Hacker Walks Away with Equivalent of $250,000 in Another Bitcoin Theft
posted Saturday Sep 8, 2012 by Nicholas DiMeo
Earlier this year, over $228,000 worth of Bitcoins were stolen. For those who don't know, Bitcoin is a digital currency, similar to Microsoft Points. However, Bitcoins are acquired via "mining" from an idle PC. What it comes down to is that you are being compensated for your time and your computer's usage. The theft marked the second time in under a year that the new currency's security was breached, both through a Bitcoin exchange server and from Bitcoin servers directly. Unfortunately for those involved in Bitcoin, more theft has occurred.
The founder of the company BitFloor, which is an exchange service for Bitcoins, has reported that a hacker was able to access the company's servers and walk away with 24,000 Bitcoins, which is worth close to about $250,000. Because of this, the exchange now is out of money to make good on all of its deposits and BitFloor is under a temporary suspension of operations while it investigates the matter.
For more on this breach and what's being done about it, click that break.
With the way Bitcoin works, when a transaction is made, it can't be reversed and because of the nature of which this currency system was created, tracing stolen Bitcoins to the person who stole them can sometimes be very difficult. This is part of the reason the currency is proving to raise some questions. While some may feel like eliminating charge-backs with irreversible transactions may be an important selling point, things like having to look over your e-shoulder all the time and watch out for attacks may end up turning off a lot of people to the service.
From the blog post about the servers that were compromised,
Last night, a few of our servers were compromised. As a result, the attacker gained accesses to an unencrypted backup of the wallet keys (the actual keys live in an encrypted area). Using these keys they were able to transfer the coins. This attack took the vast majority of the coins BitFloor was holding on hand. As a result, I have paused all exchange operations. Even tho only a small majority of the coins are ever in use at any time, I felt it inappropriate to continue operating not having the capability to cover all account balances for BTC at the time.
Through exchange user support, I can continue to operate BitFloor. I believe that posting the exchange source and being even more transparent about operations would be a step in this direction if we were to continue operating. BitFloor is currently the #4 USD exchange and #1 in the US.
The "good" news out of all of this is that Bitcoin developer Gavin Andersen has acknowledged all of these breaches and has said that Bitcoin is creating a new system that should increase security measures around transactions, called multi-signature transactions. This new practice would require a user or exchange to break up their signature across multiple devices, like a smartphone and a PC or several servers, for instance. At that point, the only way a hacker could gain access to a stash of Bitcoins is if they knew all of the devices the pieces of signature were stored on.
Until then, however, keep your Bitcoin wallet encrypted and try not to use the third-party exchange services until Bitcoin becomes a bit more secure. Plus, you can't really spend what you've earned in too many places anyway, so it's probably best to save up and use it when more merchants become accepting of the more secure version of a really cool currency system.