Heartbleed Open SSL vulnerability and first possible attack Updates for April 9 , 2014 , Bitcoin news of note also for April 9 , 2014 ....National Australia Bank Turns Back on Bitcoin, Closes Accounts ......... Bitcoin industry reacts to Heartbleed vulnerability as patches have been implemented in hours .......Regulation efforts / updates / commentaries pertaining to the US , Brazil and Japan ...... Mt Gox Updates.....

HEARTBLEED......

Heartbleed: Moving Toward Government Control of the Internet

Company that found bug has connections to Google, Obama, DHS, and FBI

Kurt Nimmo
Infowars.com
April 9, 2013

Dire warnings about Heartbleed, a serious internet security risk affecting millions of websites, is echoing across the internet today. Described as a flaw in OpenSSL, the open source encryption technology used by the vast majority of web servers, Heartbleed is said to put HTTPS e-commerce websites at risk.

Heartbleed explained.

The bug “can give hackers access to personal data like credit card numbers, usernames, passwords, and, perhaps most importantly, cryptographic keys—which can allow hackers to impersonate or monitor a server,” writes Lily Hay Newman.

The risk was discovered by a Google researcher at Codenomicon, a Finnish company specializing in the development of “fuzzing tools” to ensure computer network security. The Codenomicon client base includes government and the defense industry and, as noted below, has suspicious connections to Obama, DHS, and the FBI.

The current buzz about Heartbleed plays into an ongoing government propaganda campaign to forge a public-private cybersecurity infrastructure.

The latest warning came from the Communications Director for Willis Global Energy Practice during a seminar held in London. He said the “energy industry is sitting on an unexploded bomb from uninsured cyber attacks” due, in large part, to web-based control systems which are routinely insecure.

In 2010, the effort to portray the internet as vulnerable and in need of government protection took the shape of a simulated cyber attack. The war game was organized by the Bipartisan Policy Center, an insider think tank, and sponsored by “companies with financial stakes in the future of cyber defense — General Dynamics is one — but also companies whose transactions are the lifeblood to the American economy, and who want to foster a greater sense of urgency among the public and policymakers,” according to  Marc Ambinder of The Atlantic.

Cyber attacks often seem timed to underscore government cybersecurity talking points and proposed legislation. For instance, in February, an unprecedented denial of service attack occurred several days after the National Cybersecurity and Critical Infrastructure Protection Act found its way to the House floor. The legislation, supported by Republicans and Democrats, codifies “an equal partnership between private industry and DHS.”

The government considers this merging of government and corporate operations – basically corporatism, as Mussolini defined it – so essential Senator Jay Rockefeller tried to get the Cybersecurity Act of 2013 added as an amendment to the National Defense Authorization Act.

EFF        ✔ @EFF

Follow

Takeaway from Heartbleed: Live every day as if you'll lose your SSL private keys tomorrow. Use forward secrecy. https://eff.org/r.q7av 

3:10 PM - 9 Apr 2014

Why the Web Needs Perfect Forward Secrecy More Than Ever

EFF has long advocated for websites to support HTTPS instead of plain HTTP to encrypt and authenticate data transmitted on the Internet. However, we learned yesterday of a catastrophic bug, nicknamed...

EFF @EFF

Earlier this month, former Sen. Evan Bayh, an Indiana Democrat, told the American Bar Association Section of International Law 2014 Spring Meeting in New York Congress is unlikely to pass cybersecurity legislation this session.

“I think it’s not likely there will be legislative action” Bayh said. “That’s too bad. It will probably take a cyberattack succeeding in some way that significantly harms the country before we’ll be able to reconcile the debate in Washington about legislation.”

Bayh said a large cyberattack would likely result in “some mandatory standards that will make what’s been proposed, at least right now, pale in comparison. Because we always way overreact once we’ve been attacked, and both sides need to get that in their minds, because that’s what is coming,” he said.

Bayh, who sat on the Senate’s Select Committee on Intelligence, is now on the CIA’s advisory board. Due to this fact, his warning and prediction, expressed as a foregone conclusion, carries extraordinary weight.

Finally, it should be noted that Howard Schmidt, the former Cybersecurity Coordinator and Special Assistant to Obama, sits on the board of directors of Codenomicon.

