3-Way Bitcoin Exchange Hack Dwarfed by 15-month $300 million Bank Heist

Published at: Feb. 16, 2015

[UPDATE] A HitBTC represenative sent the following comment to Cointelegraph:

"We have not confirmed that the attacks are connected, moreover, our hosting partners have not confirmed that the incident is actually a hacker attack.  In our Terminal, you can see an official notice about the payment system downtime. No user funds were affected on our side. We will allow deposits/withdrawals as soon as we finish the security checks on our side. Appropriate security measures are being implemented on our side and we have a proactive security policy."

As more details emerge about the latest hacking of exchanges Bter, Excoin and reportedly HitBTC, hundreds of millions of dollars are being reported stolen from a wide range of international banking institutions.

In what is quickly becoming one of the most expensive weekends for the finance industry since 2008, it seems not only the Bitcoin community has suffered losses from its purse.

3-Way Hack

Bter states it has now lost 7170BTC, while HitBTC has not released any information regarding the extent of its service compromise or the steps being taken to remedy the situation. The exchange has so far not responded to a request for comment.

Excoin has also not confirmed specific amounts, but that which is involved is seemingly enough to require the exchange’s wholesale shutdown, a statement on its main page reads. The exchange had most recently tweeted that it would resume operations, but this no longer appears to be the case.

I apologize for the lack of updates, we are working with our datacenter to find a solution. We will be back up and running soon.

— Exco.in (@ExcoinExchange) February 12, 2015

Fiat Banks ‘Goxed’

While the digital currency community reels again at another spate of successful attempts to defraud its users of their money, a considerably larger-scale operation has been witnessed across the fiat banking world.  As the New York Times reports, cybersecurity firm Kaspersky Lab has compiled evidence of a coordinated attack beginning 2013, which has seen institutions worldwide become the victim of untold rates of theft.

According to the Times, Kaspersky Lab “says it has seen evidence of US$300 million in theft through clients, and believes the total could be triple that.” Other news sources are reporting around US$1 billion being stolen.

Such numbers dwarf those of the recent Bitcoin hacks, but the thefts remain relatively unknown due to the apparent secrecy with which the banks involved are rectifying the problem.

“No bank has come forward acknowledging the theft,” the Times states, adding that even President Obama referred to the lack of reaction as “a common problem” at the inaugural White House summit meeting on cybersecurity and consumer protection at Stanford University Friday.

The banks nonetheless “are aware” of what has happened, according to Financial Services Information Sharing and Analysis Center, which alerts banks targeted by large-scale acts of fraud.

Accountability: Bitcoin vs. Fiat

The behavior of the players involved in the fiat hacks is noticeably unlike that witnessed in Bitcoin over the weekend, with communications coming from those operators affected and Bter even having offered a 720BTC bounty for help in returning the funds stolen. While accusations over their long-term security practices begin to surface, the lack of sustained attacks will no doubt allow the community some respite, something which in the banking sector is noticeably lacking.

“The silence around the investigation appears motivated in part by the reluctance of banks to concede that their systems were so easily penetrated, and in part by the fact that the attacks appear to be continuing,” the Times adds.

In the latest developments in the Bter case, Cryptonews247 claims to have discovered the identity of the hacker, citing 7 transactions linked to https://coingavel.com. No confirmation has yet been achieved, the service saying it will “continue to research and monitor the situation.”

Bter meanwhile posted an announcement confirming it “will actively cooperate with the police investigation [and] the recovery of stolen Bitcoins.”

“Please be assured that we will not run away,” the exchange added, “we will assume responsibility for the user to recover the stolen Bitcoins.”

Meanwhile, several other services have reported security breaches not resulting in the loss of coins. Huobi tweeted news of a “severe” DDoS attack, while Shapeshift and HolyTransaction both reported unpredictable client behavior, the latter also from a third party attack.

Huobi has been experiencing a severe DDOS attack but no security breach - deposits and withdrawals are available as normal.

