In this past we have implied that hostile actors or government’s hostile to cryptocurrencies to destabilize them by attacking the essential trust relationships cryptocurrency users, cryptobanks, and cryptocurrency itself. The easiest way to accomplish this is to attack the weaknesses in security of cryptobanks or cryptocurrency wallets as we are starting to see in increasing frequency. For example the much reported hack of Flexcoin bank, perhaps the first bitcoin bank, caused Flexcoin to shut down. The attacker who hacked Flexcoin used a flaw in the protocol used to transfer coins between the bank and user. From Flexcoin’s website:
“The attacker logged into the flexcoin front end from IP address 220.127.116.11 under a newly created username and deposited to address 1DSD3B3uS2wGZjZAwa2dqQ7M9v7Ajw2iLy
The coins were then left to sit until they had reached 6 confirmations.
The attacker then successfully exploited a flaw in the code which allows transfers between flexcoin users. By sending thousands of simultaneous requests, the attacker was able to “move” coins from one user account to another until the sending account was overdrawn, before balances were updated.
Another company and bank, Mt. Gox, was also recently hacked losing somewhere close to 27 million and driving the company into insolvency. Hackers then posted source code, in PHP, from Mt. Gox’s server that showed major flaws in Mt. Gox’s source code including embedded SSH keys. These flaws would allow an attacker who could get access to Mt. Gox’s applications servers the ability to easily move bitcoins between accounts.
Finally there has been another bitcoin trading post has been hacked, Poloniex. The attacker used an exploit very similar to the Flexcoin exploit. While these assaults on banks and trading posts have been the highest profile attackers have also stolen bitcoins from Silk Road, online digital wallets like Coinbase, and more. While much of this can be blamed on the inexperience of the various organizations creating digital currency infrastructure and the immaturity of cryptocurrency it also paints a strategy for state or malicious actors to disrupt a cryptocurrency.