6.15.2011

the cut-throat side of the coin

I'm going to assume right off the hop that you know what a bitcoin is.  If you don't, watch this short video and then for a moment just put your first few questions on hold and assume for the sake of argument that it works as advertised, and that there are in fact many people who for various reasons consider bitcoins to be valuable and will happily trade traditional money (about $20 USD / coin at the moment) for them.

In fact, there are really quite a few people investing in bitcoins.  If not directly by purchasing them through one of the currency exchanges, or by exploiting classic foreign exchange tactics in a new medium, then indirectly by running dedicated mining computers filled with high end 3d video cards day and night to collect coins.  In the last two months bitcoin miners have stripped the commodity hardware market clean of the top performing Radeon 6990 cards.  Take a minute and try to find anyone who has them in stock.  Search for other models.  Try second hand sites.  At about $700 USD those top cards alone represent a pretty sizable dollar amount (invest in AMD!?), and of course on today's internet where there's money there are crooks.

While the saber rattlers are all very interested in the issues of drugs and money laundering, the more interesting crooks are taking to their keyboards. For some time there have been reports of bitcoin wallets being lifted via trojan horse, however these were upgraded on Saturday to full accounts of serious coin-jacking ($500k);  perhaps following in the footsteps of computer criminals of a more conventional sort.

Such as the fraudsters who started off acquiring individual online banking credentials but soon realized that siphoning the krill of the internet may work for whales like the big botnet operators, but the smaller scamming crews would need to be more strategic to maximize profits.  They began hijacking the accounts of entire businesses and found better spoils with less risk.

So on Sunday when someone monitoring the public (and mostly anonymous) bitcoin transaction log noted about $8M USD in coins being consolidated into one account there was of course some speculation that security concerns were a motivating factor. Semi anonymous currency transfers without the fuss of bank security standards, government mandated oversight and fraud reporting, and no knowledge of borders?  Oh yeah, strong concerns.

It get's weirder though.  As more people throw more mining hardware at the bitcoin network, the difficulty of mining itself increases in response. The system was designed to ensure that a steady stream of coins are mined no matter how furiously people are mining.  Because of this it is now quite impractical to mine coins alone with your desktop computer.  Well over half the miners out there are pooling their hardware together and splitting the rewards to stay in the game.  So while in theory the network is distributed and decentralized, in practice it has about 8-10 heads (pool servers) which can and have been cut off by interlopers.

There are plenty of theories and discussions out there regarding the reasons behind the many attacks against the most popular mining pools, but I think the most obvious is profit.  Due to the fact that the network increases difficulty at a slow and predictable rate it is possible for someone with a lot of mining power to double or triple their odds of mining a block of 50 coins by knocking down the top pools at the right moments.  Of course, renting a DDoS attack has been cheap for ages, and there's no doubt in my mind one could be purchased for bitcoins today.

The one I haven't seen yet but want to is forced pooling.  When web enabled java and javascript bitcoin mining programs were developed, people thought big.  "Topple Google's business model, serve a browser based bitcoin miner instead of an ad to monetize your site".  The rapid increase in mining difficulty killed that dream quickly, but it may be back in the form of modern browser interfaces to 3d graphics hardware.  WebGL and it's bastard nephew WebCL, very new technologies designed to do nifty graphics stuff in your browser, have already been used to implement web based hardware accelerated bitcoin mining software nearly on par with the dedicated mining programs.

At the moment it's limited to specific browsers with specific plugins, but barring a total collapse of the bitcoin market within a couple years as the tech matures into the mainstream it may well become far too profitable not to exploit.  Rather than serving drive by downloads of the latest banking trojan, your favourite recently hacked website could be pressing your video card into the service of mining bitcoins for the Russian Business Network right under your nose.

Perhaps the most amusing thing about all this is that Satoshi Nakamoto, the creator of bitcoin whose name is apparently a Japanese synonym for "John Smith" has quietly disappeared.
  1. Drop crazy virtual currency on world.
  2. Vanish silently with big stack of bitcoins.
  3. Profit!!!
Post a Comment