Bitcoin virtual currency suffers $500,000 theft

Bitcoin, a virtual currency based around cryptographic hashes, has suffered the largest heist in its history as a user claims to have lost 25,000 'coins' with a real-world value of almost $500,000.

Bitcoin is a hacker-led project which has been getting an increasing amount of attention of late. The project's aims are simple, and yet it holds the potential to be a major disruptive influence: to create a peer-to-peer currency-based economy with no central authority.

The project uses a virtual currency it calls 'Bitcoins,' which are generated as computers participating in the project complete complicated mathematical problems. This limits the amount of currency in circulation, without the need for a central authority to be overseeing and adjusting a balance sheet. The number of coins rewarded as a result of the work carried out halves every four years, to prevent hyperinflation and to limit the number of available coins to a total of 21,000,000 by the end of the run.

Transactions are carried out on a peer-to-peer basis, in a similar way to file-sharing services: a request to move money from one encrypted account to another is broadcast throughout the entire network, keeping its individual users anonymous and identifying them only through a complicated hash. For those of a paranoid bent, new hashes - representing a new, empty 'wallet' - can be created at any time.

Initially, Bitcoin was a novelty, representing an attempt by hackers to create an economy that the world's governments couldn't influence. Individual Bitcoins had little value, and were mostly transferred between a hardcore set of users as rewards for good forum posts or helpful advice.

Recently, however, interest in the project has spiked and started what some are calling a 'Bitcoin bubble.' The value of a single Bitcoin has shot past that of a US dollar, with the current value estimated at around $18.68. Rather than representing a validation of the project, however, this opens up a new spectre: theft.

As the currency involved is entirely virtual, and the system designed to keep its users as anonymous as possible, the Bitcoin project is proving a draw for ne'er-do-wells. Aside from unsubstantiated claims in the tabloid press that Bitcoin is being used to provide financial backing for drug deals and prostitution, the more technically-minded criminals are seeing the platform as a safer alternative to bank robbery.

A Bitcoin user identified only by the username 'allinvain' and the Bitcoin address '1J18yk7D353z3gRVcdbS7PV5Q8h5w6oWWG' claims to have become the victim of the biggest Bitcoin theft in history, losing 25,000 BTC with an estimated real-world value of $467,000.

"I just woke up to see a very large chunk of my Bitcoin balance gone," the user claimed in a posting on the Bitcoin Forum. "I am totally devastated today. First thing that I noticed is that my Slush's pool account got hacked into and someone changed the payout address. I then changed the password and proceeded to run some antivirus and anti malware scans. Some stuff was found, but they were all cleaned up

"I then left another virus scanner running and went to sleep. When I woke up I checked my Bitcoin wallet. I leave the client running to help the network, and I notice -25,000 (and a transaction fee) gone."

The theft has sent shockwaves through the Bitcoin community. Some claim that the user has been betrayed by his friends, pointing to the fact that it's unlikely a random malware writer would be aware of how Bitcoin works and know that he was sitting on a fortune in virtual currency.

Others agree with the user's own assumption that a specially-written worm is targeting Bitcoin users in order to relieve them of their carefully gathered virtual funds. Still more question whether the theft ever really happened, accusing 'allinvain' of making the theft up in the hope of casting doubt over Bitcoin's future.

The user, however, is adamant that the coins both existed and were taken without his consent. "I swear on my life that this is not a ruse. I have nothing to gain from this. I am one of the very early adopter of Bitcoin. I was planning on using those funds to open up a bitcoin business." He or she is, however, certain about where the problem lies. "This can only be blamed on me," the user explained. "I am the flaw with Bitcoin."

Should the theft have come from an external intrusion - such as a worm or other piece of malware - then the issue would appear to stem from the client software's use of a plain-text, unencrypted file for storing the Bitcoin balance. Called 'wallet.dat,' the file can be transferred to any other system with a Bitcoin client and immediate access gained to the Bitcoins stored therein.

It's a problem that the developers are aware of, but one which is given a low priority compared to other issues in the system. With at least one other user claiming a similar - though lesser-valued - theft to the same recipient address, however, it's something that should possibly be looked at sooner, rather than later.

With the funds apparently being turned into real-world cash via trading house service Mt. Gox, it appears that the theft - if real - has been both successful and lucrative. As a result, the Bitcoin project can look forward to many more such attempts in the near future.