Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hack Robs Bitfloor of $250,000

A cyber-attack on Bitfloor, a Bitcoin exchange, yielded access to an unencrypted backup of wallet keys that were used to steal roughly $250,000, according to the company.

According to Roman Shtylman, founder of Bitfloor, trading has been suspended in light of the breach. The attack occurred Monday night, and compromised servers belonging to the firm, Shtylman explained Tuesday in a post on a user forum. 

A cyber-attack on Bitfloor, a Bitcoin exchange, yielded access to an unencrypted backup of wallet keys that were used to steal roughly $250,000, according to the company.

According to Roman Shtylman, founder of Bitfloor, trading has been suspended in light of the breach. The attack occurred Monday night, and compromised servers belonging to the firm, Shtylman explained Tuesday in a post on a user forum. 

“As a result, the attacker gained accesses to an unencrypted backup of the wallet keys (the actual keys live in an encrypted area),” he wrote. “Using these keys they were able to transfer the coins. This attack took the vast majority of the coins BitFloor was holding on hand. As a result, I have paused all exchange operations. Even tho [sic] only a small majority of the coins are ever in use at any time, I felt it inappropriate to continue operating not having the capability to cover all account balances for BTC at the time.”

All totaled, the attack stole some 24,000 bitcoins. Currently valued at roughly $10.40 a coin, the heist was worth approximately $250,000.

According to Shtylman, the backup keys were made when he manually did an upgrade and put the keys in “the unencrypted area on disk.”

Creating backup keys avoids accidentally making data inaccessible if encryption keys are lost, said Todd Thiemann, senior director of product marketing for data security firm Vormetric.

“Key management is a major enterprise challenge,” he said.

“When you start to encrypt in multiple locations and have multiple encryption keys floating around, you need some way to store, organize and manage them,” he added.  

Advertisement. Scroll to continue reading.

Bitfloor is hardly the first Bitcoin exchange market to come under attack. Last June, Mt.Gox was hit by hackers, and U.K.-based exchange Bitcoinica was hacked twice this year.

Though operations are currently suspended, Shtylman wrote that he is evaluating options for Bitfloor and that he does not want to shut it down. When contacted by SecurityWeek, he said he had no updates on the future of the company or how the attack took place.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.