2013年12月1日 星期日

Cyberattack Leads to $1 Million Bitcoin Heist

Another Bitcoin company has fallen victim of a massive cyberheist. BIPS, one of the largest European Bitcoin payment processors, lost 1,295 Bitcoin (currently worth $1 million) after a cyberattack.

As the price of Bitcoin continues to rise, cybercriminals are targeting companies with large holdings of Bitcoins in their servers. The attack on BIPS happened just a few weeks after inputs.io, which allegedly lost 4,100 BTC, worth more than $1 million at the time.

SEE ALSO: Bitcoin Goes to Washington: The Case for and Against Digital Currency

Hackers launched their initial Distributed Denial of Service (DDoS) attack on BIPS on Nov. 15, the company wrote in a Reddit post. The hackers attacked again on Nov. 17, overloading BIPS servers and somehow getting access to several online wallets, which allowed them to steal the 1,295 BTC.

BIPS, which claims to have more than 20,000 customers, offered free online wallets to store their Bitcoin online. It also offers a payment processors for merchants who want to accept payments in Bitcoin.

The company released a statement saying the attack compromised "several consumer wallets." However, it didn't specify how many accounts were hacked. BIPS' CEO Kris Henriksen told Mashable that "most of the missing funds were from our company’s own holdings," but declined to be interviewed for lack of time. "This is my fifth day without sleep," he added in an email.

After the attack, Henriksen advised his customers to avoid online wallets altogether, despite the fact that his company offered them to users. BIPS' online wallet service is now suspended.

"Attacks are not isolated to us, and if you are storing larger amounts of coins with any third party, you may want to find alternative storage solutions as soon as possible," he wrote in a BitcoinTalk forum message.

"Web Wallets are like a regular wallet that you carry cash in and not meant to keep large amounts in," he added.

But several BIPS customers, who still don't know if they'll ever get their Bitcoin back, aren't convinced by Henriksen's advice, saying he never warned them of any danger before the attack. On the contrary, the company said it was secure.

Responding to Henriksen's claim that web wallets are only meant for little amounts of Bitcoin, a BitcoinTalk forum user that goes by the name of Cubicdissection said: "At NO point did you EVER say hey you shouldn't keep your BTC with us."

"In fact, your website said: 'Your data is secure at BIPS.' So yeah, I felt pretty goddamn secure leaving my BTC balance there," he added. "Why don't you speak in plain English and quit giving us the runaround? Because it makes me think you're a liar and have something to hide."

Another user, nicknamed Genghis34, said he had 90 Bitcoin (around $73,000) in his BIPS wallet. He his now asking other victims to sign up online to form a group to potentially sue BIPS and use the threat of a lawsuit as a "negotiating block" for a settlement.

Henriksen's conclusion that online wallets aren't safe echoes what the founder of inputs.io said after his website's loss of 4,100 Bitcoin.

"I don't recommend storing any Bitcoins accessible on computers connected to the Internet," he wrote at the time.

But for victims of the BIPS heist, these warnings come too little too late.

"Bitcoin is the wild west," wrote Genghis34. "And I really doubt this was intentional on the part of bips.me — just probably overconfidence to run a wallet service without proper security."

沒有留言:

張貼留言