Monday evening, an unauthorized withdrawal for 150 BTC (approx. $42,879 USD) was sent from Coinapult’s hot wallet, according to a Google doc released by the Bitcoin payment processor. The website has also been updated with a warning that customers should not send any bitcoins to existing Coinapult addresses, including lock addresses.

Coinapult, operated by Numeraire Ltd., runs Bitcoin merchant services, payment processing, as well as a web wallet.

The website has been updated with a summary of events:

To summarize, Coinapult has the situation contained and all funds (minus the 150 BTC withdrawn last night) are safe. Investigations are ongoing to determine the method of attack. Until we are able to determine and patch the attack vector, we will not re-enable our services. If this takes more than a few days, we will refund.

Coinapult’s own investigation into what happened reveals several suspicious coincidences from Friday, March 13, when the data center where the finance server was hosted had an all-day outage. Plans had also been made to move servers out of that data center in short order, which Coinapult staff believe triggered the attack’s timing.

An investigation of the servers revealed that an intruder accessed many of the machines, deleted and modified logs.

As part of recovery, Coinapult staff have powered down all hardware in the data center and plan to run forensics on the hard drives to see if data can be recovered from the manipulated logs. A laptop potentially involved is also being disassembled for forensics.

Finally, the team is proceeding with moving hardware out of the data center in question and will attempt to gather surveillance and logs from the days in question.

Yet another breach of a Bitcoin-business’ wallet

In getting hacked and having bitcoins stolen, Coinapult is not alone during 2015. Over the past few months a number of Bitcoin-related businesses have gotten hit and the heists have lost considerable amounts of money.

Starting in January, popular Bitcoin exchange Bitstamp got hit for $5 million after a hot wallet compromise. The exchange suspended operations for four days in order to proceed with clean up and security efforts.

Then in February, China-based Bitcoin exchange Bter.com suffered a hack where attackers made off with 7170 BTC (approx. $1.66 million USD). The company has since set in motion a plan to pay back its customers. Also in February, Exco.in shut down indefinitely after a series of DDoS attacks and a hack that hit the Bitcoin exchange.

These hacks and heists are almost reminiscent of the early days of Bitcoin exchanges in 2012 when reports of such became almost a weekly occurrence. Security is a very big issue for the cryptocurrency market due to the nature of financial transactions in general. Exchanges and payment services find themselves in the crosshairs of would-be thieves and must keep up with security best practices.

photo credit: Dom W via photopin cc; Bitcoin IMG_1924 via photopin (license).