Unknown hackers penetrated production servers and compromised databases belonging to the Bitcoin exchange, Bitcoinica, making off with some $87,000 worth of the digital currency, according to a statement published on the Bitcoinica Web site.
The breach took place Friday, May 11 and resulted in the loss of 18,547 Bitcoins, worth more than $87,000 based on the current Bitcoin exchange rate. Attackers also had access to the user names, email addresses, and account histories of Bitcoinica users.
Bitcoinica is a registered financial service provider and trading platform bitcoins, an alternative, digital currency that is exchanged using a decentralized, peer to peer network.
Bitcoinica assured its users that the cyber-thieves stole their Bitcoin holdings, not those of their users. In the statement, the company claims that all withdrawals will be honored and that the vast majority of the exchange’s Bitcoin wealth was not affected.
The company salts and encrypts user passwords with bcrypt, and said it is unlikely that those are vulnerable, even if the attackers had access to the encrypted password values. However, as a cautionary measure, Bitcoinica is recommending that users change their passwords as well as any shared passwords. The company also notes that all identifying documents are encrypted and stored on a separate server at a different data center. User-banking details were not affected. The company is also warning users to be aware of and careful about phishing attempts via email.
All links on the Bitcoinica website are currently redirecting users to the press release mentioned above, and the company has suspended operations while they investigate the breach.
Reports of the Bitcoinica hack came on the same day that Wired published an unclassified FBI report detailing the bureau’s concerns regarding cybercriminal use of the semi-anonymous virtual currency. As Threatpost has reported, Bitcoins, which can be exchanged anonymously, are being targeted with more frequency as well. Earlier this year, hackers compromised the cloud service provider, Linode, and emptied the bitcoin accounts of eight customers, totalling around $14,000.