Bitstamp Loses $5m In Hack

The Bitstamp exchange has been suspended after its hot wallet service was hacked. Like its peers, such as BTC-E, OKCoin and Bitfinex, Bitstamp is a platform where people buy and sell bitcoin. The exact number of missing Bitcoin is unknown at this time, however in a statement on the Bitstamp website it is stated as being under 19,000.

[blockquote]On January 4th, some of Bitstamp’s operational wallets were compromised, resulting in a loss of less than 19,000 BTC[/blockquote]

Initially, Bitstamp told customers not to deposit new money into their accounts while it investigated the problem. Now all services are suspended, including its API. Nejc Kodrič, CEO of Bitstamp was quick to update customers via Twitter and has since posted a statement saying that the company is currently working to determine the source of the breach.

Money already deposited is apparently being held in cold wallets, and is therefore not at risk. However, any bitcoin sent to Bitstamp after 9am on January 5th is not guaranteed if the sender used an old deposit address.

This Bitstamp hack has eerie similarities to the Blockchain.info hack last month, when ‘ethical’ hackers were able to divert funds in and instantly brings back memories of  February 2014, when Mt Gox met their demise due to losing 850,000 of customers bitcoins in a supposed hack, albeit of a much greater magnitude.

What’s Happening at Bitstamp?

Evidence suggests that Bitstamp’s hot wallet service was hacked up to 24 hours before the service was suspended. The attack meant that unique addresses for deposits were compromised, leading to deposits being redirected to the hacker. This is why the company told users to stop depositing money before shutting the whole thing down.

The coins that were stolen between the hack and the suspension are safe, according to Bitstamp, and in cold wallets. Users need not worry about losing money, providing they stopped depositing cash when they were told to.

Behind the scenes, Bitstamp is busy moving coins to secure offline storage vaults and is working with law enforcement officials to investigate the breach. The company seems to be acting quickly, and plans to get the service back online as soon as possible. Its CEO seems to suggest that this will take a few days.

Lessons Learned

Bitcoins can be stored in offline wallets or online wallets. Offline wallets are often referred to as ‘cold wallets’, or ‘cold storage’; this includes paper wallets, memory sticks and devices not connected to the internet.

Hot wallets are riskier, but they are essential for trading. And Bitstamp is, or was, one of the biggest cryptocurrency exchange sites in the world. So it had a large amount of bitcoin in ‘hot’ storage – the weak point for attack.

Following high profile hacks over the last 2 years the industry has seen a surge in purpose built hardware wallets such as The Trezor, these devices are purposely designed to ensure Bitcoin security.

By its very nature, bitcoin is a decentralised currency – it’s designed this way because it has no single point of failure, and that makes it safer as well. Centralised exchanges therefore put users at risk – more so than may be truly necessary.

The future could lie in decentralised exchanges like Bitsquare and Brawker; services that utilise multiple private keys to verify exchange transactions. But for now, Bitstamp users will be hoping and praying that their share of those 19,000 BTC reappear in their accounts sooner rather than later.