— Huobi (@huobicom) February 15, 2015

Update: our Bitcoin client is being fussy, some orders aren't processing. We're working on it and will get it resolved ASAP.

— ShapeShift.io (@ShapeShift_io) February 15, 2015

Our service is under attack from DD4BC Team. We are taking all the measures necessary to protect our users. All funds are safe.

— HolyTransaction.com (@holytransaction) February 15, 2015

Did you enjoy this article? You may also be interested in reading these ones:

Chinese Exchange Gets 'Goxed' for 1,000 bitcoins (UPDATE: Company Responds) Breaking: Bter Hacked, 50M NXT Stolen White Hat Hacker Returns Missing Bitcoins to Blockchain.info
Tags
Related Posts
Cellebrite Launches Crypto Tracer Solution to Track Illicit Transactions
Digital intelligence firm Cellebrite has launched its “Cellebrite Crypto Tracer” solution. The new offering is powered by CipherTrace and aims to trace illicit cryptocurrencies involved in money laundering, terrorism, drugs, human trafficking, weapon sales and ransomware schemes. The suite of tools will be available to investigators, analysts and non-technical agents who want to lawfully obtain evidence and trace criminals who use cryptos like Bitcoin (BTC) through the darknet. Citing figures from an Oxford University study, Cellebrite states that an estimated $76 billion worth of illegal activities involve Bitcoin. Curating millions of information references to trace transactions The Cellebrite Crypto Tracer …
Technology / July 28, 2020
Bithumb Announces External Audit Results in Wake of $13 Million Hack
South Korean cryptocurrency exchange Bithumb has conducted a professional external audit of its funds after a major hack last month, the company confirmed in a statement on April 11. Bithumb, South Korea’s largest exchange, lost around 14 billion won ($13 million) two weeks ago in an event executives believe was masterminded by an insider. Now, Bithumb has used a third party to assess its reserves, repeating its previous assurances that customer funds remained safe in cold storage wallets. The 14 billion of hacked EOS (EOS) tokens, a previous statement said, represented company-only funds. All remaining funds in its hot wallet …
Bitcoin / April 11, 2019
Ukrainian Man Faces up to 6 Years in Jail for Cryptojacking on His Own Websites
Ukraine’s Cyber Police have arrested a man who allegedly placed crypto mining malware scripts on his own websites, local law enforcement reported on March 26. The cyber crime unit of the national police of Ukraine arrested a 32-year-old man from the Bukovina region who allegedly placed cryptojacking software on a number of educational websites that he created and administered. The unspecified websites and internet resources had 1.5 million monthly visitors, the police reported. The police also stated that the installed malware on the websites was deploying visitors’ devices’ CPU and GPU power to illegally mine cryptocurrencies. The authority has conducted …
Bitcoin / March 27, 2019
North Korean hackers stole $400M in 2021, mostly ETH: Chainalysis
North Korean crypto hackers siphoned off nearly $400 million in crypto through cyber attacks in 2021 according to new data from Chainalysis. The type of crypto stolen has also seen a sea change according to the Jan. 13 report from the blockchain analytics firm. In 2017, BTC accounted for nearly all the crypto stolen by the DPRK, but it now accounts for just one fifth: “In 2021, only 20% of the stolen funds were Bitcoin, whereas 22% were either ERC-20 tokens or altcoins. And for the first time ever, Ether accounted for a majority of the funds stolen at 58%.” …
Bitcoin / Jan. 14, 2022
Hacker tries to exploit bridge protocol, fails miserably
Cross-chain bridges have increasingly become targeted by malicious entities. However, not all hackers can run away with millions in their exploit attempts. Some end up losing money from their own wallets. In a Twitter thread, Alex Shevchenko, the CEO of Aurora Labs, told the story of a hacker who attempted to exploit the Rainbow Bridge but ended up losing 5 Ether (ETH), worth around $8,000 at the time of writing. According to Shevchenko, the hacker has presented a falsified NEAR block to the Rainbow Bridge contract and submitted the required 5 ETH safe deposit. Thinking that the team would be …
Bitcoin / Aug. 23, 2022