Unknown attackers are exploiting a Bitcoin design flaw to record fake transactions, muddying up the Bitcoin system’s public accounting and causing widespread confusion for the centers where people trade them.
The Bitcoin flaw allows these attackers to make a withdrawal from their own account and tamper with the record of that transaction. So they could cash out, but claim they never got the Bitcoins.
Here’s how the Bitcoin glitch is exploited: All Bitcoin transactions are publicly recorded and set in stone every 10 minutes. But that leaves a large window for nefarious activity. In this case, attackers were making real transactions then immediately posting fake ones, confusing the exchanges’ accounting programs.
Computer engineers working on Bitcoin’s core functions say this kind of denial-of-service attack is inexpensive and relatively easy to pull off.