Hackers have made off with at least $5m in bitcoins after compromising Slovenian exchange Bitstamp last weekend, the firm has admitted.
Bitstamp – one of the world’s largest bitcoin exchanges – temporarily suspended services on Monday after suspecting that one of its “operational wallets” had been compromised by attackers.
The following day it released this statement:
“On January 4th, some of Bitstamp's operational wallets were compromised, resulting in a loss of less than 19,000 BTC ($5.7m). Upon learning of the breach we immediately notified all customers that they should no longer make deposits to previously issued bitcoin deposit addresses … As an additional security measure, we suspended our systems while we fully investigate the incident and actively engage with law enforcement officials.”
Bitstamp moved quickly to allay any panic, claiming all bitcoins held prior to the suspension of service would be honored in full.
“This breach represents a small fraction of Bitstamp’s total bitcoin reserves, the overwhelming majority of which are held in secure offline cold storage systems,” it said.
Co-founder Damijan Merlak told Reuters on Wednesday that the firm expected to reopen within 24 hours, as soon as new infrastructure is in place and tested.
Darren Anstee, director of solutions architects at Arbor Networks, argued that although bitcoin deposits are usually held in air-gapped cold-storage – separated from the internet – a certain volume will inevitably remain accessible to hackers.
“After a breach such as this, it will be important for Bitstamp to be able to audit the activity on its systems and networks to find out exactly what has happened,” he added.
“Having tools that allow ready analysis of historic traffic patterns and activities is becoming increasingly important to organizations so that they can react quickly to prevent and minimize any damage.”
Rob Lay, cybersecurity solutions architect at Fujitsu, argued that firms need to move to a more proactive stance to better prepare for the inevitable breach.
“Recent research from Fujitsu revealed that only a third of financial services organizations are ‘very confident’ that security could be maintained in the event of an outage,” he added.
“As such, businesses need to ensure they are robust in their security to stay ahead of competitors and remain trusted in the eyes of the consumer.”