Incident & Breach Response , Managed Detection & Response (MDR) , Security Operations
Bitstamp Back Online After BreachNew Website, Enhanced Security Measures Implemented
European Bitcoin exchange Bitstamp is back online following a temporary suspension of services after some of its operational wallets were compromised on Jan. 4, resulting in the theft of 19,000 Bitcoins worth more than $5 million.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
Bitstamp has redeployed its website and backend systems and has implemented additional security measures to protect its customers, the company says in a Jan. 9 statement.
"We took the decision to rebuild our systems from the ground up from a secure backup for a few reasons," CEO Nejc KodriÄ says. By redeploying the system from a secure backup onto entirely new hardware, "we were able to preserve the evidence for a full forensic investigation of the crime," he says.
Details were still scarce as to how the Bitcoins were taken and whether the perpetrator has been identified.
On Jan. 6, Bitstamp said it notified all customers that they should no longer make deposits to previously issued Bitcoin deposit addresses. Bitstamp said the breach represented a small fraction of Bitstamp's total Bitcoin reserves, "the overwhelming majority of which are held in secure offline cold storage systems."
Customers who had Bitcoins held with the exchange before to its temporary suspension of services on Jan. 5 "are completely safe and will be honored in full," Bitstamp said.
As part of Bitstamp's relaunch, the company says it has announced several new features, including:
- BitGo multi-sig technology, a more secure wallet for storing Bitcoins;
- Completely new hardware infrastructure; and
- The implementation of Amazon Web Services cloud infrastructure to run the Bitstamp exchange.
"While this is a time of challenge for our company, we expect to emerge from this experience having set an even higher bar than before for trust and confidence in our services," KodriÄ says.
Vulnerabilities Still Linger
The Bitstamp breach followed last year's shuttering of Mt.Gox - then one of the world's biggest Bitcoin exchanges - which was taken abruptly offline in February 2014, with the company alleging nearly 850,000 Bitcoins were stolen from the exchange by hackers (see: Bitcoin Trading Website Goes Dark).
Then, in March 2014, Bitcoin-trading website Vircurex announced it was stopping withdrawals and deposits for the time being, citing recent "large fund withdrawals" for the sudden halt in operations. The site subsequently resumed operations.
These incidents show that vulnerabilities still linger around the Bitcoin ecosystem, says Nathalie Reinelt, an analyst at the consultancy Aite Group who focuses on virtual currencies (see: Bitcoin: Mitigating the Risks).
"Although this breach is relatively small in comparison to the Mt.Gox breach a year ago, and according to the notice on Bitstamp's website will not affect consumer assets, it still continues to raise questions as to the viability of Bitcoin as a mainstream alternative," she says.