Flexcoin caves after epic theft, whilst exchange Poloniex loses 12 percent of its coins and First Meta CEO is found dead
More Bitcoin service providers have been devastated by attacks that saw their coffers plundered, following the collapse of the once-mighty exchange Mt.Gox, while the CEO of trading platform First Meta has been found dead.
Flexcoin, which describes itself as the Bitcoin bank, has completely caved after an attacker managed to steal 896 BTC. It appears the hacker set up an account before taking advantage of a serious weakness in the Flexcoin platform.
“The attacker then successfully exploited a flaw in the code which allows transfers between flexcoin users. By sending thousands of simultaneous requests, the attacker was able to “move” coins from one user account to another until the sending account was overdrawn, before balances were updated,” Flexcoin said in a notice on its site.
“Having this be the demise of our small company, after the endless hours of work we’ve put in, was never our intent. We’ve failed our customers, our business, and ultimatley [sic] the Bitcoin community.”
Bitcoin exchange Poloniex has also reported attacks on its systems, but it has not faced a catastrophe as bad as Flexcoin. A basic flaw appears to have been exploited, with 12.3 percent of Poloniex’s BTC holdings stolen.
“The hacker discovered that if you place several withdrawals all in practically the same instant, they will get processed at more or less the same time. This will result in a negative balance, but valid insertions into the database, which then get picked up by the withdrawal daemon,” a note from the Poloniex owner Tristan D’Agosta.
“The major problem here is that the auditing and security features were not explicitly looking for negative balances. They add deposits and withdrawals and check that accounts are in balance. If you have 2 BTC, withdraw 10 BTC, and are left with -8 BTC, the software would see that you deposited 2, withdrew 10, and have exactly what you should: -8.
“Another design flaw is that withdrawals should be queued at every step of the way. This could not have happened if withdrawals requests were processed sequentially instead of simultaneously.”
Withdrawals and deposits on the exchange have all been suspended and each account has had 12.3 percent of funds taken out, until Poloniex can come up with a better solution to repay the debt to users.
First Meta CEO found dead
Meanwhile, in Singapore, Autumn Radtke, the 28 year old CEO of virtual currency trading platform First Meta, has been found dead. Early reports said the death was suicide, but corrections have said that police investigations are ongoing.
There have been no reports of loss or cyber-attack at First Meta, which trades in virtual currencies including Bitcoin.
“The First Meta team is shocked and saddened by the tragic loss of our friend and CEO Autumn Radtke,” said a company statement. “Our deepest condolences go out to her family, friends and loved ones. Autumn was an inspiration to all of us and she will be sorely missed.”
Peter Judge contributed to this report.
What do you know about Bitcoin? Take our quiz!