Pages:
Author

Topic: The upside to the MtGox hax (Read 4325 times)

newbie
Activity: 10
Merit: 0
June 20, 2011, 12:54:23 PM
#22

In that sense I can sympatise with MtGox, but on the other hand.....
  • They didn't add even the simplest of extra sec checks to their login
  • They didn't assume the worst and proceed as such when reports started surfacing that accounts were being hacked
  • Their database should have been natively encrypted, performance issues are not a customers concern


Agreed on these points.  They don't even do basic IP verification (non-recognized IP, send email with verification link).  They really need to step it up.
hero member
Activity: 809
Merit: 501
Always verify deals with me through my public key!
June 20, 2011, 12:25:34 PM
#21
The world doesn't operate on prevention, because prevention doesn't work.

They were able to reverse transactions and roll the site back to the way it was before the invalid order.  They also had mechanisms in place to reduce the amount of irreversible damage that could happen before the attack was noticed and stopped.

Those sound like pretty damn good safeguards to me.

Tight security is a pretty important form of prevention.  Mt Gox can rollback transactions as much as they like.  The few members of the general public who follow bitcoin got the message that 'bitcoin got hacked', regardless of the real details.

The world does operate on prevention.  That's why balconies have railings, dangerous areas are often fenced off and industrial machinery has physical and electronic barriers to prevent accidents.

Agreed, not only that but banking and finance operate on prevention^2. This represents the sheer lack of experience MtGox have in what they are doing. I've worked in companies with extremely fast growth, and it's not hard to notice that success leads to growing pains, and as evidenced by yesterday these can be severe.

In that sense I can sympatise with MtGox, but on the other hand.....
  • They didn't add even the simplest of extra sec checks to their login
  • They didn't assume the worst and proceed as such when reports started surfacing that accounts were being hacked
  • Their database should have been natively encrypted, performance issues are not a customers concern
  • They could have closed the exchange at the weekends to help stabilize both security and volatility

Get with it! You're not in the game card trading world any more Dorothy! This is the real world, with an entire internet of dodgy fucks just looking to penetrate your every orificeflaw!
legendary
Activity: 1692
Merit: 1018
June 20, 2011, 11:42:31 AM
#20
The world doesn't operate on prevention, because prevention doesn't work.

They were able to reverse transactions and roll the site back to the way it was before the invalid order.  They also had mechanisms in place to reduce the amount of irreversible damage that could happen before the attack was noticed and stopped.

Those sound like pretty damn good safeguards to me.

Tight security is a pretty important form of prevention.  Mt Gox can rollback transactions as much as they like.  The few members of the general public who follow bitcoin got the message that 'bitcoin got hacked', regardless of the real details.

The world does operate on prevention.  That's why balconies have railings, dangerous areas are often fenced off and industrial machinery has physical and electronic barriers to prevent accidents.
legendary
Activity: 1692
Merit: 1018
June 20, 2011, 11:36:35 AM
#19
The market went from around $17 to $0.01 within minutes.  Where were the safeguards, or is a 99.95% drop in the market considered normal?

Yes. Low liquidity and a front loaded bitcoin distribution with a few very potent early adopters will do that. If don't like the ability of these people to crash the market at will, stay away from Bitcoin.

It's not the early adopters I'm worried about.  It's the people who target those accounts and ransack the market at will.  Bitcoin is meant to be a serious effort to create a P2P digital currency.  Businesses are meant to take it seriously as a means of value exchange.  Events such as yesterday's and people defending the manipulated market as 'if it's the will of the market to crash to zero, then so be it' does not inspire confidence.
sr. member
Activity: 504
Merit: 250
June 20, 2011, 09:58:52 AM
#18
The market went from around $17 to $0.01 within minutes.  Where were the safeguards, or is a 99.95% drop in the market considered normal?

Yes. Low liquidity and a front loaded bitcoin distribution with a few very potent early adopters will do that. If don't like the ability of these people to crash the market at will, stay away from Bitcoin.
kjj
legendary
Activity: 1302
Merit: 1026
June 20, 2011, 08:39:03 AM
#17
The world doesn't operate on prevention, because prevention doesn't work.

They were able to reverse transactions and roll the site back to the way it was before the invalid order.  They also had mechanisms in place to reduce the amount of irreversible damage that could happen before the attack was noticed and stopped.

