The biggest European company working with bitcoins - a payment collectors, exchange service and wallet provider – has reported that one of the attacks on its website was the result of the theft of bitcoin worth about a million dollars. The stolen amount is equal to 1295 bitcoins, which considering the rise of the price for a single BTC might be worth even more than a million dollars tomorrow or in the closest future.
Kris Henriksen form BIPS – the CEP and one of the funders insists that this money, as well as the broken wallets belong to BIPS and have stored the reserve of the company. The sum, in these so called “hot” wallets, depends on an algorithm taking for calculations risks, trade volume, deal amount and other parameters to get the sum to be stored there.
The attack and the theft was not a result of the violation of the code, bet merely to an attack from the outside. On the 15th of November the resources suffered from a massive DDos attack. Two days after a new was experienced. Such targeting led to termination of process and switching of the page. The iSCSI lost connection with the SAN on the BIPS servers. Generally, the method of safety and encryption did not envisage something similar to this crime. Almost any experts is sure that both attacks were committed by the same person of persons and the footprints of the attackers lead to Russia and neighboring countries.
On the 19th November all the services, except the wallet, have run properly. The wallets were closed for maintenance and then closed for repair works. The help desk was also unavailable till the 22nd of November.
The basic principle of safety implemented by BIPS leads to some problems during investigation. Not all violated wallets were in the ownership of the company. Now it is a hard task collect data of the victims and lost amounts of BTC. BIPS privacy policy states that any kind of information about their customers cannot be provided further – even on demand of any government or power institution. It is necessary to collect written allowances to start investigation and maintenance of the private wallets.
Once again the processing of merchant accounts, when no fund storage occurs, was continued and in case auto-convert function was on – nothing could have happened.
The official statement cited from BIPS page says:
“To protect the successful merchant processing business, BIPS has decided to temporarily close down its consumer wallet initiative.
BIPS has been a target of a coordinated attack and subsequent security breached. Several consumer wallets have been compromised and BIPS will be contacting the affected users.
As a consequence BIPS will temporarily close down the wallet initiative to focus on real-time merchant processing business which does not include storing of bitcoins. Subsequently BIPS will consider to reintroduce the wallet initiative with a re-architected security model.
The consumer wallet initiative has not been BIPS’ core business and, as such, regrettably affecting several users has not affected BIPS merchant acquiring.
All existing users will be asked to transfer bitcoins to other wallet solutions, and users affected by the security breach will be contacted.”
These words are not enough for the users, who lost their funds. This attack proves the necessity to consider the security of many online services offering wallets to the users. Currently BIPS offers a paper wallet function for users planning to store bitcoins for longer periods of time.
Image source: itproportal.com