Schmidt, who also worked for the FBI and the Department of Homeland Security, “was responsible for coordinating interagency cybersecurity policy development and implementation and coordinated engagement with federal, state, local, international and private sector cybersecurity partners,” a company page on the Codenomicon Defensics page states.

It is telling a company linked to Google, with its known intelligence connections, and having a member of the board of directors connected directly to the Obama administration’s cyber security initiative in addition to the DHS and the FBI, should discover a network vulnerability begging a government intervention.

and....




First Heartbleed Theft - at BTCJam ?

Crypto-Coin News ...

BTC Stolen From BTCJam In Ongoing Heist; 

Hacker Has Been Identified… Heartbleed Might Be 

Involved

 Caleb Chen

 08/04/2014

 Announcements, Bitcoin, Breaking News, Business, News

3 Comments

Posted 19 hours ago 

Update 10:44 (UTC-06:00): BTCJam releases statement as promised.

The Bitcoins have moved to 1687v9NexfUC6U6G1xBrEkLWYi3WSDn4qL and are being sent through Shared Coin into cold storage.BTCJam has gone offline for security updates with our servers.

Email from BTCJam’s Alexis Ajono:

“If you guys believe your accounts were hacked, please send me an email at alexis@btcjam.com. We are currently looking into this, and I am comprising a list of claims. Thank you, and please stand by for an official statement later on today.”

 Original Story

Check out this Bitcoin Address: 1JBBbQkwR6qVmxyPq22VsfygeLdFYgqhmP.

Over the last hour, Bitcoin has been pouring into that address.  The address first came to the public’s attention in a private BTCJam group on Facebook that confirmed the ongoing heist.  It seems that individual BTCJam accounts are being emptied into that Bitcoin address.  News of the heist started spreading while it was still in progress; redditors have gathered to discuss this matter.  What is clear in this incident is this: 2fa prevents your account from being hacked.  The hacker is moving through accounts one at a time, highly suggesting that he only has access to login information and passwords directly from BTCJam’s servers.  This theory is further corroborated by the fact that some of the exploited accounts temporarily created new loan requests in an attempt to steal even more Bitcoins.  There are even reports from the Facebook BTCJam group of a gentleman that noticed his withdraw address being changed, and was able to enable 2FA before the withdrawal request was made.

Who Is This Hacker?

It isn’t often that a simple Google search yields so much… But today it has.  A simple Google search of the address that all the stolen Bitcoins are being sent to reveals that the same address is used as the donation address for this page: ppp.cryptoanarchic.me.  The site was created by qwertyoruiop, and the donation address is under his control.

There also exists a Twitter account under the handle qwertyoruoip.

4 hours ago, he posted this:

qwertyoruiop @qwertyoruiop

Follow

The heartbleed bug is serious shit. I just dumped the private keys of multiple XMPP services.

8:21 AM - 8 Apr 2014

1 hour ago, when the balance at 1JBBbQkwR6qVmxyPq22VsfygeLdFYgqhmP was around 26 BTC, he posted this:

qwertyoruiop @qwertyoruiop

Follow

Just bought 26 BTC. Waiting until 1k to dump now.

11:23 AM - 8 Apr 2014

The first tweet is what makes people suspicious that the Heartbleed exploit was used.  The second tweet made some suspicious that qwertyoruiop was the hacker himself.

In response qwertoruiop had this to say:

qwertyoruiop @qwertyoruiop

Follow

@bitxbitxbitcoin @btcjam I'm not involved with that / however the bitcoin addresses involved are both linked with one of my customers

1:13 PM - 8 Apr 2014

And this:

qwertyoruiop @qwertyoruiop

Follow

I know who did it, but I'm not involved & my privacy terms forbid me from disclosing.

1:15 PM - 8 Apr 2014

What Happened, According To Qwertyoruiop.

Qwertyoruiop was contacted by the hacker; the hacker told qwertyoruiop that he wanted to sell some Bitcoin.

https://twitter.com/qwertyoruiop/status/453585093320536065

This is why all the stolen BTC was sent to 1JBBbQkwR6qVmxyPq22VsfygeLdFYgqhmP, an address under Qwertyoruiop’s control.  He has since moved them into cold storage via Blockchain.info’s Shared Coin.

