

Those 500K Bitcoins that caused the flash crash weren't real - wmf
https://mtgox.com/press_release_20110630.html

======
Xk
If I had any bitcoins hosted on mtgox and, for some reason, had not already
taken them out, I would do so _right now_. When you give them your bitcoins,
you are trusting them to keep your money safe. I trust my money with my large
bank for two reasons: (1) they have a large safe and have practice keeping
people out, but more importantly, (2) if someone were to break in and take
some of the bank's money, I would know that I could still withdraw my money
because they have enough cash on hand for me to do so.

Mtgox has neither of those assurances.

They have absolutely no credibility on the security front. They were using MD5
with no salts at one point in time. They then moved to MD5 with salts. Now
they are at "SHA-512 multi-iteration, triple salted." That seems more like
they're trying to say "Oooohh! Look at us! See?! We're being secure!" Triple
salted means what, exactly? (Other than the fact that it makes it clear these
are people who read about salting online and then though "more is better.")

Next: "we have actively been patching holes." Oh no. You mean, you're just
going through the code and looking for bugs and hoping you get them all? That
might work for normal programs just fine, but even ONE vulnerability is enough
to take an _entire_ database. A database hosting just passwords may not be all
that bad (it usually is, but it doesn't have to be). A database which hosts
thousands and thousands of dollars? Now that is something to worry about. It
truly does look like they got lucky on this attack.

As for the guarantee that banks give -- that if they get broken in to, I will
still have my money -- there is no way mtgox provides this. Anyone who still
has money on mtgox is asking for trouble.

~~~
Andys
The reason Mt Gox needs to obsess over password database is because they don't
seem experienced enough to secure the rest of their site. When it comes down
to it, they are still a "PHP+mysql" site like all the others on the Internet.

Would you store your funds at the Bank of Wordpress?

~~~
chc
Is a site inherently safer if you use Java?

~~~
tptacek
Then if you use Wordpress? Yes.

~~~
chc
I meant than PHP. The implication seemed to be "WordPress is made with PHP,
and WordPress isn't bank-quality software, so would you want to trust your
money to something made with PHP?" I would trust the credentials of the people
behind the site before I'd even give a second's thought to the programming
language. (Of course, that doesn't help Mt Gox much either.)

------
daeken
What bothers me most is the bullshit explanations that were given initially.
Claims of a DB dump being stolen from a financial auditor's laptop, assertions
that no SQLi vulnerabilities were reported and couldn't have been responsible,
etc. If it weren't for the full-disclosure post about various vulnerabilities
in the site, would they have ever admitted any of this?

I for one won't be returning to mtgox.

Edit: Full-disclosure post <http://seclists.org/fulldisclosure/2011/Jun/417>
and relevant Bitcoin forum discussion
<http://forum.bitcoin.org/index.php?topic=20437.0>

~~~
kevingadd
If I were the guy MagicalTux outright accused of being the hacker and
threatened with FBI action, I'd be demanding a public apology right about now.
He'll probably never get one.

------
rlpb
"The new Mt. Gox site features SHA-512 multi-iteration, triple salted hashing"

Why not use a standard key derivation function such as PBKDF2 or bcrypt to
provide some confidence in the system rather than inventing their own?

AFAIK bcrypt is strong because of Blowfish's expensive key setup. How does
this compare to SHA-512?

~~~
jsprinkles
What is the benefit of bcrypt over several million rounds of SHA-512? It seems
to me that repeating the hash function is the adjustable work factor that
bcrypt seeks to allow and SHA-2 is already in most languages without an
additional library.

~~~
idlewords
When talking about DIY crypto, the question should be turned around - what's
the benefit of this over just using bcrypt?

~~~
pnathan
Well, one example might be if you were implementing your crypto in a language
that doesn't have bcrypt bindings.

So you would either have to port bcrypt or use existing crypto code to
approximate bcrypt-level security.

~~~
maaku
False choice. Why roll your own when either porting bindings to bcrypt or
porting the bcrypt implementation to your language is easier and safer?

------
mcbarry
A reminder that MTGOX originally stood for "Magic The Gathering Online
eXchange". When a site designed for trading cards online turns into the
world's biggest Bitcoin exchange you better believe there's not going to be an
appropriate level of security underneath it.

~~~
ubernostrum
A reminder that people who make sweeping generalizations about subcultures
they like to make fun of aren't worth listening to.

