4 Security Lessons From the Great Bitcoin Bug

bitcoinThink twice before trusting us with your personal information…said no 21st century business ever. Whether it’s the swipe of a card at a local convenience store, or that social media app you always find yourself on, using software that could potentially compromise your information is the norm, not the exception.

We’d go insane if we worried about every single transaction that could lead to identity theft or a depleted bank account. So instead, we put our trust in the technical leadership of brands to avoid these disasters on our behalf. Most of the time, there’s nothing to worry about. Most of the time.

Mt.Gox, the world’s largest Bitcoin (digital currency) exchange, recently lost track of 740,000 Bitcoins, resulting in a projected $350 million dollar loss after hackers allegedly planted a bug into the system. Here’s the scoop:

“In its announcement on Monday, Mt. Gox said that a bug in the Bitcoin software made it possible for someone to use the Bitcoin network to alter transaction details to make it appear that a Bitcoin transfer had not taken place when, in fact, it had.”

Mt.Gox reportedly handled about 80% of the world digital currency! Trading and withdrawals were halted, and users returned to a blank page on their website, and the “cryptocurrency” industry is now dealing with a major blow to its validity. There are lessons to be learned from this heist into the Bitcoin network, both for software developers and for consumers alike. Here are four, in no particular order:

Lesson 1: If a system can be hacked, it will be hacked. Someone will always try to get their hands on valuable information. Whether it’s the stealing of credit card numbers directly, or the selling of emails and passwords on the internet, criminal hacking is a business – a very big business in fact. So stealing Bitcoins (a currency stored in virtual wallets and not backed by any country’s currency) and exchanging them for another currency? An internet thief’s dream come true. The same is true for any company really: If there is sensitive data to be had, it’s only a matter of time before someone goes looking for it.

Lesson 2: Security is a never-ending battle. In fact, it’s an arms race. Do you think your security software is impermeable? Good. But it won’t be for long. For software to be secure, it has to be dynamic and ever-evolving. Just as the software is improving, so too are the hackers. But they can’t beat you at your own game if you keep changing the rules.

Lesson 3: Response matters. Don’t leave your users in the dark. Users found out the hard way that their accounts were gone when Mt.Gox trading was suspended and a few hours later they went to the website to find it returning a blank page. Posts were removed from the Mt.Gox Twitter feed. Users were unsure if they would be reimbursed. No official statement had been released about the Bitcoin heist until several days after the fact. Some speculate that lost Bitcoins went undetected for years. Whether that’s true or not has yet to be determined, but we can say that the longer a company takes to address the problem, the more rumors circulate and the quicker trust evaporates.

Lesson 4: Don’t get fooled again. There’s no excuse for letting the same security breach happen twice. Granted, fixing this particular bug won’t help these users get their money back, but if a business experiences a breach – and it’s not enough to take down the entire operation – then their users can be confident knowing their data is secure going forward. A security breach isn’t the end of the world in most cases, but if the same bug happens twice, it might be the end of your business.

What other advice would you offer to prevent a heist like this from happening? Do you think it was mismanagement or inevitable? Be sure to let us know in the comment section. And don’t let your company fall apart at the drop of a hack.

Comments

Trackbacks

Leave a Reply