As 2013 comes to an end I would like to look back on the past month. This was no doubt a crazy ride for Bitcoin as it soared from around $213 on November 1st to over $1200 on November 30th. So although this was the reason for a lot of joy among Bitcoin evangelists, it also was the cause of a lot of trouble. Durning late October and November over $6.4 million (estimated) have been stolen in total from Bitcoin exchanges, online wallets, payment processors and trading platforms.
So if you’ve missed one, here’s a recap of the top Hacks for November 2013:
#4 – 4,000 user wallets emptied from Bitcash.cz
Date: November 11th 2013 Amount stolen: 485BTC (Roughly $100,000 at the time) Bitcash.cz (founded July 2011) is a Czech Republic based Bitcoin exchange. The website also featured an OTC exchange similar to Local Bitcoins. The site seems to have returned to normal operation since then. According to the site’s owner the entire balance of Bitcoins, including all users’ wallets, the coin vault and escrow accounts were emptied.
#3 – Over $1m stolen from Bitcoin Internet Payment Services (BIPS)
Date: November 15th 2013 Amount stolen: 1,295BTC (estimated just over $1m) BIPS is Europe’s primary Bitcoin payment processor for merchants and free online wallet service. The company was targeted by a massive DDoS attack and 2 days later by a subsequent attack that disable the site. The initial attack was found to originate from Russia and neighboring countries. By November 19th (4 days after the initial attack) the site was back online.
#2 – $1.2M stolen from a supposedly secure wallet service
Date: October 23rd 2013 Amount stolen: 4,100BTC (estimated $1.2m) Inputs.io was intended to be a high security Bitcoin web wallet. The Bitcoin’s were stollen from the website’s hot wallet which is kind of odd since most websites keep almost 80% of their funds in cold storage. Some believe that this was an inside job by TradeFortress, the developer of inputs.io and you can see that he also has some serious trust issued on BitcoinTalk forum:
And this is the apology which is posted on the site:
#1 – A chinese Bitcoin trading platform vanishes along with $4.1m
Date: October 26th 2013 Amount stolen: ¥25m ($4.1m) Global Bond Limited (GBL) was a chinese trading platform that launched on May 2013. The site was first promoted on BitcoinTalk and immediately arose suspicion as users pointed out that the site’s servers where located in Beijing while the site claimed to be located in Hong Kong. Furthermore, GBL was never issued a license for financial services. Regardless of these concerns GBL acquired 1,000 investors. By October GBL started capping the amount of money users could cash out and soon after vanished without a trace. Shortly after the BitcoinTalk message originally announcing GBL’s opening was changed to this:
Don’t think “This will never happen to me”
In this post we’ve covered just the major exchanges and website hacks, but Bitcoin hacks happen all the time and to individual users as well. For example, a post by SatoshiChrist submitted to Reddit on November states that he had 301BTC (~$71K) stolen from his BlockChain.info wallet because he did not user 2 factor authentication.
The main moral of this post is don’t keep all of your Bitcoins in one place. Especially if it’s a hot wallet (a wallet connected to the Internet). Try to divide them between different wallets and services since you never know when the next attack or scam will happen.