Qwertyoruiop has promised to return the Bitcoins once BTCJam has sorted everything out.

qwertyoruiop @qwertyoruiop

Follow

So if he's indeed involved w/ this (if @btcjam confirms) I just won't pay.

1:28 PM - 8 Apr 2014

What If This Is A Heartbleed?

From ZDnet:

The flaw can potentially be used to reveal not just the contents of a secured-message, such as a credit-card transaction over HTTPS, but the primary and secondary SSL keys themselves. This data could then, in theory, be used as a skeleton keys to bypass secure servers without leaving a trace that a site had been hacked.

During the heist, according to this Heartbleed vulnerability test website, BTCJam was still vulnerable.  BTCJam has since shut down their website.  As of 11AM San Francisco time, BTCJam has yet to release any public statement regarding the heist or the heartbleed vulnerability.  After successfully using the Heartbleed exploit on XMPP services, it seems that qwertyoruiop went on to try Bitcoin services.  Some find it doubtful that the first Heartbleed vulnerability online would be found at a Bitcoin website, and not a more valuable financial website.  However, given the amount of security and the inherent reversibility of transactions made through regular financial channels, I don’t find it surprising that the hacker went after BTCJam.

We won’t know for sure if Heartbleed was involved until BTCJam releases information on the heist.

Coin Desk

National Australia Bank Turns Back on Bitcoin, Closes Accounts

Jon Southurst (@southtopia) | Published on April 9, 2014 at 14:39 BST | Australasia, News

inShare8

Share

48

National Australia Bank (NAB) has decided to dissociate itself from bitcoin, informing bitcoin-related customers it will be closing their accounts next month.

The news is significant as NAB was previously Australia’s most bitcoin-friendly bank, with their representatives actively seeking to build relationships with bitcoin businesses and working with them to understand digital currency issues like fraud prevention.

An Australian trader who operates through LocalBitcoins.com received a letter today informing him of the change in direction. It reads:

“NAB has a responsibility and commitment to continually review its risk profile and the businesses we bank, ensuring that those businesses do not pose risks to NAB.

NAB has recently conducted a review of businesses that trade in digital currencies and has determined that digital currency providers pose an unacceptable level of risk, both to our business and reputation.

As a result of this review, NAB has decided to stop providing banking services to you and will close your accounts, effective 2nd May 2014.”

The letter, which bears a signature but no typed name, said it would return any remaining funds with a bank check and provided a free customer support number to call with any questions.

The customer, ‘Yo Shima,’ who trades bitcoins face-to-face as AusBitcoins, said he was in good standing and there had never been any hint of fraudulent or other untoward behavior associated with his business or bank account. He is currently one of Australia’s most active over-the-counter bitcoin traders, buying and selling about AU$50,000 worth per week on average since he began almost a year ago.

Other bitcoin-related businesses in Australia confirmed they had also been informed NAB was turning its back on bitcoin, and were currently working with other financial institutions to establish a more reliable relationship.

Banks and bitcoins

Australia’s banking industry is dominated by the ‘Big Four’ corporate banking groups: NAB, ANZ, the Commonwealth Bank and Westpac. Of the four, Commonwealth had previously been the one most hostile to bitcoin, while ANZ reportedly works with digital currency businesses on a case-by-case basis. Westpac’s policy remains unknown.

NAB produced a report on bitcoin for its currency traders last December, where it compared bitcoin and digital currencies with existing national currencies. The report was generally curious and neutral in tone, but said bitcoin would take a few more years to achieve mainstream acceptance.

The bank did not give a reason for its policy change, however Mizuho, one of Japan’s largest banks, may have spooked other large banks around the world when it was named as a defendant in the US class action lawsuit against departed exchange Mt. Gox. The complaint stated that by continuing to provide banking services to Mt. Gox, Mizuho “profited from the fraud”.

Bitcoin Core Version 0.9.1 Fixes Heartbleed Vulnerability

Nermin Hajdarbegovic | Published on April 9, 2014 at 11:50 BST | Bitcoin protocol, Technology

inShare1

Share

12

Bitcoin Core Version 0.9.1 is out and it has addressed the Heartbleed OpenSSL vulnerability, also known as CVE-2014-0160. The vulnerability has been patched by major bitcoin exchanges in a matter of hours.

