Online Bitcoin Services Attacked as Currency Skyrockets
Two websites specializing in sales and storage of the virtual currency Bitcoin have been targeted by criminals, with one suffering a large-scale theft and the other knocked out of business by a distributed denial-of-service attack.
"The Instawallet service is suspended indefinitely until we are able to develop an alternative architecture," read a posting yesterday (April 3) on the front page of the online Bitcoin-storage service Instawallet. "Our database was fraudulently accessed; due to the very nature of Instawallet it is impossible to reopen the service as-is."
Instawallet didn't disclose how big the Bitcoin theft was, but at least tens of thousands of dollars' worth of the alternative currency must have been involved.
"Your Instawallet balance under 50 BTC will be refunded," the message said. "Claims for wallets that hold a balance greater than 50 BTC will be processed on a case-by-case and best-efforts basis."
Bitcoin was trading at about $130 midday ET today (April 4) on Mt.Gox, the largest Bitcoin exchange. Fifty Bitcoins would be about $6,500.
Bitcoin has spiked in value recently, skyrocketing from about $13 per Bitcoin in mid-January to a peak of about $140 a couple of days ago. It's thought that the ongoing European economic crisis and fears of a run on banks in Cyprus have led to speculation in Bitcoin.
But it wasn't easy to get through to Mt. Gox.
"Since yesterday, we are continuing to experience a DDoS attack like we have never seen," the Japan-based site said in a notice posted on its Facebook page earlier today. "Mt.Gox has been suffering from its worst trading lag ever, 502 errors, and at one point some users were not able to log in their account."
Mt.Gox speculated that the attack was meant to "destabilize Bitcoin in general" and "abuse the system for profit."
"Attackers wait until the price of Bitcoins reaches a certain value, sell, destabilize the exchange, wait for everybody to panic-sell their Bitcoins, wait for the price to drop to a certain amount, then stop the attack and start buying as much as they can," said the Facebook posting. "Repeat this two or three times like we saw over the past few days and they profit."
Bitcoin is a decentralized, peer-to-peer, encrypted, completely anonymous currency that first became available in early 2009. Use of Bitcoins allows online payments between two individuals or entities that have never met each other, and don't even have to know each other's names.
Trade in and use of Bitcoin was negligible until about two years ago, when a quick surge in Bitcoin's value to about $30 led to an equally quick crash. From that point until the current surge, Bitcoin traded at between $4 and $12.
Theft of Bitcoins due to server breaches have occurred before, in several cases to other online Bitcoin trading and storage services. In other instances, malware has been written to steal Bitcoins from infected computers.
Because of the nature of the currency, once a Bitcoin is stolen, it's nearly impossible to recover.