Update: Bitstamp resumed business on Friday January 9. The company said it has installed new hardware “from a completely secure backup of our code and data”.
The year is but five days old but already we have our first bitcoin hacking story of 2015 after Bitstamp, a Slovenia-based exchange that raised $10 million last year, suspended its service following a suspected breach.
A notice on the company’s website warns users that there is “reason to believe that one of Bitstamp’s operational wallets was compromised on January 4th, 2015.”
The company said it has temporarily suspended its service “as a security precaution,” but it claimed that it has enough bitcoins in cold storage (aka saved offline) to cover the stolen loot —
though it hasn’t revealed how many coins were lost. Update: The company says fewer than 19,000 coins were lost, that’s around $5 million worth but “a small fraction” of its total reserves — it’s full statement is at the bottom of this story
Nonetheless, there is still an all caps warning to customers about using the service.
IN THE MEANTIME, PLEASE DO NOT MAKE DEPOSITS TO PREVIOUSLY ISSUED BITCOIN DEPOSIT ADDRESSES. THEY CANNOT BE HONORED!
Bitstamp hasn’t revealed when its service will resume, it is investigating the situation first. “We will return to service and amend our security measures as appropriate,” the company added in the notice.
Issues with Bitstamp were first raised by customers on Hacker News who received an email from the company. Bitstamp’s website was then updated with the notice hours later.
The company’s CEO confirmed the suspension and issued an apology:
The price of bitcoin topped $1,000 per coin in November 2013, but 2014 saw the price drop steadily — its current valuation today is around $270. Indeed, bitcoin’s decline has been such that it has actually performed worse than Russia’s troubled Ruble currency, as Quartz pointed out last month.
Last year of course also saw some major bitcoin exchange drama. Mt. Gox, once one of the most influential exchanges, imploded in February, while that same month Silk Road 2 lost over $2 million bitcoins following a hack. Some other struggles included exchange Flexcoin closing down after it too lost coins to a hack, while Vircurex — another exchange — froze customer accounts as it battled insolvency.
There were some notable progress for the industry, particularly for payment companies. BitPay raised fresh funding, rival Coinbase is closing on new money, and both landed big name customers like Microsoft, Dell, Mozilla and Wikipedia to raise visibility of the cryptocurrency. But today’s Bitstamp news is a reminder that exchanges remain vulnerable to attacks, and they can affect bitcoin stakeholders themselves.
The good news is that the industry is more wary of the need for security following those high profile disasters. Bitstamp claims it kept most coins offline. That, if true, could mean any damage from this suspected attack may be minimal. Time will tell if that is the case.
Update: Bitstamp released a further statement:
Bitstamp customers can rest assured that their bitcoins held with us prior to temporary suspension of services on January 5th (at 9am UTC) are completely safe and will be honored in full.
On January 4th, some of Bitstamp’s operational wallets were compromised, resulting in a loss of less than 19,000 BTC. Upon learning of the breach, we immediately notified all customers that they should no longer make deposits to previously issued bitcoin deposit addresses. As an additional security measure, we suspended our systems while we fully investigate the incident and actively engage with law enforcement officials.
This breach represents a small fraction of Bitstamp’s total bitcoin reserves, the overwhelming majority of which are held in secure offline cold storage systems. We would like to reassure all Bitstamp customers that their balances held prior to our temporary suspension of services will not be affected and will be honored in full.