Robbing a bank is such a hassle in the real world, with all the complicated logistics of weapons, vaults, dye packs, and getaway cars. It’s a lot more straightforward to rob digital currency exchanges and payment processors. To paraphrase bank robber Willie Sutton, that’s where the bitcoins are.
+
The huge interest in bitcoin and the concurrent surge in the value of the currency—bitcoin has risen 6,000% versus the US dollar in the last year and 300% just this month—has also created a growing incentive for larcenous hackers:
+
European bitcoin payment processor BIPS lost the equivalent of about $1 million last week after a distributed denial of service (DDoS) attack overwhelmed its servers and enabled attackers to gain access to customers’ online bitcoin “wallets.”
Poland’s Bidextreme.pl was also hacked last week, and its users’ accounts emptied, though it did not disclose the amount taken.
A week earlier, the Czech exchange Bitcash.cz was hit, with 4,000 users losing bitcoins worth about $100,000.
Australia’s TradeFortress said it was hacked in November, leading to the loss of $1 million worth of users’ bitcoins.
China’s GBL exchange abruptly went offline in October, with $4.1 million in users’ bitcoins going missing.
How do you actually steal a bitcoin, anyway?
Owning bitcoins, as Wired’s extensive survival guide explains, means that you have a private cryptography key that’s associated with a public internet address. You need both to access the money. By exploiting cybersecurity flaws on computer servers, PCs, and mobile phones, thieves who discover both the private key and the public address can transfer the bitcoins to their own accounts to spend as they please or convert into another currency.
+
Bitcoin transactions cannot be reversed without the consent of both sender and receiver, so the transfers are irrevocable. The system is designed to shield the identity of its users, but individual bitcoins are traceable.
+
“While the ownership of money is implicitly anonymous, its flow is globally visible,” a recent research paper concluded. Forbes contributor Jon Matonis wrote last year about the theft of 46,703 bitcoins, worth $228,845 at the time of the robbery, from a New Jersey-based hosting company called Linode, which could be traced after the theft through servers in dozens of other countries.
+
As a one-stop despository of multiple accounts, exchanges make a tempting target, which is why the Bitcoin Foundation warns new users:
+
When sending money to an exchange or seller you are trusting that the operator will not abscond with your funds and that the operator maintains secure systems that protect against theft—internal or external. It is recommended that you obtain the real-world identity of the operator and ensure that sufficient recourse is available.
+
BIPS, the European payment processor that was hacked last week, has stopped offering online wallet services and has urged customers to avoid online wallets altogether.
+
Safe-guarding your own bitcoins can also be fraught, since thieves have exploited security vulnerabilities to steal bitcoins from users’ own computers. Security-conscious users recommend storing bitcoins not in “hot wallets” that are necessary for processing transactions, but rather in “cold storage,” such as a USB drive that is not connected to the internet, or even “deep cold storage,” such as a usb drive that’s stored in a (real world) safety deposit box. Private keys can even be written on pieces of paper—or engraved onto a ring.
沒有留言:
張貼留言