European bitcoin exchange Bitcoin Central has suspended its service temporarily, after it was hacked last week.
Bitcoin Central’s website said a few hundred bitcoins had been stolen from a hot wallet after an intruder managed to reset the password for its hosting provider’s web interface, locking the exchange out of its own site. The attacker then requested a reboot of the exchange’s machine, in rescue mode.
“Using this, the attacker copied our hot wallet and sent away what was present,” Bitcoin Central’s website said.
The exchange has promised to cover its users’ losses.
“We will refund everyone who so wishes up to the last cent and Satoshi and take the needed time, without rush, to come up with a platform, and infrastructure and procedures to meet the new challenges that are faced by the Bitcoin exchange ecosystem at large,” the exchange’s site said.
Bitcoin Central’s hosting provider, UK-based OVH, has been hacked before, according to reports. The administrator of the Slush mining pool recently noted on the Bitcoin Forum that his administrative interface for OVH had also been hacked using a password reset. Forum user “slush” said he reset the password, and also reset the password for his email account. He reported the password was then reset again, even though he had not yet opened the mail with the original reset link.
A spokesperson for OVH declined to comment on either of the hacks when contacted by CoinDesk. In a response to a public Tweet by Bitcoin Central, OVH support said it does not reset passwords without email confirmation.
Slush stated he has since moved his servers to an Amazon cloud computing environment. Bitcoin Central is back online at the time of writing, but is not trading. Instead, it is processing withdrawal requests from users.