20 Jun 2011

Mt. Gox Breach Summary

I’ve been following the Mt. Gox security breach and subsequent Bitcoin/USD price collapse for a little while. This is a rough summary of events as they seem to have happened, based on available information at the current time (June 20, early morning UTC).

My assumption is that at least some of this timeline will turn out to be wrong, which in itself might be interesting in retrospect.

Sometime in early June: Unspecified attackers gained access to a machine, allegedly being used by an auditor, either containing or with read-only access to, the Mt. Gox database or some portion of it. Whether the attackers had access to the entire database or “just” the user table doesn’t seem known, but the important thing is that they got a table containing, according to Mt. Gox:

For accounts not accessed in the last two months (viewed by Mt. Gox as “inactive”), the password was stored as an MD5 hash. For accounts accessed in the last two months, the password was salted, then hashed with MD5. Nowhere in the database were there plaintext passwords.

Exactly who had access to the database, whether it was an individual or group, isn’t known. It seems that access to the database might have gone through several stages: presumably from the person or group who obtained it initially from the compromised machine, and then to less-sophisticated people or groups. We can say with some confidence that it started to be distributed shortly before June 17th, because on that date somebody posted a message to a forum with some hashed passwords that came from the database. (N.B., this is hearsay from the #Bitcoin IRC channel, and thus fairly speculative. I haven’t looked at a copy of the database to confirm it.)

Monday, June 13: The actual theft of Bitcoins from compromised accounts began, according to various sources, on Monday morning. Approximately 25k BTC were transferred from 478 accounts, according to DailyTech (although elsewhere in the same article they claim 25,000 accounts). The destination address was “1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg”.

Presumably, the accounts were accessed by brute-forcing the hashed passwords in the database. It’s not clear to me whether the accounts were all “inactive” (and thus had unsalted password hashes, vulnerable to a pre-computation attack), or if they were active, had salted hashes, but were just weak and fell to a dictionary attack. It probably would have been logical for the attackers to pursue both routes at once: go after the old, unsalted hashes with Rainbow tables, while at the same time performing dictionary attacks against the salted hashes associated with accounts with significant BTC balances. At any rate, using some combination of both routes, they eventually found some vulnerable accounts.

The thefts seem to have gone on during the remainder of the week, with Mt. Gox seemingly misreading the increase in theft reports as insecurity on users’ PCs, rather than a security problem on their end.

Sunday, June 19: The Bitcoin ‘Flash Crash’.

At around 3AM Japan Standard Time, someone – my guess is not one of the original attackers – began a massive sell-off from a single compromised account. (One open question is whether this account was a receiver account for stolen BTC from other hacked accounts, or just happened to be a ‘whale’ that they managed to access.) This is where things start to get interesting, because it’s not immediately obvious why someone who recently came into possession of a whole lot of Bitcoins would want to crash the price.

One theory is that it wasn’t intentional; they were hurrying, perhaps working against other attackers who had access to the same database, and wanted to cash out quickly. But another theory, one that I think is more plausible, is that the sell-off was calculated to crash the BTC price, in order to get around Mt. Gox’s $1,000 USD/day withdrawal limit.

By dumping a large number of Bitcoins onto the market – not just once but twice (the attacker repurchased and sold the lot of coins a second time, supposedly) – the market price was driven down. Basically all open bids on the order book were filled, down to ridiculously low prices. At no point did any sort of ‘safety switch’ kick in at Mt. Gox to halt trading; it was full-bore Black Monday mode.

And here we start to run into my limit of knowledge. If we assume that the crash was engineered in order to get around the Mt. Gox withdrawal limit, then when the price was very low, the attackers should have made their move, and transferred whatever they could out of Mt. Gox, to external Bitcoin accounts.

Mt. Gox seems to be claiming that this did not happen, and the withdrawal limits successfully kept the total amount of BTC removed from the exchange to some low number. If true, this would allow them to ‘reset’ the exchange back to how it was before the flash crash, with only limited losses – perhaps low enough that Mt. Gox could make all users whole before resuming trading.

But if this isn’t the case, then it may not be possible for Mt. Gox to shield all of its users from losses. After all, one of the key features of Bitcoins is that they can’t simply be magic-ed into existence on demand by a central authority when convenient. If the Bitcoins have left the building, so to speak, Mt. Gox can’t just grab them back or create new ones to replace them.

In the next few hours or days, I expect these issues to become more clear. Also, it will be interesting to see whether the BTC/USD rate stays at the $17 mark that Mt. Gox plans to resume trading at, or immediately falls to some lower level, in keeping with lowered investor confidence.

Personally, I wouldn’t mind one bit if this marked the end of Bitcoin’s first speculative bubble; most of my interest in Bitcoin is as a currency, not as an instrument for speculative investment (and a not-very-liquid one at that). The question will be whether Bitcoin’s reputation is irretrievably damaged as a result, or if the damage is forgotten about or limited to Mt. Gox.

Certainly more interesting and higher stakes than the usual EVE Online drama, though.

This entry was converted from an older version of the site; if desired, it can be viewed in its original format.