Bits and bytes can be stolen just like the cash under your mattress.
The high-flying bitcoin digital currency took a big hit when MtGox, once the world’s largest bitcoin exchange, suspended withdrawals until it can resolve a problem with what it calls transaction malleability:
A bug in the bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of bitcoins to a bitcoin wallet did not occur when in fact it did occur. Since the transaction appears as if it has not proceeded correctly, the bitcoins may be resent. MtGox is working with the Bitcoin core development team and others to mitigate this issue.
Tyler Shibata attributes last week’s losses at Silk Road to the same software flaw:
The Bitcoin community suffered another shock on Thursday morning when it was revealed that the Silk Road 2.0 had been hacked, and that all 4,474 Bitcoins– roughly valued $2.7 Million at the time of the attack– had been stolen. This heist, as some people have been calling it, was caused by a flaw in the Bitcoin protocol itself called “Transaction Malleability.”
Gavin Andresen, chief scientist at the Bitcoin Foundation– which oversees and develops the Bitcoin software– denied the problem was its fault.
“The issues that MtGox has been experiencing are due to an unfortunate interaction between MtGox’s highly customised wallet software, their customer support procedures, and an obscure (but long-known) quirk in the way transactions are identified and not due to a flaw in the Bitcoin protocol,” he told the BBC.
The value of bitcoin has fallen to half its December peak on the news. But nobody’s giving them away– one bitcoin will still cost you $560 at the current “depressed price”. And bitcoin proponents like Timothy Lee are not deterred:
And this is one of Bitcoin’s great strengths. Right now, companies such as Mt. Gox, BitStamp, BitPay and Coinbase are important players in the Bitcoin ecosystem. But Bitcoin itself is an open-source technology platform. It’s not owned by anyone, and its success doesn’t depend on the success of any specific bitcoin-based company. If the current crop of Bitcoin businesses fail, a new generation can and likely will emerge to take their place.
In case you hadn’t noticed, we’re also learning more about the vulnerabilities of more conventional digital transactions. The most dramatic recent development on this front was the December theft of credit account information for 70 million customers of Target. Bloomberg reported last month that this may be showing up in the retailer’s bottom line:
Target is already suffering from the hacking of its customer data. Sales at its U.S. unit were “meaningfully weaker” after the data theft was disclosed, the company said. U.S. same-store sales will fall about 2.5 percent in the quarter through January, compared with an earlier projection they would be little changed. Adjusted earnings per share will be $1.20 to $1.30 for the division, down from a previous estimate of at least $1.50.
Bob Eisenbeis worries that vulnerabilities in our system for conventional credit card and debit card payments could end up causing bigger problems:
The points of vulnerability are many, especially since many institutions have outsourced the actual processing and warehousing of data, and this trend is accelerating as more and more businesses move their computing into the cloud….
The overarching issues concern threats to the payment system itself and the risks that breached information will be used to commit wholesale electronic theft that might threaten the solvency of a major financial institution, be it a bank, investment bank, insurance company, etc. Additionally, such insolvency could have systemic implications for the financial system as a whole. The systemic risks are further amplified by the complex interrelationships among traditional business firms, operators of the private-sector payments-transfer infrastructure, and financial firms. A hack of customer data held by a nonfinancial firm or payments processor could result in losses that can quickly bleed over into the financial system if data are compromised and transactions are initiated and consummated before the breach is discovered or reported.
Is that overstating the concerns? Maybe so. But I do believe that it’s easy to get lulled into complacent confidence in our payment systems given that technology, both in the hands of the good guys and the bad guys, is changing so quickly.