Saturday, 19 August 2017

We would like to take this opportunity to let our customers know our plans for the upcoming weeks as we navigate any potential disruptions on the Bitcoin (BTC) network. As always, our focus will continue to be on the safety of our customers and their funds.

In the event of a User Activated Hard Fork (UAHF) on 1 August or thereafter, it is important to clarify that Bitstamp would not be in a position to support Bitcoin Cash (BCC), the coin associated with the Bitcoin Cash proposal. In Bitstamp’s view, BCC is an alt-coin and the decision to list BCC tokens remains at our sole discretion at all times.

If Bitstamp chooses to list BCC, we would decide at our own discretion on what course of action to take with balances deriving from the hard fork. BCC would also be subject to the same due diligence processes as for any other alt-coin, which requires time and careful planning. For this reason, Bitstamp is not in a position to support BCC, nor will Bitstamp be liable for any BCC sent to Bitstamp.

As always, the safety of our customers’ funds remains our number one priority. To this end, as a security precaution, we will be disabling bitcoin deposits and withdrawals on 31 July 2017 at 23:00 hrs UTC to ensure that all BTC funds stored at Bitstamp remain secure. Trading will remain unaffected throughout. Deposits and withdrawals will be resumed only when we deem it safe and prudent to do so.

We will leave it to our customers to decide whether to withdraw their BTC funds from Bitstamp prior to this cut-off date if they would like to access BCC or any other hard fork, and Bitstamp shall not be held liable for any consequences of that decision, from neither a financial, operational nor regulatory standpoint.

To be clear, Bitstamp has no favoured outcome to the resolution of the bitcoin scaling issue. Our sole focus is on our customers and their best interests. As such, we are continuing to monitor developments closely. Please check our Twitter feedFacebook page and website for the latest news, updates and developments. 

Best,
The Bitstamp team

 

source: Bitstamp

WizSec recently released a technical analysis of what ultimately led to the bankruptcy of Mt. Gox. In this article, I’m going to explain what the hackers stole and what likely happened.

 

Rough Timeline

September 2011 — Mt. Gox’s hot wallet private keys were stolen from a wallet.dat file.

2011 to 2012 — Additional coins were stolen from Bitcoinica, Bitfloor and others.

2012 to 2013 — Hacker emptied the wallets continuously from addresses associated with Mt. Gox’s private keys. In addition, whenever these wallets were emptied, the Mt. Gox systems somehow interpreted the spending as deposits, crediting some users with up to about 40,000 extra BTC.

Mid 2013 — Roughly 630,000 BTC total had been stolen from Mt. Gox. About 300,000 BTC of which ended up at BTC-e.

What Got Stolen

Bitcoin is spent using digital signatures. In order to create a digital signature, you have to have the private key. Most wallets these days encrypt these private keys to a password or pin, but before September of 2011, the Bitcoin Core Wallet did not encrypt them.

Wallet encryption was the major feature of the Bitcoin 0.4.0 release (released Sep. 23 , 2011) as can be seen here. Thus, the attacker did not need any special password, but only the wallet.dat file in order to gain access to the private keys. This file was stolen, perhaps through hacking, perhaps through a rogue employee or theft of a backup.

Why Funds Kept Coming In

It’s hard to fathom Mt. Gox not knowing that these keys were compromised, but that’s exactly what seems to have happened. Most of the company probably thought that funds were being moved to more secure addresses. Funds probably kept flowing into the compromised addresses because they were associated with customer accounts. This is a known problem for exchanges in that customers will often deposit funds to the same Bitcoin address over and over, even if new addresses are created for new funds.

The attacker gladly stole those funds even as Mt. Gox remained oblivious to the theft. There were even instances where actually stealing the funds resulted in deposits to various customers, creating 40,000 extra BTC on the Mt. Gox system.

Conclusion

It’s obvious that Mt. Gox was not very good at security, but this is an unconscionable neglect of fiduciary duty. Thankfully, wallets have gotten a lot more secure and funds are a lot more difficult to steal.

 

source: Medium

 

Creamcoin Marketcap