Can geeks save bitcoin after hellish week of hack, heist, trojan and a crash?

The open source, P2P, virtual currency bitcoin has suffered through a really rough week, including an attack on the MtGox bitcoin exchange that resulted in a theft of almost $9 million worth of bitcoins before it crashed the $17 exchange value of the currency down to just pennies. There was another bitcoin theft worth about a half million dollars, and a Trojan designed to steal bitcoins from unsuspecting users' bitcoin wallets is floating around in the wild. And now the EFF (Electronic Frontier Foundation) removed the option to accept bitcoin donations. If you are looking for the silver lining in this dark cloud, it might be that bitcoin is now popular and successful enough to be targeted by attackers.


Launch called bitcoin "the most dangerous product we've ever seen" and suggested it could "topple governments, destabilize economies and create uncontrollable global bazaars for contraband." Then bitcoin miners were busted after police mistook miners' power consumption usage for marijuana grow-ops.

On the 13th of June, the first bitcoin theft worth about $500,000 was reported on the Bitcoin Forum. The user was an early adopter of bitcoin and claimed nearly 25,000 bitcoins were stolen from him; the value was close to a half million dollars, so it's not so hard to understand his intial reaction of "I feel like killing myself now." Publicly accessible information from the bitcoin network did show a transfer of 25,000 bitcoins.


Then on the 19th, MtGox, the world's largest bitcoin marketplace, was attacked. The resulting security breach allegedly involved fraudulent trades, a theft of about $8.75 million worth of bitcoins, and exposed hundreds of account logins with poorly-hashed passwords. The value of the virtual money crashed from $17.50 per bitcoin to almost nill - mere pennies. MtGox was shut down before operators rolled back the fraudulent transactions and restored bitcoin value to $17.50. MtGox claims it was not hacked, "The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked."

However, on the Bitcoin Forum, bitcoin user "Kevin" tells the story of how he watched the bitcoin market plunge and managed to sneak in a $0.0101 per bitcoin bid which gave him $5,000,000 in bitcoins for under $3,000. Kevin claims the official MtGox story is "fishy." Another bitcoin user verified Kevin is who he says he is and the forum currently has 16 hotly debated pages about the MtGox security breach.

Last week, security firm Symantec discovered and blogged about the Infostealer.Coinbit "malware designed to steal bitcoins from unsuspecting users." But now Symantec said the Bitcoin Infostealer case is "getting funny." After finding and analyzing two more Infostealer samples, the trojan author appears to have been infected with a worm when he wrote the code. Symantec guesses the malware writer submitted his code to Virus Total to check for potential AV detections when he discovered he was infected and cleaned his computer before releasing the malware into the wild. The Infostealer executable leaves account passwords in cleartext, ready and waiting to be sniffed by anyone, and included a message from the trojan's author: "If you are looking for it, stop and go mine your bitcoins, or else I may get you the next time." Symantec said the message might mean that the malware author previously had his bitcoin account hacked and his data stolen.

Here are some tips for securing your bitcoin wallet.

And yesterday, the EFF reversed its public policy of accepting bitcoin donations. At the beginning of 2011, the EFF blogged about bitcoins being a step toward "censorship-resistant digital currency" and began to accept bitcoin donations. But now the EFF announced it would no longer offer a bitcoin donation option and placed its accumulated bitcoins back into circulation via Bitcoin Faucet. The EFF gave three reasons for the change:

  1. We don't fully understand the complex legal issues involved with creating a new currency system.
  2. We don't want to mislead our donors.
  3. People were misconstruing our acceptance of Bitcoins as an endorsement of Bitcoin.

While some sites are claiming this is the end of bitcoin, that seems a bit extreme. Although the EFF said it never officially endorsed bitcoin, its about-face regarding the virtual currency for donations is a troubling sign since so many people look to the EFF for cues. I doubt bitcoin is going away as it has way too many supporters . . . and that's on top of Anonymous and LulzSec.

Copyright © 2011 IDG Communications, Inc.

Shop Tech Products at Amazon