BitCoin exchange loses $250,0000 after unencrypted keys stolen
BitFloor's founder wrote that he failed to encrypt a digital wallet containing the secret encryption keys
IDG News Service - Hackers stole about $250,000 from BitFloor, a BitCoin exchange, on Monday and it does not have the money to reimburse account holders, according to the website's founder.
BitCoins are an electronic currency that are generated as computers solve a changing mathematical problem. A BitCoin is essentially a secret number, which is protected from unauthorized transfers by public key cryptography, that is associated with an 34-character alphanumeric "address" that a user holds.
BitFloor, based in New York City, allowed account holders to buy and sell BitCoins, exchange the currency for U.S. dollars and transfer the money using the ACH (Automated Clearing House) system.
The cryptography wrapped around BitCoins is designed to make it nearly impossible to derive the private keys needed to gain possession of the secret number. But in the case of BitFloor, hackers found the keys.
Roman Shtylman, BitFloor's founder, wrote on a forum that the hackers obtained an unencrypted backup of the keys, which were then used to transfer coins held by BitFloor. The backup "was made when I manually did an upgrade and was put in the unencrypted area on disk," he wrote.
"I realize the details of the failure and attack are interesting but I am currently focused on user accounts and exchange status going forward," he wrote.
BitFloor's reserve of BitCoins -- about 24,000 -- was wiped out. A BitCoin was worth about $10.46 as of Wednesday, according to Mt. Gox, another BitCoin exchange.
U.S. dollar accounts with BitFloor were not affected as well as records for accounts and trades, Shtylman wrote. BitFloor turned over around 64,000 BitCoins a month, worth some $717,000. It took a 0.3 percent commission from trades, amounting to around $2,100 in revenue for the site, Shtylman wrote.
"As a last resort, I will be forced to fully shut BitFloor down and initiate account repayment using current available funds," Shtylman wrote. "I still have all of the logs for accounts, trades, transfers. I know exactly how much each user currently has in their account for both USD and BTC [BitCoin]. No records were lost in this attack."
One user asked if BitFloor could secure some investor funds in order to pay back customers. "This would be a possibility if investors interested in helping continue operations show interest," Shtylman wrote. "It is certainly something I am thinking about."
Send news tips and comments to email@example.com
- Transforming Information Security: Future-Proofing Processes This report provides a valuable set of recommendations from 19 of the world'd leading security officers to help organizations build security strategies for...
- The Evolution of Corporate Cyberthreats Cybercriminals are creating and deploying new threats every day that are more destructive than ever before. While you may have more people devoted...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- Establish Cyber Resiliency: Developing a Continuous Response Architecture Many enterprises fail to proactively prepare the battlefield for a data breach by only leveraging outdated techniques that focus on the perimeter or...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Cybercrime and Hacking White Papers | Webcasts