Flexcoin hacked, Mt. Gox code leaks, but Bitcoin demand still grows

Share this article:
The Bitcoin community has banded together to offer a crowd-funded $10,000 bounty.
Despite the Flexcoin hack and Mt. Gox code leak, Bitcoin demand is still growing.

Following a strong rise to prominence in recent months, weaknesses in the anonymous and fairly unregulated virtual currency market are beginning to show.

On the same day that an attacker stole 896 bitcoins from Bitcoin bank Flexcoin, an individual allegedly posted on Pastebin code belonging to Mt. Gox, a Bitcoin exchange that recently filed for bankruptcy in Japan after hacker thieves stole hundreds of thousands of bitcoins from the Tokyo-based company.

“On [Sunday,] Flexcoin was attacked and robbed of all coins in the hot wallet,” according to a notification on the Flexcoin website. “As Flexcoin does not have the resources, assets, or otherwise to come back from this loss, we are closing our doors immediately.”

It was not a total loss; users who put their coins in cold storage will be relieved to learn that Flexcoin maintained that depository offline and, thus, out of the reach of attackers, according to the notification. The company will transfer those users' coins for free following identity verification.

As of Tuesday, 896 bitcoins equals just under $600,000; but that may seem like chump change when compared to the 850,000 bitcoins – more than half a billion dollars – that was stolen from Mt. Gox after attackers took advantage of weaknesses in the exchange's computer systems.

Mt. Gox filed for bankruptcy protection in Japan on Friday, and on Sunday, what appears to be roughly 1,700 lines of Mt. Gox code was discovered on Pastebin.

In a Tuesday email correspondence, Frode Nilsen, a developer with five years of experience working on banking applications with money transactions, told SCMagazine.com that there is a good chance this is the authentic Mt. Gox code, or older code no longer in use, because there would be little motivation at this point for someone to fabricate 1,700 lines of code.

Although he only glanced at the code, Nilsen said that the most glaring offense is its vulnerability to a SQL injection attack.

“If this code was exposed directly on the web to the end user, this is a grave and elementary offense,” Nilsen said, pointing to OWASP as a good source for reading up on security principles that should be common for professional developers.  

The Mt. Gox incident is a big blow to the reputation of Bitcoin and other similar virtual currencies, but it is not the end, Nilsen said, explaining that there will continue to be demand because of the simplicity, effectiveness and low cost, as well as the anonymity, of the transactions.

“I'm not so sure that the lack of regulations will survive though – and maybe that's a good thing,” Nilsen said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of ...

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system ...

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child ...

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.