$1.4m of Bitcoin stolen. Another tale from the cyber frontier of … Hornsby, NSW?

1

bitcoin

This article is by David Glance, director of the University of Western Australia Centre for Software Practice. It originally appeared on The Conversation.

analysis In another episode of the ongoing rollercoaster of a story that is Bitcoin, about 4,100 of them have been stolen from an online bitcoin wallet site inputs.io. At current exchange rates, this puts the value of these bitcoins at about $1.4 million, making it a very significant robbery by anyone’s measure.

If this was all there was to this story, it could be just filed as yet another salutary tale of buyer beware, especially where the Internet is concerned. Bitcoin is a particularly risky currency as it exists only in the virtual world, it is largely unregulated and mostly anonymous making it an extremely attractive target for scams and theft.

What makes this particular story more interesting is the fact that the person behind the site inputs.io is allegedly an 18 year old Australian going by the alias “TradeFortress” living in Hornsby, NSW. Some have immediately asked the question whether TradeFortress himself was behind the theft.

It turns out that TradeFortress has another bitcoin business called CoinLenders which is involved in making bitcoin loans. People can lend bitcoins to CoinLenders in return for interest payments that are made by others who borrow them. This is a particularly risky business given the job of establishing credit-worthiness of borrowers and the likelihood of people defaulting on repayments because of the rapidly increasing price of Bitcoins.

How serious a business CoinLenders was is open to question. Its site has disclaimers stating that it is a demo site only, a somewhat optimistic ploy to disguise its operational status as a financial exchange and attempting to escape scrutiny from authorities. Depositing and borrowing Bitcoins from CoinLenders required the use of wallets on inputs.io and so some of the loss on Inputs.io has been felt by the remaining customers on CoinLenders.

There have been suggestions that TradeFortress has been dishonest in the past, reinforcing the possibility that the “hacks” were themselves a scam of some sort. However, given that there has been some sort of effort on the part of TradeFortress to repay at least part of what was lost, it makes it slightly less likely that this was part of an elaborate ruse. However, there has been extensive discussion about the legitimacy of CoinLenders in particular, especially since there is litte transparency, nothing is known about TradeFortress and the site promised lenders returns on their investment of the order of 25%. One can only assume that most of the people involved with both services went in with at least some appreciation of the extreme risk they were taking.

The ABC reported that TradeForest was just 18 years old. This seems very unlikely. Managing the technical and business aspects of this is quite a feat for an alleged 18 year old, especially given that the email account that was compromised in the hack is one that was allegedly set up by TradeFortress 6 years ago when he would have been 12!

TradeFortress previously had bragged about how secure Inputs.io was but it seems that the hackers accessed the servers with relative ease from an oversight on his part. Anyone claiming that their site is specifically secure should always be treated with caution on the basis that if they really knew what they were doing, they would know that was just not possible to achieve.

One can only presume that law enforcement and other authorities would be keeping an eye on these types of services and possibly interested in investigating the theft of these bitcoins. Given that this theft is one in a long line of such thefts and that none of the previous ones have been solved, it seems unlikely that the theft from Inputs.io will be either.

The takeaway from this episode has to be to stick with the more well known Bitcoin exchanges and to keep the digital wallet (or even a paper version) encrypted and stored on a device that is not connected to the Internet. It is also worth remembering that if something sounds too good to be true, it always is.

David Glance does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations. This article was originally published at The Conversation. Read the original article. Image credit: antanacoins, Creative Commons

The Conversation

1 COMMENT

Comments are closed.