When Mt. Gox filed for bankruptcy in a Tokyo court Friday, it marked the culmination of a swift downfall for one of the world's largest Bitcoin exchanges. It's was only one year ago that Mt. Gox accounted for nearly 70 percent of the virtual currency's transactions globally, according to reports.
That was all before some 700,000 or so Bitcoins went missing from the exchange recently, apparently due to a DDoS attack that allowed cyber thieves to exploit a software bug in the Bitcoin "blockchain", which is supposed to record each transaction and give it a unique ID. The bug, however, creates a small window where each ID can be changed, thus allowing thieves make it appear the transactions never occurred. This makes Mt. Gox the latest in a series of virtual currency exchanges to be hacked, such as the Silk Road 2.0 exchange, which reported $2.7 million in Bitcoins being stolen last month.
I asked Steve Marchewitz, president of SecureState, a cybersecurity consulting firm, if there was something inherently insecure about virtual currency exchanges that hacks happen so frequently.
[To learn more about how financial firms are preparing for and responding to security incidents, attend the Acknowledge the Inevitable: How to Prepare For, Respond to, and Recover from a Security Incident session at Interop 2014 in Las Vegas, March 31-April 4.
You can also REGISTER FOR INTEROP HERE.]
Marchewitz says virtual currency exchanges can be secure, just at this nascent stage in their development enough of an emphasis has not been placed on it. "Like with any other new technology, in the beginning you're trying to make the thing work, and security sometimes takes a back seat," he adds. "Right now, there's nowhere near the sophistication of security that there is needed to be for the amount of money on the line."
However, Marchewitz believes that won't be the case for long, as the "next phase" of virtual currencies will be an increased emphasis on security protocols. He likens the current stage of virtual currency development to that of e-mail or online banking when they first came on the scene, and were much less secure channels than they are now.
Further, he says virtual currencies aren't inherent security risks. With Mt. Gox "the encryption itself didn't get broken, it's around the edges where it was targeted," he says. "Hackers are attacking the application layers, the paths of least resistance."
While banks don't have much to do with virtual currencies at this point, Marchewitz believes they will only grow in popularity, and several years down the road banks will eventually look at creating their own type of virtual currency, or some similar frictionless payment, in order to compete.
While there's definitely somewhat of a black cloud over Bitcoin and virtual currencies currently, I'm inclined to agree their popularity will continue to grow. I find it funny that much of the mainstream commentary around the Mt. Gox incident has a derisive, dismissive tone about virtual currencies, yet most of these same people have no problem with a Federal Reserve staffed completely by unelected officials that prints money at will. As more people become dissatisfied with the current financial system, I believe there will be more interest in virtual currencies, and it's up to the providers to make sure they can be traded in as secure manner as possible.