Polish Bitcoin Exchange Bitcurex Targeted by Hacking Attack

hacker
14 March 2014

UPDATE (17th March, 23:32 GMT): Bitcurex has issued an official update stating: “We inform that Bitcurex PLN will be resumed tomorrow, on March 18 at 12:00. Bitcurex EUR will be resumed on thursday on March 20, also at 12:00.”

UPDATE (14th March, 17:37 GMT): Bitcurex official statement added.

_________________________________________________________________

Poland’s leading bitcoin exchange Bitcurex temporarily shut down its site today following a hack which targeted funds in its users’ bitcoin wallets.

The exchange’s staff published a message on Facebook which stated that due “to an error and ongoing maintenance works” the platform had decided to “temporarily shut down [its] service”.

Company representatives told CoinDesk that the decision to temporarily close the website will allow the platform’s IT team to “perform a necessary verification”.

More details on the incident will be disclosed shortly once the maintenance works are completed, the representatives said, adding that there are reasons for optimism on their final outcome.

Filip Godecki, a representative of Bitcurex, told CoinDesk: “Based on what our IT team has been able to determine, it seems that the worst-case scenario can be ruled out.”

The site reportedly halted all transactions at 09:37 am local time.

A statement from the company said:

“We successfully blocked a hacking attack on Bitcurex, preventing mass theft of BTC funds of our users. Thanks to automatic safety procedures, hackers managed to defraud only a portion of the funds stored in operational Hot Wallet Bitcurex. The majority of funds from Hot Wallet, as well the entirety of funds from Cold Wallet and FIAT monetary funds remained intact.

Our team located and removed the source of the problem. We are working on resuming normal service, at the same time an external audit is being conducted: we will soon provide the exact date of resuming all Bitcurex functionalities. More information will be provided in further statements.

We are sorry for the inconvenience, and most of all we thank the whole BTC community for the support we received: we were put to a test that will make us stronger.”

When asked exactly how many bitcoins had been stolen, Godecki would not part with the specifics, replying: “It’s managable – it was only a part of our hot wallet.”

Community reaction

Meanwhile, the platform’s users have been discussing the incident on various Polish cryptocurrency forums, and a user’s account of what happened was published by local news site Niebezpiecznik.pl. According to the information obtained, the attack targeted digital currency worth several million dollars. The user said:

“At about 09:34 am, someone placed an offer to buy bitcoins at PLN 5,000 per unit, for a total of at least PLN 94m, and after a while offers to sell for the same price were also made.”

As a confirmation of the presented account, a screenshot taken from the website prior to the shutdown by another user shows an offer to buy 18,978.5 BTC for the total amount of PLN 94.89m ($31.1m), which translates into roughly PLN 5,000 ($1,637) per BTC.

About Bitcurex

According to data obtained from Bitcoincharts on 14th March, Bitcurex had a 30-day volume of 18,359.3 BTC and PLN 36.61m ($12m). The platform’s six-month volume is 131,617.4 BTC and roughly PLN 229m ($75m).

The attack comes several weeks after Bitcurex released a statement designed to calm its users following the meltdown of Mt.Gox.

“Out of concern for the safety of transactions made by our customers and their funds … we repeated a series of internal audits, as we always treat such incidents very seriously, regardless of how efficient our system is and how much we trust our solutions.”

It added: “Bitcurex has always absolutely prioritized the safety of the service and the mechanics of its operation. This is why we always choose solutions that we are 100% sure [of], and it does not matter how much time and effort it takes to implement them.”

The incident is not the first attack to target a Poland-based bitcoin exchange. As earlier reported, in November 2013, Poland’s digital currency exchange Bidextreme.pl was hacked and its customers’ bitcoin and litecoin wallets were emptied.

The amount of digital currency stolen was not disclosed by the Polish platform, which was founded in 2013. Following the attack, the site was shut down by its owner and put up for sale for a minimum price of 170 BTC.

Set up in July 2012, Bitcurex is based in Łódź, Poland. The cryptocurrency exchange is operated by local company Digital Future Ltd.