Recently, we shared the details regarding payment processor Coinapult’s wallet compromise with you where 150 BTC was stolen from a hot wallet. The company was founded by Erik Voorhees and Ira Miller in 2012, and raised $750,000 USD in a seed round led by Roger Ver, FirstMark Capital, and the Bitcoin Opportunity Fund.
This security compromise revealed that Coinapult was not using a Multisig wallet at the time. Multisig requires multiple keys be used to complete a transaction. This system is similar to the key system at some companies where a door requires two different employees’ keys before opening so that one individual employee does not have sole access to a space.
Coinapult recently re-enabled logins so that users could review balances after verifying that the databases on the Coinapult servers were not compromised. Delays are expected as the company manually processes withdrawals using multisig 2of3 transactions and signs them. The company states that they will soon be enabling automatic withdraws after the Coinapult wallet software has been rewritten.
The company encourages all users to reset their passwords and 2FA, and get new API keys.