People warned of this when it was first announced—a financial platform created by a lone teenager in China  is obvious going to be a target for high profile attacks. The site owner's comments  make it clear that he's not ready to do security on a large-scale financial system.
The idea that they were holding even 100K of Bitcoins is mind-boggling.
Could it be that he had the same kind of breach GH had?
It is however a PR nightmare for an up and coming currency that the bitcoin 'user community' will have to handle better to have a chance to be mainstream recognized as a 'real' currency.
Once again, if you want real safety in trading bitcoin, do it "over-the-counter" on irc. The "low-tech" solution can sometimes prove to be the best.
Bitcoin strikes me as similar, it has a weird quasi real feel to it, there are markets that trade between BC and USD and spot prices and everything, but I have a hard time thinking how/if a prosecution could occur with it.
 - http://gamergaia.com/pc/1724-eve-online-space-heist-one-tril...
As far as I can tell, investment opportunities in Eve are pretty much all Ponzi schemes. Much of the political change and economic activity centers around monopolizing certain things in 0-security space that are like "dungeons" and "quests" and much of that happens through skullduggery and betrayal.
I quit playing Eve because in some ways, it was too emotionally involving.
+1 on being too emotionally involving
So computationally, I wonder what the cost to 'mine' a bitcoin is, vs the cost to 'generate 1000 gold' in an MMO that sells for an equivalent amount? I will definitely have to add this to my never ending book project.
Also, if you find this sort of thing intriguing you might enjoy Charles Stross's Halting State - http://www.amazon.com/Halting-State-ebook/dp/B000W9180A/
Look, at the end of the day you're hearing only the exception not the norm. Its like people who watch the nightly news and think their little suburb is full of terrorist and murderers. Confirmation bias is a hellava drug.
I can lose $20 right now and it would be impossible to trace back. Bitcoin really isn't any different than cash, except bitcoin users probably understand the risks a lot more than $random_consumer.
I don't want to bag on the guy who wrote Bitcoinica, except that I wish he had done what I said earlier and built a play-money exchange instead of a "real"†-money system like this.
But I'm happy to berate the people who talk up Bitcoin, the Bitcoin economy, and the ecosystem of Bitcoin services and then, when things fail to the tune of 6-figure losses for customers, try to apologize around it by saying "oh, well, that service was built by a teenager; wait until the serious engineers get around to building Bitcoin services!". It's a frustrating and intellectually dishonest argument to make.
Keep in mind that the same bitcoin can be spent over and over again. And once stolen, it will certainly be spent. (You don't steal bitcoins except to spend them.) Pretty much by definition, the volume of bitcoins being spent is going to exceed the volume of bitcoins being stolen.
So basically, the answer is "never", which is why that's not really a useful metric. What might be more interesting is what percentage of bitcoins have been stolen in the past,
: Unless we end up with a situation where a large number of bitcoins are being repeatedly stolen from thieves before they can spend them. That's theoretically possible...but highly implausible.
I don't know, but there's a graph I'd like to see.
If every Bitcoin user rolled back the block chain by a day then the theft essentially didn't happen. But you can't get everyone to agree to do that.
Is there a bitcoin equivalent of the ink packets regular banks use to track stolen cash?
All Bitcoin transactions are public, so it's possible to trace thefts. But when a transaction has both tainted and untainted inputs the output ends up partially tainted and you end up with a lot of innocent people holding BTC that's lightly tainted (sort of like having 100 $1 bills of which two were marked by police — what is the probability that you're a criminal?).
Bitcoin is essentially a network of mutual trust, right? It is possible to get enough machines on the network to vote to void the transaction. It is even possible to set up some kind of body or bodies that investigate thefts, and make recommendations about which transactions the community should void. Of course, now we're inching towards a central bank, and so whether such a step would be "in the spirit of Bitcoin" I don't know, but it's probably a requirement if Bitcoin is to be taken seriously as a safe medium of exchange for business purposes. Of course, perhaps it doesn't want to be used as such, which is fine.
> sort of like having 100 $1 bills of which two were marked by police — what is the probability that you're a criminal?
The convention in the real world is that you are deprived of the stolen property you've received even if you did not know that they were stolen. This may seem undesirable, but it does incentivize ordinary people to perform some basic checks that they are not purchasing stolen goods. Allowing innocent people to keep stolen goods may seem like a fair course of action, but it also can increase the market for stolen goods, and incentivize for thievery, ultimately leading to an escalating situation.
The problem with applying that standard to Bitcoin is that Bitcoins get mixed together, so depriving people of money that's only partially tainted is a disproportionate punishment.
Bitcoin is just an alternative to cash. It doesn't aspire to be anything else. Businesses generally don't transact in large amounts of physical cash either. They use trusted institutions and contracts to limit their liability.
