Visitors to the secure Bitcoin wallet site Inputs.io will be greeted with a frowning emoticon today and a PGP-signed message telling them the bad news: Inputs.io has been shut down in the wake of a massive hack. The site has lost 4100 bitcoins to hackers and is unable to continue operations.

:(

Two hacks totalling about 4100 BTC have left Inputs.io unable to pay all user balances. The attacker compromised the hosting account through compromising email accounts (some very old, and without phone numbers attached, so it was easy to reset). The attacker was able to bypass 2FA due to a flaw on the server host side.

Database access was also obtained, however passwords are securely stored and are hashed on the client. Bitcoin backend code were transferred to 10;15Hd@mastersearching.com:mercedes49@69.85.88.31 (most likely another compromised server).

What about my coins there? If you stored more than 1 BTC, send an email to support@inputs.io with a Bitcoin address (preferably, an offline, open source light/SPV wallet like Multibit or Electrum). Use the same email you’re using on Inputs. Please don’t store Bitcoins on an internet connected device, regardless of it is your own or a service’s.

I know this doesn’t mean much, but I’m sorry, and saying that I’m very sad that this happened is an understatement.

Users still may access their Inputs.io accounts via a version of the webpage to check their account balances but the staff warns users not to add BTC.

It’s been predicted that as Bitcoin became more popular hacks would become an increased problem, especially for web wallets. This attack against Inputs.io fits the model for the “digital heist.” Each time a new wallet appears security must be taken heavily into account, most sites use two-factor-authentication (including Inputs.io.)

The first famous hack happened to MtGox in 2011 causing a massive apparent crash in BTC value due to a freeze on the exchange, which represented most trading during the time. After that, on August 2011 Bitomat exchange lost their wallet—not a hack, just a hosting snafu—losing almost 17,000 BTC in one fell swoop. On May 2012, Bitcoinica exchange got hacked and lost almost 18,547 BTC in the breach.

In most of the cases the affected exchanges were devastated, some recovered nicely (such as MtGox) but others fell by the wayside.

In the case of Inputs.io, the website Techie News was told that the company expects to personally pay account balances of customers.  “We’ve lost most of the BTC due to the hack,” the statement said, “however I’m personally paying out of my pocket to make sure users receive as much as they can.”