Bitcoin exchanges hit by malformed code DDoS attacks

News by Steve Gold

"Using this means of attack on an Internet-connected exchange is a no-brainer from the cyber criminal's perspective" - Professor John Walker, Nottingham-Trent University

A number of Bitcoin exchanges around the world are effectively being downed by a complex set of DDoS (Distributed Denial of Service) attacks.

The attacks are highly sophisticated, as they use a malformed code structure that triggers a standard response from the exchange servers and since large numbers of IP transactions are involved, the exchange's computers simply cannot keep up with the flood of data.

So far, three Bitcoin exchanges have been hit by the attacks in recent days, forcing them to temporarily halt or delay digital wallet transactions from clients.

The Bitcoin Foundation says it is investigating the attacks. Jinyoung Lee Englund, a spokesperson for the Bitcoin trading organisation, is quoted by Reuters as saying that whoever is behind the attacks is not stealing coins, "but is succeeding in preventing some transactions from confirming."

"It's important to note that denial-of-service attacks do not affect people's Bitcoin wallets or funds," she told the newswire, adding that: "The Foundation's development team are working on a fix, but until that is carried out, some users would not be able to use their coins."

Interestingly, Englund says that only users who make multiple transactions in a short period of time will be affected by the attacks.

The attacks first started late last week on Japan's Mt. Gox, perhaps the best known of Bitcoin exchanges, which temporarily halted withdrawals over the weekend. On Tuesday, Slovenia's Bitstamp also placed a halt on withdrawals, blaming "inconsistent results" stemming from the DDoS attacks while also noting that balance checks were being disrupted.

Bulgaria's BTC-e, meanwhile, said on Twitter that the DDoS attack could cause delays in crediting transactions posted over the last few days.

Mt. Gox reported a weight average price of just £332 (US$ 550) per coin this lunchtime – way down on its price over the last three months.

The attacks may not be the only concern for Bitcoin users, as US and Canadian regulators are planning to treat the currency like any other, formalising controls on exchanges and other parties who trade in the electronic currency. The New York Department of Financial Services is expected to announce capital requirements and formal disclosure rules on those parties that trade in Bitcoins later this month.

Canada's financial regulators, meanwhile, are also expected to tighten their rules on exchanges and other interested parties, bring them into line with financial exchanges and dealers.

Professor John Walker of Nottingham-Trent University's Faculty of Engineering told that, as a technology concept, Bitcoin is an excellent transaction process with high levels of encryption and lengthy transaction chains, which generates confidence in what is a de-centralised method of payment.

"Thanks to these features it has a high level of security continuity," he said.

"However, like all systems that rely on the Internet to complete a given process, if the Internet has problems, then the system has problems," he added.

Professor Walker, who is also CTO of IT security consultancy Integral Security Xssurance, said that problems with Bitcoin can occur when someone comes at an exchange with an effective security attack vector.

"Using this means of attack on an Internet-connected exchange is a no-brainer from the cyber criminal's perspective, since any mechanism that depends on the Internet cannot be considered to wholly secure," he explained.

"We, as a society, are totally dependent on the Internet. If it disappeared tomorrow, many elements of business and society would simply grind to a halt.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews