Bitcoin exchange shuts after heist
Bitfloor says 24,000 BTC pinched through unencrypted backup
Bitcoin exchange Bitfloor has suspended its operations while it tries to figure out who pinched 24,000 units of the virtual currency by accessing an unencrypted backup and using information it contained to transfer 24,000 BTC to destinations unknown.
In a post on the Bitcoin Forum, Bitfloor founder Roman Shtylman said he has shut down the Exchange because:
“Last night, a few of our servers were compromised. As a result, the attacker gained accesses to an unencrypted backup of the wallet keys (the actual keys live in an encrypted area). Using these keys they were able to transfer the coins. This attack took the vast majority of the coins BitFloor was holding on hand. As a result, I have paused all exchange operations. Even tho only a small majority of the coins are ever in use at any time, I felt it inappropriate to continue operating not having the capability to cover all account balances for BTC at the time.”
The good news is that Shtylman also says “I still have all of the logs for accounts, trades, transfers. I know exactly how much each user currently has in their account for both USD and BTC. No records were lost in this attack.” Bank account records “And all records for the current status of the exchange (accounts, trades, etc) are all also secure,” he added in a later post.
The bad news is that 24,000 Bitcoins is about 248,000 real world US dollars, according to Bitcoin conversion site Preev.
In the long (and fast-growing) thread following Shtylman's confession, users are angrily asking why he used lax security practices to protect their virtual cash. His answer follows:
Yes, I realize this is a very serious mistake.
Which looks an early favourite for understatement of the year.
Another thread on the Bitcoin Forum is dedicated to figuring out who committed the theft, and where the Bitcoins have gone.
Bitfloor.com remains down at the time of writing. ®
Bitcoin worked exactly as intended. Someone with access to the wallet keys was able to anonymously and purposefully transfer huge sums of money.
The fact that it was unauthorised (due to lack of security of the wallet) is the problem, not Bitcoin. It's like blaming "credit cards" because you left your card in a restaurant and someone fraudulently charged it.
Actually, I'm impressed that BitCoin hasn't had some trick, or significant security flaw, that made the whole thing collapse anyway. In terms of what it was designed to do, it certainly does it well.
The question is not "Do I trust BitCoin?" at the moment as "Do I trust 3rd parties to hold/trade my Bitcoins?"
Good way to shut down an "underground unregulated" currency
Just continue to hack the different exchanges each month and totally kill any credibility bitcoins had.
Bitcoin is failing in way too many ways to take seriously anymore.