A company billing itself as one of Europe's biggest Bitcoin exchanges said it suffered a coordinated attack that succeeded in stealing almost $1 million worth of the digital currency, marking the latest in a string of high-stakes heists hitting companies that hold large sums online.
Kris Henriksen, CEO of Denmark-based Bitcoin Internet Payment Services (BIPS), made that claim last week in a Web post that said the attack began as a distributed denial-of-service (DDoS) attack. Two days later, Henriksen said, the same attackers targeted the BIPS network again and managed to use the damage they previously inflicted to somehow tamper with the channel that connects BIPS data storage systems to company servers.
"On November 15, BIPS was the target of a massive DDoS attack, which is now believed to have been the initial preparation for a subsequent attack on November 17 that overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers," the CEO wrote. "Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets."
The missing funds totaled 1,295 BTC, or about $1 million, according to a post on Coindesk, which cited this block in the official Bitcoin ledger. BIPS quickly closed its Bitcoin wallet service for consumers after discovering the theft. It advised existing users to transfer their bitcoins to competing wallet services and pledged to notify all users affected by the security breach.
The BIPS attack is at least the third major heist to hit Bitcoin services this month. In early November, the founder of Australia-based inputs.io said the service was robbed of 4,100 bitcoins—valued at about $1.2 million—in two separate attacks. China-based Bitcoin exchange GBL reportedly vanished with $4.1 million worth of customers' digital currency. Another Chinese exchange, BTC China, has also sustained massive DDoS attacks that are costing it dearly, according to an article published Tuesday by Wired.
Bitcoin heists that use malware, social engineering, or hacks to steal huge numbers of bitcoins are by no means new. But given the recent surge in the value of the digital currency, the proceeds of such attacks have mushroomed. Large-scale attacks that previously generated revenue measured in thetens of thousands or hundreds of thousands of dollars are now worth millions.