Those sound like pretty damn good safeguards to me.
legendary
Activity: 1692
Merit: 1018
June 20, 2011, 08:27:30 AM
#16
Unless you are completely wrong, and the attack was largely contained by the safeguards built into their system.  You know, the safeguards that you for some strange reason assume don't exist.

No assumptions required.  The market went from around $17 to $0.01 within minutes.  Where were the safeguards, or is a 99.95% drop in the market considered normal?  The onus is now on Mt Gox to explain what security was present previously, how and why it was broken now, and what steps will be taken in the future to secure both the site and market.  They need to explain each in detail as security through obscurity or 'trust us' doesn't work.  I look forward to a full report from them once they've had a chance to fix the damage.
kjj
legendary
Activity: 1302
Merit: 1026
June 20, 2011, 02:48:22 AM
#15
This hack was inevitable.  Mt Gox deals with millions of dollars per month and was ripe for the picking.  I bet there's a million dollars stored in accounts on the site right now, and millions more in BTC.  The withdrawl limit saved Mt Gox, this time, but next time they won't be so lucky.

I am unlikely to use Mt Gox ever again after this.  It's the equivalent of the NYSE or FTSE being hacked and all shares sold.  If we're to treat BTC seriously we need serious security and service.  This hacking shows just how flaky bitcoin can be and despite the claims of P2P, security, etc, it's almost totally reliant on a few nodes for trading and bitcoin creation.

We know very little as of yet.  I think you may be overreacting.  At worst someone stole tons of coins, at best they got 1000 USD from a site that makes tons and tons each day.  One is a huge deal, the other is a minor annoyance.

There is no overeacting here.  Mt Gox had no automatic safeguards and logic checks to ensure the market could not be compromised.  Gox is no longer a Magic The Gathering trading site.  They are dealing with serious amounts of money with no auditing or regulation.  How was taking a BTC's value down 99.95% within minutes not stopped by the exchange?  I know the rabid libetarians will say it was the will of the market, and if it needs to fall to zero and back again then so be it.  Witness the sheer unbridled greed of some posters on this forum who managed to snag BTCs at 99% off, and now whining that the trades will be rolled back.

We truly don't know the extent of this attack yet.  If it was done properly, the script should have transferred out as many BTCs as possible before the market was shut.  Those cannot be retrieved.

Unless you are completely wrong, and the attack was largely contained by the safeguards built into their system.  You know, the safeguards that you for some strange reason assume don't exist.
full member
Activity: 196
Merit: 101
June 19, 2011, 11:48:47 PM
#14
This will most certainly make them reassess their site security (though I suspect this was already something they were doing prior to this latest incident).

MtGox needs to be made secure as any site can be. It needs to employ the latest web security technology and needs to be run by experts in the field. Its not like MtGox doesnt have the funding to be able to do this either so there's no excuses.

This incident I believe is being handled well by the site owner/s. At the end of the day it will be 'business as usual' and no-one (including those who seemed to temporarily gain from this scammers actions) will be any the worse off.

I'll be allowing MtGox some more time to harden their security. These things take time. Im sure neither they nor anyone else remotely interested in Bitcoin could have foreseen the growth explosion that was about to occur just a couple of months ago. I also think people expecting MtGox to have been prepared and able to defend against experienced hackers is unreasonable. MtGox knows it unreasonable which I suspect is why put the maximum $1000/day withdrawal limit in place - just in case something like this should happen. But I wont be waiting forever. MtGox needs to act and act fast if traders are to maintain any level of confidence in their site. To not act will result in huge financial loss and others will pick up the ball and do what is required to secure traders against this type of attack. For now I'll let MtGox run with the ball - its their call as to where they and we go from here.

+1

Fast exponential growth is very difficult to deal with, especially cleanly.

It's like "You're no longer a sergeant. You're now a general. Now go!"
newbie
Activity: 30
Merit: 0
June 19, 2011, 11:47:14 PM
#13
This hack was inevitable.  Mt Gox deals with millions of dollars per month and was ripe for the picking.  I bet there's a million dollars stored in accounts on the site right now, and millions more in BTC.  The withdrawl limit saved Mt Gox, this time, but next time they won't be so lucky.

I am unlikely to use Mt Gox ever again after this.  It's the equivalent of the NYSE or FTSE being hacked and all shares sold.  If we're to treat BTC seriously we need serious security and service.  This hacking shows just how flaky bitcoin can be and despite the claims of P2P, security, etc, it's almost totally reliant on a few nodes for trading and bitcoin creation.