In case you missed it, Heartbleed is a pretty big deal in the security community. The crypto bug in OpenSSL (an open-source implementation of the SSL and TLS internet security protocols that encrypt and secure internet traffic) has opened up two thirds of the web to eavesdropping. It was uncovered earlier this week and many observers described it as nothing short of catastrophic.

Bitcoin players quick to address Heartbleed

Luckily the news quickly translated into industry-wide action: patches are being implemented across the world as we speak.

Bitcoin exchanges and wallets are targeted by hackers on a daily basis, so serious bitcoin outfits keep track of zero day exploits, new attack vectors and a host of other vulnerabilities.

The Bitcoin Core team says version 0.9.1 is a maintenance release to fix an urgent vulnerability (ie Heartbleed), and all users should upgrade as soon as possible. Most have heeded the call and as a result the vast majority of major bitcoin sites and exchanges have implemented the fix.

What is Heartbleed all about?

OpenSSL is the most popular code library for HTTPS encryption. It is not used by Microsoft IIS, so Windows-based systems cannot be directly affected.

While this is good news for most desktop users out there, IT departments would rather have it the other way around. OpenSSL is used on Linux, BSD and numerous custom server platforms. Mac OS X is affected, too. The bug does not affect all versions of OpenSSL, either. Some major banks like Chase and Schwab rely on Microsoft IIS. Others rely on Linux/Apache, Java and other systems.

Ars Technica reports the bug is the result of a “mundane coding error” in OpenSSL. The bug essentially allows attackers to gain access to chunks of private computer memory that handles the OpenSSL process.

The contents of said memory chunks may include authentication credentials or even private keys that can undermine the website’s entire cryptographic certificate.

Hence, website operators need to patch their servers with OpenSSL version 1.0.1g and update their security certificates. The problem is that the OpenSSL patch is just the first step. Users need to think about replacing their X.509 certificates once they apply the OpenSSL update.

All admins and users are advised to change their passwords as a precaution as activity is traceless, and this scale of vulnerability is unprecedented in OpenSSL.

Russia Today....

​Major encryption security bug ‘Heartbleed’ impacts two-thirds of the web

Published time: April 09, 2014 03:03

Get short URL

Share on tumblr

Tags

Hacking, Internet, Security

Tens of millions of servers were exposed to a security vulnerability called “Heartbleed” in OpenSSL, software used to encrypt much of the internet. While an emergency patch has been released, sites like Yahoo have raced to fortify security.

On Monday afternoon, the open-source OpenSSL project released an emergency security advisory warning of “Heartbleed,” a bug pulls in private keys to a server using vulnerable software, allowing operators to suck in data traffic and even impersonate the server.

As described by the Verge, Heartbleed “allows an attacker to pull 64k at random from a given server's working memory. It's a bit like fishing — attackers don't know what usable data will be in the haul — but since it can be performed over and over again, there's the potential for a lot of sensitive data to be exposed. The server's private encryption keys are a particular target, since they're necessarily kept in working memory and are easily identifiable among the data. That would allow attackers to eavesdrop on traffic to and from the service, and potentially decrypt any past traffic that had been stored in encrypted form.”

OpenSSL is used by around 66 percent of the web to encrypt data, according to LifeHacker. The software is used to protect usernames, passwords, and any sensitive information on secure websites.

According to reports, sites need to install updated, non-compromised software to vanquish further exposure to the bug’s vulnerabilities. Tens of millions of servers were exposed to Heartbleed, according to Verge.

"It is catastrophically bad, just a hugely damaging bug," said International Computer Science Institute security researcher Nicholas Weaver.

Yahoo may have been the largest entity whose sites were exposed to Heartbleed, which is actually two years old but is only now gaining the attention of the broader public after detection by Google researcher Neel Mehta.

Yahoo said it has successfully updated its servers.

"Our team has successfully made the appropriate corrections across the main Yahoo properties (Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr) and we are working to implement the fix across the rest of our sites right now,” Yahoo said in a statement.

As a result of Heartbleed, Yahoo reportedly leaked user information for most of the day. Any servers running OpenSSL on Apache or Nginx were also affected, implicating a multitude of common websites and services, according to The Verge.

Apple, Google, Microsoft, and major e-banking services do not appear affected.

The Tor Project said that "if you need strong anonymity or privacy on the internet, you might want to stay away from the internet entirely for the next few days while things settle."

