EnterpriseFinancial MarketsSecurityWorkspace

BitCoin Exchange BitFloor Hacked, $250,000 Stolen

Max ‘Beast from the East’ Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope.

If you find him looking lost on the streets of London, feed him coffee and sugar.

Follow on: Google +

Owner promises to do everything to keep the website running

The largest American BitCoin currency exchange site BitFloor stopped trading on Tuesday after a hacker managed to get away with $250,000 (£157,800) in BitCoins, or almost all of the virtual currency stored on the company’s servers.

The owner of the website said that all US dollars and other real-currency accounts are secure, and no records of transactions have been lost in the attack. He has also promised to do everything to get BitFloor online.

Grab that cash with both hands

BitCoins, or BTC, make up a decentralised virtual cryptocurrency commonly used online among people interested in keeping their transactions secret. It is not tied to any real money, but traded on various electronic exchanges to establish its price.

© Franck Boston - Fotolia.comBitFloor is a BitCoin trading platform headquartered in New York, founded in 2011 by Roman Shtylman. It is the fourth largest website of its kind in the world.

According to Shtylman, on Monday night an attacker gained accesses to the unencrypted backup of the site’s BitCoin wallet keys. The hacker then used the keys to transfer 24,000 BTC, or almost all of the virtual currency stored on the servers, to an unidentified BitCoin wallet.

One of the most important characteristics of BitCoin transactions is anonymity, so once money has left the account, it is impossible to trace. The founder didn’t give details of the attack, saying that his current focus was “on the future and not the past”.

He did, however, admit that he personally made a mistake while handling the funds. Apparently, since the last server upgrade, customer wallet keys were stored in an unencrypted area of the hard drive.

Some customers have suggested that the theft was an inside job, orchestrated by website’s employees. The IP of the attacker was reportedly logged, but that does not mean they will be easily tracked.

To avoid getting into more trouble, BitFloor had to pause all transactions. “Even though only a small majority of the coins are ever in use at any time, I felt it inappropriate to continue operating not having the capability to cover all account balances for BTC at the time,” explained Shtylman.

He has also promised to do everything in his power to bring the website back online and avoid spreading panic in the BitCoin community. In the worst case scenario, Shtylman plans to initiate account repayment using current available funds.

“My goal is to find the best and most reasonable way forward for BitFloor customers and the exchange,” concludes his post on the BitCoinTalk forum.

Last month, four former customers had sued another virtual currency exchange, Bitcoinica, claiming that it owes them $460,457 (£293,080) in funds they previously deposited. Bitcoinica was hacked twice in 2012, with attackers stealing over $177,000 worth of BitCoins. The website ceased operation in May, but continues to accept claims for repayments.

And in 2011, Japanese exchange Mt.Gox had to stop running its service following a hacker attack that resulted in the loss of $1000 worth of BitCoins. The incident sent shockwaves throughout the market, causing the value of virtual currency to plunge.

Despite its bad reputation, there are companies that want to allow BitCoins to stand alongside other, national forms of currencies. BitInstant is said to be in the final stages of creating a debit card that will work worldwide with the MasterCard standard, but will be funded in BTC.

How well do you know Internet security? Try our quiz and find out!