As I wrote last week, it is becoming clear that although the crypto-currency Bitcoin is built on (currently) unbreakable mathematics, its economy currently relies on insecure software. The latest news from that economy underlines that its vulnerabilities present dangers not only for the personal fortunes of Bitcoin’s early adopters, but also the future of the currency itself.
Yesterday the largest exchange where people trade Bitcoins for “real” currency like dollars came under attack. A bitcoin was changing hands for about $19 on the MtGox exchange going into the weekend, but the price crashed to pennies yesterday afternoon after an account with a large number of bitcoins was used to manipulate the market. The site was taken offline and later posted this explanation:
“[S]omeone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database.”
Soon after, that database was made available online, making it clear that MtGox had not secured passwords as well as it might (this discussion thread has more for technical detail). The still-offline exchange has warned its users, will roll back the market to before the attack, and is currently working to upgrade its security. Other Bitcoin exchanges are presumably also bolstering their defenses, since more attacks can be expected.
Those security improvements can’t come fast enough. Recent high-profile hacks have shown that conventional banks and other institutions are not without their own security problems. But Bitcoin tools and institutions needs to rapidly professionalize if the currency is to successful ride the wave of interest in a form of money none before.