Second Bitcoin Hack Highlights Challenges, Resilience of Anarchic E-Currency

Hack occurred due to exchange operator leaving his keys unencrypted

Originally conceived of by science fiction writers -- most notably Neal ­Stephenson's cult science-fiction novel Snow Crash -- peer-to-peer cryptocurrency has been all over the headlines, following its leap to the real world, in the form of the Bitcoin. Created by a shadowy individual known as "Satoshi Nakamoto", bitcoins are an inherently anarchic construct looking to free a key piece of the global economy -- specifically, currency -- from the grip of any one nation. They're also difficult to trace, making them a popular mode of purchasing quasi-legal items.

But over the year the flowers and sunshine surrounding Bitcoin has been slightly diminished. Last June, there was a massive devaluation, letting off inflationary steam and costing late adopters large amounts of real-world dollar value. Later that same month Mt. Gox, the single largest Bitcoin exchange (which trades Bitcoins for real world dollars and vice versa) was hacked. Since then we've learned about Bitcoin-stealing malware and Bitcoin Ponzi schemes.

Now BitFloor, a second exchange has been hacked, with approximately $250,000 USD in Bitcoins stolen (or more correctly, inappropriately transferred to a single account).

London-based BitFloor founder Roman Shtylman reported the theft to the U.S. Federal Bureau of Investigation (despite their anarchic nature, Bitcoins can be considered personal property and are arguably "illegal" to seize via hacking). He's also reopened the exchange, though his volume is down substantially placing his site as the thirteenth largest exchange globally.

So how did the hack happen?

Unlike some other exchange hacks, which saw password cracking used to access individual accounts and place trades (as with the Mt. Gox hack), the BitFloor hack occurred by a direct hack on the person that holds all the Bitcoins as per the standard exchange model -- in this case Mr. Shtylman. By obtaining Mr. Shtylman's private keys -- which he foolishly left unencrypted -- the hacker was able to divert the funds flowing into his exchange into his own account, gaining 24,000 Bitcoins.

Mr. Shtylman now says he's keeping his new keys in "cold storage" (offline computers) to prevent future hacks.

The hack cost the exchange operator all of the revenue he collected off of trading fees -- and then some. But he vows to pay back the victims, commenting, "How long that will take I don't know. Certainly for me this is a long-term plan, and Im mostly doing this because I feel it's important to try and be clear of my intention to try and recover the coins."

One possibility would be to catch the thief.

The person who grabbed the coins has not transferred them since the theft. As all Bitcoin transactions are logged, if and when they do begin to make trades that information could be used in an effort to track them down -- say by looking at the IP address making the trade. Mr. Shtylman would likely work with other exchange operators to monitor trades in the hunt for the thief.

For now, though, some more folks have lost their hard earned cash to the world of Bitcoin. The lesson is that as grim as today's corruption prone offline economy is, digital anarchy isn't entirely danger free either.

About the best advice for Bitcoin investors is similar to advice to real-world traders -- don't keep all your eggs in one basket.