Original URL: http://www.theregister.co.uk/2012/09/05/bitfloor_heist/
Bitcoin exchange shuts after heist
Bitfloor says 24,000 BTC pinched through unencrypted backup
Bitcoin exchange Bitfloor has suspended its operations while it tries to figure out who pinched 24,000 units of the virtual currency by accessing an unencrypted backup and using information it contained to transfer 24,000 BTC to destinations unknown.
In a post on the Bitcoin Forum, Bitfloor founder Roman Shtylman said he has shut down the Exchange because:
“Last night, a few of our servers were compromised. As a result, the attacker gained accesses to an unencrypted backup of the wallet keys (the actual keys live in an encrypted area). Using these keys they were able to transfer the coins. This attack took the vast majority of the coins BitFloor was holding on hand. As a result, I have paused all exchange operations. Even tho only a small majority of the coins are ever in use at any time, I felt it inappropriate to continue operating not having the capability to cover all account balances for BTC at the time.”
The good news is that Shtylman also says “I still have all of the logs for accounts, trades, transfers. I know exactly how much each user currently has in their account for both USD and BTC. No records were lost in this attack.” Bank account records “And all records for the current status of the exchange (accounts, trades, etc) are all also secure,” he added in a later post.
The bad news is that 24,000 Bitcoins is about 248,000 real world US dollars, according to Bitcoin conversion site Preev.
In the long (and fast-growing) thread following Shtylman's confession, users are angrily asking why he used lax security practices to protect their virtual cash. His answer follows:
Yes, I realize this is a very serious mistake.
Which looks an early favourite for understatement of the year.
Another thread on the Bitcoin Forum is dedicated to figuring out who committed the theft, and where the Bitcoins have gone.
Bitfloor.com remains down at the time of writing. ®