Disrupting a Cryptocurrency

In this past we have implied that hostile actors or government’s hostile to cryptocurrencies to destabilize them by attacking the essential trust relationships cryptocurrency users, cryptobanks, and cryptocurrency itself. The easiest way to accomplish this is to attack the weaknesses in security of cryptobanks or cryptocurrency wallets as we are starting to see in increasing frequency. For example the much reported hack of Flexcoin bank, perhaps the first bitcoin bank, caused Flexcoin to shut down. The attacker who hacked Flexcoin used a flaw in the protocol used to transfer coins between the bank and user. From Flexcoin’s website:

“The attacker logged into the flexcoin front end from IP address 207.12.89.117 under a newly created username and deposited to address 1DSD3B3uS2wGZjZAwa2dqQ7M9v7Ajw2iLy

The coins were then left to sit until they had reached 6 confirmations.

The attacker then successfully exploited a flaw in the code which allows transfers between flexcoin users. By sending thousands of simultaneous requests, the attacker was able to “move” coins from one user account to another until the sending account was overdrawn, before balances were updated.

This was then repeated through multiple accounts, snowballing the amount, until the attacker withdrew the coins. (Here and Here)”

Another company and bank, Mt. Gox, was also recently hacked losing somewhere close to 27 million and driving the company into insolvency. Hackers then posted source code, in PHP, from Mt. Gox’s server that showed major flaws in Mt. Gox’s source code including embedded SSH keys. These flaws would allow an attacker who could get access to Mt. Gox’s applications servers the ability to easily move bitcoins between accounts.

Finally there has been another bitcoin trading post has been hacked, Poloniex. The attacker used an exploit very similar to the Flexcoin exploit. While these assaults on banks and trading posts have been the highest profile attackers have also stolen bitcoins from Silk Road, online digital wallets like Coinbase, and more. While much of this can be blamed on the inexperience of the various organizations creating digital currency infrastructure and the immaturity of cryptocurrency it also paints a strategy for state or malicious actors to disrupt a cryptocurrency.

Advertisements

Bitcoin flaw could threaten booming virtual currency

Very interesting article. One could see government actors, companies, or organizations using these techniques to sabotage Bitcoin. Of course the more immediate threat is criminals but since many states see Bitcoin as a threat its not unlikely state actors or proxies might attack it this way. One could even see a state actor introduction legislation while simultaneously attacking a crypto-currency. Thus making it illegal, delegitimizing it among users, and in a recursive manner calling for more legislation to protect people from such attacks through further legislation and again weakening crypto-currency adoption.

via Bitcoin flaw could threaten booming virtual currency – tech – 06 November 2013 – New Scientist.