Español Bitstamp, the world’s third busiest bitcoin exchange, confirmed on Monday, January 5, that US$5 million worth of bitcoin was stolen due to a compromise in its storage wallet. The Slovenia-based exchange suspended its operations after admitting that “less than 19,000 Btc” was lost.
Nejc Kodrič, Bitstamp CEO, said that the deposits made before the temporary suspension are “completely safe and will be honored in full.”
To restate: the bulk of our bitcoin are in cold storage, and remain completely safe.
— Nejc Kodrič (@nejc_kodric) January 5, 2015
“This breach represents a small fraction of Bitstamp’s total bitcoin reserves, the overwhelming majority of which are held in secure offline cold storage systems. We would like to reassure all Bitstamp customers that their balances held prior to our temporary suspension of services will not be affected,” Kodrič said in a statement. “As an additional security measure, we suspended our systems while we fully investigate the incident and actively engage with law enforcement officials.”
The statement explains that while the company implements infrastructure changes, the site may remain offline. However, it does not give any indication regarding when the exchange will resume its trading activities.
The hack, which occurred on Sunday, January 4, was discovered after a Reddit user claimed that he made two deposits before they “disappeared from the incoming transactions list without updating” the balance.
Jackson Palmer, an Adobe engineer and co-creator of Dogecoin, explained on ZDNet that if someone hacks a server that’s got a hot wallet running on it, they can easily transfer out whatever balance of bitcoin is being stored there, instantly.”
“Most Bitcoin companies aim to store as large a percentage as possible of their Bitcoin in cold storage so that it can’t be stolen if someone malicious gains access to their server,” he added.
In February 2014, the world’s leading bitcoin exchange at that time was Mt. Gox. However, it went into bankruptcy after 200,000 bitcoins disappeared from its accounts after an alleged hacker attack.
No hacker group is known to have claimed responsibility for compromising the exchange’s servers.