Yet experts have also suggested that even if a server is patched, private keys may have been compromised before the fix, allowing vulnerabilities to linger.

"I bet that there will be a lot of vulnerable servers a year from now," Weaver said. "This won't get fixed."

Eric Butler @codebutler

Follow

People in this reddit thread claim to have reliable #heartbleed exploit code against Yahoo mail, banks, other sites: http://www.reddit.com/r/programming/comments/22ghj1/the_heartbleed_bug/cgn056z …

7:16 PM - 8 Apr 2014

Affected sites need new SSL certificates, which is expensive and time-consuming but necessary to purge Heartbleed. A safe SSL certificate should show an “issued on” date after the recent security patch.

Passwords on affected sites must be changed, experts say, but after a site’s security is properly bolstered.

"These are really subtle bugs," Weaver says. "You might detect it if you ran it through a memory checker, but this is not the kind of thing that just shows up looking at the code."

There are tools that test sites for Heartbleed vulnerability. Yet susceptibilities will remain depending on the website.

“Because individual servers have to be fixed manually, some sites might not get around to repairing the bug for quite a while,” wrote The Wire. “In other words, take Heartbleed on a site-by-site basis. Very few sites have offered comprehensive information on what to do about Heartbleed to its users.”

Heartbleed has proved a bigger menace – in scale of computers affected and the severity of the breach – than “GoToFail,” a bug that hassled Apple earlier this year.

Coin Desk - Regulation Updates ....

US Congressman to Submit Bitcoin Tax Bill

Stan Higgins | Published on April 8, 2014 at 21:04 BST | News, Regulation, US & Canada

inShare2

Share

27

US Congressman Steve Stockman of Texas is preparing to introduce a new bill, the ‘Virtual Currency Tax Reform Act’, which, if passed, would tax bitcoins as currency instead of property.

Currently, the US Internal Revenue Service (IRS) views bitcoin and other digital currencies as property. When someone sells their bitcoin or makes a purchase in bitcoin, they are subject to a 15% capital gains tax. Any wages paid out in digital currencies must also be reported to federal tax authorities.

(Readers can learn more about the IRS decision here.)

Stockman’s proposal recognizes bitcoin and other digital currencies as legal tender. Instead of triggering capital gains taxes for each transaction, purchases made with bitcoins would require sales taxes instead.

In a brief statement, Stockman said that policies regarding bitcoin should be aimed at spurring innovation, rather than imposing restrictive levies:

“This is a nascent industry. Along with 3D printers and nanotubes, cryptocurrency is the future. We need to encourage it, not discourage it. There is risk associated with every budding industry in America.”

When reached for comment, Stockman’s office said that more information regarding the bill is forthcoming, and that a public version has not yet been released.

According to an official press release, Stockman is expected to comment on the bill during an 8th April meeting at the New York City Bitcoin Center.

Earlier this year, Stockman made headlines by accepting bitcoin-denominated campaign donations in his race for US Senate.

US Congressional interest in bitcoin grows

Stockman’s legislation would constitute one of the first major efforts by Congress to regulate bitcoin usage in the United States. Since late last year, Congress has shown an increasing level of interest in the oversight and regulation of digital currencies.

Earlier this month, the US House of Representatives Committee On Small Business held a hearing which included testimony from George Mason University’s Jerry Brito and market expert Mark T. Williams.

On a less serious note, Colorado Congressman Jared Polis responded to calls to ban bitcoin with his own proposal to ban the US dollar.

and....

US Attorney General Eric Holder Keeping an Eye on Bitcoin

Nermin Hajdarbegovic | Published on April 8, 2014 at 18:51 BST | Crime, Regulation, US & Canada

inShare5

Share

21

US Attorney General Eric Holder believes bitcoin criminals pose a new set of challenges for law enforcement. During his testimony this morning before the House Judiciary Committee Holder said the US Justice Department is keeping track of bitcoin-related developments.

Of course, this does not mean that the Justice Department is treating all bitcoin transactions as suspect. Holder stressed that the department is working with financial regulators in an effort to weed out the bad apples.

Bitcoin can pose challenges for law enforcement

Holder’s interest in bitcoin is focused solely on “bad apples” and cyber criminals who are taking advantage of bitcoin’s pseudo anonymity.

