Bitcoin wallet service Inputs.io recently stated that 4,100 Bitcoins, currently valued at approximately $1.45 million, were stolen from the company in two attacks in late October 2013, leaving Inputs.io unable to pay out its users' balances in full (h/t Wired).
"The attacker compromised the hosting account through compromising email accounts (some very old, and without phone numbers attached, so it was easy to reset)," the company explained in a statement on its Web site. "The attacker was able to bypass 2FA due to a flaw on the server host side."
In a post on bitcointalk.org, Inputs.io owner TradeFortress added, "Inputs was not hacked through a flaw in the service, but rather through compromising a chain of e-mails that allowed the attacker to reset the password for the hosting account control panel."
In a separate post, TradeFortress explained, "People are getting refunded, but Inputs doesn't have enough coins to pay everyone fully. ... Inputs is dead and you'll need to find a new service provider. I don't recommend storing any Bitcoins accessible on computers connected to the Internet."https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
One forum user later announced, "I received 37.8% of the bitcoins I had on deposit back."
Another site run by TradeFortress, CoinLenders, was apparently also affected. Another forum user shared an e-mail from CoinLenders, which stated in part, "Due to major hacks, Inputs does not have enough BTC to repay everyone fully which has also affected CoinLenders."