The hits just keep on coming with every one’s favorite virtual currency. In addition to a number of new mainstream articles, the primary bitcoin exchange, MT Gox got hacked a few hours ago. Tradehill, a new exchange, also halted trading to give people time to change passwords that they may have been using for both systems.
Statement from MT Gox:
“The bitcoin will be back to around 17.5$/BTC after we rollback all trades that have happened after the huge Bitcoin sale that happened on June 20th near 3:00am (JST).
One account with a lot of coins was compromised and whoever stole it (using a HK based IP to login) first sold all the coins in there, to buy those again just after, and then tried to withdraw the coins. The $1000/day withdraw limit was active for this account and the hacker could only get out with $1000 worth of coins.
Apart from this no account was compromised, and nothing was lost. Due to the large impact this had on the Bitcoin market, we will rollback every trade which happened since the big sale, and ensure this account is secure before opening access again.
UPDATE REGARDING LEAKED ACCOUNT INFORMATIONS
We will address this issue too and prevent logins from each users. Leaked information includes username, email and hashed password, which does not allow anyone to get to the actual password, should it be complex enough. If you used a simple password you will not be able to login on Mt.Gox until you change your password to something more secure. If you used the same password on different places, it is recommended to change it as soon as possible.
Service will not be back before June 20th 11:00am (JST, 02:00am GMT). This may be delayed depending on what is found during the investigation.”
Statement from Tradehill:
“TradeHill has recently learned that a large number of user accounts at a competing Bitcoin exchange have been compromised. Because of the possibility that our users may have used the same password on multiple exchanges, we will be halting the ability to trade or withdraw funds for a few hours. We hope this will give all of our users time to reset their passwords if needed. You can reset your password by clicking on your username in the upper right of the website. This merely a precaution, and we do not have any evidence that our site has been compromised in any way. More info soon.”
The inside story from Dailytech:
“First, it is clear that the Mt. Gox database has been stolen. According to one source the database had 61,020 entries — roughly in line with Mt. Gox official MagicalTux’s previous statement.
Within an hour of the hack, reportedly 100,000 Bitcoins were sold at incredibly cheap rates on Mt. Gox, plunging the market from around $17.50 USD per Bitcoin to just $0.01 per Bitcoin. Meanwhile 400,000 other Bitcoins were reported missing.
That’s roughly 1/13th of the total Bitcoins in existence, or about $8.75M USD at the previously market value.
Around the same time an unknown party also posted a Pastebin commenting:
I have hacked into mtgox database. Got a huge number of logins password combos.
Mtgox has fixed the problem now. Too late, cause I’ve already got the data.
Will sell the database for the right price.
Send your offers to:
A philosophical view from Ars Technica:
“Theoretically, this weekend’s developments shouldn’t damage Bitcoin’s long-term value, since the security model of the underlying currency remains uncompromised. But Bitcoin is a fiat currency; its value ultimately depends on nothing more than public confidence. If the recent string of Bitcoin-related security woesconvinces more Bitcoin users to cash out, the currency’s value could continue to fall.”
Its too early to tell what all of this will mean for the fledgling currency. I do know I would not want to be writing a business plan that depended on bitcoins, or would I?