This is absolutely not how the Mt. Gox database works.
I know because I have access to the source code of the site.
You can't post a trade from 'all' accounts; if a large trade pushed the price down, then a large trade pushed the price down, and that trade was executed from a single account.
Given Mark's statement that the logins which had been dormant for more than a few months were the easily rainbow-table attacked ones, it seems that someone had sent in a lot of bitcoins and then stopped using the system for a while; they apparently had a weak / rainbow-table vulnerable password.
If that's the situation, I'd call this a medium-sophisticated attack; better would have been to drive prices down slowly over a day or so, then use other hacked accounts to buy them up cheaply and withdraw over BTC. That might have taken some time to notice and unravel.
As it is, it looks like someone tried to flash-crash the market, then send out $1,000 worth of BTC at very low market rates, so a lot of BTC. Someone who would do this intrinsically believes in the resilience of bitcoin by the way, which is interesting. I'm not sure how they would plan on dealing with the taint on their coins, though. They'd have needed some sort of high-volume laundering service; none of the ones I know have enough volume to deal with this.
If you had sql injection rights in the database, there would be no need to trade; you would just insert a few nice rows in the db for yourself, mark yourself 'super trusted' and then initiate a withdrawal. This wasn't a SQL injection attack in my opinion.
Hmm, but what if the attacker wasn't in it for the $currency?
What if he were in it to destroy Mt. Gox, as they say, "for the lulz"?
Making all their customers angry and causing a run on their escrow accounts might just do it more effectively than trying to withdraw whatever could be obtained through their online trading platform.
I know because I have access to the source code of the site.
You can't post a trade from 'all' accounts; if a large trade pushed the price down, then a large trade pushed the price down, and that trade was executed from a single account.
Given Mark's statement that the logins which had been dormant for more than a few months were the easily rainbow-table attacked ones, it seems that someone had sent in a lot of bitcoins and then stopped using the system for a while; they apparently had a weak / rainbow-table vulnerable password.
If that's the situation, I'd call this a medium-sophisticated attack; better would have been to drive prices down slowly over a day or so, then use other hacked accounts to buy them up cheaply and withdraw over BTC. That might have taken some time to notice and unravel.
As it is, it looks like someone tried to flash-crash the market, then send out $1,000 worth of BTC at very low market rates, so a lot of BTC. Someone who would do this intrinsically believes in the resilience of bitcoin by the way, which is interesting. I'm not sure how they would plan on dealing with the taint on their coins, though. They'd have needed some sort of high-volume laundering service; none of the ones I know have enough volume to deal with this.