He said the Justice Department is committed to innovating alongside bitcoin in order to ensure criminal investigations are not impeded by technological advances. This is nothing new in the world of cyber crime. Authorities have been engaged in a technological arms race with cyber criminals for decades.

Holder told the House Committee:

“As virtual currency systems develop, it will be imperative to law enforcement interests that those systems comply with applicable anti-money laundering statutes and know-your-customer controls.”

Holder issues stern warning

Holder warned that digital currencies wouldn’t stay safe havens for cyber criminals, drug traffickers and other bad actors and said that the difficulty of tracking digital currency transactions wouldn’t protect them forever.

Said Holder:

“Those who favour virtual currencies solely for their ability to help mask drug trafficking or other illicit conduct should think twice.”

Criminals are looking beyond anonymity

While it is encouraging to see the Justice Department pledging to keep up with technological developments and undermine criminal activities that could benefit from cyptocurrency transactions, Holder did not mention other forms of crime associated with bitcoin and other digital currencies.

Such crimes range from attacks aimed at bitcoin exchanges to hacked wallets and mining malware. The temptation of using a pseudonymous payments system is proving too much for many cyber criminals out there.

Bitcoin ransomware is on the rise, along with malware that targets bitcoin walletsand even elaborate mining botnets. Although the latter are no longer very effective for bitcoin mining they can be used to mine certain altcoins.

and.....

Brazil to Tax Bitcoin Investors, Not Everyday Users

Stan Higgins | Published on April 8, 2014 at 18:29 BST | News, Regulation, South America

inShare10

Share

30

The Receita Federal, Brazil’s tax authority, has established how it will treat the holding and usage of bitcoin and other digital currencies.

The news, first reported by Valor andFolha de S. Paulo, confirms that the Brazilian government does not view bitcoin as a currency.

The Receita Federal is taking a stance similar to the one announced by the US Internal Revenue Service last month. However, there are some key differences that sets Brazil’s stance toward digital currencies apart from those of other governments.

Tax limit

Like the United States, Brazil is treating digital currencies as financial assets, with the Receita Federal imposing a 15% capital gains tax at the time of sale.

However, those who sell less coins with a value of less than 35,000 reals (R$), which is almost $16,000, will not have to pay the tax. This means that bitcoin users in Brazil won’t have to calculate capital gains taxes when making small consumer purchases.

The Receita Federal is also requiring annual account declarations from those who possess more than R$1,000 in digital currency holdings.

The rules outlined by the tax authority fit within the current framework established by Brazilian law. Furthermore, the government has said that it does not foresee a need to craft regulations geared specifically toward digital currencies.

Positive reaction

Brazilian small business owner and bitcoin supporter José Benchimol saw the news in a positive light, saying that the tax treatment will not impede consumers from adopting digital currencies as a method of payment.

“Considering the circumstances and comparing this decision to other countries’ decisions, I consider it good news. Most consumers and investors will not hit the R$35000 in transactions, which tend facilitate its use as a currency and investment tool. For the bigger investors, the government will charge a tax rate of 15% on capital gains, which is in line with capital gains from major investments in the county – stocks, bonds, real estate and so on.”

BitWifi co-founder Bernardo Quintão remarked to CoinDesk that, in spite of the government’s declaration that bitcoin is not a currency, the tax guidance represents forward progress:

“Personally, for the Brazilian pattern of dealing with novel technology, I think it is a positive approach indeed. It will be a long way before cryptocurrencies are accepted as currency here and this is a good first step.”

Taxation trend

Other governments worldwide have begun establishing their tax guidance policies regarding bitcoin in recent weeks. Earlier this month, Bulgaria’s National Revenue Agency declared that bitcoin sales would trigger a 10% income tax.

In late March, Denmark announced that owing to the “private” nature of bitcoin trading, taxes would not be imposed. Additionally, the Danish National Tax Assessment Board declared that losses on bitcoin holdings are not tax-deductible.

Those interested in learning more about the IRS decision to tax bitcoin in the US as a financial asset can click here.

and....

Bank of Japan Governor: Bitcoin is Too Unreliable to be a Currency

Dan Palmer | Published on April 8, 2014 at 16:19 BST | Asia, Exchanges, Mt. Gox, News, Regulation

inShare7

Share

25

Governor of the Bank of Japan Haruhiko Kuroda has cast doubts on bitcoin’s future as a currency.

