Author

Topic: How a Bitcoin attack could play out (Read 1880 times)

donator
Activity: 668
Merit: 500
March 06, 2013, 07:50:53 AM
#17
At this point, most of us realize that the actual Bitcoin network will not get hacked and our public/private keys are a safe way of holding value.

But I could see a social engineering attack focussed on this by those who would want to bring it down.

Let us say that the Fed or the US-gov or some in power want to bring down Bitcoin. Considering the Fed is dumping tens of billions of dollars into the economy a month, a few million dollars to take down Bitcoin would be a drop in the bucket.

A single agent with a few million dollars would be all they would need. The agent would work to build trust among key members of the Bitcoin community, using his accumulating Bitcoin wallet to get his hands in a few things. He would create several virtual personas which would also try to build trust. His outward approach would be that of security, focussing on ensuring people that Bitcoin is secure and that he is all about making sure his wallet is uber secure. He would go to Bitcoin conferences, make sure to be friendly to people and invest in various projects so that anyone questioning him will be met with a "I met him, he's a really good guy. I trust him.". All about building trust and making it known that he has a secure public address which he flaunts, showing people the amount in his vanity address, tieing it to himself.

Then comes the "attack". Having built up a large amount of BTC in his well known public address, he all of the sudden gets "attacked". All of his bitcoins are taken by a "hacker" and moved to a dummy address with something hackerish like "HACKEDBITCOINS1337LOLZ...". He assures people that there is no way anyone had his private address, he created the vanity address on an offline machine, then burned the machine and put it in a vat of acid then kept the only written copy in a finger print secured safe which was then put into a safe deposit box which has not been tampered with. He claims that this has to be a hack on Bitcoin itself. Then he starts pulling out his other virtual personas who have similar attacks happening. All BTC being sent to the same dead address. At the same time, he uses the money he has built up in BTC to dump bitcoins fast and hard plunging the price a good percentage which sends people into panic mode dumping their BTC. Everything is put into depicting the myth that Bitcoin itself can be hacked and that the vulnerability is unknown and nobody can stop it. A few more "people" continue to claim lost coins, more coins going to the dummy address. Bitcoin becomes considered unsafe as a store of value and with the vulnerability unknown, it is considered an inherent flaw in the whole p2p currency concept.

A few hold outs are skeptical, calling to question various things and still not believing it. They are considered conspiracy theorists and quacks. People move on to trying to figure out a way to make gold more like Bitcoin or just start encouraging people to use gold instead saying that they knew all along that gold was a better choice. Any time someone brings up a p2p encrypted currency concept from there on out, Bitcoin is used as an example of why they should not do it.

I just put this out there as a warning. Just to make people aware if something similar happens, that everything may not be as it seems. We are, after all, going up against something that holds a lot of power. Power is not ceded easily.
Casascius?
kjj
legendary
Activity: 1302
Merit: 1026
March 06, 2013, 06:55:16 AM
#16
Nice thing about bitcoin is that everything is out in the open, for all to see.

If the planted agent can point to a transaction in the block chain with an invalid signature, then everyone will know that there is a weakness in bitcoin (but one that we can fix, probably pretty damn easily).  If he has to point to a transaction with a valid signature, then he is claiming that the entire cryptographic community of the world is wrong and ECDSA itself is broken.

He may have developed a reputation here on the bitcoin forums, but he has absolutely no credibility in the cryptography community. 
full member
Activity: 151
Merit: 100
March 06, 2013, 01:49:35 AM
#15
you missed the main twist in the plot:

Our hacker was too stressed managing so many online personas while his wife believed that he was having an affair, to get her from his mind he goes to bar but had one too many drinks, while coming out of the bar he slips and falls down on a homeless person who dies with the impact, other homeless guys gather around him and beat him to death, this news spreads like wild fire and ultimately a thread on bitcointalk.org is posted about how the biggest promoter and hoarder of bitcoins has died and how it will negatively impact bitcoin, but then some guy named Mike convinces everybody that this is a great buying opportunity because this event reduces bit-coin supply by 25%, which means theoretical  bitcoin value should at least increase by 25%, everybody seems to see the flaw in the logic but everybody assumes that most of the other people are assuming that some people will get the logic and at-least buy or at-least will ride the rise, so everyone buys and bitcoin jumps 400% in 4 days which creates so much  publicity in print media that all tom-dick-harry rush to bitcoin not to miss the last opportunity to enter the race, which takes bitcoins to 10000$ and generates so many satoshi transactions that ultimately block-size had to be increased to 1 GB but at that point all the bitcoin users were so rich that each had a laptop with 1000 GB ram and it did not matter but what mattered was the increased global warming due to all the heat generated by bitcoin mining...to be continued

