Bitcoin storage provider and payment processor Coinapult is back online following a hack-related outage last month.
Following a series of security improvements, Coinapult users can now deposit funds and ‘lock’ and ‘unlock’ their bitcoin to fiat currencies or assets. They were previously given login access on 21st March and withdrawals were re-enabled five days later.
The hot wallet attack, which occurred on 17th March, resulted in the loss of 150 BTC (approximately $42,900). Coinapult announced it was halting all operations via Twitter the same day.
At the time, Coinapult COO and CFO Justin Blincoe said customer funds had been unaffected, as the hot wallet was only used to store funds owned by the bitcoin startup.
In a bid to prevent future incidents, Coinapult has implemented 2 of 3 multisignature security, meaning that every withdrawal must now be cosigned by a Coinapult executive.
A company blog post noted:
“This manual cosigning is an extremely safe method of operation, but will result in delays making withdrawals. Our team will only be cosigning transactions during the hours of 9am-9pm in Panama (UTC−5).”
The blog post also confirmed that moving to a client-side signing system was of the “highest priority” for Coinapult, noting that the company was working “hard to restore instant withdrawals”.
Additional security
Coinapult has investigated the hacking incident but is yet to determine the specific entry point of the attack.
In a bid to heighten its security, the company says it has moved its operations to new servers and a new hosting location.
Having suffered subsequent Distributed Denial of Service (DDoS) attacks in the aftermath of the hot wallet attack, Coinapult is now protected by CloudFlare, a service which aims to improve the availability of websites and mobile apps.
Coinapult’s hack follows other high-profile security breaches this year. Bitcoin exchange Bitstamp lost approximately $5.1m worth of bitcoin following an attack on its hot wallet in January.
Canadian bitcoin exchange CAVirtex also ceased its operations following the compromise loss sensitive security information, which included password hashes and two-factor authentication information.
Image via Shutterstock.