[qnr]

Indeed, bitcoin is like a cryptography competition with ridiculously huge prize.

1. Break SHA2 -> control bitcoin generation ($2500 each generated block at current prices)

2. Break ECDSA -> unlock any addresses that have ever sent money on the blockchain

3. Break ECDSA+SHA2+RIPEMD160 -> break ALL addresses, even those that have never sent money.

Incidentally, the difference between 2 and 3 is why it is not recommended to reuse bitcoin addresses.

[finnw]

Breaking SHA2 (i.e. developing an economically-feasible preimage attack) would indeed crash bitcoin, but the converse is not true.

A near-collision attack on double SHA256 (if you treat it as a single hash not a pair of independent hashes) would also crash bitcoin, but would not necessarily be a threat to use of SHA256 for authentication purposes.

A bitcoin block solution just needs the hash to include enough leading zeros. Authentication (nearly always being automated) requires every bit to match - hitting 255 of 256 bits is no better than hitting 0 bits, as either way your message will be rejected.

[eterm]

Break any and the value of bitcoins will crash hard.

You can't take millions out of a system which doesn't actually have millions worth of liquidity backing it. The total worth of all bitcoins is actually far smaller than the market capitalization of all bitcoins because the trade of them is based off an assumption that many if not most coins are dead coins.

[qnr]

Well, MtGox monthly volume is over 1 million BTC [1] or $100 million at current prices. I think you should be able to take out at least a few million without raising suspicion

In case of SHA2 compromise in particular, generating, say 20% of daily blocks would hardly be noticed (and can be easily explained as a new shipment of ASICs). This is about 720 BTC or $72000 daily.

[1] http://bitcoincharts.com/markets/mtgoxUSD.html