If you’re a smart enough hacker, you can break into a company that stores bitcoins for people and wipe out their bank accounts.
Thieves have done just that with BIPs, one of Europe’s biggest bitcoin payment processors, the company announced on its website.
That’s about $US990,00 based on today’s value of Bitcoins on Coindesk (about $US760 per coin).
BIPs offered a service that lets merchants accept bitcoins and exchange them into other currencies. As part of that service, it stored people’s bitcoins for free in what’s known as a bitcoin wallet. That’s akin to a bank account.
Hackers broke into that service on Friday and wiped out people’s wallets, Henriksen said.
The company explained how the hackers broke in: First they created what’s known as a denial of service attack, which is when computers on the Internet send a website so many hits that the website can’t handle all the traffic and it shuts down.
That hack let them discover a weakness in the website. Then they did a second attack two days later, broke into company’s network, controlled the company’s computer storage systems where the bitcoins were stored, and transferred the money into their own bitcoin wallet, Henriksen said in his blog post.
After the robbery, Henriksen tried to shrug off some of the blame, telling his customers, “Web Wallets are like a regular wallet that you carry cash in and not meant to keep large amounts in.”
Needless to say, the people who were using BPS’s free web wallet to store their Bitcoins are not happy that they were robbed. One user, “cubicdissection” wrote:
As someone who pursues and gets merchants to sign up for your service, you surely realise that many if not most of them are not well versed in Bitcoin. At NO point did you EVER say hey you shouldn’t keep your BTC with us. In fact, your website said: Your data is secure at BIPS … BIPS protects your payment information with industry-leading security and fraud protection. … So yeah, I felt pretty god—- secure leaving my BTC balance there. … So basically ALL balances are gone?
Here’s the warning about the robbery that BIPs posted to its website:
BIPS temporarily closes consumer wallet initiative after security breach
To protect the successful merchant processing business BIPS has decided to temporarily close down its consumer wallet initiative.
BIPS has been a target of a coordinated attack and subsequent security breached. Several consumer wallets have been compromised and BIPS will be contacting the affected users.
As a consequence BIPS will temporarily close down the wallet initiative to focus on real-time merchant processing business which does not include storing of Bitcoins. Subsequently BIPS will consider to reintroduce the wallet initiative with a re-architected security model.
The consumer wallet initiative has not been BIPS core business and as such regrettably affecting several users has not affected BIPS merchant acquiring.
All existing users will be asked to transfer bitcoins to other wallet solutions, and users affected by the security breach will be contacted.
Additional support information:
BIPS help desk system is currently not accessible and will not be re-enabled until an alternative hosting solution has been arranged for this. In the mean time, support is reachable via email to support(at)bips(dot)me. Previously submitted tickets need to be resubmitted via email. Please be patient and allow 24-72 hours to receive a reply.