We know very little as of yet.  I think you may be overreacting.  At worst someone stole tons of coins, at best they got 1000 USD from a site that makes tons and tons each day.  One is a huge deal, the other is a minor annoyance.

There is no overeacting here.  Mt Gox had no automatic safeguards and logic checks to ensure the market could not be compromised.  Gox is no longer a Magic The Gathering trading site.  They are dealing with serious amounts of money with no auditing or regulation.  How was taking a BTC's value down 99.95% within minutes not stopped by the exchange?  I know the rabid libetarians will say it was the will of the market, and if it needs to fall to zero and back again then so be it.  Witness the sheer unbridled greed of some posters on this forum who managed to snag BTCs at 99% off, and now whining that the trades will be rolled back.

We truly don't know the extent of this attack yet.  If it was done properly, the script should have transferred out as many BTCs as possible before the market was shut.  Those cannot be retrieved.

Pardon me for being a newb, but can't we just look at the block chain to determine an upper bound on how much was withdrawn from MtGox today?
legendary
Activity: 1692
Merit: 1018
June 19, 2011, 09:09:09 PM
#12
This hack was inevitable.  Mt Gox deals with millions of dollars per month and was ripe for the picking.  I bet there's a million dollars stored in accounts on the site right now, and millions more in BTC.  The withdrawl limit saved Mt Gox, this time, but next time they won't be so lucky.

I am unlikely to use Mt Gox ever again after this.  It's the equivalent of the NYSE or FTSE being hacked and all shares sold.  If we're to treat BTC seriously we need serious security and service.  This hacking shows just how flaky bitcoin can be and despite the claims of P2P, security, etc, it's almost totally reliant on a few nodes for trading and bitcoin creation.

We know very little as of yet.  I think you may be overreacting.  At worst someone stole tons of coins, at best they got 1000 USD from a site that makes tons and tons each day.  One is a huge deal, the other is a minor annoyance.

There is no overeacting here.  Mt Gox had no automatic safeguards and logic checks to ensure the market could not be compromised.  Gox is no longer a Magic The Gathering trading site.  They are dealing with serious amounts of money with no auditing or regulation.  How was taking a BTC's value down 99.95% within minutes not stopped by the exchange?  I know the rabid libetarians will say it was the will of the market, and if it needs to fall to zero and back again then so be it.  Witness the sheer unbridled greed of some posters on this forum who managed to snag BTCs at 99% off, and now whining that the trades will be rolled back.

We truly don't know the extent of this attack yet.  If it was done properly, the script should have transferred out as many BTCs as possible before the market was shut.  Those cannot be retrieved.
legendary
Activity: 1120
Merit: 1003
June 19, 2011, 08:49:09 PM
#11
This will most certainly make them reassess their site security (though I suspect this was already something they were doing prior to this latest incident).

MtGox needs to be made secure as any site can be. It needs to employ the latest web security technology and needs to be run by experts in the field. Its not like MtGox doesnt have the funding to be able to do this either so there's no excuses.

This incident I believe is being handled well by the site owner/s. At the end of the day it will be 'business as usual' and no-one (including those who seemed to temporarily gain from this scammers actions) will be any the worse off.

I'll be allowing MtGox some more time to harden their security. These things take time. Im sure neither they nor anyone else remotely interested in Bitcoin could have foreseen the growth explosion that was about to occur just a couple of months ago. I also think people expecting MtGox to have been prepared and able to defend against experienced hackers is unreasonable. MtGox knows it unreasonable which I suspect is why put the maximum $1000/day withdrawal limit in place - just in case something like this should happen. But I wont be waiting forever. MtGox needs to act and act fast if traders are to maintain any level of confidence in their site. To not act will result in huge financial loss and others will pick up the ball and do what is required to secure traders against this type of attack. For now I'll let MtGox run with the ball - its their call as to where they and we go from here.

This is quite true. And it showed the vulnerability of one central exchange. Hopefully that'll become more decentralized as a result, too.


Central Exchange? It gets more business than the other exchanges, but it has no more importance other than that. I've barely used them because they're way too slow.

Hopefully, the upside will be people using the other exchanges more.
full member
Activity: 140
Merit: 100
June 19, 2011, 07:59:42 PM
#10
This hack was inevitable.  Mt Gox deals with millions of dollars per month and was ripe for the picking.  I bet there's a million dollars stored in accounts on the site right now, and millions more in BTC.  The withdrawl limit saved Mt Gox, this time, but next time they won't be so lucky.

