Actually, the problem might have been exactly that. An updated posting on their sites says "It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database."
That's right, and let's be clear here: Mt. Gox has been kind of a mess from the beginning. They've never appeared to have a clue about security, and performance has been a complete and utter mess for quite a while now. To give you some idea, the trade that blew through the entire buy-side took over 30 minutes to execute, and the exchange essentially slowed to a standstill during that time. I realize that there are a lot of orders on any exchange at any moment, but 30 minutes of downtime in response to a single order? Come on...that's not even to mention the complete lack of sanity checks or catastrophe reporting that you'd expect in any system like this that touches people's money - it should not have required people directly tracking down the site owner to get a human looking at this stuff!
That type of thing is maybe acceptable from a lean startup that's learning as it goes, but when you're transacting over a million dollars in trades per day, there's an expectation that you'll figure out what you need to do to get things running smoothly.
This might not be totally fair, but when I saw the .php extension on all the trade API URLs and noticed that there was a dynamically generated price chart on the front page (apparently not cached, based on how long it took to load) I was immediately suspicious of the competence of the Mt. Gox devs to handle the scale of what they'd created (or rather, AFAIK, the scale of the system that they purchased from the original creator)...I'm not really that surprised that security was completely botched, this has seemed like a very amateur operation from the beginning.
It's a possibility. States do work to undermine things that threaten them. The Liberty Dollar project, for example, was recently shut down by the US government: http://en.wikipedia.org/wiki/Liberty_Dollar
. Bitcoin is a potential threat to the state because it provides an ideal instrument for tax avoidance and competition in the drug/force trade.
It's a possibility. States do work to undermine things that threaten them. The Liberty Dollar project, for example, was recently shut down by the US government: http://en.wikipedia.org/wiki/Liberty_Dollar
Sure, and they shut it down openly using the hammer and anvil of the FBI and the judicial system. If and when the US Government decides to act against bitcoin, they'll do it loudly and openly... not by some complicated, difficult and illegal scheme that doesn't really achieve anything.
Currency issues fall into the jurisdiction of the US Secret Service, an agency not known for subtlety.
Yeah, if legal and open is more cost effective, they'll likely go that route. Otherwise, they may revert to skullduggery (as they have in the past: http://en.wikipedia.org/wiki/COINTELPRO).
COINTELPRO included "extralegal violence and assassination" according to Wikipedia. So it's weird to think that the authorities would rule out a bit of hacking to protect their interests.
It was less that reason and more of an explicit violation of law.
"Whoever, except as authorized by law, makes or utters or passes, or attempts to utter or pass, any coins of gold or silver or other metal, or alloys of metals, intended for use as current money, whether in the resemblance of coins of the United States or of foreign countries, or of original design, shall be fined under this title or imprisoned not more than five years, or both."
Mt. Gox's security concerns are definitely troubling, but my guess is the effect on the market won't be huge as the Bitcoin community seems fairly committed to the long term.
This isn't a weakness in BTC. This was a weakness with MtGox. They're only related because the attacked tried to get out of BTC into USD. It's not really BTC's fault.
No, no they don't. BTC can never be trusted like other currencies. It was designed that way intentionally. Frankly, I kinda surprise I'm still having to repeat this even with the huge volume of BTC posts here and even with a post specifically talking about this yesterday (entitled "BTC's value is decentralization" or something).
The value in BTC isn't that it's a rival to USD/GBP/CAD. It's that it's decentralized and untraceable. You can't offer guarantees. You can't offer FDIC. You can't offer protection and you can't give someone their money back if it's stolen.
That's intentional and it's by design. It is Bitcoin's problem, but only because people are too dumb to realize that BTC != Mt.Gox.
EDIT: I misspoke. BTC itself can be trusted, but it can't be insured or surveilled and controlled like other traditional currencies. Saying "BTC can never be trusted like other currencies" was sloppy and erroneous on my part.
People that don't trust BTC, don't trust it because they don't understand it. Bitcoin isn't trying to compete with USD. It's a niche market for people interseted in trading anonymously and buying goods that they can't otherwise. Eventually it may grow, and that's fine.
What do you propose? A big PR push that BTC is safe? What if another exchange screws up? How are you going to explain that BTC itself is safe, but that third parties that interact with it require a seperate layer of trust?
I trust BTC. I use BTC. I don't trust Mt.Gox, so I'll go use another exchange. Again, none of this was the result of ANY flaw in BTC.
I mean, I guess bitcoin.org can run a banner "Mt.Gox's problems were unassociate with the safety of Bitcoin", but that's not going to help anything... and besides, there is still literally nothing that can ever be done about securing the currency of uninformed users.
If people want insured, centrally-authorized currencies, they need to go elsewhere. There's nothing to trust in BTC except the cryptographic soundness of SHA-whatever.
Bitcoins can only be useful for you if other people also use it. Whether or not people use it depends on wether they have trust.
Now, all those who trust Bitcoin less because of this may be ignorant fools and doomed to be ignorant fools forever but maybe you might be able to convince them. That’s all I’m saying. PR problems are rarely entirely rational.
I don't disagree that there is a PR problem here. I just don't know how or who is supposed to solve it. BitCoin.org doens't have a vested interest in the success of the currency and all they can say is "BTC is safe. Make sure you trust your exchange."
Sure they can flower it up and repeat the salient parts so that's what users walk away with in their mind... but I guess my thing is... I don't want people using the currency if they don't understand the implications. There aren't PR disasters if the users understand what they're getting into.
(and on that note, everything I've seen so far seems to be pretty accurate about blaming the exchange and not the currency)
I guess you could liken it to a bank. If a bank is robbed, we don't doubt the solvency of the US Dollar....
Does the $1000/day limit apply to withdrawing to the Bitcoin network in addition to the bank options? If not the thief could have just send the 500K BTC to one of his Bitcoin addresses, and laundered the money and traded if for real currency at his leisure. Mt Gox can only roll back trades within their system, not transactions involving the Bitcoin network once they're in the block chain.
Yeah, I thought this as well- why the hell, if you had access to all the accounts, you wouldn't just take all the coins.
But- mtgox is the main exchange (handles 90% of volume), so how would you launder the money elsewhere? There just wouldn't be the volume to get it out. Also, everyone can trace bitcoins- if you took them, people can see what you are doing with them. I think this was possibly the easier, surefire way to go.
