3-Way Bitcoin Exchange Hack Dwarfed by 15-month $300 million Bank Heist
[UPDATE] A HitBTC represenative sent the following comment to Cointelegraph:
"We have not confirmed that the attacks are connected, moreover, our hosting partners have not confirmed that the incident is actually a hacker attack. In our Terminal, you can see an official notice about the payment system downtime. No user funds were affected on our side. We will allow deposits/withdrawals as soon as we finish the security checks on our side. Appropriate security measures are being implemented on our side and we have a proactive security policy."
As more details emerge about the latest hacking of exchanges Bter, Excoin and reportedly HitBTC, hundreds of millions of dollars are being reported stolen from a wide range of international banking institutions.
In what is quickly becoming one of the most expensive weekends for the finance industry since 2008, it seems not only the Bitcoin community has suffered losses from its purse.
3-Way Hack
Bter states it has now lost 7170BTC, while HitBTC has not released any information regarding the extent of its service compromise or the steps being taken to remedy the situation. The exchange has so far not responded to a request for comment.
Excoin has also not confirmed specific amounts, but that which is involved is seemingly enough to require the exchange’s wholesale shutdown, a statement on its main page reads. The exchange had most recently tweeted that it would resume operations, but this no longer appears to be the case.
I apologize for the lack of updates, we are working with our datacenter to find a solution. We will be back up and running soon.
— Exco.in (@ExcoinExchange) February 12, 2015Fiat Banks ‘Goxed’
While the digital currency community reels again at another spate of successful attempts to defraud its users of their money, a considerably larger-scale operation has been witnessed across the fiat banking world. As the New York Times reports, cybersecurity firm Kaspersky Lab has compiled evidence of a coordinated attack beginning 2013, which has seen institutions worldwide become the victim of untold rates of theft.
According to the Times, Kaspersky Lab “says it has seen evidence of US$300 million in theft through clients, and believes the total could be triple that.” Other news sources are reporting around US$1 billion being stolen.
Such numbers dwarf those of the recent Bitcoin hacks, but the thefts remain relatively unknown due to the apparent secrecy with which the banks involved are rectifying the problem.
“No bank has come forward acknowledging the theft,” the Times states, adding that even President Obama referred to the lack of reaction as “a common problem” at the inaugural White House summit meeting on cybersecurity and consumer protection at Stanford University Friday.
The banks nonetheless “are aware” of what has happened, according to Financial Services Information Sharing and Analysis Center, which alerts banks targeted by large-scale acts of fraud.
Accountability: Bitcoin vs. Fiat
The behavior of the players involved in the fiat hacks is noticeably unlike that witnessed in Bitcoin over the weekend, with communications coming from those operators affected and Bter even having offered a 720BTC bounty for help in returning the funds stolen. While accusations over their long-term security practices begin to surface, the lack of sustained attacks will no doubt allow the community some respite, something which in the banking sector is noticeably lacking.
“The silence around the investigation appears motivated in part by the reluctance of banks to concede that their systems were so easily penetrated, and in part by the fact that the attacks appear to be continuing,” the Times adds.
In the latest developments in the Bter case, Cryptonews247 claims to have discovered the identity of the hacker, citing 7 transactions linked to https://coingavel.com. No confirmation has yet been achieved, the service saying it will “continue to research and monitor the situation.”
Bter meanwhile posted an announcement confirming it “will actively cooperate with the police investigation [and] the recovery of stolen Bitcoins.”
“Please be assured that we will not run away,” the exchange added, “we will assume responsibility for the user to recover the stolen Bitcoins.”
Meanwhile, several other services have reported security breaches not resulting in the loss of coins. Huobi tweeted news of a “severe” DDoS attack, while Shapeshift and HolyTransaction both reported unpredictable client behavior, the latter also from a third party attack.
Huobi has been experiencing a severe DDOS attack but no security breach - deposits and withdrawals are available as normal.
— Huobi (@huobicom) February 15, 2015Update: our Bitcoin client is being fussy, some orders aren't processing. We're working on it and will get it resolved ASAP.
— ShapeShift.io (@ShapeShift_io) February 15, 2015Our service is under attack from DD4BC Team. We are taking all the measures necessary to protect our users. All funds are safe.
— HolyTransaction.com (@holytransaction) February 15, 2015Did you enjoy this article? You may also be interested in reading these ones:
Chinese Exchange Gets 'Goxed' for 1,000 bitcoins (UPDATE: Company Responds) Breaking: Bter Hacked, 50M NXT Stolen White Hat Hacker Returns Missing Bitcoins to Blockchain.info