The second largest U.S. dollar-Bitcoin exchange, Bitstamp, suspended trading on Jan. 4, warning customers that the system may have been compromised and requesting that they refrain from making digital currency deposits.
Attackers appear to have compromised the exchange’s operational cache of Bitcoins, also known as a “hot wallet,” on Jan. 4, the company said in a notice on its Website. While the firm urged users to not deposit Bitcoins in their accounts, it stressed that the damage from the attack should be limited.
“As a security precaution against compromises Bitstamp only maintains a small fraction of customer Bitcoins in online systems,” stated a notice on the exchange’s Web page. “Bitstamp maintains more than enough offline reserves to cover the compromised Bitcoins.”
In the past month, Bitstamp accounted for roughly a quarter of the transactions converting U.S. dollars into Bitcoins, and vice versa, according to BitcoinCharts.com.
The compromise may be the second breach of a major Bitcoin exchange. Mt. Gox, which failed spectacularly last year, was compromised twice: Once in June 2011 for the equivalent of nearly $9 million and again in early 2014 for approximately 850,000 Bitcoins, at the time worth more than $450 million. Last week, investigators into the latter incident reportedly concluded that nearly all the loss was caused by one or more insiders.
Rather than representing a major failing of the Bitcoin economy, these problems are more akin to growing pains, said Joe Stewart, who has studied Bitcoin crime as the director of malware research at Dell Secureworks.
“Even after Mt. Gox got attacked, people talked about using decentralized exchanges,” a security improvement, rather than the demise of the currency, he said. “Underlying this all is a protocol that is fairly sound, [but] obviously, the exchanges are where the money is and so there is all kinds of risk.”
In 2014, the price of Bitcoins shot up, reaching nearly $1,200 USD, before declining. The price is currently around $260, far below the 2014 peak, but still far higher than previous years. Currently, three-quarters of Bitcoin transactions do not involve U.S. dollars, but are due to the movement of China’s main currency, the Yuan, according to BitcoinCharts.com’s data.
Bitstamp sought to assuage the fears of its customers on Jan. 5. Taking to Twitter, the company assured that only a small amount of its store of Bitcoins had been affected by the potential breach.
“Thank you all for your patience, we are working diligently to restore service and hope to have an ETA later today,” Nejc Kodrič, co-founder and CEO of Bitstamp, stated in successive tweets. “To restate: the bulk of our Bitcoin are in cold storage, and remain completely safe.”
On its Website, the company stated that customer deposits before Jan. 5 would be covered by Bitstamp’s reserves, while deposits made to newly issued addresses could be honored after that date. The company planned to give an update on its outage later on Jan. 5.
The details of the investigation will make all the difference to Bitstamp’s users, stated Dell Secureworks’ Stewart.
“We still have to wait and see what the attack was before determining whether it could have been avoided,” Stewart said, adding at its face, the breach “is not like the Mt. Gox situation.”