A large-scale “heist” targeting Bitcoin site BIPS led to the theft of $1 million in Bitcoin - the second such major attack this month. BIPS was blasted with a massive DDoS attack two days before the theft on November 15, which the site owners now believe was a smokescreen in preparation for the subsequent attack.
Several Bitcoin “wallet” services have been targeted this month, including Inputs.io and Polish Bitcoin exchange Bidextreme. The Inputs.io heist, reported by We Live Security here, netted attackers more than $1 million.
“BIPS has been a target of a coordinated attack and subsequent security breach. Several consumer wallets have been compromised and BIPS will be contacting the affected users,” the company said in a statement, as reported by Tech World.
Tech World stated that the attacks appeared to be Russian in origin - the company said in a Reddit post that the DDoS attack came from Russian IP addresses as it attempted to block the attack. BIPS has disabled all Bitcoin wallets in the wake of the attack, Mashable reports, saying that 1,295 Bitcoins were stolen.
Speaking on the Bitcoin Talk forums, and reported by SC Magazine, CEO and BIPS founder Kris Henrikson said that the attack targeted ‘web wallets’, designed to store small amounts of the cryptocurrency, “The wallet part of BIPS was a free service to make payments easier for users,” Henrikson wrote. “Web Wallets are like a regular wallet that you carry cash in and not meant to keep large amounts in.”
Bitcoins can be stored in online wallets, but can also be stored offline, which offers more security, or can be stored as a code written down on paper. Henrikson said, “We offered a paper wallet as a cold storage alternative for those who wanted a safe storage solution.”
Henrikson did not say how many users had been affected, but told Mashable,“"most of the missing funds were from our company’s own holdings,” adding that, “This is my fifth night without sleep.” Users on Bitcoin Talk were not appeased, demanding to know how many wallets were affected, and accusing BIPS of not communicating adequately.
“We will be contacting all affected users as already proclaimed,” Henrikson said on Bitcoin Talk. “We will need their consent to hand over information to the authorities for further investigation, which hopefully can assist in catching the thief.”
ESET Malware Researcher Robert Lipovsky wrote in an earlier We Live Security post that Bitcoin and other crypto-currencies are being targeted by cybercriminals. “There are numerous malware families today that either perform Bitcoin mining or directly steal the contents of victims’ Bitcoin wallets, or both,” Lipovsky writes.