Bitcoin Forum

Quote from https://britcoin.co.uk/ (https://britcoin.co.uk/) :
Due to the recent events at MTGox.com, we at Britcoin have decided to move our servers to a new location. MTGox suffered an SQL injection which means access to the site's funds were in the hands of the malicious hacker. As such, until we see evidence to the contrary, for security reasons we are assuming that MTGox has none of it's client's bitcoins. For this reason, we have withdrawn their access to our servers and the sensitive information on those servers.

While our servers were separate, we were purchasing server space from MagicalTux, the owner/operator of MTGox. We have already moved all our customer bitcoins to a wallet which has newly been created and has the highest measure of security possible. The GBP deposits of course are still safe in our business bank account as well.

We will put Britcoin up again as soon as possible, but only once we are confident we have the highest level of security our users deserve.

Yeah, I am glad to see that at least ONE bitcoin site has security on their minds!

Good on them.

Yes but it's easy now after the battle. They might gain a lot of bidders though now as Mtgox is dead.

Last time I checked the source code of them... they didn't use parametrized queries. I hope they do now, if security is so important for them.

There's one good thing to come out of this horrible mess (every cloud has a silver lining). Every other bitcoin exchange from now one will strive with all their might to secure their database, because not doing so means business failure (if Mt. Gox isn't killed by this, it will certainly have a huge decrease in revenues due to loss of customers).

They work with real money - not with worthless FED bills. :)

"Last time I checked the source code of them... they didn't use parametrized queries. I hope they do now, if security is so important for them."

Security is not just in the code. Management's response to incidents is just as important. Mt. Gox has failed severely on this dimension.
"Really guys it's just one account, breached due to user error. All the other accounts are safe."
Rinse Repeat until the business fails.

Kudos to Britcoin.

I don't buy anyone claiming security. I haven't seen lulz FAIL at anything they put their mind to.

Someone else takes security seriously as well :
"TradeHill has recently learned that a large number of user accounts at a competing Bitcoin exchange have been compromised. Because of the possibility that our users may have used the same password on multiple exchanges, we will be halting the ability to trade or withdraw funds for a few hours. We hope this will give all of our users time to reset their passwords if needed. You can reset your password by clicking on your username in the upper right of the website. This merely a precaution, and we do not have any evidence that our site has been compromised in any way. More info soon."
It seems whatever happens (market bubble bursts, astronomic thefts, server database hacks) Bitcoin keeps rolling on like a steamroller, stopping for nothing (including the victims splattened on the way :) ).

a suggestion to the kind folks at britcoin:

once you are able, announce in advance a particular time that you will restart the exchange. announce also a time, at least several hours before that opening, at which customers will be able to log in and have an opportunity to add and delete orders. then, orders on the same side of the market at the same price when the exchange goes 'live' again should compete at random, not based on the time of entry.

this will help avoid a rush, normalize the market, and satisfy a variety of disparate interests.

And how do you know that they was aware of their database breach when they wrote that?.

+1

which is wierd becuase I don't recall one main street bank losing all their money and customer records to a simple sql injection attack...

Are you shitting us?

Secure == code_security AND response_teams,
not "OR".

Of course they didn't know.  Point is that they shouldn't have made optimistic assumptions.  I posted yesterday that it was negligent of them not to have taken the site offline when the cross-site forgery exploit was discovered. I have much less information and expertise than they do, but it still seemed negligent to me.

They should have assumed the worst when the rate of reports of hacked accounts on the forums spiked dramatically in the last few days. If you wait for proof that you've been had it is too late by definition.

Are you shitting us?

Secure == code_security AND response_teams,
not "OR".

Why do you ask "Are you shitting us?" and then repeat my statement. ADHD?

i'm forced to concur with cunicula about negligence. these aren't novel or clever problems to be having, and not responding to them instantaneously is very shoddy security practice. savvy users should demand no less, which is one reason i never set up a mt. gox account.

i've said it many times, but the community is overall exceedingly complacent when it comes to security, which is surprising for supporters of a cryptocurrency.

various attacks on the bitcoin protocol itself are next, because they take a little more cleverness than exploiting the kind of obvious web-based vulnerabilities that plague poorly written websites. nonetheless, i'm fairly sure that most people reading my last sentence are still thinking 'there are no such attacks because bitcoin is peer-to-peer. go away, you troll'.

Your statement looked like if you said it otherwise.
Like if you said "... but don't worry about the bad code, the RESPONSE is what matters"

Never mind then :)

Yeh right, keep on smoking it brah. Fall out is on the way.

It's almost the same value as before the Mt. Gox crash. Any fallout will be longterm, it won't be a market crash, it will be a slowed growth.