Danish bitcoin payment processor BIPS has shut down its free online wallet service after hackers launched a two-stage attack that led to the theft of about US$1 million worth of bitcoins.
BIPS, which styles itself as one of the largest bitcoin payment processors in Europe, confirmed that 1,295 bitcoins were stolen “from the company’s own holdings.”
The attack started on November 15 with a sustained DDoS (distributed denial-of-service) attack. Two days later, on November 17, a separate attack disabled the BIPS site and “overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers,” according to a company statement.
“Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets,” BIPS added.
The company acknowledged that several consumer wallets were compromised but no additional details were provided.
“As a consequence BIPS will temporarily close down the wallet initiative to focus on real-time merchant processing business which does not include storing of Bitcoins,” it added.
BIPS said the DDoS attacks originated from Russia and neighboring countries and believes the two attacks are connected.