In another case of bitcoin's struggles to establish itself as a currency, another hack has occurred on Bitstamp, one of the largest bitcoin exchanges in the world. Compared to some previous hacks, this one was small, only affecting the online wallets of customers. This is typically a smaller percentage of the amounts as most exchanges aim to keep as much as possible offline to protect them.
Bitstamp has confirmed that up to 19 000 BTC were taken before they found the issue and temporarily suspended exchange. They have since taken down most everything and have replaced their website with a splash page explaining the situation. Their first warning there, and one that I will repeat here in bold and italics is: DO NOT MAKE DEPOSITS TO PREVIOUSLY ISSUED BITSTAMP BITCOIN DEPOSITS. These are compromised and Bitstamp will not honor any deposits made at this point.
They have said on their site, all deposits made prior to January 5th, 9:00 UTC are fully covered by their reserve and will be honored in full when Bitstamp resumes activity after investigation, and re-configuring their security.
There is speculation among users of bitcoin that this page may show the transactions. If so, that would mean it was done in 138 transactions, worth over 18 870 BTC or $5.1 Million at time of publishing. Given that Bitstamp CEO has previously said they maintain between 85 and 90% of their funds in cold storage this is a significant, but not shattering hit to the exchange. While its currently not available to see (due to the site being mostly down), their proof of reserve in May 2014 showed 183 497 Bitcoins worth almost $97 million at that time though given the currency's decline since then it is just over half that in valuation per Bitcoin now.
The news has had, as one would expect a negative reprecussion on the Bitcoin market with the exchange falling to $263.63 on the 4th though rebounding to over $270 today. Given that the currency opened the year at over $313 it is not an auspicious beginning for it, and further emphasizes the currencies volatility.
Here is the full statement from January 5th from Bitstamp:
AN IMPORTANT MESSAGE TO OUR CUSTOMERS:What do you think of this latest Bitcoin breach? Does it effect your confidance in cyptocurrency? Do you think that Law enforcement, after its inability to find out what happened in previous ones may be able to solve this one? Tell us in the comments below!
January 6, 2015, 12:34am UTC: We have temporarily suspended Bitstamp services. Bitstamp customers can rest assured that their bitcoins held with us prior to temporary suspension of services on January 5th (at 9am UTC) are completely safe and will be honored in full. On January 4th, some of Bitstamp’s operational wallets were compromised, resulting in a loss of less than 19,000 BTC. Upon learning of the breach, we immediately notified all customers that they should no longer make deposits to previously issued bitcoin deposit addresses. To repeat, customers should NOT make any deposits to previously issued bitcoin deposit addresses. As an additional security measure, we suspended our systems while we fully investigate the incident and actively engage with law enforcement officials. This breach represents a small fraction of Bitstamp’s total bitcoin reserves, the overwhelming majority of which are held in secure offline cold storage systems. We would like to reassure all Bitstamp customers that their balances held prior to our temporary suspension of services will not be affected and will be honored in full. We appreciate customers’ patience during this disruption of services. We are working to transfer a secure backup of the Bitstamp site onto a new safe environment and will be bringing this online in the coming days. Customers can stay informed via updates on our website, on Twitter (@Bitstamp) and through Bitstamp customer support at [email protected]. - Bitstamp Team