You can of course build all that infrastructure on top of bitcoins just as easily as you can on top of cash. It's a question of reaching a sufficient amount of economic activity to make it all profitable.
Thus is the original account tries to use those same "coins" (really tokens) the network would reject it, as that account not having access to those coins.
And the answer to the second question is "absolutely not". The lack of tracking is a primary requirement that was designed into the system from the start.
Essentially: bitcoins are anonymous because money laundering in the bitcoin world is perfect and free.
We could, as a society, decide that we will not accept bitcoins transfers from addresses that are reported to have taken any stolen bitcoins, whether directly implicated or implicated by violating the rule I just described. We could also decide that the only way to get your address back into good standing is to, for instance, transfer whatever coins that could possibly be ill-gotten into a bitcoin sink (an account that everyone agrees to never accept transfers from, basically dead bitcoins). You can even come up with more continuous proposals; not just illegal or legal, but rather you can have a 90% clean account, and it is clear how that translates to value of your bitcoins when dealing with people who won't accept illegal coins.
This is in many ways like an ink-packet. That doesn't get the other person their bitcoins back, but it removes the financial incentive to steal. Of course this is probably ripe for abuse. It would definitely be a way to screw over whoever you were sending money too, but it wouldn't be a charge reversal. You lose the money but the other party gets no spendable money.
Edit: Also, the use of "anonymizers" in the bitcoin ecosystem is common. Silk Road has something they call tumbler which masks transactions in such a way that you can't really say for sure where the bitcoins are coming from.
I assume that "tumbler" is basically as good as any eWallet service with a bit of obfuscation on the transactions in and out. That is fine, if you trust someone enough to take you coins, mix them with a bunch on other peoples money, and then send them back to when you need them, you can remain pretty anonymous. This is because that person/organization can do virtual funds transfers off of the bitcoin block chain record. However, in the scenario where address are marked as dirty or clean, that eWallet supplier is going to find him/herself in the possession of many dirty bitcoins and will have to burn them.
In the Silk Road example, if people use stolen bitcoins on that network, all bitcoins that get sent in are tainted by that (to some percentage) and the value of the entire working volume of Silk Road bitcoins in the "tumbler" laundering machine is lessened. This means that either Silk Road passes that loss of value on to the sellers, possibly pissing them off, or they throw those bitcoins away (or send them back) and tell the person paying with them to pay again from a clean address because that money was reported as stolen.
How different is that from trillions of dollars traded in credit default swaps dwarfing the "real economy?"
it's like having cctv access to a robbery but being able to do nothing about it
I suppose that it is probably going to just be cashed out for other bitcoins or cash and laundered some other way which would make this kind of pointless.
Of course, this affects how the general public perceives bitcoin.
It may be anonymous, but its far from being secure.
Would you mind clarifying what you're meaning by 'it' and 'secure'? To me, the (in-)security of a particular bitcoin site is orthogonal to the security of Bitcoin as a protocol/currency, though the security of bitcoin sites does have a huge impact on mainstream use.
This is not entirely true. When someone is holding a great deal of someone else's money, they can do exactly like banks do and insure their bitcoins, or they can just take the hit and pay for it out of their own pocket, like slush did when his mining pool's bitcoin wallet was comprimised: http://bitcoinmedia.com/compromised-linode-coins-stolen-from... The end user isn't necessarily screwed, and should probably request whoever is holding their money to protect it not only via security but also via some guarantees against the worst case scenarios.
When a robber steals money from a bank vault, its not like one day you see. oh shit look at that someone must have stolen my money from the bank. =
If someone even robs your safety deposit box, i'm pretty sure that it's insured.
Also when markets collapsed people did and still do bank runs and convert their paper money to gold.
So it's not like the dollar hasn't experienced a lack of confidence before.
Currency is all about confidence.
The major security advantage our legacy infrastructure has is that it's old, and its failings are well-understood and (from a risk management / loss mitigation perspective) mostly mitigated.
Bitcoin (or any other online currency or transaction infrastructure) has none of that.
I hate to say it but what did people expect treating Joe Website like a bank, and this is also what the deregulation camp can expect to happen if they keep pushing for bank and market deregulation.
There are some pretty strict regulations about bank and credit card cyber security and I presume they pay some pretty hefty insurance premiums for our benefit.
> "Bitcoinica uses the most stringent best practices for password security.*"
> "For the technically inclined, we salt and encrypt passwords with bcrypt."
It's like the GitHub users who cry when GitHub is down saying "How are we going to do work?!", not realizing that Git was designed to be completely decentralized and not dependent on one single repository.
I'd be curious as to how the breach occurred and how it could have been prevented.
Here is a better source of info.