Bitcoinica Suffers Staggering $87,000 Bitcoin Loss in Server Breach
At approximately 1:00pm GMT last Friday, the Bitcoin exchange Bitcoinica suffered a server compromise that led to the theft of their bitcoin wallet and ended in the loss of ฿18,547 BTC—a value calculated at the current market rate of exceeding $87,000. After this happened, Bitcoinica was quick to reveal the information but few details on their blog.
According to Bitcoinica, this represents only a fraction of the total of their bitcoins and withdrawal requests will be honored; but they have suspended operations while the investigation proceeds. The exchange also believes that the database itself was compromised.
This particular breach comes after a months of repeated, serious wallet compromises where massive numbers of bitcoins have been stolen or lost. In early March, a Linode server hack caused the loss of ฿46,703 BTC (worth $228,845 at the time) with the largest fraction of nearly ฿43,000 BTC of the loss coming out of Bitcoinica’s pockets. In August 2011, Bitomat lost their wallet with almost ฿17,000 BTC due to a backup failure when using Amazon’s elastic-computing cloud. Also in that same month, MyBitcoin.com disappeared with $250,000 worth of BTC. Finally, starting the long-line of targeted attacks against Bitcoin wallets and exchanges (or just plain bugs) was the hack against MtGox last year in June—the nascent currency hasn’t caught a break with breaches, insecurity, and bugs since it started to gain widespread publicity.
Since bitcoins aren’t just numbers in a bank, and it’s possible to steal them by just copying them out of a wallet and then transferring them, they make a pronounced low-hanging-fruit to hackers looking to make a quick buck. MtGox and other exchanges have seen huge amounts of expenditure and investment into making their own severs more secure against invasion since last June; but it’s obvious that the digital nature of bitcoins are changing the face of the digital heist—and Bitcoinica is the latest victim of a vast loss.
According to posts on the Bitcoin Talk forums, left by Bitcoinica CEO Zhou Tong, the hackers appear to have breached root access at their server host at Rackspace discovered via a massive transfer of bitcoins from the given wallet from what appeared to be one of the site administrators. To this extent, it’s suspected that the Rackspace password was changed by attackers via the password-recovery mechanism and an intercepted e-mail. Amidst the comments, some respondents criticized Bitcoinica for not using better security such as two-factor password recovery and offline cryptographic storage for the bitcoin wallet.
Of course, there are strong reasons to keep particular sums of bitcoins liquid and open in wallets in order that they may be moved quickly when transactions need to happen. As a result, Tong defended the decision to keep such a large wallet in the open:
“The sum of margin balance is the absolute minimum of funds we have to keep (so that we can honor every withdrawal request),” Tong explained. “Since the system is down at the moment, we don’t have the knowledge of open positions. We’re pretty sure that margin balance can be covered with our off-site reserves, but we are unable to determine value of unpaid unrealized profits and the unpaid swaps.”
The Bitcoin market has seen some ups, some downs, but largely it’s been driven by popular attention and these large-numbered and high-profile hacks reveal that its vulnerable to what I dubbed a “new type of bank heist.” Bitcoin exchanges are the cyberspace version of Wells Fargo transporting money via stagecoach and locomotive with bandits looking to waylay the money train.
Bitcoinica’s ability to cover the bitcoin assets of their customers through the loss will be instrumental to keeping a sense of balance in the market and also a sense of security.
However, looking at this heist in the long-line of bitcoin losses related to cybersecurity, we might still be in for the long haul.
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU