The Wretched, Endless Cycle of Bitcoin Hacks
The Lessons Learned From the Bitcoin Exchange Hacks
It seemed bitcoin exchange Bitfinex wasgoed doing all the right things. Ter the end, that didn’t zekering hackers from stealing $65 million.
The latest te a long list of attacks on the digital currency since its birth ter 2009 has bot particularly vexing for the bitcoin community. Not only wasgoed Bitfinex the largest exchange for U.S. dollar transactions, but the hack highlights that the industry hasn’t figured out critical ,security, despite years of learning from mistakes and making improvements to its infrastructure.
Even spil the incident has triggered calls for audits te certain parts of the industry, experts don’t anticipate the investigations will unearth fresh ways of radically strengthening protection. What’s more telling, they say, is that the community’s readiness to vilify targets while shrugging off the need for industry-wide solutions is a sign it’s fated to toebijten again.
,“,There is a long tradition of blaming the victim ter the bitcoin community,”, said Emin Gun Sirer, a Cornell University laptop science professor who researches the currency. “,But when you have a six-year long history of near-continuous key theft, at some point, wij have to zekering shirking off the responsibility.”,
The fallout has bot widespread. Bitfinex imposed a levy on customers to voorkant the lost $65 million, taking 36 procent of everyone’s assets whether they had bot kasstuk by the hackers or not. The price of bitcoin also plunged on news of the hack, slashing the value of the digital currency well beyond Bitfinex. ,Collectively, investors ,have lost about $1.Two billion since the attack, according gegevens from Coindesk. ,
That’s not to say bitcoin security hasn’t come far, through the efforts of thousands who work and volunteer to improve the digital currency. Since Mt. Gox — at one time the world’s largest exchange — wasgoed hacked for $450 million te early 2014, most venues have adopted harsh security measures, including segregated client accounts, ,outward audits of systems and two-factor authentication for securing logins.
Another step forward has bot multi-signature security, which essentially splits the private keys linked to every bitcoin into several copies and hides them te numerous locations. The technology requires a sign-off from a majority of the copies (for example, two out of three) before the bitcoin can be moved again. That coerces hackers to breach numerous systems before they can get access to funds.
Bitfinex made use of the technology and, spil suggested by security experts, stored copies offline and with a third party, its security fucking partner BitGo Inc. When it wasgoed implemented ter June 2015, confidence wasgoed so high that BitGo’s chief executive officer boasted the system made “,breaches such spil those of Mt. Gox unlikely.”, Bitfinex hasn&apos,t ,disclosed details of how hackers managed to compromise that system, telling the investigation is still pending. It did suspend its use of BitGo&apos,s technology and said hackers had enhanced withdrawal boundaries without BitGo realizing it. ,BitGo has said its software functioned decently and denied its systems were breached.
,“,Securing little electronic files from leaking – keys – shoves the bounds of known rekentuig science,”, Jeff Garzik, one of bitcoin’s earliest developers and founder of blockchain startup Bloq Inc., wrote ter an e-mail. “,Multi-sig raises that folder considerably, but nothing is volmaakt.”,
After a hack thought ‘,impossible’ just a year ago, bitcoin proponents are scrambling for solutions. Some argue that existing technology is strong enough to keep out hackers, but implementation has to be better. Individuals, for example, can protect themselves by storing bitcoin ter individual wallets rather than at exchanges, which remain targets for attack.
,“,When users choose to store their bitcoin ter a custodial wallet or exchange, they are providing the provider control overheen their bitcoins,”, said ,Peter Smith, chief executive officer of Blockchain, which provides bitcoin wallets to individuals. “,Spil a result, customers are not only subjected to the possibility that they will lose their funds via cybertheft but also that the provider can impose a tax to voorkant the loss of other clients, spil Bitfinex is doing here.”,
,A more radical solution is to use technology to penalize thieves. This summer, hackers siphoned off about $60 million of ethereum, the world’s 2nd most-popular digital currency behind bitcoin. The community reacted by adopting a so-called hard fork, which effectively migrated users to a fresh version of ethereum te which the theft never occured. The decision triggered a rebellion from a significant chunk of the community, who argued that nullifying the theft wasgoed a disturbance of ethereum’s free market ethos.
Given such extreme ,steps, some say the time has come for the bitcoin community to consider a form of regulation, either self-imposed or with the assistance of governments. The key, they say, will be educating regulators so that they don’t slow down innovation te the name of protecting consumers. , Some, including BitGo, have begun work with auditors like Deloitte LLP to standardize security requirements for the industry, albeit how and who would enforce the guidelines is unclear. ,
,“,Even bitcoin enthusiasts are leisurely realizing that regulation is necessary,”, said Trond Undheim, a former senior lecturer at Massachusetts Institute of Technology’s Sloan Schoolgebouw of Management. “,That’s the only way it will sustain. That’s also the key to its broader adoption.”,
Investors want ,solutions. Kay Van-Petersen, a strategist at Saxo Capital Markets, avoided Bitfinex but still spotted a tenth of his bitcoin investment wiped out ,spil prices dropped after the attack. ,“,Every time an exchange gets hacked, it just looks bad on everybody,”, he said. ,
To proceed reading this article you voorwaarde be a Bloomberg Professional Service Subscriber.
If you believe that you may have received this message te error please let us know.