I am unlikely to use Mt Gox ever again after this.  It's the equivalent of the NYSE or FTSE being hacked and all shares sold.  If we're to treat BTC seriously we need serious security and service.  This hacking shows just how flaky bitcoin can be and despite the claims of P2P, security, etc, it's almost totally reliant on a few nodes for trading and bitcoin creation.

We know very little as of yet.  I think you may be overreacting.  At worst someone stole tons of coins, at best they got 1000 USD from a site that makes tons and tons each day.  One is a huge deal, the other is a minor annoyance.
legendary
Activity: 1692
Merit: 1018
June 19, 2011, 07:41:50 PM
#9
This hack was inevitable.  Mt Gox deals with millions of dollars per month and was ripe for the picking.  I bet there's a million dollars stored in accounts on the site right now, and millions more in BTC.  The withdrawl limit saved Mt Gox, this time, but next time they won't be so lucky.

I am unlikely to use Mt Gox ever again after this.  It's the equivalent of the NYSE or FTSE being hacked and all shares sold.  If we're to treat BTC seriously we need serious security and service.  This hacking shows just how flaky bitcoin can be and despite the claims of P2P, security, etc, it's almost totally reliant on a few nodes for trading and bitcoin creation.
member
Activity: 77
Merit: 10
June 19, 2011, 07:39:01 PM
#8
If 8 million dollars worth of bitcoins was stolen, he most likely doesn't.

If 1000 bitcoins, or 1000 dollars was stolen, he may very well have.

Either way, I am disgusted by the greed I see on the Mt Gox support site. All the people who bought BTC at ridiculous prices (in my eyes they more or less stole the coins, buying when something was obviously wrong) of course refuses to let them go, since they now earned a lot of money, and give a shit about anybody who may have lost any in this security breach.
hero member
Activity: 630
Merit: 500
Posts: 69
June 19, 2011, 07:28:05 PM
#7
Has anyone done the math to know if he had enough cash of his own to cover the expense of what was stolen.  I honestly have no clue any of the numbers.
newbie
Activity: 25
Merit: 0
June 19, 2011, 06:48:54 PM
#6
Im just pointing out that MtGox actually make 1.30% of each trade not 0.65%.
They charge 0.65% to the buyer and the seller for each trade, total 1.30%.
They are making millions of $ a year.
hero member
Activity: 630
Merit: 500
Posts: 69
June 19, 2011, 06:18:42 PM
#5
I hate to say it, but the more I think about it, for Bitcoin overall this is going to be good.  For traders this sucks, but for the people who want Bitcoin to be used to buy / sell, well then this is where all that stolen money is going to go I bet.    Rather than try and cash the money out themselves, the people/person would just start buying goods / services though anyone who accepts BTC, and I have no doubt those people would love to see the BTC business, and thus it gets promoted more and etc.

Or not.
newbie
Activity: 14
Merit: 0
June 19, 2011, 05:42:36 PM
#4
Completely agree. Although this isn't just a lesson for MtGox but really an all round lesson to those running important sites used by the community, security is everything!

I was glad to see Britcoin immediately took down it's site to review it's own vulnerability after what happened.
member
Activity: 91
Merit: 11
June 19, 2011, 05:29:42 PM
#3
This incident I believe is being handled well by the site owner/s. At the end of the day it will be 'business as usual' and no-one (including those who seemed to temporarily gain from this scammers actions) will be any the worse off.

I'll be allowing MtGox some more time to harden their security. These things take time. Im sure neither they nor anyone else remotely interested in Bitcoin could have foreseen the growth explosion that was about to occur just a couple of months ago. I also think people expecting MtGox to have been prepared and able to defend against experienced hackers is unreasonable. MtGox knows it unreasonable which I suspect is why put the maximum $1000/day withdrawal limit in place - just in case something like this should happen. But I wont be waiting forever. MtGox needs to act and act fast if traders are to maintain any level of confidence in their site. To not act will result in huge financial loss and others will pick up the ball and do what is required to secure traders against this type of attack. For now I'll let MtGox run with the ball - its their call as to where they and we go from here.

Calming words of wisdom. Be great to have you involved with the PR Team.
Pages:
Jump to: