Restoring the luster to bitcoin in the wake of Mt. Gox

The digital currency has a problem with robberies that needs to be sorted if it is to survive. Some proponents are urging steps that are anathema to many in the community: regulation of the currency and a move away from anonymity

By Alex Hern  /  The Guardian

Mon, Mar 03, 2014 - Page 9

The collapse of Mt. Gox will be hard for bitcoin to recover from. If a leaked “crisis strategy” document is accurate, by the end of the site’s life, its total bitcoin holdings were just 2,000 bitcoins, while customer deposits totaled 624,408 bitcoins.

The reason for the discrepancy, according to the document, is vulnerability in the bitcoin protocol, which allowed 744,408 bitcoins — about 6 percent of all the bitcoins presently in circulation — to be stolen from the site’s “cold storage,” a bitcoin wallet unconnected to the main network where coins are (theoretically) safe from hacking attacks.

The issue, known as “transaction malleability,” has been known about since 2011 and most bitcoin software is already protected from it.

The Bitcoin Foundation, the non-profit devoted to development and promotion of the currency, says that “any company dealing with Bitcoin transactions [which has] coded their own wallet software should responsibly prepare for this possibility.”

Early last year, Mt. Gox was the largest bitcoin exchange in the world, with an estimated 70 percent of all transactions going through the site. However, the site always had problems, particularly with withdrawals. Stringent adherence to US money-laundering regulations (though based in Tokyo, it belonged to a US company, Mutum Sigillum LLC) meant it was significantly harder to sell bitcoins on the site (that is, converting them into a “fiat” currency such as dollars) than to buy them (swapping dollars for bitcoins).

This caused the price to veer away from that on other exchanges. In June last year, the site even implemented a “temporary hiatus” on dollar withdrawals, preventing every user from accessing their money. That hiatus officially ended after two weeks, but withdrawing dollars remained slow.

Then, early last month, Mt. Gox also limited bitcoin withdrawals. Users could still use the site to trade bitcoins to other currencies within their own accounts (so if you owned 2 bitcoins you could credit your dollar account on the site with its equivalent), but could not withdraw their purchases to spend outside the site. The price of bitcoin on Mt. Gox became completely disengaged from the wider bitcoin market and plummeted below US$100 on Feb. 21; on other exchanges it was above US$500.

It seems likely that it was early last month when the company discovered that its cold storage was gone. While the value of customer accounts was 624,408 bitcoins, the company actually only possessed the 2,000 bitcoins that were in its “hot wallet” — the bitcoin wallet connected directly to the exchange and used to enable trading (rather like the cash float in a cash register, as opposed to the safe in the back of the shop — which was the “cold storage”).

Even in pure dollar-denominated debts, the crisis strategy document says the company is insolvent, with US$55 million of liabilities, but assets of just US$32 million (US$5 million of which are held by the US Department of Homeland Security after they were seized in August last year).

Mt. Gox seems to hope this will not be the end of the road. The crisis strategy document implies a rebranding to “Gox,” replete with a new logo and a plea to big hitters in the bitcoin world to donate some money to ensure that depositors don’t lose all their holdings.

A peek at the source code of the now-blank site contains a hint of a future acquisition, with an empty space labelled “put announce for mtgox acq here.”

However, the document is also brutally honest about the likely future of Mt. Gox — and bitcoin itself.

“The reality is that Mt. Gox can go bankrupt at any moment, and certainly deserves to as a company,” it reads. “However, with bitcoin/crypto just recently gaining acceptance in the public eye, the likely damage in public perception to this class of technology could put it back 5-10 years, and cause governments to react swiftly and harshly. At the risk of appearing hyperbolic, this could be the end of bitcoin, at least for most of the public.”

Most of the bitcoin community seems prepared to try and separate perception of Mt. Gox from that of the currency and concept itself.

Marc Andreesen of Andreessen Horowitz, a venture capital firm that has invested heavily in bitcoin, described the firm as “obviously broken and possibly outright crooked” when speaking to CNBC on Tuesday last week.

“This is like [bankrupt financial services firm] MF Global, not some huge breakdown of the underlying technology or other exchanges,” he said.

Henry Blodget, formerly an equities analyst and now in charge of Business Insider, puts it like this: “There’s a chance consumer trust in bitcoin may survive. What happened to Mt. Gox is essentially a bank robbery — albeit one bigger than any in recorded history [the next-biggest recorded theft is for US$108 million]. It’s actually far easier to comprehend than something like the collapse of Northern Rock or Lehman Brothers; and if those failures didn’t bring down fractional reserve banking or highly leveraged derivative trading, then there’s hope for bitcoin.”

However, if the Mt. Gox losses are equivalent to a bank robbery, they underscore the perception of bitcoin as a currency highly susceptible to bank robberies. Users of services including Bitcoinica, Inputs.io and now Mt. Gox have all seen their deposits disappear overnight.

So how secure are other exchanges? Many bitcoin services were hacked together with little attention paid to long term security. For instance, Mt. Gox incorporated encryption code which was described by its creator two years ago as “quick-n-dirty” because they were “too lazy” to do it the proper way.

In a world where a single bitcoin was worth pennies, that was acceptable, but once real money was at stake, the duct-tape approach led to problems.

Bitcoin exchanges are now constantly under pressure, with a massive distributed denial-of-service attack hitting some of the biggest early last month. By their nature, such exchanges are tempting targets for hackers; they are, in essence, a bitcoin wallet connected to a Web interface. All too frequently, the security system in place has been easy to overwhelm.

However, the new generation of bitcoin companies — professional, venture-capital-backed, serious and, hopefully, secure — are fighting to change that. Their move toward reliability even extends to pushing for regulation of the currency, something which seems anathema to longer-standing users.

“There’s probably some minimal requirements and procedures that should be put in place if you’re facilitating that kind of exchange,” as Fred Ehrsam, the cofounder of bitcoin payment processor Coinbase, said to regulators in January.

Others are proposing a move away from another of bitcoin’s guiding principles: anonymity.

“Anonymity prevents reversal of transactions, but with a trend away from anonymity, transactions will be visible and thereby reversible under certain circumstances,” Mangrove Capital Partners venture capitalist Michael Jackson says. “A depositor protection scheme will come. In ‘real’ currencies, this protection is provided by the central banks, or currency issuers. With no central bank, the industry needs to take this role.”

However, there is not currently any technical basis for such a change, and it is unclear if a non-anonymous bitcoin is even theoretically possible.

Bitcoin still has long term issues regarding transaction speed, price volatility and ease of use, as well as finding a killer app that is not online drug sales, but those take a back seat to the need to credibly reassure people who own bitcoins that their cash is safe.

It needs to replace Mt. Gox with Fort Knox.