Bitcoin’s week from hell as DDOS attacks target ‘transactional malleability’

bitcoin-ddos-attacksIn what will come as absolutely no shock to anyone even remotely familiar with the history of emerging technologies, the Bitcoin virtual currency now accounts for 10% of all sales at Porn.com. The site only began offering Bitcoin as a payment option on Jan. 3, and marketing director David Kay told CoinDesk that the percentage would likely be higher except for the fact that so much of the online porn business revolves around recurring subscriptions, meaning there’s a lot of world wide wanking that has to take place before people have the option of renewing via Bitcoin.

Other than that happy tale, this has been the week from hell for Bitcoin users. On Monday, major Bitcoin exchanges like Mt. Gox, BTC-e and Bitstamp came under massive distributed denial of service (DDOS) attacks from unknown sources. The miscreants were exploiting a ‘transaction malleability’ flaw in some exchanges’ software, which allows vandals to alter the unique IDs of Bitcoin transactions before they’re confirmed by the network.

The vulnerability had been identified as early as 2011, but no attacks of this scale had been seen until this week. The volume of the malformed transactions forced the targeted exchanges to spend most of their time recalculating fund balances to match the official Bitcoin blockchain, and while the integrity of the official ledger wasn’t compromised, the sites were forced to cease processing withdrawal requests until they could get a handle on things, which left many users fuming.

Shortly after ‘transaction malleability’ joined the mainstream media lexicon, the operators of Silk Road 2 – the successor to the ‘black market eBay’ site the FBI shut down in October – announced that one of its users had utilized the software vulnerability to “repeatedly withdraw coins from our system until it was completely empty.” The crooks were able to make off with over 4.4k Bitcoin worth an estimated $2.6m because the site admins had been storing the stash online, a practice they themselves admitted had been “incredibly foolish.”

The Silk Road 2 admins have issued a plea for the thief or thieves to return their ill-gotten gains so as not to “walk away with your fellow freedom fighters’ coins,” but they’re reportedly still waiting for a response. Meanwhile, it didn’t take long for suspicions to be voiced that the heist was an opportunistic inside job, spurred by the publicity surrounding the transaction malleability flaw.

The perfect storm of bad publicity helped cause a precipitous drop in Bitcoin value. Bitcoin had begun the week trading at around $830, but by Friday night, the value had slipped to around $640. Things were much worse on Mt. Gox, where the value dipped as low as $302 before bouncing back closer to $400 – still well off the $900 range it enjoyed throughout January and a far cry from the heady $1,200+ days of late December.

So was this hack a bid by fiat currency diehards to undermine confidence in Bitcoin or maybe an elaborate ruse for someone to snap up a bunch of Bitcoins on the cheap? You think the Winklevi‘s infamous dustup with Mark Zuckerberg taught them that all was fair in love, war and business?