Incident & Breach Response , Managed Detection & Response (MDR) , Security Operations

Bitstamp Back Online After Breach

New Website, Enhanced Security Measures Implemented
Bitstamp Back Online After Breach

European Bitcoin exchange Bitstamp is back online following a temporary suspension of services after some of its operational wallets were compromised on Jan. 4, resulting in the theft of 19,000 Bitcoins worth more than $5 million.

See Also: OnDemand Webinar | Utilizing SIEM and MDR for Maximum Protection

Bitstamp has redeployed its website and backend systems and has implemented additional security measures to protect its customers, the company says in a Jan. 9 statement.

"We took the decision to rebuild our systems from the ground up from a secure backup for a few reasons," CEO Nejc Kodrič says. By redeploying the system from a secure backup onto entirely new hardware, "we were able to preserve the evidence for a full forensic investigation of the crime," he says.

Details were still scarce as to how the Bitcoins were taken and whether the perpetrator has been identified.

On Jan. 6, Bitstamp said it notified all customers that they should no longer make deposits to previously issued Bitcoin deposit addresses. Bitstamp said the breach represented a small fraction of Bitstamp's total Bitcoin reserves, "the overwhelming majority of which are held in secure offline cold storage systems."

Customers who had Bitcoins held with the exchange before to its temporary suspension of services on Jan. 5 "are completely safe and will be honored in full," Bitstamp said.

New Features

As part of Bitstamp's relaunch, the company says it has announced several new features, including:

  • BitGo multi-sig technology, a more secure wallet for storing Bitcoins;
  • Completely new hardware infrastructure; and
  • The implementation of Amazon Web Services cloud infrastructure to run the Bitstamp exchange.

"While this is a time of challenge for our company, we expect to emerge from this experience having set an even higher bar than before for trust and confidence in our services," Kodrič says.

Vulnerabilities Still Linger

The Bitstamp breach followed last year's shuttering of Mt.Gox - then one of the world's biggest Bitcoin exchanges - which was taken abruptly offline in February 2014, with the company alleging nearly 850,000 Bitcoins were stolen from the exchange by hackers (see: Bitcoin Trading Website Goes Dark).

Then, in March 2014, Bitcoin-trading website Vircurex announced it was stopping withdrawals and deposits for the time being, citing recent "large fund withdrawals" for the sudden halt in operations. The site subsequently resumed operations.

These incidents show that vulnerabilities still linger around the Bitcoin ecosystem, says Nathalie Reinelt, an analyst at the consultancy Aite Group who focuses on virtual currencies (see: Bitcoin: Mitigating the Risks).

"Although this breach is relatively small in comparison to the Mt.Gox breach a year ago, and according to the notice on Bitstamp's website will not affect consumer assets, it still continues to raise questions as to the viability of Bitcoin as a mainstream alternative," she says.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.