Welcome!

Security Authors: Pat Romanski, Michael Bushong, Elizabeth White, Ashley Stephenson, Brad Anderson

Related Topics: Security, SOA & WOA, Search, Web 2.0

Security: Article

Millionaire Virtual Bitcoin Heist in Denmark

Due to the nature of Bitcoin as a digital crypto-currency, anyone can see where the stolen Bitcoins are right now

A distributed denial of service (DDOS) attack on a Bitcoin wallet and transaction facilitator netted hackers with 1,265 Bitcoins worth $1 million. The hack attack started on November 15th, and it followed several other nefarious online maneuvers over a period of 48 hours. The victim is a Denmark-based tech company that as of early December was still trying to figure out how the heist unfolded on their servers.

The Danish company explained that the DDOS attack was formidable and succeeded in penetrating various layers of protection. According to blog posts and press reports, Bitcoin Internet Payment Services (BIPS) was forced to take immediate action and shut down the online wallets of its customers. It appears that the theft involved funds that belonged to BIPS and not those of clients.

Details on the Heist
Initial reports by BIPS indicate that the attacks were launched from Russia and a few bordering nations. Once the company learned that its own wallet was compromised, it prevented access to all other wallets as precautionary move. BIPS did not stop its merchant services, which means that customers could still make purchases or trade Bitcoins.

Due to the nature of Bitcoin as a digital crypto-currency, anyone can see where the stolen Bitcoins are right now. The anonymity protocol of Bitcoin makes it difficult to ascertain the identity of wallet owners, but the transaction history may yield a few clues. BIPS has appealed to the Danish National IT Forensic Police to help them with this incident; however, a formal theft report cannot be filed since the country's Central Bank does not regulate Bitcoin.

Although the theft involves funds belonging to BIPS, the company is working with legal counsel with regard to making arrangements for reimbursement for some affected customers.

Other Heists and Potential Legal Problems
Another millionaire Bitcoin virtual heist took place about a month before BIPS was attacked. An Australian company that provides online wallet services was relieved of 4,100 Bitcoins on October 26th. In this particular instance, this Bitcoin services provider waited two weeks before telling clients about the theft, which was estimated at more than $1 million.

It is interesting to note the sharp appreciation of Bitcoin from the time that the Australian heist took place until the mid-November BIPS incident. In early December, one Bitcoin was fluctuating at values greater than $1,000. Unlike BIPS, the Australian service provider was busy trying to reimburse customers, and it also stated that the servers were not so secure. An internal investigation revealed a flaw that attackers were able to take advantage of.

Although the Bitcoin protocol is very secure, currency holders must realize that humans are intrinsic to the security and functionality of the system. This means that systems can be compromised via social engineering, brute force attacks, fraud, malfeasance, and malicious acts. Now that Bitcoin has become a very valuable commodity, experts and analysts expect that more heists and attacks can be reasonably expected in the near future.

More Stories By Drew Hendricks

Drew Hendricks is a writer, as well as a tech, social media and environmental enthusiast, living in San Francisco. He is a contributing writer at Forbes, Technorati and The Huffington Post.