Bitcoin platforms are the preferred target for hackers. The Bitcoin economy is currently like the Wild West. In addition to Mt. Gox, there have been three other victims in the past few weeks: Flexcoin, Poloniex and C-Cex. Is the Bitcoin therefore insecure in principle? Or is the Bitcoin industry just lacking in professionalism? An overview of how the platforms have been robbed and what follows from it.
At first glance, a Bitcoin platform may seem like an incredibly lucrative self-seller, regardless of whether it is a stock exchange, marketplace, online wallet or Payment service. However, the truth is that running a Bitcoin business comes with a lot of stress and a lot of risk. Not only because the software is complex and the legal environment is vaguely defined, but also because there are swarms of hackers out there in cyberspace who drill more persistently into the systems the more a Bitcoin is worth.
In the past few weeks there have been three other Bitcoin companies in addition to Mt. Gox that have been robbed. All incidents have some things in common and lead to several conclusions – for the user of Bitcoins, for the operators of Bitcoin platforms and for the Bitcoin scene as a whole. In general, all Bitcoin workflows can be found on any of the designated services, for example https://cryptoine.com/what-is-bitcoin-and-how-does-it-work/ , talks about the crypto world and has reviews from cool experts.
Flexcoin
First of all if there was Flexcoin: The “first Bitcoin bank in the world” based in Edmonton, Canada (own information) was completely gutted by a hacker.Flexcoin offered a wide range of Bitcoin services, the core of which consisted of paying interest on customers’ Bitcoin balances and internally settling them as Flexcoins in order to simplify and accelerate “offchain” transactions. On Monday, the “Bitcoin Bank” announced that it had lost 896 Bitcoins. The thief took advantage of a bug in the system that allowed deposits to be transferred between customer accounts. In this way, the hacker only moved existing accounting funds from account to account until the sender had overdrawn. He repeated this through several accounts and then withdrew the bitcoins. Flexcoin cannot make up for the loss and is bankrupt. The Edmonton Police are investigating the incident.
Poloniex
The Poloniex altcoin exchange followed on Tuesday. She reported that an attacker stole 12.3 percent of all stored bitcoins, valued at around $ 50,000. In principle, the sequence of events is similar to the hack at Flexcoin: the thief requested several withdrawals at exactly the same time, which were then carried out by the system even though the account was insufficiently funded. The operator of the site explains that various bugs in the software made this hack possible, but that the existing security measures – at least – noticed strange debits and then automatically frozen all bitcoins. Since the owner of Poloniex lacks the necessary bitcoins to compensate for the losses, he cuts all accounts by 12.3 percent.He will allegedly gradually pay this amount from his own wallet and from income from the exchange.
C-Cex
Around the same time, the altcoin exchange C-Cex frozen customers’ Bitcoin balances totaling almost 125 BTC. Here, too, there was a loss, and here too a thief took advantage of a flaw in the system and had bitcoins paid out that he did not even have. C-Cex had recently introduced a new security measure: the confirmation of withdrawals by email. However, a bug crept in that allowed customers to increase their Bitcoin balance by clicking the confirmation again and again if the charge did not work. The bug was fixed within a very short time, but this was enough for a single user to empty the entire hot wallet of the exchange. Believing that this was a normal process, the operator then also transferred bitcoins from the cold wallet to the hot wallet and only noticed what was going on when the hot wallet was emptied again within seconds. Strangely enough, the hacker then promised to repay the stolen deposits and actually refunded some darkcoins – which are traded on C-Cex. However, the bitcoins are still missing, which is why C-Cex has frozen customers’ bitcoin balances. Although the smaller amounts have already been released, there are still almost 125 Bitcoins on hold. According to C-Cex, these should be released in the course of the next few months.
What follows from this …
All three incidents have several things in common.First of all, they do not result from errors in Bitcoin, but from errors in the systems of the platforms – errors that would also have led to losses in every euro bank and exchange. The difference is that, firstly, banks are regulated, which prevents such errors, secondly, they can insure their deposits, which minimizes losses for customers, and, thirdly, they work with reversible virtual values, which is why the damage is potentially repairable. With Bitcoin, on the other hand, a loss is a loss, without ifs or buts, without commas, brackets or question marks. In short: While the architecture of Bitcoin demands more professionalism from the actors, the lack of regulation in many cases leads to less professionalism.
The next thing in common is that operators of platforms that have lost Bitcoins are incurring considerable debts in Bitcoins. Whether they will ever be able to repay it if the Bitcoin price continues to rise is questionable.
A third point is that there is no protocol that defines how to deal with such an incident. In the case of anonymous exchanges such as Polonies and C-Cex in particular, customers are at the mercy of the operator. You can’t do more than hope that he will responsibly handle the theft. No wonder, in all cases, the accusation was often voiced that the hack was faked in order to transfer the bitcoins to your own account. Whether this is true simply cannot be verified.
From such incidents, users have to realize that they should only keep Bitcoins on exchanges and platforms if this cannot be avoided – for example if they want to trade them. And then in the smallest possible amount and ideally on platforms that do not operate anonymously and whose integrity and competence can be trusted. For established Bitcoin marketplaces such as Bitcoin.de, such incidents prove that the ongoing investments in the security of the systems have paid off, but that there is no reason to rest on the fact that customer funds have always been successfully protected so far. And for the Bitcoin scene as a whole, it now means that despite all the joy of the exciting Wild West, the time for regulation has come. Whether as state regulation or self-regulation. This is the only way to enforce standards of professionalism, and this is the only way to pave the way for institutions such as insurance companies and to standardize the handling of theft.