“Without safety or stability in its value, there would be no demand. In that sense, it cannot be a currency,” he told reporters after a central bank policy meeting.

Kuroda added:

 ”It is not a currency, and I don’t think it is a general means of settlement,”

Kuroda’s comments, which were reported in the The Economic Times, come after nationwide shock in Japan at the bankruptcy of the now-infamous exchange, Mt. Gox, which was based in Tokyo, and other recent bad news for bitcoin, such aspossible fraudulent activity at Cyprus-based Neo & Bee.

The central bank chief’s mention of stability also indicates that the perceived volatility of bitcoin is an issue of concern.

After a tremendous price spike to over $1,100 late in 2013, the value of bitcoin has since dropped, often fluctuating strongly at news reports or even rumours, and currently stands at around $450 on the CoinDesk Bitcoin Price Index.

In time, bitcoin’s volatility is likely to diminish as more merchants start accepting payments in the digital currency and it becomes less a store of value for flighty investors and more a means of buying and selling products or services.

Mt. Gox shock

When the oldest and biggest bitcoin exchange of them all, Mt. Gox imploded in spectacular fashion in late February, citing the loss by theft of 750,000 of its customers’ bitcoins, it took the nation by surprise.

The institutions of government had seemingly little knowledge of bitcoin and how to deal with the bitcoin business that had brought such unwelcome attention to the country’s capital.

Initially, the government seemed unsure whether it should act on the failure of Mt. Gox CEO Mark Karpeles to keep his customers funds safe from hackers, before finally investigating the affair.

Further, consideration caused Japan’s senior regulators to call for international regulation on bitcoin, with the Senior Vice Finance Minister Jiro Aichi stating: “If we regulate [bitcoin], international collaboration would be necessary” to prevent criminals from exploiting loopholes or weak points in international law.

Later, perhaps feeling the pressure of the international media spotlight over Mt. Gox, the country’s ruling party, the Liberal Democratic Party (LDP) – while saying that bitcoin was not a currency – launched an investigative committee into bitcoin, and blocked banks from “brokering bitcoin transactions or opening accounts holding the virtual unit”.

The latest comments from the Bank of Japan head seem a more considered response, although not entirely positive for bitcoin as a whole.

Crypto  Coin News ......

Mt Gox...

Karpeles faces immediate arrest in United 

States

 Christoph Marckx

 09/04/2014

 Bitcoin, Bitcoin Exchanges, Interviews, News

Posted 14 mins ago 

If he would set foot on American soil, Mt. Gox CEO Mark Karpeles would likely face an immediate arrest.

In an article last week, CCN reported on a US judge ordering Mark Karpeles to travel to the United States for hearing if he wanted bankruptcy protection there. This seems unlikely to happen now.

Arresting Karpeles

A federal judge ordered Mark Karpeles to appear in Dallas on April 17 to explain how his company was able to lose at least $400 million worth of customer deposits. This seems highly unlikely after having heard some lawyers who are involved in the process. They claim that Karpeles would probably be arrested by law enforcement as soon as he sets foot on American soil.

“I assume he would be arrested as a person of interest,” said Roger Townsend of Breskin Johnson & Townsend. “The FBI would likely want to question Karpeles about alleged fraud at MtGox, which collapsed in February, or about connections he may have to that other notorious online marketplace, Silk Road.”

To further clarify this, Townsend said he believed the FBI “could already be sitting on a grand jury indictment for Karpeles and that they have also arrested Karpeles’ friend Charlie Shrem.”

These remarks were made on Tuesday, following a presentation at Inside Bitcoin. Townsend had been explaining the ongoing legal fallout related to Mt. Gox together with Edgar Sargent, another lawyer involved in the whole Gox process. The lawyers represent a Seattle company Coinlab, which sued MtGox for $75 million last year over a soured deal to offer bitcoins to the North American market.

The whole Gox process brings forth new items almost daily. Meanwhile, Karpeles remains silent in the media, only to be found on IRC under the pseudonym MagicalTux. Nobody knows how many coins are found, and even the total amount of ‘stolen’ coins is up for debate. CCN published a story about this just a few hours ago. Two members of the Swiss Federal Institute of Technology in Zürich have been examining the events in the blockchain and are now disputing this version of events.

