Bitcoin exchange comes back online after hack
BitFloor's founder said he intends to pay back victims, but it will take time
IDG News Service - A small New York-based company that specializes in exchanging Bitcoins is back online after hackers stole about $250,000 worth of the virtual currency earlier this month.
Roman Shtylman, founder of BitFloor, said by phone from London on Monday he reported the theft to the FBI and that he intends to pay back victims whose Bitcoins were stolen.
How long that will take I dont know," Shtylman said. "Certainly for me this is a long-term plan, and Im mostly doing this because I feel it's important to try and be clear of my intention to try and recover the coins."
Bitcoin is a virtual currency, created by a mysterious person who went by the name "Satoshi Nakamoto" and has extensive knowledge of cryptography. Bitcoins are transferred using software programs that connect to a peer-to-peer system that cryptographically verifies the transaction.
Bitcoin "miners" are people who have built heavy-duty computing systems which maintain the integrity of the transaction system. For their work, they are periodically awarded Bitcoins, which have a fluctuating market value and can be traded for cash on exchanges such as BitFloor.
Nakamoto launched Bitcoin in early 2009. He was active in the Bitcoin community at the onset, and then disappeared: no one has conducted an interview with him, and efforts to uncover his true identity have been fruitless. A nine-page white paper written by Nakamoto describes the system.
Unsurprisingly, Bitcoin exchanges are prime targets for hackers, and several exchanges have been hacked. Because of how Bitcoin's peer-to-peer system is designed, transactions are irreversible unless the receiver of the Bitcoins chooses to send some back to the sender.
All transactions using Bitcoin are publicly recorded. Users have a 32-character alpha-numeric address, which is used to transfer funds. That address -- and the receiving address -- are available to see on websites such as Blockchain.info.
According to those records, the hacker has not transferred or spent the funds, Shtylman said. While Bitcoin offers a high degree of anonymity for Bitcoin-only transactions, at some point, users probably want to exchange their Bitcoins for cash (one Bitcoin was trading for $12.06 on Tuesday according to the largest exchange, Mt. Gox).
Bitcoin exchanges need a certain amount of information from users in order to pay them, including a person's name and bank account details. That offers a potential opportunity to trace a thief. Bitcoin has drawn attention, but no country has tried to regulate it, and exchanges do not want to be linked to money laundering or other shady deals.
Shtylman said the hack was devastating, and the cost well exceeded revenues he had made since he launched trading on BitFloor in October 2011. The loss, amounting to about 24,000 Bitcoins, was his fault: he had left the private keys --- needed to unlock and transfer Bitcoins -- on an unencrypted disk. Bitcoin uses public key cryptography for security.
Following the hack, Shtylman attended a Bitcoin conference in London where no one expressed anger at him.
"Most users and existing members of the community have been very supportive and wanted to see BitFloor come back online," Shtylman said.
Since relaunching, Shtylman said he is now keeping private keys in so-called "cold storage," or on offline computers not connected to the BitFloor's exchange. All funds that are live on the exchange will be backed by BitFloor, he said.
"We are never going into a situation where we are doing fractional reserve," Shtylman said, where funds belonging to customers are also used for other purposes.
Send news tips and comments to firstname.lastname@example.org
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Cybercrime and Hacking White Papers | Webcasts