The upside to the MtGox hax

[Oldminer]

This will most certainly make them reassess their site security (though I suspect this was already something they were doing prior to this latest incident).

MtGox needs to be made secure as any site can be. It needs to employ the latest web security technology and needs to be run by experts in the field. Its not like MtGox doesnt have the funding to be able to do this either so there's no excuses.

This incident I believe is being handled well by the site owner/s. At the end of the day it will be 'business as usual' and no-one (including those who seemed to temporarily gain from this scammers actions) will be any the worse off.

I'll be allowing MtGox some more time to harden their security. These things take time. Im sure neither they nor anyone else remotely interested in Bitcoin could have foreseen the growth explosion that was about to occur just a couple of months ago. I also think people expecting MtGox to have been prepared and able to defend against experienced hackers is unreasonable. MtGox knows it unreasonable which I suspect is why put the maximum $1000/day withdrawal limit in place - just in case something like this should happen. But I wont be waiting forever. MtGox needs to act and act fast if traders are to maintain any level of confidence in their site. To not act will result in huge financial loss and others will pick up the ball and do what is required to secure traders against this type of attack. For now I'll let MtGox run with the ball - its their call as to where they and we go from here.

[1715032025]

1715032025

[Oldminer]

People also need to be aware (or remember) that MtGox was originally a 'gaming' site. It started dealing in Bitcoins when it was considered by many to be 'play money'. Whos going to invest in website security when the currency your handling is worth 0.01c and your cut of a trade is 0.65%??

However the stakes have been raised. The currency value has skyrocketed and some big boys have come to play. This isnt a game anymore. MtGox have had to come to that realisation in less than 2 months. But to invest big $$ in website security to protect a currency that could potentially drop back to a few cents just as spectacularly would have been madness. They needed to allow time to see if the currency stabilised which it now has. The people that criticise MtGox need to consider this fact.

[humble]

This incident I believe is being handled well by the site owner/s. At the end of the day it will be 'business as usual' and no-one (including those who seemed to temporarily gain from this scammers actions) will be any the worse off.

I'll be allowing MtGox some more time to harden their security. These things take time. Im sure neither they nor anyone else remotely interested in Bitcoin could have foreseen the growth explosion that was about to occur just a couple of months ago. I also think people expecting MtGox to have been prepared and able to defend against experienced hackers is unreasonable. MtGox knows it unreasonable which I suspect is why put the maximum $1000/day withdrawal limit in place - just in case something like this should happen. But I wont be waiting forever. MtGox needs to act and act fast if traders are to maintain any level of confidence in their site. To not act will result in huge financial loss and others will pick up the ball and do what is required to secure traders against this type of attack. For now I'll let MtGox run with the ball - its their call as to where they and we go from here.

Calming words of wisdom. Be great to have you involved with the PR Team.

[Bezza]

Completely agree. Although this isn't just a lesson for MtGox but really an all round lesson to those running important sites used by the community, security is everything!

I was glad to see Britcoin immediately took down it's site to review it's own vulnerability after what happened.

[BitcoinPorn]

I hate to say it, but the more I think about it, for Bitcoin overall this is going to be good.  For traders this sucks, but for the people who want Bitcoin to be used to buy / sell, well then this is where all that stolen money is going to go I bet.    Rather than try and cash the money out themselves, the people/person would just start buying goods / services though anyone who accepts BTC, and I have no doubt those people would love to see the BTC business, and thus it gets promoted more and etc.

Or not.

[EricSU]

Im just pointing out that MtGox actually make 1.30% of each trade not 0.65%.
They charge 0.65% to the buyer and the seller for each trade, total 1.30%.
They are making millions of $ a year.

[BitcoinPorn]

Has anyone done the math to know if he had enough cash of his own to cover the expense of what was stolen.  I honestly have no clue any of the numbers.

[Sebz4n]

If 8 million dollars worth of bitcoins was stolen, he most likely doesn't.

