BitFloor breached, hacker makes off with $250,000 in BitCoins

By Lee Kaelin on September 5, 2012, 6:30 PM

The future of BitFloor, the largest BitCoin exchange in the United States, is uncertain after its founder announced yesterday that the company has suspended operations due to hackers compromising its server and making off with 24,000 BitCoins valued at around $250,000.

BitFloor has frozen all trades following the breach as a precaution and its website remains offline at the time of writing. The New York-based virtual currency exchange may have to shuts its doors permanently, though its owner Roman Shtylman says that's a last resort and he hopes investors are interested in his company.

Early investigations revealed that the hacker most likely stole the BitCoins after finding the corresponding wallet keys in a backup stored on an unencrypted area of the server's hard drive. Normally the "live keys" are stored on an encrypted area of the server's disk, and the company's founder realizes leaving them so exposed was a massive error of judgment.

He also reassured those trading with BitCoins that their data was safe. "I still have all of the logs for accounts, trades, and transfers. I know exactly how much each user currently has in their account for both USD and BTC. No records were lost in this attack."

While he agrees that the details surrounding the attack are interesting, he hopes the discussion in response to his announcement will focus on user accounts and the long-term fate of the exchange, which turns over around 64,000 BitCoins per month valued at around $717,000. The company takes a 0.3% commission from trades netting it around $2,100 in monthly revenue.

Because the currency uses a peer-to-peer format, it's very unlikely that the firm will its coins back, as transactions are irreversible. While it's often viewed as a key feature that protects merchants from chargebacks, it also exposes BitCoin users to hackers who can make off with the money if they get access to private keys. Hackers are increasingly using malware to steal BitCoins.




User Comments: 8

Got something to say? Post a comment
Wendig0 Wendig0, TechSpot Paladin, said:

Lol bitcoins

dividebyzero dividebyzero, trainee n00b, said:

[hackers} making off with 24,000 BitCoins valued at around $250,000...

The company takes a 0.3% commission from trades netting it around $2,100 in monthly revenue....

the hacker most likely stole the BitCoins after finding the corresponding wallet keys in a backup stored on an unencrypted area of the server's hard drive. Normally the "live keys" are stored on an encrypted area of the server's disk, and the company's founder realizes leaving them so exposed was a massive error of judgment.

Sounds legit

Lol bitcoins

Lol indeed. As Kirk Lazarus would say..."Everybody knows you never go full virtual currency"

Jawshh Jawshh said:

Storing wallet keys on unencrypted storage is just like storing credit card information on unencrypted storage, so, this is basically a honeypot for hackers.

Just imagine if Paypal did the same thing with your credit cards. Don't think they'd be around for too long.

Sure, you'd be able to get your money back with credit cards but there'd still be a ton of costs involved.

Rule No 1: Always protect from prying eyes.

So, there's nothing wrong with Bitcoin, it's a very good hassle-free way to transfer currency as long as you do it right.

dividebyzero dividebyzero, trainee n00b, said:

Storing wallet keys on unencrypted storage is just like storing credit card information on unencrypted storage, so, this is basically a honeypot for hackers.

Just imagine if Paypal did the same thing with your credit cards. Don't think they'd be around for too long.

Which is why banks, credit institutions and PayPal tend to take security a more seriously

So, there's nothing wrong with Bitcoin, it's a very good hassle-free way to transfer currency as long as you do it right.

Linode's servers got hacked in March- Bitcoinica gets smacked. You'd think that would be a wake up call, no? Guess whose servers BitFloor use?......yup...Linode.

Obviously, some of the big exchanges aren't "doing it right", not really the way to instill confidence I would have thought. And as you mentioned, you've got a chance to get your cash back at a bank/Paypal etc. The only chance these bitcoiners have of recouping their losses, is if an investor is willing to put up funds to cover those losses- which brings us back to the confidence issue.

Tygerstrike said:

Its a start up company. They arent to the level of exchanges yet that would normally nessatate that level of security. They only make 2k a month. So yea I can see where a minor mistake would cause this. They dont have the nessasary experience that the bigger banking firms have. I hope the theft in general was just to show the weaknesses in that website and the hacker will be giving those coins back. However, im not so niaeve as to think they will do it. I feel it kinda sucks for the owner of this internet business. Get started and get some word of mouth/web advertising just to have some simple jackhat hack in and steal from them. Maybe a church would be a better target for the hacker. Atleast God would forgive that, or so Im told.

Blue Falcon said:

It's pretty funny people are laughing at bitcoins. It's a pretty cool idea even if long-term it doesn't work. At the very least it has guaranteed free AMD gpu upgrades over the last 2.5+ years. It's pretty nice to have free 7970 cards and then start building up more $ for HD8900 series without spending a dime! Until Bitcoin stops working for GPUs, it's an awesome AMD feature. Can't beat price/performance = 0.

Wendig0 Wendig0, TechSpot Paladin, said:

Lol indeed. As Kirk Lazarus would say..."Everybody knows you never go full virtual currency"

Ask Roman Shtylman, 2012, Bitcoins, remember? Went full virtual currency, went home empty handed...

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.