full member
Activity: 122
Merit: 100
March 05, 2013, 05:58:09 PM
#14
It is hard to eradicate a block-chain currency completely; even dormant ones can be resurrected with surprising ease. See the story of BBQCoin as an example.
legendary
Activity: 1615
Merit: 1000
March 05, 2013, 04:43:07 PM
#13
I don't think we're yet at the stage where this kind of manipulation is the most plausible attack, at least not coming from government.

If I was a regulator feeling threatened by Bitcoin, I'd go after the exchanges. Mt. Gox is an obvious target. Hit them with inquiries into their AML practices. Probably you'll find some mistake was made somewhere and can initiate proper legal proceedings against them. Even if everything was done by the book, you can surely still force them to waste a lot of time an effort to prove they're above the board.

Beyond Mt. Gox, go after the bigger payment processors. Who processes the payments for all those anonymous VPNs and torrent seedbox services etc? I'm betting many of them use some third party to convert the BTC they receive to USD instantly to reduce their exposure to exchange rate volatility. Get in there and threaten the payment processors with liability for anything you can think of. Again, right or wrong, simply looking into them will cause a lot of trouble.

Bitcoin is still very far from being able to function without easy exchange to government currencies. As long as that's the case, the exchanges are a choke point, and they will be such for a good while. Maybe always.

edit:

You can think of the situation as two graphs. One graph, (A) describes the perceived importance of intervening in the Bitcoin system, as seen by government. The other, (B) describes the effectiveness of doing so. As the system grows, the value of (A) grows, and the value of (B) diminishes. At some point, these two graphs will intersect and we'll see some action. Anyone bullish on Bitcoin is betting that point comes when the system is too mature to stop. Anyone trying to forcibly eradicate Bitcoin knows that to succeed, they must entirely annihilate the currency. If all regulatory action achieves is to cause a sharp drop in BTC valuation, but not a terminal one, regulators will face a situation like they do with the war on drugs - an endless fight to curtail an uncontrollable scourge.
legendary
Activity: 3066
Merit: 1147
The revolution will be monetized!
March 05, 2013, 04:27:49 PM
#12
Dumping a couple million dollars would only bring the price down several dollars, I think? And I would not believe it is a new hack if it happened only once. The price may go down and everyone may hold their breath, but if no new hacks happen the price would likely return, IMO.
Eventually we may reflect on the operation as the last time one could buy cheap bitcoins.  Grin

Hence the reason behind creating several virtual personas.
Oops, I read over that part.
I do think something like your plot is theoretically possible, but I can't see who would do such a thing. Forget about motive and means for a moment. Who would attempt something with such a high risk of failure and discovery for so little return? After all, bitcoin would not really be broken and people would eventually figure that out.
legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
March 05, 2013, 03:41:14 PM
#11
If something like this happened, I would invoke Occam's Razor, as would no doubt any investor with a brain:

Which is more likely?

1) That a lone hacker managed to to something that hundreds of cryptographers around the world haven't managed in a decade of cryptanalysis.
2) That the private keys are leaking in some way that the victims didn't think of (eg. zero-day exploit in wireless card)
3) That the whole thing is a scam.

2 and 3 would require that several people who have "no" connection whatsoever who are trusted members of the community, well known by several respected people, including one who is a stickler for security, all conspiring together to pull this off. To try to state that it is a scam is to be labeled a tin foil hat wearing conspiracy theorist.
legendary
Activity: 938
Merit: 1001
bitcoin - the aerogel of money
March 05, 2013, 03:07:42 PM
#10
If something like this happened, I would invoke Occam's Razor, as would no doubt any investor with a brain:

Which is more likely?

