The administrator of the largest Bitcoin exchange in the United States says that a hacker has compromised the service, stealing the around a quarter-of-a-million US dollars’ worth of the crypto-currency in the process.
Bitfloor founder Roman Shtylman says that someone managed to successfully access unencrypted “keys” kept on their server that allowed access to a vast collection of Bitcoins, the digital crypto-currency that has become a popular alternative among hacktivists and computer fiends for online transactions.
On the bitcointalk.org Web forum, Mr. Shtylman writes that an upgrade to his website’s server left the unencrypted keys exposed to anyone searching for them, a mistake he now openly acknowledges and regrets.
“I manually did an upgrade,” Shtylman writes, which as a result moved a trove of sensitive data to the unencrypted area on disk.
“I realize the details of the failure and attack are interesting but I am currently focused on user accounts and exchange status going forward,” he writes.
Now Bitfloor, at one time considered the fourth-largest service of its kind in the world, is offline after 24,000 units of the currency were compromised. Shtylman says he is uncertain if he will be able to bring the service back.
“Due to the serious nature of what has happened I am currently evaluating options for BitFloor. One of the last things I want to happen is for BitFloor to shutdown and cause more panic in the bitcoin community,” he says. “The platform itself is very valuable and provides an important and friendly service to many users.”
The latest hack is not the first assault on a Bitcoin exchange site, and is likely to not be the last either. Upwards of $90,000 worth of Bitcoins were compromised from the servers of a similar site, Bitcoinica, earlier this year, months after some critics first came out against the currency for a lack of security. Only last month, RT reported that a pyramid scheme that called on Bitcoin holders to invest their money into an online hedge fund had been exposed, but not before the administrator made off with $5.49 million in US dollars.
In a follow-up post on bitcointalk, Shtylman writes, “Yes, I realize this is a very serious mistake.”