If 1000 bitcoins, or 1000 dollars was stolen, he may very well have.

Either way, I am disgusted by the greed I see on the Mt Gox support site. All the people who bought BTC at ridiculous prices (in my eyes they more or less stole the coins, buying when something was obviously wrong) of course refuses to let them go, since they now earned a lot of money, and give a shit about anybody who may have lost any in this security breach.

[Cluster2k]

This hack was inevitable.  Mt Gox deals with millions of dollars per month and was ripe for the picking.  I bet there's a million dollars stored in accounts on the site right now, and millions more in BTC.  The withdrawl limit saved Mt Gox, this time, but next time they won't be so lucky.

I am unlikely to use Mt Gox ever again after this.  It's the equivalent of the NYSE or FTSE being hacked and all shares sold.  If we're to treat BTC seriously we need serious security and service.  This hacking shows just how flaky bitcoin can be and despite the claims of P2P, security, etc, it's almost totally reliant on a few nodes for trading and bitcoin creation.

[dinzy]

This hack was inevitable.  Mt Gox deals with millions of dollars per month and was ripe for the picking.  I bet there's a million dollars stored in accounts on the site right now, and millions more in BTC.  The withdrawl limit saved Mt Gox, this time, but next time they won't be so lucky.

I am unlikely to use Mt Gox ever again after this.  It's the equivalent of the NYSE or FTSE being hacked and all shares sold.  If we're to treat BTC seriously we need serious security and service.  This hacking shows just how flaky bitcoin can be and despite the claims of P2P, security, etc, it's almost totally reliant on a few nodes for trading and bitcoin creation.

We know very little as of yet.  I think you may be overreacting.  At worst someone stole tons of coins, at best they got 1000 USD from a site that makes tons and tons each day.  One is a huge deal, the other is a minor annoyance.

[cryptoanarchist]

This will most certainly make them reassess their site security (though I suspect this was already something they were doing prior to this latest incident).

MtGox needs to be made secure as any site can be. It needs to employ the latest web security technology and needs to be run by experts in the field. Its not like MtGox doesnt have the funding to be able to do this either so there's no excuses.

This incident I believe is being handled well by the site owner/s. At the end of the day it will be 'business as usual' and no-one (including those who seemed to temporarily gain from this scammers actions) will be any the worse off.

I'll be allowing MtGox some more time to harden their security. These things take time. Im sure neither they nor anyone else remotely interested in Bitcoin could have foreseen the growth explosion that was about to occur just a couple of months ago. I also think people expecting MtGox to have been prepared and able to defend against experienced hackers is unreasonable. MtGox knows it unreasonable which I suspect is why put the maximum $1000/day withdrawal limit in place - just in case something like this should happen. But I wont be waiting forever. MtGox needs to act and act fast if traders are to maintain any level of confidence in their site. To not act will result in huge financial loss and others will pick up the ball and do what is required to secure traders against this type of attack. For now I'll let MtGox run with the ball - its their call as to where they and we go from here.

This is quite true. And it showed the vulnerability of one central exchange. Hopefully that'll become more decentralized as a result, too.

Central Exchange? It gets more business than the other exchanges, but it has no more importance other than that. I've barely used them because they're way too slow.

Hopefully, the upside will be people using the other exchanges more.

[Cluster2k]

This hack was inevitable.  Mt Gox deals with millions of dollars per month and was ripe for the picking.  I bet there's a million dollars stored in accounts on the site right now, and millions more in BTC.  The withdrawl limit saved Mt Gox, this time, but next time they won't be so lucky.

I am unlikely to use Mt Gox ever again after this.  It's the equivalent of the NYSE or FTSE being hacked and all shares sold.  If we're to treat BTC seriously we need serious security and service.  This hacking shows just how flaky bitcoin can be and despite the claims of P2P, security, etc, it's almost totally reliant on a few nodes for trading and bitcoin creation.

