Dwolla, MtGox see delays from DDoS attacks in last week. Mercado Bitcoin and user's funds compromised in a separate attack.
It is currently unclear how much, if any, of the funds will be returned to users.
According to a Reddit user who reported the attack two days ago, Mercado was the only exchange operating in Brazil.
Below is a link to the email that users received from Mercado after the attack:
Market Distortions Leading Up To Mercado Attack
Interestingly, the same Reddit user posted a week before that BTC traded for a higher rate in BRL than it would in USD elsewhere. He said the discrepancy was going on for sometime. This was corroborated by another user claiming to be from Brasil.
After the attack, users on the later post concluded that the distortion was likely due to a lack of trust in the exchange.
One user put it like this:
"[O]ften the market is smarter than you are, and if you think you've found an arbitrage, that may just be that you haven't priced in the transaction costs and risks."
Cause and Implications: How Safe Are Our Exchanges?
The original user stated he didn't know exactly how the attack was perpetrated, but it was likely a result of the general lack of security surrounding the firm.
In comparison, MtGox has a high level of security since it's catastrophic hack back in July, 2011. However, MtGox is a huge target due to its sheer size and its recent policies that limit the amount of BTC and other currencies users can withdraw over a given time frame.
This will make it harder for users to keep their BTC in locations that aren't as large of a target. As the payoff for a successful attack on exchanges goes up with the market cap, hackers will no doubt continue there efforts. And indeed they have:
Perhaps we are all keeping too many eggs in one basket.
@Bitcoin_Trends
I think there is one misunderstanding. It reads as if a site can add security ad libitum to their web code if that is needed.
ReplyDeleteIn case of MtGox, they succeeded to convince users that the service is more secure now. A crucial step in this was to reimburse affected users and to take full responsibility for their damages. Another key for the recovery was that the service was already rooted in the community and the owner had a good reputation.
But others will not be as happy. One thing to remeber is that it is not possible to add security to an insecure code base. Security is not something modular but something that has to be designed from ground up. It is hardly possible to add that later. It is also rooted in organizational qualities which are hard to change.