1) That a lone hacker managed to to something that hundreds of cryptographers around the world haven't managed in a decade of cryptanalysis.
2) That the private keys are leaking in some way that the victims didn't think of (eg. zero-day exploit in wireless card)
3) That the whole thing is a scam.
legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
March 05, 2013, 02:35:06 PM
#8
Dumping a couple million dollars would only bring the price down several dollars, I think? And I would not believe it is a new hack if it happened only once. The price may go down and everyone may hold their breath, but if no new hacks happen the price would likely return, IMO.
Eventually we may reflect on the operation as the last time one could buy cheap bitcoins.  Grin

Hence the reason behind creating several virtual personas.
legendary
Activity: 1764
Merit: 1007
March 05, 2013, 02:23:54 PM
#7
great movie plot

newbie
Activity: 51
Merit: 0
March 05, 2013, 02:19:41 PM
#6
They would lose their agent as he begins to work for himself, realizing his million dollars he put into bitcoins made him richer than the ones who paid for his services.
legendary
Activity: 3066
Merit: 1147
The revolution will be monetized!
March 05, 2013, 02:17:43 PM
#5
Dumping a couple million dollars would only bring the price down several dollars, I think? And I would not believe it is a new hack if it happened only once. The price may go down and everyone may hold their breath, but if no new hacks happen the price would likely return, IMO.
Eventually we may reflect on the operation as the last time one could buy cheap bitcoins.  Grin
member
Activity: 112
Merit: 10
Admin at blockbet.net
March 05, 2013, 02:16:08 PM
#4
Wouldn't make any sense for a hacker to steal something and then drive its value down. So there's your first clue that something's wrong.
legendary
Activity: 3122
Merit: 1538
yes
March 05, 2013, 02:09:03 PM
#3
"He claims that this has to be a hack on Bitcoin itself."

and then tech savy guys prove him wrong. Excellent buy opportunity  Kiss
legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
March 05, 2013, 01:50:29 PM
#2
reserved for "I told you so"

 Tongue
legendary
Activity: 3598
Merit: 2386
Viva Ut Vivas
March 05, 2013, 01:38:12 PM
#1
At this point, most of us realize that the actual Bitcoin network will not get hacked and our public/private keys are a safe way of holding value.

But I could see a social engineering attack focussed on this by those who would want to bring it down.

Let us say that the Fed or the US-gov or some in power want to bring down Bitcoin. Considering the Fed is dumping tens of billions of dollars into the economy a month, a few million dollars to take down Bitcoin would be a drop in the bucket.

A single agent with a few million dollars would be all they would need. The agent would work to build trust among key members of the Bitcoin community, using his accumulating Bitcoin wallet to get his hands in a few things. He would create several virtual personas which would also try to build trust. His outward approach would be that of security, focussing on ensuring people that Bitcoin is secure and that he is all about making sure his wallet is uber secure. He would go to Bitcoin conferences, make sure to be friendly to people and invest in various projects so that anyone questioning him will be met with a "I met him, he's a really good guy. I trust him.". All about building trust and making it known that he has a secure public address which he flaunts, showing people the amount in his vanity address, tieing it to himself.

Then comes the "attack". Having built up a large amount of BTC in his well known public address, he all of the sudden gets "attacked". All of his bitcoins are taken by a "hacker" and moved to a dummy address with something hackerish like "HACKEDBITCOINS1337LOLZ...". He assures people that there is no way anyone had his private address, he created the vanity address on an offline machine, then burned the machine and put it in a vat of acid then kept the only written copy in a finger print secured safe which was then put into a safe deposit box which has not been tampered with. He claims that this has to be a hack on Bitcoin itself. Then he starts pulling out his other virtual personas who have similar attacks happening. All BTC being sent to the same dead address. At the same time, he uses the money he has built up in BTC to dump bitcoins fast and hard plunging the price a good percentage which sends people into panic mode dumping their BTC. Everything is put into depicting the myth that Bitcoin itself can be hacked and that the vulnerability is unknown and nobody can stop it. A few more "people" continue to claim lost coins, more coins going to the dummy address. Bitcoin becomes considered unsafe as a store of value and with the vulnerability unknown, it is considered an inherent flaw in the whole p2p currency concept.

A few hold outs are skeptical, calling to question various things and still not believing it. They are considered conspiracy theorists and quacks. People move on to trying to figure out a way to make gold more like Bitcoin or just start encouraging people to use gold instead saying that they knew all along that gold was a better choice. Any time someone brings up a p2p encrypted currency concept from there on out, Bitcoin is used as an example of why they should not do it.

I just put this out there as a warning. Just to make people aware if something similar happens, that everything may not be as it seems. We are, after all, going up against something that holds a lot of power. Power is not ceded easily.
Jump to: