Bitcoin exchange Mt. Gox under DDoS fire
Tokyo-based Bitcoin exchange Mt. Gox is apparently under heavy DDoS (Distributed Denial of Service) attack, with the first problems reported on Wednesday evening. According to a Facebook post, trading lag became much higher, 502 errors were being shown in some cases, and many users were not able to log in. The trading lag problem is still ongoing.
The parties responsible for the attack remain a mystery. In its Facebook post, the company speculates that it could be an attempt to manipulate the exchange rate. The attackers' strategy could involve selling their Bitcoins at a high price before using targeted attacks to provoke panic sells and, in turn, extreme drops in price. Once rates are lower, they can buy a large number of Bitcoins and then – when the market has recovered – start the process all over again.
The strategy seems to have been successful, with the Bitcoin rate at Mt. Gox falling from more than $140 earlier this week to less than $120 at one point during the attacks. Last week, the exchange rate was around $90, with the currency reaching a market capitalisation of over $1 billion for the first time.
Mt. Gox explicitly advised its users to not panic and announced that technical changes are in the works, including separating the actual trade engine from the web site frontend. The exchange is generally considered to be the most important trading site for the virtual currency, responsible for more than eighty per cent of all Bitcoin transactions in US dollars and more than seventy percent of trades in other currencies, according to the company.
The Bitcoin wallet service, Instawallet, also suffered from security problems before being completely shut down. After the company discovered that the database had been fraudulently accessed, it announced that the service would be suspended indefinitely, with no chance of reopening in its original form. In the coming days, all Instawallet users will have the chance to ask for refunds of their accounts, although those with a balance of more than 50 BTC will be processed on a case-by-case basis. Instawallet's security problems were made public on Monday.
These instances are just the latest in a long line of security vulnerabilities befalling services based on the virtual currency. In early January, for example, a Rails exploit was discovered that allowed thieves to steal Bitcoin credit from Vircurex and the crowdsourcing platform Cryptostocks. In 2011, a hacking attack at Mt. Gox made the value of Bitcoins crash at an alarming rate.