Bitcoin heist nets cybercriminals $1 million after huge DDoS “smokescreen”

A large-scale “heist” targeting Bitcoin site BIPS led to the theft of $1 million in Bitcoin – the second such major attack this month. BIPS was blasted with a massive DDoS attack two days before the theft on November 15, which the site owners now believe was a smokescreen in preparation for the subsequent attack.

Several Bitcoin “wallet” services have been targeted this month, including Inputs.io and Polish Bitcoin exchange Bidextreme. The Inputs.io heist, reported by We Live Security here, netted attackers more than $1 million.

“BIPS has been a target of a coordinated attack and subsequent security breach. Several consumer wallets have been compromised and BIPS will be contacting the affected users,” the company said in a statement, as reported by Tech World.

Tech World stated that the attacks appeared to be Russian in origin – the company said in a Reddit post that the DDoS attack came from Russian IP addresses as it attempted to block the attack.  BIPS has disabled all Bitcoin wallets in the wake of the attack, Mashable reports, saying that 1,295 Bitcoins were stolen.

Speaking on the Bitcoin Talk forums, and reported by SC Magazine, CEO and BIPS founder Kris Henrikson said that the attack targeted ‘web wallets’, designed to store small amounts of the cryptocurrency, “The wallet part of BIPS was a free service to make payments easier for users,” Henrikson wrote. “Web Wallets are like a regular wallet that you carry cash in and not meant to keep large amounts in.”

Bitcoins can be stored in online wallets, but can also be stored offline, which offers more security, or can be stored as a code written down on paper. Henrikson said, “We offered a paper wallet as a cold storage alternative for those who wanted a safe storage solution.”

Henrikson did not say how many users had been affected, but told Mashable,“”most of the missing funds were from our company’s own holdings,” adding that, “This is my fifth night without sleep.” Users on Bitcoin Talk were not appeased, demanding to know how many wallets were affected, and accusing BIPS of not communicating adequately.

“We will be contacting all affected users as already proclaimed,” Henrikson said on Bitcoin Talk. “We will need their consent to hand over information to the authorities for further investigation, which hopefully can assist in catching the thief.”

ESET Malware Researcher Robert Lipovsky wrote in an earlier We Live Security post that Bitcoin and other crypto-currencies are being targeted by cybercriminals. “There are numerous malware families today that either perform Bitcoin mining or directly steal the contents of victims’ Bitcoin wallets, or both,” Lipovsky writes.

Author Rob Waugh, We Live Security

  • chartist

    Can someone broke into my Bitcoin Wallet?

    Your Bitcoin wallet is not a wallet actually. It does not contain your bitcoins.Your Bitcoins sit in the cloud with all the other Bitcoins.Your bitcoins are yours because you have the keys to them.

    Your Bitcoin wallet contains only the keys that let you spend the Bitcoins you control.When you make a backup of your wallet, you are making a copy of the keys.If someone else has a copy of the keys, you are sharing control of your Bitcoins. This includes hosted wallets.

    Bitcoin security hint> you can and should encrypt your Bitcoin wallet and make several backups.If the copy you normally use is lost or stolen, a theif can’t do anything with it without your encryption key.Coins spent from any copy of the wallet will be “spent” from all copies. They’re all the same. Your balance is recorded in the public ledger, not in the wallet. The wallet gives you access to your coin, it doesn’t contain the coin.

    My research on Bitcoin

    http://www.offgridminds.com/misinformation-blog/2013/11/28/questioning-bitcoin-at-1000.html

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.