Bitcoin Exchange Reports Data BreachBitstamp Says $5 Million in Virtual Currency Stolen
European Bitcoin exchange Bitstamp has temporarily suspended its services after some of its operational wallets were compromised on Jan. 4, resulting in the theft of 19,000 Bitcoins, worth more than $5 million.
The news comes after last year's shuttering of Mt.Gox - then one of the world's biggest Bitcoin exchanges - which was taken abruptly offline in February 2014, raising concerns about the viability of the online virtual currency (see: Bitcoin Trading Website Goes Dark). The company had alleged nearly 850,000 Bitcoins were stolen from the exchange by hackers.
Then, in March 2014, Bitcoin-trading website Vircurex announced it was stopping withdrawals and deposits for the time being, citing recent "large fund withdrawals" for the sudden halt in operations. The site subsequently resumed operations.
The Bitstamp breach once again highlights key vulnerabilities of the Bitcoin ecosystem, including the lack of consumer protections, says Nathalie Reinelt, an analyst at the consultancy Aite Group who focuses on virtual currencies (see: Bitcoin: Mitigating the Risks).
"Although this breach is relatively small in comparison to the Mt.Gox breach a year ago, and according to the notice on Bitstamp's website will not affect consumer assets, it still continues to raise questions as to the viability of Bitcoin as a mainstream alternative," she says.
Latest Bitcoin Breach
Bitstamp says that once it learned of the breach, "we immediately notified all customers that they should no longer make deposits to previously issued Bitcoin deposit addresses." As an additional security measure, Bitstamp suspended its systems while it investigates the incident, working with law enforcement officials.
Bitstamp says the breach represents a small fraction of Bitstamp's total Bitcoin reserves, "the overwhelming majority of which are held in secure offline cold storage systems."
Customers who had Bitcoins held with the exchange before to its temporary suspension of services on Jan. 5 "are completely safe and will be honored in full," Bitstamp says.
The exchange says it's working to transfer a secure backup of its website to a new environment, which will be brought online in the coming days.
Virtual currency users have far fewer protections than those who use conventional banks, Reinelt says.
"When large mainstream financial institutions and merchants are attacked, consumers have peace of mind knowing that their finances will not be impacted since their accounts are insured and those breaches almost never result in the suspension of entire services," she says. "Consumers who need to transact with their Bitstamp accounts are dead in the water right now, and that's a problem for an industry that keeps insisting it's ready for prime time."
The Bitstamp breach sends a reminder that virtual currencies are still in their infancy and Bitcoin-based businesses don't always have the infrastructure to mitigate these attacks without impacting their customers, Reinelt adds.
A Red Flag?
Bitstamp's statement, which notes it's storing an "overwhelming majority" of its Bitcoin reserves in a secure, offline system, should raise red flags with consumers, Reinhelt says.
"If Bitcoin companies don't trust the ecosystem, to the point where they are taking their digital currency offline, why should consumers?" she asks.
It's unlikely that the stolen Bitcoins will be recovered, Reinelt says. "At best, Bitstamp can identify the breach and shore up their environment to prevent future compromises of the same nature."