Compromised system blamed for Bitcoin collapse and data breachby Steve Ragan - Jun 20 2011, 11:30
Last week, newly discovered Malware was blamed for the theft of an estimated $300,000 USD worth of virtual currency. On Sunday, an account breach at Bitcoin exchange, Mt.Gox, led to the devaluation of the Bitcoin currency, causing it to plunge from $17.5 USD to pennies on the dollar. In addition, a file with over 60,000 accounts from the service was leaked to the Web.
Last week, Bitcoin community member “allinvain” reported that his account had been hijacked. He reported that he had lost $25,000 BTC (Bitcoins), which at market value was estimated to be worth nearly $300,000 USD. When the theft was announced, many speculated that Malware was the cause. Later, this speculation was given credence after Symantec reported on a new Malware family targeting Bitcoin users.
On Sunday, a person who performs audits for Mt.Gox with read-only access to the company database had their own computer compromised. This compromise led to the public leak of the Mt.Gox user database, with more than 60,000 accounts. The leak contained email addresses, as well as hashed passwords.
Based on reports, it is likely that one of these accounts was leveraged in a mass selloff, which caused the value of the Bitcoin on the Mt.Gox exchange to fall from $17.5 BTC to less than a cent in under an hour.
As a result, Mt.Gox will rollback the transactions that took place during the massive selling spree, reversing the value of the Bitcoin to where it was before the bottom collapsed.
In a statement, the person behind Mt.Gox said that he understands the rollback won't be popular with those who purchased Bitcoins at a huge discount, “…but none of those trades were legitimate so Mt.Gox has a legal obligation to reverse the trades.”
The plans were to reverse the transactions and restore the Mt. Gox services on Monday, but the latest information says that the re-launch is planned for 02:00 a.m. GMT on Tuesday.
“When Mt.Gox comes back online, we will be putting all users through a new security measure to authenticate the users. This will be a mix of matching the last IP address that accessed the account, verifying their email address, account name and old password. Users will then be prompted to enter in a new strong password,” a company update noted.
In addition, dealing with the leaked database, the company said that they have been working with Google to ensure any GMail accounts associated with Mt.Gox user accounts are locked and re-verified.
More information is here.