MtGox in Japan – the world’s largest bitcoin exchange – went offline yesterday morning, with users finding its website empty and deposits inaccessible.
Many investors doubt they will get back their funds – cash deposits are handed over in exchange for online currency credits – leading to the value per virtual coin dropping from $830 (£500) in early February to $135 (£80) now.
The MtGox collapse followed the departure on Sunday of chief executive Mark Karpeles’ from the board of the global Bitcoin Foundation, which oversees the currency. A document leaked by a tech blogger and purporting to be a crisis plan for the exchange said over 744,000 bitcoins were “missing due to malleability-related theft”.
It is thought the cyber attacks may have gone undetected for several years, rather than taking place in a single instance.
The “transaction malleability” referred to is a bug which allows hackers to mask that a purchase has in fact taken place. This means a hacker could pretend to sell goods online, then claim they had not received the bitcoin payment due to an error.They would then be paid by the system.
Fortune magazine reported hackers are also thought to have scammed the MtGox IT helpdesk by claiming they had lost cash on deals due to server errors and, since the deal was masked by the bug, the firm paid out, leaving it out of pocket.
Another more basic scam uses malware to empty “bitcoin wallets” – which store the funds – on home computers or laptops connected to the internet.
Bitcoin has transformed from an online fad to a fast-growing method of paying for goods online, bolstered by broadly supportive comments from the authorities in the US and Japan.
Speculators have piled in given its tendency to rise and fall rapidly, leading to big gains for traders. It is claimed that it can be safer to send bitcoin over the internet than money electronically. In addition, it avoids credit card, foreign exchange or cash handling fees, and was said to be less vulnerable to fraud.
Tyler and Cameron Winklevoss, the ex-United States Olympic rowers, are among the big money investors in bitcoin. A resident of Donald Trump’s Trump Soho complex in Manhattan put his $2 million apartment up for sale last year, saying he would only accept bitcoin. But critics claim MtGox in particular has long been lax over its security. The leaked document also said MtGox was in financial crisis with $174m (£104m) in liabilities against just $32.75m (£19.6m) in assets. It is not clear if this was due to the scams.
Angry investors protested outside the MtGox offices in Tokyo yesterday. “I’m very angry,” said Kolin Burgess, a currency trader who flew in from London after MtGox failed to tell him what had happened to his £180,000 worth of bitcoins.
“It looks like that’s disappeared,” said Mr Burgess. “They prolonged this and kept telling people everything was OK. A lot of people did believe that, and it’s annoying what they’ve done to me and a million others.”
Asked whether MtGox was finished, Mr Karpeles said in an e-mail: “We are currently at a turning point for the business. I can’t tell much more for now as this also involves other parties.”
Six leading bitcoin exchanges last night distanced themselves from MtGox. Coinbase, Kraken, Bitstamp, BTC China, Blockchain and Circle said: “This tragic violation of the trust of users of MtGox was the result of one company’s actions and does not reflect the resilience or value of bitcoin and the digital currency industry.”
“As with any new industry, there are certain bad actors that need to be weeded out, and that is what we’re seeing today.”
Bill Buchanan: ‘We could go from boom to bust instantly’
Bitcoins are a radical move away from the financial infrastructure which we have created, where the strength of currency is based on the strength of the financial markets to support its value, writes Bill Buchanan.
The main risk is that there is no current method to define bitcoins’ actual worth, and we could go from a boom to a bust in a single instance. This can be likened to the Wall Street crash in the US, where the actual worth of shares did not reflect the real worth when matched to the value of a company.
This type of technology is a massive leap from our existing financial infrastructure to a radical one which creates a new infrastructure not built around existing finance arrangements, and thus anyone who uses them will be at risk.
If trust is high, the value of the coins is likely to increase, but a small glitch could cause the whole infrastructure to collapse.
• Professor Bill Buchanan is a cybercrime expert at Edinburgh Napier University.