No matter the outcome of all this, the legal process is complicated because of Bitcoin’s borderless nature and the case’s multiple jurisdictions. The bankruptcy proceedings are underway in Japan and the United States, and the related CoinLab proceeding has so far involved deposing the assistant of Karpeles in Taiwan.

New CEO

Meanwhile, in Texas, U.S. Bankruptcy judge Stacey Jernigan ordered Karpeles over to the United States for hearings. She was reported to having said: “If he avails himself of this court, my God, he is going to get himself over here.”

Even though a federal judge has some weight in this case, the lawyers do not expect Karpeles to board a plane heading to the States anytime soon. Obviously, Karpeles has already thought about his options, and he probably feels it is best not to go to a place where there is jail-time waiting for him. Townsens expects Mt. Gox will name someone else as head of the failed company. That way, the new CEO, will appear at the Texas bankruptcy process instead.

All this news about Karpeles still fails to answer one simple question. Where did the money go? Many people claim the money is not lost, some sources say it is all gone. Unfortunately, we still have to find one single source that is 100% trustworthy. Hopefully, the Japan report, which is to be expected early May, will shed more light on this shady case.

Do you think Karpeles is a thief or just an incompetent CEO? Write down your thoughts and join the discussion here.

Mt Gox: The story unravels.

 PJ Delaney

 08/04/2014

 Bitcoin, Bitcoin Exchanges, Breaking News, News

Posted 15 hours ago 

The Mt Gox announcement on February 10th, of this year, that ‘Hackers’ had stolen some 850,000 bitcoins, simply does not add up. Of the 850,000 bitcoins that Mt Gox claims to have lost, some 750,000, or 88%, belonged to customers. On the day the bitcoins were announced to be missing, the price of an individual bitcoin was $827, therefore, the total value of the loss in fiat was estimated to be over $700 million. This is an incredible quantity of bitcoins to lose, however, luckily enough, Mt Gox had an explanation. The missing bitcoins had been taken by ‘hackers’ that had cynically exploited a flaw in the bitcoin program, this problem, called ‘Transaction malleability’ allowed hackers to make double withdrawals from the exchange by tampering with the authorisation code. We are all familiar with this version of events; however another version of happenings is beginning to arise.

Two members of the Swiss Federal Institute of Technology in Zürich have been examining the events in the blockchain and are now disputing this version of events. Christian Decker and Roger Wattenhofer have been monitoring bitcoin transactions since January 2013 and are, therefore, in a very good position to offer an accurate assessment of the size of the problem with transaction malleability. They claim that the number of transactions, where transaction malleability is a factor, is of a much smaller level than was previously believed. The result of their examination of the blockchain was published in the MIT Technology Review.

Decker and Wattenhofer began monitoring Bitcoin transactions in January 2013, and they recorder all transactions, both those blocked by security checks, as well as successful transactions during this period. They were connected to around 1,000 nodes in the Bitcoin network, or almost 20% of the total. The transaction malleability bug, which the hackers were using, changing blockchain details to show the senders that the transaction had not been successful, that it had, in fact been blocked. The other nodes on the network were told that the transaction had been successful. The sender, believing the transfer had failed, resends the bitcoins and the amount transferred is in fact double what it should have been. Decker and Wattenhofer checked all transactions to find transactions where the details recorded were different for different users. During the period, January 2013 to February 2014, they observed 302,000 different transactions where transaction malleability attacks were clearly an issue. But! The vast majority of these attacks occurred after February 10th, the date that Mt Gox had made their announcement. These were, therefore, just copycat attacks by people who believed that they would succeed. They simply cannot have affected Mt Gox as the exchange had stopped all customer withdrawals by then. Before February 10th, Decker and Wattenhofer found that Mt Gox suffered only 1,811 attempted fraudulent bitcoin withdrawals and of these attacks only 386bitcoins could have been successfully stolen from between Mt Gox and all other exchanges.

This leaves a giant hole in Mt Gox’s story, even if all the bitcoins stolen came from Mt Gox, and this is unlikely, there are only 386 missing bitcoins; where are the other 849,600 bitcoins? Admittedly, Mt Gox has now ‘found’ 200,000 on an old hard drive; that leaves 649,600 bitcoins that have fallen through the cracks in the Mt Gox story.