More trouble for Bitcoin this week after an Australian wallet service admitted that attackers broke into their systems and made off with more than $1.2 million worth of the the digital crypto-currency.
The theft comes on the coat-tails of a contentious research paper claiming that a smaller-than-initially-thought coalition of Bitcoin miners could coalesce together to create a monopoly on the creation of blocks on Bitcoin’s ledger.
Bitcoin miners are tasked with creating new cryptographic blocks for the block chain, a ledger on which every public Bitcoin transaction is noted. Each new block must reflect transaction information from the former block. Thus, each block must contain within itself the record of every legitimate Bitcoin transaction ever carried out. At any given time there is one authoritative Bitcoin block chain. If a user, or group of users, generates a longer block chain – as in, one that reflects more transactions than the one before it – then that chain becomes the authoritative one. The generators of new blocks are awarded new Bitcoins because the task, which is tantamount to solving an incredibly difficult math problem, requires massive amounts of computer power.
Bitcoin wallet services are merely places where users can store their Bitcoins.
Inputs.io touted itself as the most secure Bitcoin wallet available. But, the message Inputs.io posted in place of its homepage notes that attackers compromised the service twice, making off with 4100 Bitcoins.
“Two hacks totalling (sic) about 4100 BTC have left Inputs.io unable to pay all user balances,” reads the message. “The attacker compromised the hosting account through compromising email accounts (some very old, and without phone numbers attached, so it was easy to reset). The attacker was able to bypass 2FA due to a flaw on the server host side.”
On a forum called Bitcointalk, a user operating under the handle TradeFortress, reportedly the owner of inputs.io, claims that he is attempting to issue partial refunds to individuals that lost money due to the hack, but that he does not personally own enough Bitcoins to fully refund all the losses. He also appears to have learned a key lesson, offering the following advice to everyone on the forum:
“I don’t recommend storing any Bitcoins accessible on computers connected to the internet.”