Breaking: Bter Hacked, 50M NXT Stolen

Bter Hacked of NXT
Bter Hacked of NXT

Update 8/17: All but roughly 8.3 Million NXT has been returned to Bter, presumably thanks to undiscolsed negotiations.

Update 5:30pm EST: The discussion about the hard fork continues. The new version released would only freeze the hacker's account. Which means those funds would still be lost but hacker would not be able to benefit other than the 100 BTC he got by blackmailing Bter. The rest of the blockchain will be rescanned and all transactions besides those coming from the Bter account would still be valid. Another fork could "unfreeze" the account, but that would of course be subject to another round of blockchain voting. The forgers have until 3am UTC (11pm EST) to switch over to the new chain.

Update 3:28pm EST: As noted below by a reader and now confirmed by other sources, withdraws from Bter are allowed but are currently stuck in processing

Update 12:28pm EST: Nxt's twitter account confirms that hacker says "Deal is off"

Update 12:24pm EST: At press time there are only nine NXT forgers nodes on the new fork according to peerexplorer, NXT's network monitor.

Update 12:12pm EST: Less than 5 % of NXT forgers have switched to the updated blockchain. We are being told that it is unlikely at this point that the hardfork will happen. We are also being told that popular exchange Cryptsy has also offered to assist in tracking/refusing the stolen funds.

Update 10:59am EST: We have heard reports that users have been able to withdraw NFD from Bter, other coins's status remain unknown at the time.

The original article follows:

Bad news out of the altcoin community today, more than 50 million NXT, one of the most popular and more powerful alternative digital currencies on the market, has been stolen from the popular Chinese based exchange Bter.

At current rates, 50 million NXT is worth 3355.73 BTC or roughly USD $1,701,015.

It should be noted that the situation is very fluid and the information below could change at anytime. It should also be noted that this wasn't an attack on NXT's security itself, and doesn't reflect on the security of the NXT passphrase. The NXT was stolen through Bter's insecure servers.

The community is considering a hardfork to return the funds, similar to what was done with Vericoin after the Mintpal hack, but at current time it doesn't seem like that is going to happen. The forgers of NXT have the power to change the blockchain, if more than 51 % of them agree.NXT was planning on changing that number to 90 %, but that feature hasn't been implemented yet.

A third method has been proposed, which would be a partial rollback that would lock the hacker's account.  It would still require the same hard fork and the community's approval, but wouldn't roll back unrelated transactions that took place during that time.

The hacker sent a message to Bter through the NXT blockchain, offering to sell back the NXT to the exchange for 110 BTC. The hacker seems to think this will be a better solution for the exchange, the currency's community and NXT itself.

Bter reportedly sent the hacker 100BTC in exchange for the NXT but only got five million, less than one tenth of the stolen NXT, back so far. According to NXT forum members, a member of the Bitcoin Talk Forums “renat0” has offered to buy the NXT from the hacker at a higher price. Other users have since joined in and it has created a sort of bidding war for the stolen NXT [Warning some NSFW in that link].

The suspected hacker didn't appear to use Tor while posting his threats, so it is possible his IP address has been revealed. The NXT community has contacted that user's ISP.

Bter representatives appeared on the Nxt Forum and apologized to the community, saying it was their fault. They say they were in the process of securing all their servers with two factor authentication, but the server that held their NXT funds had not been updated yet. If the community goes forward with the rollback, the exchange has promised to compensate anyone who loses funds because they bought NXT between the attack and the hardfork.

NXT withdraws have been disabled from Bter. Reports are also indicating that withdrawing other digital currencies from Bter have been disabled, and have been sitting in “pending” since shortly after the attack, although that is unconfirmed at this point.

When Vericoin instituted its rollback, the currency saw a huge drop in trust and therefore value. It appears NXT will  lose some of its trust and value, regardless of how this whole situation plays out. The only questions that remain for NXTs community is which decision will result in the least amount of damage.

Once again, this event is an example of why centralization does not meld well with decentralized currencies. NXT has its own decentralized exchange built in, which should make large scale hacks such as this one impossible.

We are waiting for official comment from both the NXT developers and Bter and will update this page accordingly.

Did you enjoy this article? You may also be interested in reading these ones:


Help Cointelegraph tell the World Health Organization to accept bitcoin to fight Ebola! They have no reason not to take it!