(also: <http://news.ycombinator.com/item?id=2697975>)

~~~
jokermatt999
It doesn't really seem like a dig at the MtG subculture, IMO. It's just
natural that a trading card site probably would focus less on security than a
financial institution. This has nothing to do with the people or the hobby
involved, and more to do with the fact that pretty much nothing needs as much
attention to safety as a bank/currency storage.

------
wiredfool
What this means is that very easily, or even accidentally, MTGox could be
running a fractional reserve bank in bitcoin. Balances are just numbers in the
database, so there's no cryptographic requirement that they sum up to the
actual amount in the dollar and bitcoin escrow accounts/wallets.

They can inflate the bitcoin in circulation, and all it takes is enough real
bitcoin and cash to cover the withdrawals for no one to know the difference.

~~~
daeken
By using floating point values for a user's balances (per-currency) in the DB,
they effectively _did_ make themselves a fractional reserve bank, even if the
spread was likely small. Most every transaction would've added a tiny bit of
an error value -- given enough time, this would've added up pretty
considerably.

~~~
batterseapower
Due to how round-off is specified, cumulative errors in floating point
calculations should average to 0 for typical workloads.

~~~
maaku
No. If you were to repeat an experiment a million times, the standard
deviation should (quickly) limit to zero. That does not mean that the value
compued is correct, however. Due to how round-off is specified, the estimated
error will increase with every floating point operation.

------
wmf
Previous discussion: <http://news.ycombinator.com/item?id=2676263>

Congratulations to those who guessed correctly:
<http://news.ycombinator.com/item?id=2676467>
<http://news.ycombinator.com/item?id=2676986>
<http://news.ycombinator.com/item?id=2676612>

------
jaysonelliot
That's fine, but it doesn't change the fact that Mt. Gox is sitting on untold
amounts of users' funds, in both hard currency and bitcoins.

I've got 70 bitcoins in their system, and they have not responded to any
attempts to contact them for two weeks now.

I've even gone so far as to contact Mark Karpeles directly through LinkedIn,
and nothing.

They have lost all credibility. Aside from the fact that no one will ever
trade with them again, the most likely next scenario is a flood of lawsuits
from Mt. Gox members who have lost their money.

------
trotsky
I really hope somebody is giving out the best clusterfuck of the year awards
soon, because this just nailed it.

~~~
Tichy
What about Citibank, where you could read other people's accounts just by
adding the account number to the request parameters (I think it was the
account number)?

------
pnathan
_We can attempt to blame the owner of the compromised account for the recent
events but at the end of the day the responsibility to secure the site and
protect our users rests with us. The admin account responsible had more
permissions than necessary, and our security triggers were not as tight as
they could have been._

Those are good words to read. +1.

------
JacobIrwin
If Mt. Gox did find the hacker, what could be done? I feel like this would be
opening up a can of worms between Gox and the Gov. Although Gox and its users
(myself included) are the victims in the recent compromise, it may be possible
that instead of sympathy (or justice) being served, it would be Gox on the
losing end again. I can see the House Sub-committee having a field day on Gox.

Maybe, maybe not. But this hack may be one without recourse.

------
romey
I'm wondering why they don't offer users the option of using two-factor
security, like Google recently made available to Gmail/Google App users. Being
able to tie my gmail login to a secure passcode generated on my phone makes me
feel a good deal safe, and I don't even have any really important information
in my Gmail inbox.

------
keyle
I was searching for the word "sorry" in the whole thing. Couldn't find one!

~~~
bzbarsky
It's in the heading of section VI of the article. They just spelled it
"Apology", but that's what "sorry" is.

------
benmmurphy
why don't people use a private salts to beef up security? for example record
the per-password salt in the db along with the hashed password but when
calculating the hash concatenate the per-password salt with a salt stored in
the program.

i realise it is kind of security through obscurity but in this instance the
SQL injection wouldn't have compromised the private salt and it would have
been much harder to recover the passwords. presumably, you would have to use a
known pass/hash combo to brute force the private salt which would take a lot
more computation time than recovering simple passwords.

------
lwat
That 2000BTC the thieves made off with is worth about $32,000 at the moment.

~~~
StavrosK
It wasn't thieves, was it? It was just a guy who bought bitcoins during the
crash and withdrew some. That's perfectly legal, from where I'm standing.

EDIT: It looks like the guy I'm talking about only withdrew 640ish coins, so
this must be someone else.

