(Photo by btckeychain) On Friday, what had been the world's leading Bitcoin exchange declared bankrutpcy, claiming that hackers had exploited a technical issue called "transaction malleability" to steal 750,000 bitcoins.Bitcoin transactions are sometimes described as being anonymous, but that's not quite accurate.Every Bitcoin transaction ever made is stored in a shared transaction ledger called the blockchain.The problem is that it's not always easy to tie addresses in the blockchain with the identities of individuals.Sarah Meiklejohn, a computer scientist at the University of California, San Diego, has done groundbreaking research on this problem.In a Friday interview, she discussed the techniques the authorities might use to identify the alleged hackers — and to determine whether hacking actually occurred in the first place.The transcript has been edited for length and clarity.Timothy B. Lee: What are the chances of identifying the people who allegedly took the Bitcoins?Sarah Meiklejohn: Using the clustering techniques that we developed, you'd want to look for transactions that represented withdrawals from Mt.

Gox -- transactions where the input was Mt.Gox and the output was whoever.In order to take advantage of this transaction malleability thing, you'd look for two transactions that have the same input and the same address as the output and that the amount was the same.Basically all the transaction details were the same, the two transactions were done fairly close together in time.That would be a way to exploit this transaction malleability flaw.bitcoin pool source codeUser could do a withdrawal, change the transaction hash, use a different transaction, and then say, "Hey, my transaction never went through."50 th bitcoin minerGox would say, "That hash is not in the blockchain," and all the details would be the same.ethereum timelineSo, that lets you identify transactions that were likely stolen by hackers.litecoin usd chart history

Could you follow the stolen bitcoins to figure out who has them now?That would depend on how sophisticated this alleged thief was.[To identify the thief], you'd try to apply the tracking techniques we developed.If the thief was not very smart, they might have just withdrawn to a different exchange.You could try to subpoena that exchange and figure out who they were.If they used other techniques, you might be able to track them, but it would depend on how sophisticated the user was.ostatni bitcoinWhat kind of things might a hacker have done to cover his or her tracks?ethereum coin forumOne thing is they could have mixed all those bitcoins.They could have withdrawn them to an address they own, mixed them up, and then withdrawn them from the system.They might have been very successful in this.The other thing is they could have done this multiple years ago, at which point there's basically nothing they can do.

If they cashed out two years ago, then it's difficult to go after them.A lot of exchanges that were active two years ago might have shut down.It was sort of a different landscape two years ago.$400 million is a lot of bitcoins.Wouldn't it be hard to cash them all out without being detected?If that user, if they exist, were trying to cash out all of the bitcoins they allegedly stole all at once, that would be basically impossible.That's a huge number of bitcoins.But if you spread it out over a couple of years, it becomes easier.Gox claims that hackers exploited this transaction malleability issue to steal 750,000 bitcoins from them.Do you believe them?People knew about this bug for a while.It is possible that someone who did know about this bug — which was a lot of people in the Bitcoin community — were aware of this, this kind of gap.If it's a malicious party who noticed this -- noticed Mt.Gox software was not well-written -- it is possible that someone could have been taking advantage of this for years.

But I'm very skeptical of Mt.I think they might have mismanaged their funds.It seems a little too convenient, the timing of the whole thing.The fact is Mt.Gox has been having serious problems for up to a year now, first with basically being unable to withdraw dollars.Users were complaining that they could not withdraw dollars from Mt.They've been having that problem for close to a year now.They've been having a lot of problems.Seems a little too convenient to point the finger at transaction malleability.Ever since a single Bitcoin became worth a small fortune, there have been people trying to steal them.Sure, there have some small-time thieves who've stolen a few hundred dollars worth of Bitcoin here and there.But there have also been heists.Massive, highly orchestrated attacks that lead to millions of dollars worth of cryptocurrency changing hands.And they just keep happening.Well, in the last three years alone—sort of the relevant lifetime of Bitcoin—there have been six really major robberies.

And by major, I mean hundreds of thousands if not hundreds of millions of dollars worth of Bitcoin getting snatched.Think of this as the six best reasons to not invest your life savings in Bitcoin.The most recent Bitcoin heist also happens to be the least severe, at least in terms of heists over the $100,000 mark.This week, researchers at the security firm Trustwave uncovered a massive attack involving the Pony botnet, a particularly nasty piece of malware that has been used to steal two million login credentials for websites like Facebook and Twitter.This time around, the botnet infected over 700,000 accounts of varying types between September 2013 and January 2014, including the login information for 100,000 email accounts.It also compromised 85 Bitcoin wallets.That doesn't sound like much, but it actually amounted in $220,000 worth of cryptocurrency going missing.And there's no reason to believe the Pony botnet won't strike again.Gox was the OG Bitcoin heist.Back in 2011, pretty much anybody who knew about Bitcoin was either a big nerd or a tech blogger (read: even bigger nerd).

