We’ve posted before about the disruptions at leading bitcoin exchange MtGox is experiencing due to a surge of activity as well as DDoS attacks. The exchange has been specifically targeted as hackers aim to profit by the disruption. The method used is to cause the sell heavily, trigger a drop in prices, run the DDoS to shut down the exchange, cause panic that leads to prices opening even lower, and buy on the dip. This method has been working pretty well for them. (However, recent attacks have had minimal effects on prices which may have led to losses taken by the hackers)
Providing more information about the DDoS attacks, MtGox issued a press release about it, along with providing an operational update.
DDoS AttacksOn the evening of April 21st, from 11:50 PM Tokyo time, Mt. Gox was hit by a strong DDoS (Distributed Denial of Service) attack that caused the site and trading engine to be unavailable for approximately four hours. The source of the attack is under investigation, and we are working with appropriate authorities to identify those responsible. However, the reality is that our primary goal is to stop the attacks and stabilize the exchange.
For the sake of our customers and the Bitcoin community it is important that we clarify the details of the recent attacks on Mt. Gox and what we are doing to combat them. As the operator of the largest Bitcoin exchange we have the responsibility to maintain the security of our customers’ accounts, strengthen our infrastructure appropriately, and help maintain conﬁdence in the growing Bitcoin market as a whole.
How we are being attacked:
What we are experiencing lately are “Layer 7” DDoS attacks. Unlike your average DDoS (which overloads the servers with trafﬁc to the site as a whole) these are much more creative and harder to detect in that they target speciﬁc elements of the site and make it difﬁcult to distinguish malicious trafﬁc from normal trafﬁc. The attackers’ goal is to shut down the exchange, either through the DDoS itself, or by forcing Mt. Gox to take measures that have the same effect. Attached to this document (See FAQ below) are some details from Prolexic regarding the recent attack.
What we are doing about the attacks:
When Mt. Gox is attacked there is truly no ideal solution:
1) Try to make sure to mitigate the attack as much as possible so we don’t have to shut down everything, including the trading engine. This is done along with Prolexic, which has been invaluable in helping us in recent weeks.
2) We do our best not to inﬂuence the market at all. It is our responsibility to remain as neutral as possible towards market prices, and simply work to continue running the best exchange available.
3) Communicate what information we can with the public through forums such as Facebook, Twitter, Google+, and Reddit. We are open to suggestions on how we can improve this communication. Mt. Gox has been working overtime since February to build a new trading engine which will be implemented by the end of June. Additionally, since early March we have been building a new IT infrastructure which will be completed by the end of May. We will make further announcements for such changes once they are implemented.
In regard to who are the attackers, MtGox answered “we don’t know, but we have some ideas. In the end this isn’t really important as there will always be attacks, and our responsibility is to reinforce the exchange and maintain high security.” They added that for security they are holding 90-95% of bitcoins in cold storage.
In regards to when litecoin, another digital currency would be added for trading, they answered “We were planning on doing so two weeks ago, but events derailed that plan. Right now we are focused on overall stability of the exchange, and will launch LTC when we are ready.” Another pressing issue is the exchange’s backlog on handling new accounts. MtGox stated that current wait time is up to 14 days, but that they were doubling their support staff to handle the surge of account interest.