The biggest cryptocurrency hack in the history of blockchain

in #bitcoin6 years ago

‘Cryptocurrency’, what do you imagine? Pile of paper currency? You imagined right and wrong. While there are individuals who’ve made millions and companies who’ve made billions. Also, there are people who lost millions and companies gone bankrupt.

Reason?

A couple of reasons. The price fluctuations, poor infrastructures and investing skills, and hack attacks. That being said, in this post, you will learn everything if you don’t want to lose your money to some cyber criminal.

They say more than success stories, it is the failure stories that teach a lot. If you are aiming to become an investor or have your own company you should know about these hacks. As part of this guide, we will share the biggest hack attacks that changed the course of this industry and the problem that caused it. You can mitigate the problems and avoid the loss.

Let’s get started.

Read also: What is cryptocurrency? A comprehensive guide for beginners

The Mt Gox hack

The year 2013, Mt. Gox is the biggest bitcoin exchange platform in the world with a 70% market share. Max Karpeles, the founder of Mt Gox was on top of the world back then.

Fast forward to 2018.

The rate at which Mt Gox was growing, Mt Gox has captured more than 95% of the bitcoin exchange market by now. Max is sitting on a pile of 100-dollar bills, just like Joker did in the Dark Knight Rises.

Amazing isn’t it?

Nope. Mt. Gox is nowhere in the market. It’s disappeared in thin air. No one’s talking about it. No newcomers know that it even existed.

The castle Max built was so mightly that he didn’t notice small cracks in the foundation of the castle. Just a year later when Mt. Gox was at top of the world, in 2014, it got hacked. 70% of the bitcoin exchange market share, and the funds, all gone in a snap.

What went wrong? Let’s peep into it.

Mt. Gox was a clear winner before it went extinct. But there were some foundational problems in Mt. Gox since the beginning.

Problem #1: Absence of version control

Mt Gox has been busy developing a lot of features and that led to a lot of versions of the core platform. Keeping a record of the changes made became a tedious task. Therefore, tracing back at the time of bug fixes was a next-to-impossible task.

This exactly led to affect Mt.Gox’s core software to exist with bugs and not perform as expected. This problem could’ve been solved with the help of VCS (version control software), but there wasn’t any back in those days. Here’s why a VCS’s are important for any product-based company:

  1. Apart from keeping a record of the changes made, VCSs also help to know when exactly the changes were made, who made it. Furthermore, it also allows to rollback the changes that were made.
  2. Another important feature of the VCSs is the ability to let multiple programmers code simultaneously. This could have saved companies like Mt Gox from drowning.

Problem #2: Lack of testing

With a lot of code changes in the core, software led to disfunctioning of the software. Mt.Gox did not have a testing policy that could do the needful. A leader in Bitcoin exchange simply throws away code that hasn’t been tested, sounds pathetic? Yes, it does.

Problem #3: Codebase approval

A lot of changes in code, without testing, comes to the CEO for approval. Only Max had the right to approve any code change. This did not go well with the number of changes that were made in the codebase. Max is a great programmer, but approving these many changes that too without testing was not good. Soon, he choked up and ended up being over-occupied. Considering his designation, it was not good for the company and himself.

Problem #4: Absence of management

A lot of code changes, lack of testing, code change approvals, led to a poor management. How do you expect a human being to outperform so much work without mistake? Max is a great programmer, no second thoughts about that. But when it comes to the role of a businessperson or decision maker, Max was not up to the mark. Max as a CEO went full-length busy and failed to foresee a disaster nearing.

Attacks of 2011 and 2014: Events that changed the course of history

It was 19th June when Bitcoin price fell down to one cent, and it was a sign to incoming disaster.

Source: Wikipedia

This was not a complete system failure. Instead, there was an attack that led to a price crash. The hackers got access to auditor’s computer and transferred a huge number of Bitcoins to their addresses. Furthermore, they used the same exchange platform to sell all the Bitcoins, so that they can disappear with the fiat money.

This led to the price drop, only within the system. But till then, it was too late for the company to withstand the blow. By this time, the company’s spine was severely damaged to survive. Way over $8.7 million was stolen and by the time the company could adjust the propellers, the ship was already directing towards another disaster.

Fast forward 2014

In 2014, Mt. Gox system went slow and so slow that US banking authorities froze Mt Gox for violating the norms. On 7th Feb 2014, the company halted all the Bitcoin transactions to crawl back to the problem.

Upon a deep investigation, MtGox team found out that the core software was under a transaction malleability attack.

What is this now, you’d ask.

As you must already know that blockchain has a tremendous ability to encrypt the data that cannot tamper by anyone, not even the owner of the blockchain. The blockchain encrypts the data using the cryptographic hash function.

But there’s a loophole here.

If someone hacks into the blockchain’s core software and tamper the transaction just before it enters the blockchain, it can create a disaster. The hacker can alter the transaction and let it enter the blockchain. Once it enters the blockchain, it has no threat of being caught. Anyway, there’s no way to trace back to the source of the transaction.