~~~
rmc
No, MtGox said that _the thief was able to make a larger withdrawal
(approximately 2000 BTC) before our security measures stopped further action._

~~~
eli
I wonder if they don't really mean, "2000 of the coins created by the thief
and then sold to buyers were withdrawn before we could shut things down"

~~~
rmc
"withdrawing the coins" in this case means moving them out of the BitCoin
wallet owned by MtGox and moving them back into the BitCoin P2P block chain
(as far as I know). There is no way to magically print more BitCoins like this
(preventing this is one of the core design goals of BitCoin). This BitCoins
had to come from somewhere. MtGox have admitted this and will have to
buy/trade/get/acquire replacement BitCoins: _"the 2000 BTC withdrawn did have
real wallet backing and they will be replaced at Mt. Gox’s expense"_

------
jgmmo
Dear Mt Gox, Please add margin-right - the 'Support' tab keeps blocking text
as I scroll.

Thank you.

~~~
csomar
Not sure why this is getting down voted. That 'support' button showed to me in
many websites, and was really upsetting.

~~~
patrickyeon
Probably because it adds nothing to the discussion of the article at hand.

~~~
MaxGabriel
Yeah but its not like there's a discussion thread anywhere to critique the UI
of MtGox's website, and these complaints have to be made so that these
problems can be fixed.

(I had this same problem)

~~~
chc
There's a contact link at the bottom of Mt Gox's site. That would be the best
place to address your "Dear Mt Gox" messages.

------
TheSkeptic
Everybody should give the people behind Mt. Gox a break. These guys make real
banks look good - no small feat!

~~~
hisabness
Something here is still real fishy:

 _March, 2011 – MtGox.com (Mt. Gox), now the world’s leading Bitcoin exchange,
was purchased by Tibanne Co. Ltd. As part of the purchase agreement, for a
period of time, Tibanne Co. Ltd was required to pay the previous owner a
percentage of commissions. In order to audit and verify this percentage, the
previous owner retained an admin level user account. This account was
compromised. So far we have not been able to determine how this account’s
credentials were obtained.March, 2011 – MtGox.com (Mt. Gox), now the world’s
leading Bitcoin exchange, was purchased by Tibanne Co. Ltd. As part of the
purchase agreement, for a period of time, Tibanne Co. Ltd was required to pay
the previous owner a percentage of commissions. In order to audit and verify
this percentage, the previous owner retained an admin level user account. This
account was compromised. So far we have not been able to determine how this
account’s credentials were obtained._

A quick search of Google for Tibanne Co Ltd leads to Tibanne.com:

 _DOMAIN: TIBANNE.COM

RSP: KalyHost

URL: <http://www.kalyhost.com/>

created-date: 2009-10-02 05:43:17

updated-date: 2011-05-25 15:15:09

registration-expiration-date: 2012-10-02 05:43:17

owner-organization:

owner-name: Mark Karpeles_

Does this mean Mark sold Mt. Gox to himself and in the process created a
superuser account so he could manipulate the exchange to his benefit? Sounds
like he could be taking a page out of the Ultimate Bet / Absolute Poker
playbook.

Probably would be willing to take him at his word if the explanation of the
flash crash didn't change every few hours. And/or if he and others didn't mobb
the guy who put in the low bid during the crash.

~~~
wladimir
Not to himself. MtGox was originally created by a guy named Jed, who sold it
to Tibanne.

------
JoeAltmaier
So some Bitcoins are 'real'. Huh. And the rest are 'imaginary' I guess. From
where I sit, they all look imaginary.

I haven't seen a 'real' stock certificate in 20 years either. But stocks are
actually backed by something, somebody.

Bitcoins are backed by ... a sysadmin? An algorithm?

I'm reminded of when bond trading changed - folks stopped buying the bond, and
instead just bought a 'coupon' representing the interest on the bond. Whaa?
Kind of like betting on the horse, instead of owning the horse I guess.

So, bet on Bitcoins all you like. But when you get burned, its not very
ingenious to complain about it.

~~~
wmf
I don't think the analogies are helping you here. Real Bitcoins exist in the
block chain, and fake ones don't.

~~~
JoeAltmaier
Sure, and 'real' stock certificates exist in a database too. But they are
backed by something. Currencies are backed by governments. Bonds are backed by
the issuing entity which has assets.

Bitcoins are as real as grocery store coupons I guess. No, wait, grocery
stores have inventory and bricks-and-mortar, so no, not that real.

Its misleading to call something as soft as a Bitcoin a 'currency'. There, no
analogies at all.

