Bitcoin, the anonymous, peer to peer virtual currency, has been getting a lot of press lately. From the severe inflation to the hacks and the big heist, not all of it has been good. However, it’s certainly an interesting system, and there are a few good trading services such as Mt.Gox and Tradehill aimed at making Bitcoin more available and more usable for the average person. Today we’ll take a look at the Mt.Gox API and Tradehill API.
Mt.Gox got a lot of press recently due to the rumors that they were hacked. According to the official statement, this wasn’t true, but they did lose some data due to a data compromise on the machine of someone who audits the system.
[Update - 2:06 GMT] What we know and what is being done.
It appears that someone who performs audits on our system and had read-only access to our database had their computer compromised. This allowed for someone to pull our database. The site was not compromised with a SQL injection as many are reporting, so in effect the site was not hacked.
Two months ago we migrated from MD5 hashing to freeBSD MD5 salted hashing. The unsalted user accounts in the wild are ones that haven’t been accessed in over 2 months and are considered idle. Once we are back up we will have implemented SHA-512 multi-iteration salted hashing and all users will be required to update to a new strong password.
We have been working with Google to ensure any gmail accounts associated with Mt.Gox user accounts have been locked and need to be reverified.
Mt.Gox will continue to be offline as we continue our investigation, at this time we are pushing it to 8:00am GMT.
When Mt.Gox comes back online, we will be putting all users through a new security measure to authenticate the users. This will be a mix of matching the last IP address that accessed the account, verifying their email address, account name and old password. Users will then be prompted to enter in a new strong password.
Once Mt.Gox is back online, trades 218869~222470 will be reverted.
We will continue to update as we find new information.
The Mt.Gox is RESTful, returning results in JSON. No API key is required, but a user’s login credentials are needed, as to do most useful things with it you need to be authenticated. The login and pass are simply parameters of the call, but as it uses HTTPS, it is secure. Using the API, you can place or cancel an order to buy or sell Bitcoins, and send Bitcoins directly to a user, as well as check your balance. You can also check recent trades, open orders, and current market depth, without login credentials. All in all, it’s simple, powerful, and does exactly what is needed.
Tradehill’s API calls are designed to be literally identical to the calls at Mt.Gox. This makes coding easier, if one wanted to make a client for both exchanges. Hopefully any other Bitcoin exchanges that make APIs use this simple method as well, allowing clients made to trade across all exchanges to be designed easily. Tradehill is a bit of a smaller exchange, but due to the questions many have about Mt.Gox’s security after the data breach, it may become more popular as an alternative.
The main use of this API is generally to make a client, but there are a lot of more fun uses possible. It could be used as a payment system for just about anything, utilizing an exchange the same way one might utilize a credit card service to accept payments. One might also design a trading bot to automatically trade Bitcoins at a profit in an intelligent manner. Bitcoin is an interesting technology, and if it takes off it might be one of the main ways commerce is done on the net.