Last week hackers stole 1,295 Bitcoins – more than a million dollars – from Denmark-based Bitcoin exchange BIPS. Founder and CEO Kris Henrikson took to the bitcointalk.org forums beginning Tuesday to explain the situation.
“On Nov. 15th BIPS was the target of a massive distributed denial-of-service (DDoS) attack, which is now believed to have been the initial preparation for a subsequent attack on Nov. 17th that overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers,” Henrikson wrote. “Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets.”
Wallet functions were disabled as of last week, Henrikson wrote, adding that any and all affected individuals will be contacted – no matter how many Bitcoins were stored in their wallets – and merchants will be contacted too if automatic conversion of Bitcoin was not enabled.
“We will need [user] consent to hand over information to the authorities for further investigation, which hopefully can assist in catching the thief,” Henrikson wrote on Friday. “Another priority is doing forensics data recovery to be able to investigate and assist authorities in finding the attacker. Technical information will not be disclosed for security reasons.”
Earlier this month Bitcoin eWallet Inputs.io was the victim of a hack that relieved the service of 4,100 Bitcoins, which translated at the time to about $1.1 million. In that instance, an attacker compromised the hosting account by targeting email accounts and took advantage of a flaw in two-factor authentication.