Announcing a Return to our Roots: The All-New Bitcoin Magazine

Bitfloor Hacked, $250,000 Missing


         Bitfloor Hacked, $250,000 Missing

Bitfloor, the fourth largest exchange dealing in US dollars, has just announced[1]that it has been hacked, and the service has taken a loss of 24,000 BTC, worth about $250,000 at the time of the theft. As Roman Shtylman, the founder of Bitfloor, describes it, “last night, a few of our servers were compromised. As a result, the attacker gained accesses to an unencrypted backup of the wallet keys (the actual keys live in an encrypted area). Using these keys they were able to transfer the coins. This attack took the vast majority of the coins BitFloor was holding on hand.” As a result, BitFloor has paused all exchange operations and, depending on the effect that this will have on BitFloor’s finances, BitFloor may take one of two options. They may either take the loss and continue running in an attempt to eventually earn the money back or, in the worst case, shut down entirely and begin an account partial refund process out of the available funds.

The unencrypted backup that allowed the thief to carry out the attack was made when Shtylman made a manual upgrade earlier and put the data into an unencrypted partition on his disk; Shtylman has so far declined to comment further on the details of the attack, saying that “my current focus is on the future and not the past.” As Bitcoin security experts point out, Bitfloor made not one but two errors that were both necessary to lead to such a severe loss; the first, leaving data stored unencrypted, was an honest and perhaps unavoidable mistake, but it would not have had nearly as much of an effect if there had not also been the second error of leaving so much money in an online-accessible “hot wallet”. Since the Bitcoinica Linode theft, in which an unknown attacker made off with $222,000 worth of bitcoins from Bitcoinica’s hot wallet in March, it has been generally understood that any Bitcoin-holding service should keep the vast majority of its funds in “cold storage”, a term referring to a setup where the private keys never touch any computer that is accessible from the internet.

ThomasV, the lead developer behind the Electrum client, lists some security recommendations for Bitcion exchanges here; his seven key points are:

  1. Don’t store more bitcoins outside of cold storage than you can afford to lose and remain solvent. This ensures that your business will be able to financially survive a hack.
  2. Deposits should be sent to cold storage addresses directly.
  3. Transfer from cold storage to hot storage should be manual only.
  4. An attacker should not be able to disguise a theft as a series of withdrawals from customers.
  5. If a withdrawal request exceeds the amount available on the hot wallet, the customer should have to wait. Receiving coins 24 hours later is better than not receiving one’s coins at all.
  6. Clone your database to a place where an attacker cannot irreversibly modify or delete it from the server.
  7. Send digitally signed account statements to customers regularly, using a key that is not on the public server.

Taking greater care to protect one’s server from being hacked in the first place is of course the best defense. However, any single layer of defense will invariably make mistakes, and sound Bitcoin service security requires a strong and detailed strategy for mitigating losses based on a defense in depth. Not following proper security procedures may mean seeing your prospering Bitcoin business meet a sudden and untimely end. Given the amount of information and experience available on such matters, not taking the most trivial standard precautions may even open one up to liability due to gross negligence. No matter how big, small, young or established your Bitcoin business may be, it is better to be prepared earlier rather than later.




Bitcoin Price Analysis: Blowing Through Support Levels on the Way to $3,000

Bitcoin continues to tumble lower and lower as it struggles to claim any footing in the market. It’s down almost 50% in three weeks and it’s showing very little sign of stopping. It’s currently clutching onto the $3,500 values but it doesn’t look like it can hold on much longer.

Bitcoin Schmitcoin

Op Ed: SEC’s Latest Declaration Creates Legal Minefield for Digital Assets

This broad, authoritative declaration is not unexpected, as, to date, the SEC has stated that all digital assets — regardless of whether they function as alt coins or utility tokens — are securities at least initially and, thus, subject to its jurisdiction.

Huhnsik Chung and Nicholas Secara

Op Ed: Cryptocurrency’s Unrealized Opportunities for U.S. Tax Professionals

Tax accountants and firms that specialize in cryptocurrency will emerge to capture and service this market. The first movers will be the ones who stand to capture the oversized profits.

David Kemmerer

Op Ed: Anatomy of the Tether Attack: Are Stablecoins Vulnerable?

Last month's attack on Tether contains a cautionary tale: Only those coins that can survive such attacks have the slightest chance of becoming the “holy grail" of stablecoins.

Henry He