Bitcoin is under attack

bitcoin cyber attack
Cyber attackers are exploiting a Bitcoin flaw, knocking major exchanges offline.

Bitcoin is under attack by cybercriminals, bringing down some of the world's largest Bitcoin exchanges in the process.

Unknown attackers are exploiting a Bitcoin design flaw to record fake transactions, muddying up the Bitcoin system's public accounting and causing widespread confusion for the centers where people trade them.

The Bitcoin flaw allows these attackers to make a withdrawal from their own account and tamper with the record of that transaction. So they could cash out, but claim they never got the Bitcoins.

Here's how the Bitcoin glitch is exploited: All Bitcoin transactions are publicly recorded and set in stone every 10 minutes. But that leaves a large window for nefarious activity. In this case, attackers were making real transactions then immediately posting fake ones, confusing the exchanges' accounting programs.

Related: What is Bitcoin?

Computer engineers working on Bitcoin's core functions say this kind of denial-of-service attack is inexpensive and relatively easy to pull off.

The glitch was first made public in 2011 but has not been addressed by every Bitcoin exchange. Jeff Garzik, one of Bitcoin's core developers, said some exchanges were getting duped because their software doesn't account for the flaw. That's why in the last several days, Bitstamp and Mt.Gox have halted customer withdrawals. Other exchanges have created software programs that avoid the glitch.

The attacks aren't affecting people's wallets or the amount of bitcoins held in their personal accounts, according to Bitcoin's leading advocates. People can still purchase goods with bitcoins, but many are unable to withdraw their money.

How I make money mining bitcoins
How I make money mining bitcoins

The assault, which is saturating the payment system with false information, has laid bare how unproven and fragile Bitcoin is right now.

"This exposes that Bitcoin is, at best, a beta project," said Alex Daley, chief technology investment strategist at Casey Research. "Until a system like this is in wide use for many years, you'll continue to find flaws in the implementation."

Knocking such large exchanges offline has taken a toll on what little public confidence there is left in Bitcoin. Since Mt.Gox froze withdrawals on Friday, Bitcoin prices have fallen by more than 13% to $660.

Garzik and other developers are working on fixing a related computer bug in digital bitcoin wallets. Exchanges are also working on updating their software to prevent similar attacks in the future.

Related story: Bitcoin regulation coming this year

The whole event is disconcerting -- but not surprising -- to everyday Bitcoin users.

Jeff Thompson is an early adopter who accepts bitcoins as payment at his martial arts school, Atlanta Kick. He owns nearly 400 bitcoins, but the vast majority are on USB flash drives at home -- the equivalent of keeping cash under the mattress. He lost faith in Mt.Gox long ago, transferring his money to Bitstamp. But he's still cautious.

"It's not FDIC insured, and you really don't know who you're dealing with," he said. "This is still the Wild West, so you do it at your own peril."

CNNMoney Sponsors