Bitcoin is Under Attack!

No one knows who is doing it or why, but one thing is clear: Bitcoin is suffering through a heavy attack.

The currency has seen a meteoric rise over the last month, going from just over $30 to $147 per bitcoin in the last month. The relative scarcity, incredible difficulty in “mining” bitcoins and lack of sellers as the relative value rose led to the exponential gains:

The attackers are utilizing a distributed denial of service (DDoS) attack to cripple the web site that hosts a vast majority of transactions and maintains logs of account balances.

Mtgox.com is the largest Bitcoin exchange with more than 80% of all US dollar trades and more than 70% of all currencies. That makes it an easy target for anyone interested in damaging the reputation of bitcoins or in exploiting panic-selling for profit.

DDoS attacks are relatively simple and account for the vast majority of internet attacks experienced by large businesses and government web sites. These attacks use a massive network of coordinated computers, often personal computers with viruses, to flood a specific web site with data requests.

By attempting to pull data from a web site all at once, the targeted server cannot possibly keep up with the sheer volume of information it is trying to send to the individual attacking computers and essentially chokes, then grinds to a halt.

While this attack may be exploited for profit, it isn't a hack that will create counterfeit currency. Bitcoins are created, or “mined,” by using high-powered computers to solve almost inconceivably difficult algorithms that becoming increasingly difficult to solve over time.

At the most basic level, you are trying to compute a 64-digit number that is determined by a secure system of servers using algorithms that evolve into more difficult equations as bitcoins are created. Good luck with that if you don't own specialized equipment worth tens of thousands of dollars.

Profits will only result for the attacker(s) if they sold existing bitcoins while the price was high and then buy them back after other bitcoin owners panic-sell and push the relative value sharply down.

Here's the statement from Mtgox.com staff:

Dear Mt.Gox users and Bitcoiners,

It’s been an epic few days on Bitcoin, with prices going up as high as $142 per BTC. We all hope that this is just the beginning! However, there are many who will try to take advantage of the system. The past few days were a reminder of this sad truth. Mt.Gox has been suffering from its worst trading lag ever, 502 errors, and at one point some users were not able to log in their account. The culprit is a major DDoS attack against Mt.Gox. Since yesterday, we are continuing to experience a DDoS attack like we have never seen. While we are being protected by companies like Prolexic, the sheer volume of this DDoS left us scrambling to fine-tune the system every few hours to make sure that things don’t go beyond a few 502 error pages and trading lag.

Why has Mt.Gox become the target of a DDoS attack? It is not yet clear who is behind this DDoS and we may never know, but these actions seem to have two major purposes:

•Destabilize Bitcoin in general.
It is not a secret Mt.Gox is the largest Bitcoin exchange with more than 80% of all USD trades and more than 70% of all currencies. Mt.Gox is an easy target for anyone that wants to hurt Bitcoin in general.

•Abuse the system for profit.
 Attackers wait until the price of Bitcoins reaches a certain value, sell, destabilize the exchange, wait for everybody to panic-sell their Bitcoins, wait for the price to drop to a certain amount, then stop the attack and start buying as much as they can. Repeat this two or three times like we saw over the past few days and they profit.

What can be done? Believe it or not, there is pretty much nothing that can be done. Large companies are frequently victims of these kinds of attacks. Even though we are using one of the best companies to help us fight against these DDoS attacks, we are still being affected. There are a few things that we can implement to help fight the attacks, such as disconnecting the trade engine backend from the Internet. By separating the data center from the Mt.Gox website, we will continue to be able to trade.

What can you do? Like our favorite author here at Tibanne says… Don’t Panic! “Panic-selling is a wide-scale selling of an investment which causes a sharp decline in prices. Specifically, an investor wants to get out of an investment with little regard of the price obtained. The selling activity is problematic because the investor is selling in reaction to emotion and fear, rather than evaluating the fundamentals.” (Source: Wikipedia)

I understand that many of you have a lot at stake here, but remember that Bitcoin, despite being designed to have its value increase over time, will always be the victim of people trying to abuse the system, or even the value of Bitcoin decreasing occasionally. These are not new phenomena and have been present since the beginning of time when humans first started trading.

Trade Engine Lags Lag affects everyone, not only us, but also major, world-renowned exchanges like the NASDAQ and NYSE. We can fix lag, but we cannot eradicate lag. Only small exchanges with low volume and liquidity are immune to lag. Does this mean that we are giving up fighting lag? Hell, no. We are working on it by creating a new trade engine that will solve many problems, but it’s not a magic bullet. We can always try to scale our servers, but we cannot predict what happens from external sources: DDoS, panic selling, immediate increase of buyers, etc. Lag will always be there, but our mission is to make lag as small as possible.

Account Verification As if a major DDoS attack was not enough, we at Mt.Gox are victim of our own success! Last year, Mt.Gox saw an average of 9,000 to 10,000 new accounts created every month. This number doubled in January, tripled in February, and sextupled in March. In this month alone (March), over 57,000 new accounts were created! Our support and account verification team went from four people in January 2012 to twenty-two people working every day of the week. We are now hiring even more people to solve this problem by finalizing some deals with external companies. Remember that even if you are waiting for your account to be verified, you can still deposit or withdraw funds via our Japanese account and make your trades! (Only accounts that we pro-actively required to be verified are limited to deposits and trade only.)

Finally We have seen a significant amount of comments on the web (various forums, Reddit, etc.) that portray Mt.Gox as a company held by “idiots” and other rather rude words, complaining about inability to deal with lag and other system issues, without understanding the magnitude of work and attacks we are facing every day. I understand the frustration many of you feel. We hate this situation as well. Since we took over Mt.Gox, we have been through Hell and back and we are still here. We are still the largest exchange with over 420,000 trades per month and USD $121 million monthly trade volume. We have worked our way through all the requirements needed to run our exchange legally. Now, there are some things we can improve, but so far we are doing an incredible job that no other exchange has been able to do so far. While I understand a certain amount of frustration, realize what we have accomplished. I appreciate all the work you are doing everyday to push things forward and to help secure the future of Bitcoin And to all of you who are supporting us on a daily basis, thank you! We could not have done any of this without your help!

Regards

Mt.Gox Co. Ltd Team.