As notme pointed out the attacker will always build off his attack chain.  With 51% of hashing power and enough time it is a mathematical certainty the attack chain will end up the longest.

Saotshi recommendations for x confirmations to be safe only apply for attackers with less than 51% of hashing power.  If an attacker has 51%+ then 6 confirmations isn't enough 106 isn't enough and given a patient enough attacker 10,006 confirmations isn't enough.

Confirmations provide security because they represent a given amount of hashing power if the attacker has the majority then no number can provide security.  You need some "non confirmation" method like checkpoints where the client will never re-org to earlier than the checkpoint no matter how much longer the attack chain is.

no data available.

Interesting.

Salt would be a good countermeasure against this type of search and so would a key derivitive function (as opposed to a simple SHA-256) to massively increase the computational requirements.
For example using PBKDF2 if someone birthday was 01/28/1977  they could perform 1,281,977 rounds of SHA-256.  The average GPU would be able to brute force maybe couple hundred passwords per second.

At say 100 keys per second a 14 million password brute force would take about 1.6 days.  Combined with a 64 bit salt would require couple billion years.

You do illustrate that without salt and/or key derivitive functions, SHA-256 is simply too fast for using in this fashion.  The same vulnerability exists for password tables hashed w/ single round of SHA-256/512.  If you spent a couple weeks you likely could exhaustively search all 8 digit passphrases.  A botnet could burn off cycles checking 9 digit passphrases over the course of months.

Also it is generally pretty crappy to post an article in its entirety.  At a very minimum you should include a link to the article.  Maybe post the top 3 paragraphs and if people want to read more they can follow the link for the full article.

http://www.forbes.com/sites/jonmatonis/2012/07/31/top-10-bitcoin-statistics/

In this case it is even more foolish in that Jon Matonis is a pretty level headed contributor to Forbes.  We want the leadership at Forbes seeing significant traffic/interest in Bitcoin stories.  More interest = more ads.  More ads = more articles on the same topic.  So link to it, tweet it, blog it, backlink it, cite it, quote it but don't blatantly copy it without crediting the source.

  

Not true.  That would be a 51% attack which could be used to execute an unlimited number of double spends (or halt all transactions).

There are other mechanisms to execute a double spend.  

0-confirm double spend - requires no hashing power but would require very good timing
Finney attack - a variation of the 0-confirm double spend where the attacker has a double spend in a block ready to submit to the network.
Re-org attack - an attacker with a significant % of the network hashing power (but less than 51%) could produce the longest chain and double spend for a limited period of time.


The first two are prevented by not delivering product until 1 confirmation.  The risk of re-org attack is significantly reduced by waiting for higher number of confirmations.    Satoshi provides analysis and simulations on this type of attack.  The "wait for 6 confirmations" is a rule of thumb based on the low probability that anyone with less than 51% of hashing power could re-org more than 6 blocks.

Uh no.

Also 80 bits of entropy can be computationally infeasible even with a planetary sized super computer.  Hell an 8 digit password can be made computationally infeasible.  You seem to forget that brute force is based on keyspace ..... AND .... throughput.

What if you can only attempt 100 passwords per second?

No.

  Slowly ... 

agreed however even a 6,000 word list has pretty common words.  Increases the size of the word list decreases the number of words required for a given strength.  I would also point out that key hardening can be used.  Most passwords have only 30 bits of entropy. 

60 bits of entropy in a 6,000 word list requires 5 words.    Using a chained iterative function (like PBKDF2) one can make it computationally in-feasible to brute force that 60 bit passphrase.  The downside (yes there is no free lunch) is the need to use salt to prevent precomputation attacks.  This will have to be recorded by the user.  Remember salt isn't a secret so it doesn't need to be safeguarded (use could email it to himself, print a copy and put it in a safe, put it in his drop box, and leave it in plaintext on his computer) but it does need to be recorded.

BTW entropy is everything you are just calculating it wrong.   If the passphrases comes from a dictionary list (and the person designing it will ASSSUME the attacker knows it) the entropy is (words in list)^(number of words)

i.e. if you have a word list of 5,000 words and generate a passphrase which consists of 10 of them randomly it would have

5000^10 ~= 2^122 or 122 bits of entropy.  (that assumes selection with replacement, too lazy to did the more common selection w/o replacement).

No idea but I am sure someone somewhere has falsified their USD balance on a brokerage account, or other non bank financial entity (like PayPal).  My guess is that despite these not being banks the Secret Service would investigate.  That would be your precedent.  Maybe some lawyer type can find something. 

They didn't steal any USD.  They added fake USD to their account and used that to purchase goods (BTC) leaving the victims stuck with counterfeit USD.  

I agree the Secret Service likely won't investigate it because a) nobody will ask them to and b) the exchange in is another country.

Not in mother Russia apparently. 


You likely logged out.  Try logging back in.

If Bitcoin had a PR department you could spin this as "USD suffer a massive hack today* and in the flight to safety Bitcoin spiked to an all time high.  Bitcoin the new reserve currency for the world's reserve currency?"

* Technically the hackers actions could be best described as counterfeiting USD dollars.  Those counterfeit USD were then used to buy BTC.

So as an experiment I deposited ~ 1 BTC sold if for USD, bought the BTC back using my USD balance and withdrew the 0.8 BTC.  Yeah i "lost" 0.2 BTC but the point was to test the liquidity of the BTC side.

