On Friday last week, the Bitcoin exchange Bitcoinica took its servers offline after they discovered $90,000 USD worth of bitcoins was remotely stolen from its systems.
Bitcoin is an open-source digital cash system that was launched in 2009.
Now, in light of the breach, Bitcoinica were quick to issue a statement, which is still available on their homepage at the time of writing:
It is with much regret that we write to inform our users of a recent security breach at Bitcoinica. At approximately 1:00pm GMT, our live production servers were compromised by an attacker and they used this access to deplete our online wallet of 18547 BTC*.
We will learn more as we investigate, but would like to address early concerns.
- We have suspended operations while we focus on our investigation.
- The overwhelming majority of our bitcoin deposits were not stolen.
- The thief stole from us not you. All withdrawal requests will be honored.
- The database was most likely compromised.
With respect to passwords, Bitcoinica says that it is unlikely that they have been breached as they were both salted and encrypted with bcrypt.
The statement does remind users of the importance of not reusing passwords on different sites. It recommends that anyone who has used their Bitcoinica password elsewhere on the web would be wise to change it now.
Bitcoinica also states that sensitive documents holding for customer verification are both encrypted and stored separately. The exchange does not think that these are at risk from this attack.
Bitcoinica does, however, warns that information like customers’ usernames, email addresses and account histories could be at risk. Customers are reminded to avoid replying to emails that purport to come from Bitcoinica, and be wary of phishing attacks.
Bitcoinica says that it will provide more details soon. In the interim, interested readers can check out the Bitcoin forum bitcointalk.org, where a number of members are discussing the attack.
This is not the first time this Bitcoin exchange has been targeted. Earlier this year, Bitcoinica’s webhost was hacked and over $225,000 worth of Bitcoins was stolen.
And only last Wednesday, Bitcoin was in the news with a leaked FBI internal report [PDF].
According to Wired, the FBI report expresses concern about the difficulty of tracking the identity of anonymous Bitcoin users, though the report inadvertently also provides tips to Bitcoin users on how to better ensure anonymity.
* BTC is a single unit of Bitcoin