Bitcoin exchange site hacked, taken down indefinitely
Bitcoin exchange site Bitcoinica is expected to experience a lengthy delay in onsite operations following an attack to its system that resulted in the theft of over 18,547 bitcoins. That’s approximately $90,000 USD.
Insiders are expecting it to take months for the company to build a new platform with security best practices "built-in from scratch."
The hackers broke into the Bitcoinica system Friday, just days after a leaked FBI report detailed governmental concern over the increasingly prominent online currency, which is anonymous and virtually untraceable. Bitcoinica shut down shortly after, and users were notified that the site's database—which included personal passwords, identifying documents, and account information—was most likely compromised.
Bitcoinica addressed the hacking in a second statement posted to the Bitcointrader blog on Tuesday. The company wrote that, unlike two previous attacks to its database in March and April, this particular hack was the result of poor security practices on Bitcoinica's behalf:
"The hacker was successful in exploiting a vulnerability in a critical email server. This gave the attacker access to an administrative email account which in turn allowed them to reset passwords with our hosting provider, Rackspace. From there, they were able to change root passwords, steal the private keys of our hosted bitcoin wallet, and compromise our online database."
Among the slip-ups, Bitcoin admitted to having too many bitcoins in its online wallet. (Keeping online balances at a minimum is a manual process that got away from the team.) The company also neglected email server security and failed to grow as a company as the site evolved.
"In light of rapid growth, it was prudent to bring in a larger team with diverse technical specialties, including security," the statement read.
"This occurred last month… a Transition period ensued. A new platform was conceived which would strengthen Bitcoinica in the long term but took focus away from the present system in the short term. The recent security breach was not beyond our team's skills to prevent. We know better."
In the meantime, the company plans to allow for users to withdraw their funds if they so desire to take their business elsewhere, though details concerning that activity have yet to be revealed.