We know very little as of yet.  I think you may be overreacting.  At worst someone stole tons of coins, at best they got 1000 USD from a site that makes tons and tons each day.  One is a huge deal, the other is a minor annoyance.

There is no overeacting here.  Mt Gox had no automatic safeguards and logic checks to ensure the market could not be compromised.  Gox is no longer a Magic The Gathering trading site.  They are dealing with serious amounts of money with no auditing or regulation.  How was taking a BTC's value down 99.95% within minutes not stopped by the exchange?  I know the rabid libetarians will say it was the will of the market, and if it needs to fall to zero and back again then so be it.  Witness the sheer unbridled greed of some posters on this forum who managed to snag BTCs at 99% off, and now whining that the trades will be rolled back.

We truly don't know the extent of this attack yet.  If it was done properly, the script should have transferred out as many BTCs as possible before the market was shut.  Those cannot be retrieved.

[djproject]

This hack was inevitable.  Mt Gox deals with millions of dollars per month and was ripe for the picking.  I bet there's a million dollars stored in accounts on the site right now, and millions more in BTC.  The withdrawl limit saved Mt Gox, this time, but next time they won't be so lucky.

I am unlikely to use Mt Gox ever again after this.  It's the equivalent of the NYSE or FTSE being hacked and all shares sold.  If we're to treat BTC seriously we need serious security and service.  This hacking shows just how flaky bitcoin can be and despite the claims of P2P, security, etc, it's almost totally reliant on a few nodes for trading and bitcoin creation.

We know very little as of yet.  I think you may be overreacting.  At worst someone stole tons of coins, at best they got 1000 USD from a site that makes tons and tons each day.  One is a huge deal, the other is a minor annoyance.

There is no overeacting here.  Mt Gox had no automatic safeguards and logic checks to ensure the market could not be compromised.  Gox is no longer a Magic The Gathering trading site.  They are dealing with serious amounts of money with no auditing or regulation.  How was taking a BTC's value down 99.95% within minutes not stopped by the exchange?  I know the rabid libetarians will say it was the will of the market, and if it needs to fall to zero and back again then so be it.  Witness the sheer unbridled greed of some posters on this forum who managed to snag BTCs at 99% off, and now whining that the trades will be rolled back.

We truly don't know the extent of this attack yet.  If it was done properly, the script should have transferred out as many BTCs as possible before the market was shut.  Those cannot be retrieved.

Pardon me for being a newb, but can't we just look at the block chain to determine an upper bound on how much was withdrawn from MtGox today?

[imperi]

This will most certainly make them reassess their site security (though I suspect this was already something they were doing prior to this latest incident).

MtGox needs to be made secure as any site can be. It needs to employ the latest web security technology and needs to be run by experts in the field. Its not like MtGox doesnt have the funding to be able to do this either so there's no excuses.

This incident I believe is being handled well by the site owner/s. At the end of the day it will be 'business as usual' and no-one (including those who seemed to temporarily gain from this scammers actions) will be any the worse off.

I'll be allowing MtGox some more time to harden their security. These things take time. Im sure neither they nor anyone else remotely interested in Bitcoin could have foreseen the growth explosion that was about to occur just a couple of months ago. I also think people expecting MtGox to have been prepared and able to defend against experienced hackers is unreasonable. MtGox knows it unreasonable which I suspect is why put the maximum $1000/day withdrawal limit in place - just in case something like this should happen. But I wont be waiting forever. MtGox needs to act and act fast if traders are to maintain any level of confidence in their site. To not act will result in huge financial loss and others will pick up the ball and do what is required to secure traders against this type of attack. For now I'll let MtGox run with the ball - its their call as to where they and we go from here.

+1

Fast exponential growth is very difficult to deal with, especially cleanly.

It's like "You're no longer a sergeant. You're now a general. Now go!"

[kjj]

This hack was inevitable.  Mt Gox deals with millions of dollars per month and was ripe for the picking.  I bet there's a million dollars stored in accounts on the site right now, and millions more in BTC.  The withdrawl limit saved Mt Gox, this time, but next time they won't be so lucky.

