Bitcoin theft: half a million dollars gone?
The Bitcoin project is a decentralised open source cryptographic currency which is currently gaining the reputation of being created the "most dangerous product we've ever seen". The growing user base of the project that calls itself a "peer-to-peer currency" combined with rising exchange rates has apparently also attracted the attention of pickpockets. A first case of Bitcoin theft has been reported on the official forum. A user, who describes himself as an early adopter, claims that about 25,000 Bitcoins (currently worth around $500,000) were stolen from him over night. The Bitcoin network's publicly accessible information does show that 25,000 Bitcoins were transferred.
When a similar crime is committed in the real world, banks can, at least in theory, freeze the perpetrator's account and establish his identity. Even if the thief got away, the bank could reverse the transaction and refund the victim's money. The Bitcoin virtual currency, on the other hand, is designed so that transactions are irreversible, that there is no central governance, and that addresses (which act as account numbers) remain largely anonymous – sounds like a bad deal for potential victims.
In practice, however, the anonymity of Bitcoins can't always be maintained. Although users can generate an arbitrary number of Bitcoin addresses, and hide their identity while these addresses are only used within the Bitcoin network, they will, in most cases, need to link at least one of their addresses to a real identity as soon as they perform a transaction with the rest of the world. This would happen, for example, when they enter a shipping address for an online purchase.
Therefore, the Bitcoin home page explicitly recommends that a new address be used for every incoming transaction. On the one hand, this measure protects user's anonymity, as the new address is not linked to an identity for anybody except those who participate in the transaction. On the other, it improves security for the sender, as the recipient's identity, and therefore the transaction purpose, remains hidden from outsiders.
Users must also reveal their identity in order to exchange Bitcoins for other currencies. This applies to large exchanges such as MtGox as well as private traders. As the entire transaction history is publicly accessible, the path of stolen Bitcoins can, with some effort, be traced. However, the system's anonymity is a two-edged sword: although victims can, for instance, prove that the Bitcoins in question were in their possession at a certain point in time, they can't prove that the address the Bitcoins were transferred to isn't one of their own.
(Florian Hofmann / djwm)