IDG News Service - Hackers stole about $250,000 from BitFloor, a BitCoin exchange, on Monday and it does not have the money to reimburse account holders, according to the website's founder.
BitCoins are an electronic currency that are generated as computers solve a changing mathematical problem. A BitCoin is essentially a secret number, which is protected from unauthorized transfers by public key cryptography, that is associated with an 34-character alphanumeric "address" that a user holds.
BitFloor, based in New York City, allowed account holders to buy and sell BitCoins, exchange the currency for U.S. dollars and transfer the money using the ACH (Automated Clearing House) system.
The cryptography wrapped around BitCoins is designed to make it nearly impossible to derive the private keys needed to gain possession of the secret number. But in the case of BitFloor, hackers found the keys.
Roman Shtylman, BitFloor's founder, wrote on a forum that the hackers obtained an unencrypted backup of the keys, which were then used to transfer coins held by BitFloor. The backup "was made when I manually did an upgrade and was put in the unencrypted area on disk," he wrote.
"I realize the details of the failure and attack are interesting but I am currently focused on user accounts and exchange status going forward," he wrote.
BitFloor's reserve of BitCoins -- about 24,000 -- was wiped out. A BitCoin was worth about $10.46 as of Wednesday, according to Mt. Gox, another BitCoin exchange.
U.S. dollar accounts with BitFloor were not affected as well as records for accounts and trades, Shtylman wrote. BitFloor turned over around 64,000 BitCoins a month, worth some $717,000. It took a 0.3 percent commission from trades, amounting to around $2,100 in revenue for the site, Shtylman wrote.
"As a last resort, I will be forced to fully shut BitFloor down and initiate account repayment using current available funds," Shtylman wrote. "I still have all of the logs for accounts, trades, transfers. I know exactly how much each user currently has in their account for both USD and BTC [BitCoin]. No records were lost in this attack."
One user asked if BitFloor could secure some investor funds in order to pay back customers. "This would be a possibility if investors interested in helping continue operations show interest," Shtylman wrote. "It is certainly something I am thinking about."
Send news tips and comments to jeremy_kirk@idg.com
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
