The Future of Bitcoin After the Mt. Gox Incident

No doubt it-s been a crazy week for anyone even remotely interested in Bitcoin. Mt. Gox, once the largest Bitcoin marketplace out there, has shut down, putting a bitter end to an almost month-long situation in which all withdrawals were halted because of technical issues.

Mt. Gox BTC price evolution in February 2014, source: Clark Moody

As customers were unable to move their funds out from Mt. Gox, the world-s most famous exchange essentially became isolated from the rest of the Bitcoin ecosystem, making the Bitcoin price traded on Mt. Gox plummet to as low as $100 for 1 BTC before the exchange went completely offline.

In our forecast for 2014, we-ve stated that attacks on Bitcoin, specifically attacks on Bitcoin pools, exchanges and Bitcoin users will become one of the most high-profile topics of the year. These attackswill be especially popular with the fraudsters as their cost-to-income ratio is very favorable.

While the Mt. Gox incident might be the most significant in Bitcoin history to-date, as it is rumored to be worth 744,408 Bitcoins, or more than $300 million at current BTC prices, the only question that remains unanswered is what actually caused it.

TX Malleability, short for transaction malleability, is a known issue within the Bitcoin protocol. Under specific circumstances it can enable an attacker to issue different signatures (or TX IDs) for the same transaction, essentially making it appear as the transaction didn-t happen. This can allow a malicious customer of an exchange to request multiple Bitcoin withdrawals of the same coins by claiming the transactions never went through.

This type of TX Malleability attack was the official reason cited by Mt. Gox when they decided to halt the withdrawals, making it seem as though they have become victims of a cyber-heist, but the possibility of this incident being an inside job can-t be ruled out.

The transaction malleability attack doesn’t necessarily involve an insider, although someone with direct access to the transaction system can do it much more easily. It is of course possible that the attack was done entirely from the outside, although in such a case Mt. Gox should have the full information on the person responsible for the attack, simply because they’d be re-requesting the funds over and over, citing network errors and the fact that the withdrawal hasn-t been received.

The only thing left to do right now is to wait for law enforcement agencies to finish their investigation into the incident and hope that Mt. Gox and other parties involved are co-operating with LEAs to identify the ones responsible and try to recover the damages.

As for what this means for the future of Bitcoin – this week showed us once again, and more than ever, that the Bitcoin ecosystem truly needs companies that understand security. Being a decentralized currency, no authority will impose security standards and regulations, so it-s up to us, Bitcoin enthusiasts and the whole crypto-currency community, to raise the bar: by choosing to only work with Bitcoin companies that have an immaculate track record, a good understanding of the technology involved and especially the security required, but most importantly the willingness to always keep innovating, to always keep going that extra mile to gain customers- trust. Let-s make this happen and Bitcoin will be just fine!

The Future of Bitcoin After the Mt. Gox Incident

Your email address will not be published. Required fields are marked *



Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox