Canadian Bitcoin Exchange Loses $100k in Unorthodox Attack

shutterstock_180078383
20 March 2014

Ontario-based bitcoin buying and selling service Canadian Bitcoins has revealed that it was the victim of an unusual attack last October that resulted in the loss of 149.94 BTC ($100,000).

The Ottawa Citizen reports that an unidentified scammer contacted a technical support agent at its now former web hosting service, Granite Networks, claiming to be owner James Grant. Using only the owner’s name, the thief was allegedly able to have the site reboot into recovery mode, allowing him to bypass all protections on the server.

The media outlet indicates that it has obtained a text copy of the chat transcript between the web hosting company and the male suspect, and that the results are particularly damning for Granite Networks.

The newspaper concluded:

“At no point during the nearly two-hour-long conversation was the caller asked to verify his identity.”

The news follows several high-profile attacks that were more sophisticated in nature, including most notably the loss of millions in customer funds by now-bankrupt Japan-based exchange Mt. Gox and the theft of 12.3% of Poloniex’s bitcoins earlier this March.

Stemming the damage

While security remains a top concern across the entire bitcoin industry, it seems Canadian Bitcoins‘ additional protections stood up to the purported lapse in judgement by the support operator.

Grant only kept a portion of his company’s bitcoins in a hot wallet, housing the rest in a cold storage wallet locked in a safety deposit box.

Since learning of the theft, Grant said his firm has paid for the loss out of its own pocket, and that he has moved his computer equipment out of the facility.

Grant published a full response to the article on 18th March, emphasizing that no customer data was affected during the breach, and stating that it has requested a full accounting of the incident from Granite Networks’ parent company Rodgers Communications.

Further action

Rogers Data Centres told the Citizen that it is cooperating with the investigation, but that the security issue is not indicative of larger problems at its company.

“The situation surrounding this customer is unique to this customer, and does not apply to any other customer of Rogers Data Centres. Rogers has been fully co-operative with authorities in the investigation.”

It has offered Grant a credit for the error. Grant is said to be contemplating legal action, but did not confirm or deny the reports in talks with CoinDesk.

Reaction to the theft on reddit was mixed. Some users were irate over Granite Networks’ seemingly negligent actions, while others suggested this provided more evidence that bitcoin businesses need to move away from relying on cloud services were funds may be susceptible to theft.

About Canadian Bitcoins

The company was an early bitcoin startup, launching in July 2011. Grant had previously accepted bitcoin at his web hosting and voice over Internet protocol (VOIP) company Lightbox Technologies, and founded Canadian Bitcoins to provide a simple, straightforward way to buy and sell bitcoins using $CAD at rates pegged to an exchange, though Canadian Bitcoins does not function as an exchange.

Canadian Bitcoins accepts only cash, delivered to its office or through express mail, or direct deposit for its bitcoin orders.

For a full explanation of its service, read the company’s ‘How it Works’ section here.

Image credit: Canadian dollars via Shutterstock

Read more

Exchanges Canada News