Yesterday, the world’s first and largest Bitcoin exchange, Mt. Gox, had an outage, and users couldn’t access the trading platform.
Today, Mt. Gox issued a press release on what happened.
Apparently, the exchange has been subjected to a massive “distributed denial of service” attack.
“Since yesterday, we are continuing to experience a DDoS attack like we have never seen,” the company said on its website. “While we are being protected by companies like Prolexic, the sheer volume of this DDoS left us scrambling to fine-tune the system every few hours to make sure that things don’t go beyond a few 502 error pages and trading lag.”
A distributed denial of service attack occurs when a large network of computers, usually controlled by a single operator, floods a website with traffic to the point where the website can’t make new connections with other users trying to access the site.
Below is the full press release from the Mt. Gox website.
TOKYO – JAPAN – April 04, 2013
Dear Mt.Gox users and Bitcoiners,
It’s been an epic few days on Bitcoin, with prices going up as high as $142 per BTC. We all hope that this is just the beginning!
However, there are many who will try to take advantage of the system. The past few days were a reminder of this sad truth.
Mt.Gox has been suffering from its worst trading lag ever, 502 errors, and at one point some users were not able to log in their account. The culprit is a major DDoS attack against Mt.Gox.
Since yesterday, we are continuing to experience a DDoS attack like we have never seen. While we are being protected by companies like Prolexic, the sheer volume of this DDoS left us scrambling to fine-tune the system every few hours to make sure that things don’t go beyond a few 502 error pages and trading lag.
Why has Mt.Gox become the target of a DDoS attack?
It is not yet clear who is behind this DDoS and we may never know, but these actions seem to have two major purposes:
• Destabilize Bitcoin in general. It is not a secret Mt.Gox is the largest Bitcoin exchange with more than 80% of all USD trades and more than 70% of all currencies. Mt.Gox is an easy target for anyone that wants to hurt Bitcoin in general.
• Abuse the system for profit. Attackers wait until the price of Bitcoins reaches a certain value, sell, destabilize the exchange, wait for everybody to panic-sell their Bitcoins, wait for the price to drop to a certain amount, then stop the attack and start buying as much as they can. Repeat this two or three times like we saw over the past few days and they profit.
What can be done?
Believe it or not, there is pretty much nothing that can be done. Large companies are frequently victims of these kinds of attacks. Even though we are using one of the best companies to help us fight against these DDoS attacks, we are still being affected.
There are a few things that we can implement to help fight the attacks, such as disconnecting the trade engine backend from the Internet. By separating the data centre from the Mt.Gox website, we will continue to be able to trade.
What can you do?
Like our favourite author here at Tibanne says… Don’t Panic!
“Panic-selling is a wide-scale selling of an investment which causes a sharp decline in prices. Specifically, an investor wants to get out of an investment with little regard of the price obtained. The selling activity is problematic because the investor is selling in reaction to emotion and fear, rather than evaluating the fundamentals.” (Source: Wikipedia)
I understand that many of you have a lot at stake here, but remember that Bitcoin, despite being designed to have its value increase over time, will always be the victim of people trying to abuse the system, or even the value of Bitcoin decreasing occasionally. These are not new phenomena and have been present since the beginning of time when humans first started trading.
Trade Engine Lags
Lag affects everyone, not only us, but also major, world-renowned exchanges like the NASDAQ and NYSE. We can fix lag, but we cannot eradicate lag. Only small exchanges with low volume and liquidity are immune to lag.
Does this mean that we are giving up fighting lag? Hell, no. We are working on it by creating a new trade engine that will solve many problems, but it’s not a magic bullet. We can always try to scale our servers, but we cannot predict what happens from external sources: DDoS, panic selling, immediate increase of buyers, etc. Lag will always be there, but our mission is to make lag as small as possible.
As if a major DDoS attack was not enough, we at Mt.Gox are victim of our own success!
Last year, Mt.Gox saw an average of 9,000 to 10,000 new accounts created every month. This number doubled in January, tripled in February, and sextupled in March. In this month alone (March), over 57,000 new accounts were created!
Our support and account verification team went from four people in January 2012 to 20-two people working every day of the week. We are now hiring even more people to solve this problem by finalising some deals with external companies.
Remember that even if you are waiting for your account to be verified, you can still deposit or withdraw funds via our Japanese account and make your trades! (Only accounts that we pro-actively required to be verified are limited to deposits and trade only.)
We have seen a significant amount of comments on the web (various forums, Reddit, etc.) that portray Mt.Gox as a company held by “idiots” and other rather rude words, complaining about inability to deal with lag and other system issues, without understanding the magnitude of work and attacks we are facing every day.
I understand the frustration many of you feel. We hate this situation as well. Since we took over Mt.Gox, we have been through Hell and back and we are still here. We are still the largest exchange with over 420,000 trades per month and USD $121 million monthly trade volume. We have worked our way through all the requirements needed to run our exchange legally.
Now, there are some things we can improve, but so far we are doing an incredible job that no other exchange has been able to do so far. While I understand a certain amount of frustration, realise what we have accomplished. I appreciate all the work you are doing everyday to push things forward and to help secure the future of Bitcoin.
And to all of you who are supporting us on a daily basis, thank you! We could not have done any of this without your help!
Mt.Gox Co. Ltd Team.
Mt.Gox Contact [email protected]