An Australian bitcoin bank holding over US$1 million of the crypto-currency has been hacked, leaving an unknown number of users with nothing – one of the largest thefts in the currency’s four-year history.
The incident took place on October 26, when the bank was hacked,
with 4,100 bitcoins valued at $1.3 million stolen, the service’s
operator only known as ‘Tradefortress’ said. He refused to give
his name to the press, also stressing he was not much older than
18.
It took the bank’s owner two weeks to notify the affected
customers.
Bitcoin is a decentralized, crypto-currency, free from any
government or central bank control. Currency is sold and bought
at online exchanges, and those transactions can be virtually
anonymous.
One bitcoin is currently worth more than $300 on Mt. Gox, the
world’s largest bitcoin exchange - up from around $50 in March.
There are 11,925,700 million bitcoins in circulation.
The Sydney man offered the service called Inputs.io, which he
claimed was "one of the most secure web wallets on the
market." Customers were charged a small fee to keep their
bitcoins there.
The site used two-factor authentication and location-based email
confirmation, and said the page was started to avert "the hack
of bitcoins even if the web server was compromised."
Some of the hacked money is to be refunded, the operator told
Fairfax Media. Tradefortress said he would use 1,000 of his own
bitcoins, as well as the money the hackers didn’t steal.
"Users are being repaid up to 100 percent depending on the
amount (sliding scale), generally 40-75 percent,"
Tradefortress said.
The operator indicated the attack was possible due to “a
flaw” in the system which allowed the hackers to bypass the
protection.
Currently, there’s a sad face emoticon posted online and a notice
that reads "I know this doesn't mean much, but I'm sorry, and
saying that I'm very sad that this happened is an
understatement."
The response to the incident has been varied, with some users
accusing Tradefortress of making up the whole hacking story to
steal their money. He denies the accusation.
Customer Marco Martoccia tweeted (@sheet_metal) that he had lost
4 bitcoins as part of the heist, worth about $1,200. He said he
was planning to use bitcoins as a part of the deposit for a
house.
Specialists point to a lack of regulation as the main problem
with the currency.
"The users of Inputs.io were trusting a random person with
their money rather than in the real world when you're dealing
with cash, where you trust banks to look after your money,"
Ty Miller, director of Australian IT security firm Threat
Intelligence, told Fairfax Media.
He recommended storing coins with a strong password on a device
not connected to the internet, using hard-drive encryption and
antivirus protection.
A spokesman for the Australian Federal Police said to his
knowledge, a theft of bitcoins has never been investigated at
either a federal or state level.
The operator stated that he is not planning to address police
with the matter.