This makes me very confident that my (and others) original theory was correct. The attacker ONLY increased the amount of USD.  Period.  Nothing else.  There also appears to be some (at least 0.8 BTC as of 2 minute ago) BTC left.  Likely the hacker hit some per account limit or got his account suspended preventing him for getting 100% of the BTC.  

So what that means if you will very soon see HYPER INFLATION on the BTC-E exchange.  Think of BTC as the "goods" in the BTC-E economy.  The BTC-E USD money supply has been massively inflated but the amount of "goods" (BTC) hasn't.  This is the recipe for massive inflation.  It was inflated by the hacker/counterfeiter.  Normally we think of central banks as the one doing inflating and generally that is true in major economies however any increase in money supply  (even illegal ones like counterfeiting) causes inflation  As people realize this they will dump USD for BTC driving the price higher and higher and higher.  $50, $100, $500, maybe even $25,000 USD per BTC.

There is SOME (who knows how much) real BTC on the exchange but anyone hanging on to USD "profits" is an idiot.  Selling USD for BTC at 50%, 70% even 90% loss is better than holding on to a hyperinflating currency.  You may say "the money supply is no longer inflating" while that is true, but price action often lags the actual increase in the money supply.  If the hacker increased the USD money supply by say a factor of 50x then eventually USD:BTC will rise by a factor of 50x.  Under that scenario BTC-E "USD" are worth only 1/50th of "real USD".    

How much did the hacker inflate the BTC-E USD money supply?  I don't have a clue ... but do you want to find out holding BTC or BTC-E "USD?"

Have you ever considered depositing the BTC-E code, buying coins (at any price) and then withdrawing the BTC?  It looks like the hacker only "faked" USD.  The BTC wasn't stolen or "faked" thus eventually the price will crash back to nearly nothing skyrocket to infinity* but you should still be able to cashout BTC.

* On edit: the price will keep rising as less and less real BTC remain and the huge pool of fake USD tries to reclaim any value.  It is kinda like a game of musical chairs.

Key point is that EVENTUALLY THE EXCHANGE WILL RUN OUT OF BTC.  So don't try to "protect" your $40 USD/BTC profits.  Get BTC YESTERDAY.  BTC withdraws seem to be processing so likely the attacker was constrained (BTC withdraw limits ?) leaving some BTC for legit users.  It won't last.  Eventually people will be bidding $100, $500, $20,000 fake haker USD for the last few BTC.

Get to learn how the command line bitcoind works.  It is your friend.

You are like the guy who says riots are good because he got a free TV.

Sure some withdraws may have made it through before the attacker emptied the hot wallet but 99% of people who tried to capitalize on $40 BTC are stuck with worthless $40 IOUs.  You may have lucked out but that doesn't mean a massive amount of economic damage didn't occur.

Plus I am pissed because I had 0.0087382 BTC stuck there from months ago because it was below the withdraw limit.   DAMN YOU HACKER!

No.  Any "faking" of USD or BTC would be on BTC-E books.  The bad news is that the victims are now left with more coins & dollars on the books (BTC-e internal books) than actual coins.  No amount of hacking can produce BTC from nothing.  The attacker merely transfered the real wealth of victims with fake balances on BTC-e books.


The "good news" is hopefully BTC-e wasn't totally stupid and after Bitcoinica reduced the size of their hot wallet.   If the attacker cleaned out the hot wallet then the % that users will lose is the % that the hot wallet makes up of total funds. 

Example (numbers out of my ass):

Say prior to the hack BTC-e had
5,000 BTC in hot wallet
50,000 BTC in cold wallet (plus all new deposit going directly to cold wallet)
50,000 BTC equivelent in USD.

The 5,000 BTC may be gone but victims should still get $0.90 on the dollar of their combined BTC/USD balances.  Now if BTC-e ran one giant hot wallet with all incoming deposits going directly into the hot wallet then victims may have lost everything.

Well obviously the attacker can only withdraw the max in the hot wallet (or any per day limit unless compromised). 
That limit is the same regardless of if the attacker "fakes" BTC or "faked" USD to build up his BTC balance.

Say the hot wallet only had 10,000 BTC (hopefully it had a lot less) and the hacker was able to compromise the withdraw limit (by using multiple accounts).

"fake" 50,000 BTC you can only withdraw 10,000 BTC
"fake" $1M USD and buy 50,000 BTC you can still only withdraw 10,000 BTC.

Once the hot wallet is empty the hacker is "maxed out" regardless of what tricks he pulls.

Unless BTC-E is very stupid incoming deposits should go to the COLD WALLET thus not increase the amount stolen.

Dude.  All exchanges use a pooled wallet.  There is no such things "your" BTC or "your BTC" wallet on BTC-E, MtGox or any other exchange.  The exchange simply has one (or more) hot and/or cold wallets.  Then they maintain a database of each user's balance, and trades change those balance.     One could withdraw "fake" BTC just as easily as selling "fake" USD for BTC and withdrawing that.

The likely reason for faking USD is simply because that is the exploit the hacker founds.  Hacker found a way to add USD to his USD balance.  Once had had that why try hacking any further.  Give yourself huge amounts of USD, buy BTC and remove them from the exchange.