A second major bitcoin exchange suspended withdrawals on Tuesday, amidst widespread attacks on the vast software system that drives the digital currency.
Bitstamp, an exchange based on Slovenia, says that it suspended Bitcoin withdrawals due to “inconsistent results” from its online bitcoin wallet caused by a denial-of-service attack, according to a post on the exchange’s Facebook page. “Bitcoin withdrawal processing will be suspended temporarily until a software fix is issued,” the post reads.
The news comes a week after the Tokyo-based exchange Mt. Gox suspended Bitcoin payouts, blaming a known bug in the bitcoin software. At the time, outside observers turned the blame on Mt. Gox’s accounting software, but it turns out that the company isn’t the only exchange struggling to cope with the bug.
That a known issue like this could lead to the suspension of payouts on two of the world’s most popular bitcoin exchanges underscores the immaturity of bitcoin and the ongoing growing pains of the the world’s most popular digital currency. These growing pains are not just technical, but political. As Bitstamp battles against these attacks, it’s also worth noting that the Slovenian exchange is not listed as a money services business with FINCEN, the U.S. agency that registers money transmitters — even though it accepts US customers.
Bitstamp did not respond to a press inquiry from WIRED. But according to Andreas Antonopoulos, the chief security officer with bitcoin wallet-maker, Blockchain, the effects of this week’s attack should be temporary. “It’s a griefer attack,” he says. “All it does is slow down these exchanges.” But the company could eventually run into serious problems with regulators in the U.S. FINCEN expects even foreign-based money transmitters to register if they service US customers.
A Bored Teenager With a Computer?
Bitstamp’s technical issues came to light after someone — nobody knows who, exactly — started flooding the worldwide bitcoin network with thousands of bad transaction records. Because of a flaw in the bitcoin protocol, it’s possible for the bad guys to create two unique transaction identifiers — called hashes — for legitimate transactions on the network. The official bitcoin ledger, or blockchain, is not fooled by these so-called “malleable transactions”, but some badly written wallet software could be confused.
“It’s like creating a fake receipt,” says Antonopoulos. In theory, someone could try and use one of these fake receipts to try and trick an exchange into believing that a bitcoin transfer had not gone through, but a look at the blockchain would clear things up, he explains.
It turns out that a small number of these bad transactions have been broadcast in the background of the bitcoin network for some time now, but after Mt. Gox went public with its problems, someone cranked up the volume. “Some joker is rewriting thousands of bitcoin transactions and rebroadcasting them,” says Jeff Garzik, a core developer on the bitcoin software. “It’s not a ‘massive and concerted’ attack, probably just a bored teenager with one computer.”
Antonopoulos, who is working with other bitcoin companies to coordinate a response to the attack, says he’s spoken with five exchanges (not including Mt. Gox) about the issue, and that three of them are unaffected by the issue. None of the five exchanges that Antonopoulos has spoken with appear to have lost money because of the issue, he says.