Bitstamp Claims $5 Million Lost in Hot Wallet Hack

imgo
5 January 2015

Update (6th January 15:20 GMT): Slovenian state-owned news agency STA is reporting that Bitstamp expects to resume services within 24 hours.


securityBitstamp has released a new statement regarding the security of its website, admitting that it has lost “less than 19,000 BTC”, about $5.1m at press time.

The revelation follows the disclosure that Bitstamp’s wallet system was compromised, prompting it to halt deposits and later shut down its platform entirely.

According to the statement, an undisclosed number of wallets were compromised and upon learning of the breach, the Bitstamp team issued warnings about deposits and moved to suspend operations. Bitstamp CEO Nejc Kodrič said that all other funds held by the bitcoin exchange are secure in cold storage, stating:

“This breach represents a small fraction of Bitstamp’s total bitcoin reserves, the overwhelming majority of which are are held in secure offline cold storage systems. We would like to reassure all Bitstamp customers that their balances held prior to our temporary suspension of services will not be affected and will be honored in full.”

Kodrič added that Bitstamp is working with law enforcement officials during what he said was an ongoing investigation into the incident.

Site still offline

The statement suggests that Bitstamp may remain offline during infrastructure changes.

Calling the shutdown a “disruption”, Kodrič said a process to shift data to more secure server space is underway. No indication was given as to when the exchange will actually open its doors to withdrawals or trades.

“We are working to transfer a secure backup of the Bitstamp site onto a new safe environment and will be bringing this online in the coming days,” he said.

The full statement from Kodrič reads:

“Bitstamp customers can rest assured that their bitcoins held with us prior to temporary suspension of services on January 5th (at 9am UTC) are completely safe and will be honored in full.

On January 4th, some of Bitstamp’s operational wallets were compromised, resulting in a loss of less than 19,000 BTC. Upon learning of the breach, we immediately notified all customers that they should no longer make deposits to previously issued bitcoin deposit addresses. As an additional security measure, we suspended our systems while we fully investigate the incident and actively engage with law enforcement officials.

This breach represents a small fraction of Bitstamp’s total bitcoin reserves, the overwhelming majority of which are are held in secure offline cold storage systems. We would like to reassure all Bitstamp customers that their balances held prior to our temporary suspension of services will not be affected and will be honored in full.

We appreciate customers’ patience during this disruption of services. We are working to transfer a secure backup of the Bitstamp site onto a new safe environment and will be bringing this online in the coming days. Customers can stay informed via updates on our website, on Twitter (@Bitstamp) and through Bitstamp customer support at support@bitstamp.net.”

CoinDesk will continue to monitor this developing story and post updates as they become available.