Bitstamp, a Bitcoin exchange based in the United Kingdom, remains offline this afternoon following what appears to have been a compromise over the weekend.
The company tweeted shortly after 4 a.m. Monday that it had to temporarily halt all withdrawals because it believes one of its wallets was compromised Sunday. In a warning on its site, Bitstamp apologized for the inconvenience and claimed that following an investigation it would return to service and amend its security measures as appropriate.
Bitstamp’s services are temporarily suspended. We apologize for the inconvenience. Details: https://t.co/ykn68Wi2wX
— Bitstamp (@Bitstamp) January 5, 2015
The exchange, which until 2013 was operated out of Slovenia, is the world’s third largest exchange by volume, according to BitcoinCharts.com.
Another warning on the exchange’s site stresses that users refrain from making deposits to their previously issued Bitcoin addresses and that only deposits made prior to today can be covered by Bitstamp’s reserves. Users who try to deposit Bitcoin are confronted with the following message: Emails sent from Bitstamp customer support to verified users early this morning claim that its transaction processing server “detected problems” with its hot wallet and that effective immediately, it was suspending withdrawals.
In Bitcoin-speak, a hot wallet refers to a wallet – a collection of private keys – that’s connected to the Internet.
To quell users’ fears, Nejc Kodrič, Bitstamp’s co-founder and CEO insisted via tweet this morning that the bulk of the company’s Bitcoin are in cold storage – offline – and are unaffected by this incident.
To restate: the bulk of our bitcoin are in cold storage, and remain completely safe. — Nejc Kodrič (@nejc_kodric) January 5, 2015
As Bitstamp’s site makes clear, the company only keeps a “small fraction” of Bitcoin in its online systems and that its offline reserves could cover any Bitcoin compromised.
Kodrič, who currently is en route to the annual Consumer Electronics Show (CES) in Las Vegas, said he hoped to have an ETA for when Bitstamp could restore service later today.
Bitcoin exchange @Bitstamp remains offline this afternoon following an apparent compromise over the weekend
Tweet
Many news outlets are speculating that what may have forced Bitstamp offline is potentially a random number generator (RNG) attack.
More than 800 Bitcoin ($220,000 USD) was swept from blockchain.info wallets last month following a RNG security issue with blockchain.info wallets. johoe, a white hat hacker took credit for the sweep but later, as a sign of good faith, refunded the stolen Bitcoin to users who could prove it belonged to them.
In an interview with CryptoCoinsNews last year, johoe claimed he was able to sweep any Bitcoin associated with addresses generated by a buggy Blockchain.info random number generator. Blockchain.info ultimately blamed the RNG vulnerability, which failed to ensure private keys were generated in a secure fashion, on a scheduled software update that was deployed overnight.
It hasn’t even been a year since Mt. Gox – at one point, the largest Bitcoin exchange – collapsed after losing more than $450 million in Bitcoin. It wasn’t long after that the Tokyo-based exchange shuttered its website and filed for bankruptcy.