Friday, November 8, 2013

More Bitcoin Holders Have Lost Their Bitcoins [Poof]

Wired reports:
Until last week, inputs.io seemed like a nifty service for Bitcoin users. The company not only offered bitcoin wallets, it mixed the wallets up in order to anonymize the coins they stored, sped up bitcoin payments, and even spared them from the tiny transaction fees that are typically charged on the bitcoin network.
But there was a catch. You had to trust the company — and its internet-connected computers — with your bitcoins. In retrospect, that was a bad idea. And now, Inputs.io customers are learning just how bad of an idea it was.
The site was compromised on Oct 23, and again on Oct. 26, and hackers made off with 4,100 bitcoins ($1.2 million) stolen in two separate attacks. The company waited until this week to notify customers of the incident, which only affects certain users.[...] “I know this doesn’t mean much, but I’m sorry, and saying that I’m very sad that this happened is an understatement,”  inputs.io wrote on its website.
Bitcoin is a very unstable system around the edges and very vulnerable to loss via hacks and other breakdowns. The losses at inputs.io, it should be added,ares on top of losses suffered by those who held bitcoins at Mt Gox, thanks to a government crackdown on that site. (Not to mention losses suffered by Silk Road users.

UPDATE

There's also this warning to Bitcoin holders attempting to convert bitcoins to gold, via an EPJ commenter:
I advise against using Coinabul to buy precious metals. There have been several reports on the Bitcoin forums of people not getting the coins they bought and getting no help from the Coinabul customer service.


12 comments:

  1. "Poof" implies the bitcoins vanished. They did not. They were stolen. Bitcoins were created to eliminate counterparty risk but many ignorant users still trust their money to bitcoin "banks". This is a case of "operator error". No more, no less.

    ReplyDelete
  2. I've never heard of a jewelry heist or bank robbery.

    Everyone knows that dollars cannot be stolen.

    Oh that's right, bank's are insured, so the government can just print more money and hand it to the bank to make everything right again.

    I'm sure your in favor of the FDIC and money printing, right Robert?

    ReplyDelete
    Replies
    1. You are missing the point. One of Bitcoin's marketing points was that they couldn't be confiscated.

      Delete
    2. Yes, if you keep them yourself - not with some stranger on the Internet.

      Delete
    3. In your own bitcoin wallet with your encrypted password that you don't share with anyone then yes, they would be very hard to confiscate. Certainly much harder than a bank account or gold in your home safe.

      Delete
    4. Ok Anon @ 6 & Lysander, but how would you then "wash" them as others have suggested for anonymity?

      Delete
    5. "You are missing the point. One of Bitcoin's marketing points was that they couldn't be confiscated."

      The coins were not confiscated, they were stolen - there is a HUGE difference. If the coins are properly secured in an encrypted wallet file and backup copies of the wallet are stored elsewhere, seizing the file doesn't mean jack squat. Confiscation is radically different than the theft of unsecured coins from hacking a server. The two aren't even remotely in the same ballpark.

      In the confiscation scenario, the wallet file is seized yet the coins remain secure and available to the original owner. In the theft scenario, the coins are lost to their original owner. The feds still can't get at a large portion of DPR's bitcoins. They have the wallet file, but they can't access the coins. Imagine if that was a bank account. For all we know, DPR could have a backup copy of that wallet file stashed somewhere else. So when he gets out, he could still be a millionaire.

      As for "washing" the coins, that will soon be easy to accomplish:

      http://www.indiegogo.com/projects/bitcoin-dark-wallet

      Delete
    6. "As for "washing" the coins, that will soon be easy to accomplish."

      Great, come back & let us know when that's possible.

      Delete
  3. Bitcoin is broken.

    And not just superficially so, but fundamentally, at the core protocol level. We're not talking about a simple buffer overflow here, or even a badly designed API that can be easily patched; instead, the problem is intrinsic to the entire way Bitcoin works. All other cryptocurrencies and schemes based on the same Bitcoin idea, including Litecoin, Namecoin, and any of the other few dozen Bitcoin-inspired currencies, are broken as well.

    Specifically, in a paper we placed on arXiv, Ittay Eyal and I outline an attack by which a minority group of miners can obtain revenues in excess of their fair share, and grow in number until they reach a majority. When this point is reached, the Bitcoin value-proposition collapses: the currency comes under the control of a single entity; it is no longer decentralized; the controlling entity can determine who participates in mining and which transactions are committed, and can even roll back transactions at will. This snowball scenario does not require an ill-intentioned Bond-style villain to launch; it can take place as the collaborative result of people trying to earn a bit more money for their mining efforts.


    http://hackingdistributed.com/2013/11/04/bitcoin-is-broken/

    ReplyDelete
    Replies
    1. Yeah, I've read that report. For starters, the paper is presenting theory, not tested facts. Gavin Anderson, the lead bitcoin developer, said the people who wrote the paper didn't have a good grasp on the fundamentals of the bitcoin network. His analysis concluded that the malicious pool would most likely need to be over 40% of the network to pull it off. The paper itself concludes that at mining pool of at least 25% of the total network power would be necessary to even make an attempt at hijacking the blockchain.

      Presently, there is only one mining pool that meets the 25% requirement. And that pool is filled with extremely honest people. They have even cooperated in the past to fix the blockchain when it accidentally forked from a bad client update that was released. There is no way everyone on that mining pool would ever agree to pull a stunt like this article suggests. It just wouldn't happen.

      So even if the article is right (Gavin says they are wrong), it's still a virtual impossibility for such an event to occur.

      Delete
  4. Turns out it's not just "Coinabul" that's having delivery problems, it's "Amagi" too. Is there a single Bullion dealer taking bitcoins that doesn't have a blemished record?

    https://bitcointalk.org/index.php?topic=311494.0

    ReplyDelete