets.
The further ‘theft’ of another US$90,000 (A$95,730) of the currency from Bitcoinica, which was ‘hacked’ again after shifting its hosting to Rackspace.
In April 2013, criminals engaged in a Distributed Denial of Service attack against Mt Gox (which later collapsed after several successive security breaches), which commentators assume was a means of ‘shorting’ the currency.
In November 2013, Australian ‘bitcoin bank’ Inputs.io was hacked on two occasions, losing a reported $1.3 million of Bitcoin it held in ‘secure’ wallets for customers. Bitcoin exchanges in China and the Czech Republic claimed to have also been hacked that month.
In February 2014, security vendors noted that they had caught malware in the wild that was designed explicitly to steal Bitcoins from digital wallets.
In March this year, bitcoin exchange Canadian Bitcoins claimed to have been defrauded of US$100,000 (A$106,000) worth of the digital currency after falling victim to the most basic of social engineering hacks. The hacker used a ‘sales chat tool’ function to start a two-hour conversation in which, without being asked to authenticate themselves, they convinced a system administrator at the host to physically walk to the dedicated server hosting the platform, plug in a laptop and establish a connection to the hacker via an SSH Daemon.
A further US$50,000 (A$53,000) was extracted from Bitcoin trader Poloniex in March, also due to security issues.
- Last month, a Queensland man was charged with hacking a US-based games developer and stealing $100,000 worth of the currency.
But rather than dissuade people from trading in the alternative currency, the manifold failures of Bitcoin-related businesses seems only to have emboldened them.
Those exhibiting at the Bitcoin conference were keen to assuage our fears about Bitcoin’s weaknesses, but mostly with word salad rather than hard facts.
Several exhibitors provided mechanisms for the storing and exchange of Bitcoin - hosting platforms, essentially, dressed up as banks.
“Bitcoin is a new form of currency. It’s backed by community, it’s backed by math, it’s backed by the network effect of so many computers hashing and providing mining services to the block chain,” explained Leon-Gerard Vandenberg, CTO of Future Capital Bitcoin Fund.
Vandenberg insisted that the failure of the Mt Gox Bitcoin exchange earlier this year was due to the actions of a single “bad actor”.
That, by the standards of anyone else in the financial services sector, would be enough to raise a red flag. But Vandenberg was undeterred.
“We don’t need regulation to run our Bitcoins,” he said.
Much of the enthusiasm from attendees of the conference, we learned, was for the novelty of the currency - the idea that a nation state can't control it.
The value of a regulated currency is that when there is a security breach, it is usually audited, to maintain trust in the system.
But those victims that have lost money when Bitcoin businesses have folded in the wake of an alleged security breach enjoyed no such guarantees.
For all the victims would know, the hosting company or trading post may have committed the fraud themselves.
“An anonymous 20-year old in Sydney can start up a Bitcoin holding company,” says Naughton, “but I can’t just go and start a bank.”