Establishing Digital Trust: Don't Sacrifice Security for Convenience
"The exchange no longer has enough cash to cover all of its deposits, and it has suspended its operations while it considers its options," writes Ars Technica's Timothy B. Lee.
"Shytlman's account of the event reveals that, although the organisation encrypts the necessary wallet keys needed to conduct transactions, it also kept an unencrypted backup, which were most likely compromised by the attacker," writes ZDNet's Michael Lee. "Shtylman has not elaborated much further on the details of the attack, but has stated that the server that was compromised was not public facing."
"BitFloor's reserve of BitCoins -- about 24,000 -- was wiped out," writes Computerworld's Jeremy Kirk. "A BitCoin was worth about $10.46 as of Wednesday, according to Mt.Gox, another BitCoin exchange. U.S. dollar accounts with BitFloor were not affected as well as records for accounts and trades, Shtylman wrote."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"Shtylman said that the loss may result in BitFloor folding its operations; however, that would be a last resort measure," writes ZDNet's Michael Lee. "If he decides to take that option, Shytlman has said that he still has logs of all the accounts, trades and transfers, which will allow him to make account repayments to BitFloor customers using the exchange market's remaining funds."
"In the long (and fast-growing) thread following Shtylman's confession, users are angrily asking why he used lax security practices to protect their virtual cash," writes The Register's Simon Sharwood. "His answer follows: 'Yes, I realize this is a very serious mistake.' Which looks an early favourite for understatement of the year."
"The prospects of finding the attackers are remote, given the intentionally anonymous nature of BitCoin exchanges," writes Threatpost's Anne Saita. "Such anonymity has made BitCoin exchanges a target for attacks and also raised concern about criminal transactions. This spring the FBI released a report warning that the decentralized, P2P structure 'provides a venue for individuals to generate, transfer, launder and steal illicit funds with some anonymity.'"
"This is not the first attack on a Bitcoin exchange," BBC News reports. "UK-based Bitcoinica was hacked twice this year and subsequently sued by several of its users after they had alleged it was not able to honour their withdrawal requests. The firm has since ceased operations for what it terms 'a transition period.'"