Feeds

Bitcoin exchange shuts after heist

Bitfloor says 24,000 BTC pinched through unencrypted backup

Protecting against web application threats using SSL

Bitcoin exchange Bitfloor has suspended its operations while it tries to figure out who pinched 24,000 units of the virtual currency by accessing an unencrypted backup and using information it contained to transfer 24,000 BTC to destinations unknown.

In a post on the Bitcoin Forum, Bitfloor founder Roman Shtylman said he has shut down the Exchange because:

“Last night, a few of our servers were compromised. As a result, the attacker gained accesses to an unencrypted backup of the wallet keys (the actual keys live in an encrypted area). Using these keys they were able to transfer the coins. This attack took the vast majority of the coins BitFloor was holding on hand. As a result, I have paused all exchange operations. Even tho only a small majority of the coins are ever in use at any time, I felt it inappropriate to continue operating not having the capability to cover all account balances for BTC at the time.”

The good news is that Shtylman also says “I still have all of the logs for accounts, trades, transfers. I know exactly how much each user currently has in their account for both USD and BTC. No records were lost in this attack.” Bank account records “And all records for the current status of the exchange (accounts, trades, etc) are all also secure,” he added in a later post.

The bad news is that 24,000 Bitcoins is about 248,000 real world US dollars, according to Bitcoin conversion site Preev.

In the long (and fast-growing) thread following Shtylman's confession, users are angrily asking why he used lax security practices to protect their virtual cash. His answer follows:

Yes, I realize this is a very serious mistake.

Which looks an early favourite for understatement of the year.

Another thread on the Bitcoin Forum is dedicated to figuring out who committed the theft, and where the Bitcoins have gone.

Bitfloor.com remains down at the time of writing. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.