While the specific details of how the hacker broke in to Mt.Gox—one of the biggests exchanges around, even that early on—remain vague, the heist was a major event in early Bitcoin history.It raised lots of questions about Bitcoin's stability and security.The story goes that an unknown user account managed to hack into Mt.Gox and make off with about 25,000 Bitcoin.At the time, that was half a million dollars worth of the stuff.A lot, but that amount of 'coin would be worth $14.4 million with current exchange rates.After the plunder, the hacker sold the bitcoin and bought them back in a pitiful attempt at money laundering before then exchanging them for U.S.Still, he never got caught, though Mt.Gox users did manage to trace his account to an IP address in Hong Kong, where he is probably now living pretty large.Number four is a funny one.Not long after the Feds shut down the deep web's most famous black market, Silk Road, some buccaneer fired up a site that looked and worked exactly like the original Silk Road.

And since everybody knew how much money was involved in the original Silk Road, a hacker soon set his sights on breaking in and cleaning out Silk Road the Sequel.He pulled it off.You might say these users had this coming.After all, Silk Road 2 was a very obviously illegal site that sold things like meth and heroin, and the cavalier founder—who actually named himself after the Silk Road founder that ended up in jail—didn't exactly inspire much confidence.He ultimately blamed the breach on a "transaction malleability" bug in the Bitcoin architecture that shut down several exchanges around the same time.The founder later promised to refund everybody's money.Like Silk Road 2, Sheep Marketplace opened up in October 2013 after the original black market shut down, and like Silk Road 2, it was an obvious target for hackers.The site became kind of popular and even earned its own subreddit.But that just made it an even juicer target.In December, some cyberthieves broke into Sheep Marketplace and managed to steal 96,000 Bitcoins worth about $56.4 million while simultaneously manipulating the users account balances so that it looked like nothing happened.

People eventually noticed that their money was gone and started trying to track down the hackers; the sheer size of the heist made it easy to notice when so many Bitcoins were suddenly being laundered.Some Redditors actually think they found the thief, though it's unclear if anyone was brought to justice.And in Bitcoin heists, few people are.Though while Bitcoin purists and pseudoanarchists would call this one a heist, some of us might just call it justice.As previously mentioned, the FBI shut down the Silk Road marketplace last October.In doing so, they seized 29,655 Bitcoins from the website itself and an additional 144,000 from Silk Road's founder, Ross Ulbricht.The Feds still has them which means that the FBI has $127.4 million worth of cryptocurrency.That means that the FBI now has the single largest Bitcoin wallet in the world.But the U.S.government probably doesn't want to get into Bitcoin speculation does it?That's why the FBI announced in January that it would be offloading the near 30,000 Bitcoins it seized from Silk Road.

Meanwhile, Ulbricht filed claim for civil forfeiture action saying that he owned his 144,000 Bitcoin fair and square.Good luck winning that lawsuit, Ross.And now we're into the big sums.Like, half a billion dollars big.According to a leaked "crisis strategy draft" document, a years-long hacking effort to get (back) into Mt.Gox culminated in the loss of 744,408 Bitcoins.The heist hasn't been completely confirmed, but real or not, it was enough to make Mt.Gox to shut down soon thereafter.Unsurprisingly, the value of Bitcoin promptly dropped to a three-month low.What's the lesson here?Gox (should the opportunity ever pop up again).This is the same organization that had to shut down earlier this month due to a glitch that allowed users to withdraw the same Bitcoin multiple times.It's also the same site that got in trouble with U.S.authorities for operating without the proper money transmission permits.Feds ended up seizing $5 million in assets from Mt.If you haven't already sold all your Bitcoins, just take away this one piece of advice: Never trust Mt.

Gox.And finally, as a bonus, we have what may be the ultimate Bitcoin heist.It's not the ultimate Bitcoin heist because it involved the largest amount of money or the most dramatic back story.It is, however, the funniest.Not long after Silk Road got busted, a hacker-type named MettaDPR started a replacement marketplace called Project: Black Flag.There wasn't much for sale on Project: Black Flag, but the users came.And so did their Bitcoins.Just three weeks after starting the site, however, MettaDPR simply announced that he would be closing the marketplace, and he would be taking all those Bitcoins with him.Pretty funny right?Well, the users didn't think so.They responded with anger (obviously) and threats.But Bitcoin being Bitcoin, the money was lost and gone forever.This instance in mind, you can really see why U.S.senators want to ban the cryptocurrency all together.So if you still think cryptocurrency is the future just be careful where you're stashing it.It's all fun and games until somebody steals your Bitcoins.