Linode Breach Leads to Massive Heist of 46,000 BTC from Bitcoinica, Faucet

Linode Breach Leads to Massive Heist of 46,000 BTC from Bitcoinica, Faucet

Numerous media sources are reporting now on a massive heist of Bitcoin wallets as the result of the hack of the cloud-hosting provider Linode. Last night, Ars Technica was able to confirm that over 46,703 BTC (almost $228,845 USD worth) had been stolen by the hackers from wallets stored on Linode’s servers even Marek Palatinus of lost over 3,000 BTC.

The Bitcoin cutpurses have made off with an impressive amount of loot and it looks like that’s exactly what they were after.

In a advisory statement, Linode confirmed that the hackers were after the Bitcoin wallets of their customers.

“All activity by the intruder was limited to a total of eight customers, all of which had references to ‘bitcoin,'” Linode’s advisory stated. “The intruder proceeded to compromise those Linode Manager accounts, with the apparent goal of finding and transferring any bitcoins. Those customers affected have been notified.”

The attackers struck early morning March 1, 2012and the aftershocks have been massive for the community. Among others hit was a wallet belonging to the Bitcoin trading platform Bitcoinica—CEO Zhou Tong confirmed they lost 43,554 BTC. Even the Bitcoin faucet’s wallet suffered a loss at the hands of the infiltrators.

As they’re an exchange platform, Bitcoinica has made it clear to their customers that the loss will not affect their holdings with the company. “Bitcoinica is committed to absorbing any loss. The thief stole from us, not you,” the notice adds.

All eight of the Linode customers affected by the attack have yet to be identified—aside from Bitcoinica, The Bitcoin Faucet (Gavin Andresen who lost 5 BTC), and Marek Palatinus.

According to Palatinus, Namecoins were not stolen, although the attackers did have access to them.

When the attacks went down, it was Palatinus and Andersen who brought them to light by posting about them on their respective blogs. Shortly after that, Thursday morning, Linode released their security advisory confirming that an attack had taken place.

RELATED:  Bitcoin mining firm BTCS counts its days as SEC filing shows it's nearly run out of money

The attackers apparently breached a customer support portal and used that as a beachhead to identify their intended victims. From there they broke into the target accounts, transferred the Bitcoins out of the wallets, and vanished merrily into the night.

The theft of 46,000 BTC puts this heist on a similar scale to the hack that affected trading on MtGox in June 2011—however, unlike MtGox, the exchange that suffered the most, Bitcoinica, is vowing to proceed for customers as if it didn’t happen. The next largest loss of Bitcoins we’ve seen also happened with a cloud-hosting snafu when Bitomat’s wallet.dat file evaporated and expunged 17,000 BTC in July 2011. And we can also cite’s vanishing that same month, precipitating the loss of more than 25,000 BTC.

While it is obvious that the Bitcoin community is not pleased with this security failure, and Bitcoinica’s involvement, BTC is only down slightly at $4.72—although it’s been a somewhat downward trend for a month now. If there’s any fallout to be had due to Bitcoinca’s loss, we probably won’t see it until after the weekend.

Kyt Dotson

Kyt Dotson

Kyt Dotson is a Senior Editor at SiliconAngle and works to cover beats surrounding DevOps, security, gaming, and cutting edge technology. Before joining SiliconAngle, Kyt worked as a software engineer starting at Motorola in Q&A to eventually settle at where he helped build a vast database for pet adoption and a lost and found system. Kyt is a published author who writes science fiction and fantasy works that incorporate ideas from modern-day technological innovation and explore the outcome of living with those technologies.
Kyt Dotson


Join our mailing list to receive the latest news and updates from our team.

1 Comment

  1. Excuse me? That was not unlike Mt. Gox. They rolled back the transactions back to before the attack. Nobody lost their bitcoins and Mt. Gox covered the few bitcoins that the attacker did manage to run away with. However, Mt. Gox has a limit on how much any user can withdraw in a day, which limited the attacker. Bitcoinica had a deeper attack where the attacker gained access to the wallet. Which is much worse. They went through any and all security layers.

Submit a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Share This

Share This

Share this post with your friends!