Hackers continue to pick holes in the online security of Bitcoin trading sites. Earlier this week luckless Bitcoin bank site Flexcoin had the entirety of the Bitcoins in their online hot wallet stolen forcing them to cease trading.
Now the Poloniex Bitcoin exchange has reported the theft of 12.3% of it’s Bitcoin stocks through loop-holes in it’s withdrawals code.
Beyond highlighting the need to store Bitcoins offline, as Mt, Gox failed to do effectively, the hacks also reveal weaknesses in front-end security. By not checking for negative balances and allowing for the processing of simultaneous transactions hackers have been able to exploit the systems involved and make off with Bitcoin before checking procedures were able to notice they'd gone.
Speaking of the theft on the Bitcoin forum Poloniex note that,
“The major problem here is that the auditing and security features were not explicitly looking for negative balances. They add deposits and withdrawals and check that accounts are in balance. If you have 2 BTC, withdraw 10 BTC, and are left with -8 BTC, the software would see that you deposited 2, withdrew 10, and have exactly what you should: -8.
Another design flaw is that withdrawals should be queued at every step of the way. This could not have happened if withdrawals requests were processed sequentially instead of simultaneously”.
Fortunately for Poloniex security measures were already in place that froze their Bitcoin transactions before the hackers could do any more damage.
Despite the efforts of hackers Bitcoin continues to thrive and the passing of names like Mt. Gox seems to denote a shift within the Bitcoin community, with traders becoming more like their fiat currentry-centric counterparts than coding geeks made good.
In relative terms Bitcoin is still very much in it’s infancy and the community moving forward strive to learn from glaring weaknesses in online Bitcoin storage and transactions. It’s pertinent to remember in the meantime that the safest place to hold your cryptocurrencies is offline
image: © Zach Copley