The hackers can flea with the money they stole from the transaction and no one will be able to anything for this. The send wouldn’t even know that their money was stolen unless the company declares it upfront.

If you look at the code of a particular transaction, you’d see signature data of a transaction that goes along with the input data in the blockchain. Guess what?

This signature data can be manipulated, which further can change the transaction ID. Furthermore, changing the transaction ID will technically eliminate the original transaction from existence and make it look as if it didn’t even happen.

Picture this:

Tony owes 5BTC to Mark and Mark requests 5BTC from Tony. Tony initiates the transaction by sending 5BTC to him and the transaction waits in the queue for approval. Amidst this waiting period, Mark can alter the signature and hence the transaction ID and steal 5BTC from that transaction.

After this, Mark would tell Tony that he has not received the payment. Tony would confirm it by looking at the transaction. From his end, the transaction would be shown as pending. To this, Tony would reinitiate the transaction and this time Mark wouldn’t do any tampering. This way, Mark would get 10 instead of 5 BTC.

There’s another catch here. Since Mark is aware of Tony’s sending address, he could easily figure out the transaction and tamper data of only that. This was not the case with data tampering happened in MtGox. Hackers tampered data of all the transactions they can roll their eyes on.

This is exactly what happened behind the scenes in the MtGox hack attack in 2014. Hackers took advantage of the mismanagement and were able to bag $473 million worth BTC for free. Furthermore, this was almost 7% of the world’s supply of Bitcoin at that time, that was stolen from MtGox.

The After Effect of this attack

After the attack, the graph showing the price crash is terrible to look at. By the time Bitcoin started becoming a mainstream, Mt Gox underwent this attack. Everyone thought after this attack, Bitcoin would not survive for long. Sure, immediate effects weren’t good enough and the price went down like a steep valley.

Mt Gox declared bankruptcy after this attack and price crash. However, later it was discovered that the Bitcoin that were stolen were being laundered through another exchange, BTC-e. Alexander Vinnik, the owner of BTC-e has been accused of laundering the stolen Bitcoins. The Greek court has moved this case from their national jurisdiction to the US regulatories. If the accusation is right, he will be sentenced to 55 years of prison.

Bitcoin, as a network of the blockchain, was powerful enough to withstand the attack.

NiceHash Hack

Another hack attack that happened recently ripped the industry one more time. This time it was $80 million or 4700 BTC. On Dec 6th, 2017, around 00:18 GMT, Solvenian exchange platform was hacked.

Announcing about the attack, CEO of NiceHash, Marko Kobal appeared on Facebook live. He addressed the followers and announced about the attack. As you would expect, he refrained from revealing much about the attack. The only thing he said was that an employee’s computer was compromised that led to the heist.

NiceHash suspended all the transactions for next 24 hours to reverse analyze what went wrong and know what exactly could’ve saved the platform from attack. In a press release, this is what Marko said,

“Importantly, our payment system was compromised and the contents of the NiceHash Bitcoin wallet have been stolen. We are working to verify the precise number of BTC taken. Clearly, this is a matter of deep concern and we are working hard to rectify the matter in the coming days. In addition to undertaking our own investigation, the incident has been reported to the relevant authorities and law enforcement and we are co-operating with them as a matter of urgency.”

Final thoughts on cryptocurrency hacks

Sure, there have been many cryptocurrency hacks. But in our opinion, there hasn’t been any attack as Mt Gox. It tore apart the industry and faith of investors that their money is safe in this decentralized platform.

The key thing here to note is that all these attacks were on exchange platforms. It is nearly impossible to attack a blockchain and steal funds from there. Like Mt Gox, if someone tries to alter transaction ID and steal money from the transaction before it gets confirmed. It’s impossible without an exchange platform. Because that’s the only medium where hackers can get hold of a transaction. If there weren’t exchange platforms, there would be a 100 percent safe fund transfer experience. There is no room for a hacker to phish and steal anything from the network.

Furthermore, there have been attacks like the DAO on Ethereum (detailed analysis-based guide coming up), that led to the birth of whole new blockchain, Ethereum, and Ethereum classic. The original blockchain had to fork out (hard fork) and form a whole new blockchain platform.

That being said, you are now well-informed to take an educated decision and invest in cryptocurrency or create a cryptocurrency exchange platform or create a cryptocurrency. There has been enough attack on this amazing new space where everything is possible.

That being said, we made it to the end of this guide. We are sure that we helped you understand the reasons why a platform gets attacked and how you can avoid it. Share this post on your social media platforms to help more people understand about this.


Originally published at http://bitfolio.org/cryptocurrency-hacks.

Sort:  

Scary possibility... 😰

You have recieved a free upvote from minnowpond, Send 0.1 -> 10 SBD with your post url as the memo to recieve an upvote from up to 100 accounts!

This is stunning ... I didn't know about this at all.