I am unlikely to use Mt Gox ever again after this.  It's the equivalent of the NYSE or FTSE being hacked and all shares sold.  If we're to treat BTC seriously we need serious security and service.  This hacking shows just how flaky bitcoin can be and despite the claims of P2P, security, etc, it's almost totally reliant on a few nodes for trading and bitcoin creation.

We know very little as of yet.  I think you may be overreacting.  At worst someone stole tons of coins, at best they got 1000 USD from a site that makes tons and tons each day.  One is a huge deal, the other is a minor annoyance.

There is no overeacting here.  Mt Gox had no automatic safeguards and logic checks to ensure the market could not be compromised.  Gox is no longer a Magic The Gathering trading site.  They are dealing with serious amounts of money with no auditing or regulation.  How was taking a BTC's value down 99.95% within minutes not stopped by the exchange?  I know the rabid libetarians will say it was the will of the market, and if it needs to fall to zero and back again then so be it.  Witness the sheer unbridled greed of some posters on this forum who managed to snag BTCs at 99% off, and now whining that the trades will be rolled back.

We truly don't know the extent of this attack yet.  If it was done properly, the script should have transferred out as many BTCs as possible before the market was shut.  Those cannot be retrieved.

Unless you are completely wrong, and the attack was largely contained by the safeguards built into their system.  You know, the safeguards that you for some strange reason assume don't exist.

[Cluster2k]

Unless you are completely wrong, and the attack was largely contained by the safeguards built into their system.  You know, the safeguards that you for some strange reason assume don't exist.

No assumptions required.  The market went from around $17 to $0.01 within minutes.  Where were the safeguards, or is a 99.95% drop in the market considered normal?  The onus is now on Mt Gox to explain what security was present previously, how and why it was broken now, and what steps will be taken in the future to secure both the site and market.  They need to explain each in detail as security through obscurity or 'trust us' doesn't work.  I look forward to a full report from them once they've had a chance to fix the damage.

[kjj]

The world doesn't operate on prevention, because prevention doesn't work.

They were able to reverse transactions and roll the site back to the way it was before the invalid order.  They also had mechanisms in place to reduce the amount of irreversible damage that could happen before the attack was noticed and stopped.

Those sound like pretty damn good safeguards to me.

[BubbleBoy]

The market went from around $17 to $0.01 within minutes.  Where were the safeguards, or is a 99.95% drop in the market considered normal?

Yes. Low liquidity and a front loaded bitcoin distribution with a few very potent early adopters will do that. If don't like the ability of these people to crash the market at will, stay away from Bitcoin.

[Cluster2k]

The market went from around $17 to $0.01 within minutes.  Where were the safeguards, or is a 99.95% drop in the market considered normal?

Yes. Low liquidity and a front loaded bitcoin distribution with a few very potent early adopters will do that. If don't like the ability of these people to crash the market at will, stay away from Bitcoin.

It's not the early adopters I'm worried about.  It's the people who target those accounts and ransack the market at will.  Bitcoin is meant to be a serious effort to create a P2P digital currency.  Businesses are meant to take it seriously as a means of value exchange.  Events such as yesterday's and people defending the manipulated market as 'if it's the will of the market to crash to zero, then so be it' does not inspire confidence.

[Cluster2k]

The world doesn't operate on prevention, because prevention doesn't work.

They were able to reverse transactions and roll the site back to the way it was before the invalid order.  They also had mechanisms in place to reduce the amount of irreversible damage that could happen before the attack was noticed and stopped.

Those sound like pretty damn good safeguards to me.

Tight security is a pretty important form of prevention.  Mt Gox can rollback transactions as much as they like.  The few members of the general public who follow bitcoin got the message that 'bitcoin got hacked', regardless of the real details.

The world does operate on prevention.  That's why balconies have railings, dangerous areas are often fenced off and industrial machinery has physical and electronic barriers to prevent accidents.