Ottawa-based Canadian Bitcoins, which allows for Bitcoin trading with Canadian dollars, was reportedly robbed of $100,000 worth of Bitcoins. The coins apparently belonged to the exchange and customer coins were unaffected. The exchange has gone to great lengths reassuring customers of such in light of events that have transpired at MtGox and elsewhere. The exchange appears to be in a state capable of continuing operations.
The exchange has placed the blame squarely upon Rogers Communications for the attack, saying they did not follow proper security procedures. Some of the exchange’s hardware is kept at the Rogers Data Centre in question. They maintain that the hacker gained access by posing as the exchange owner James Grant in an online chat to bypass security measures. No specifics were provided on how the attacker then accessed the coins, all 149.94 of which were wiped clean from their wallet.
Rogers Communications has not yet commented on the matter.
Canadian Bitcoins issued the following statement on its website to customers:
On October 1st, 2013, Canadian Bitcoins suffered a fraudulent security intrusion at the Rogers Data Centre where it colocates some of its distributed equipment.
The fraudster used the ‘sales chat tool’ on their website to initiate a two hour chat session with Rogers staff, during which time, Rogers staff facilitated a breach of our equipment. It is important to note that this breach occurred without any authentication being performed by the Rogers Data Centre staff whatsoever.
While we did suffer a loss of bitcoins, please rest assured, that this was only a portion of our business holdings, and since Canadian Bitcoins does NOT store ANY bitcoins on a customers behalf, there was zero chance of any losses to customers. It was only our own, internal float that was affected. All transactions with Canadian Bitcoins are “one off” transactions. Users of our service do not maintain a ‘balance’ with us.
Stocks to Watch This Week – Expedia Group, IncGo to article >>
The server that was infiltrated was used to obtain access to the bitcoins. However the server that hosts the actual website, database, and customer verification documents are distributed between other data centres, and were NOT accessed in any way whatsoever during this event. To be clear: The attacker had NO ACCESS to ANY PERSONAL/CUSTOMER details.
Canadian Bitcoins has requested a full accounting from Rogers regarding the security breach at their Ottawa Data Centre and also filed a police report.
Yesterday morning we were contacted by the Ottawa Citizen for comment regarding the incident. Although none of our customers were negatively impacted by the incident, we felt that it was in the best overall interest of the Bitcoin community to be transparent about the incident rather than issuing “no comment” or trying to cover up the breach at the Rogers Data Center.
We look forward to continuing to work with all of our customers and wish to thank you for your continued support.
Canadian Bitcoins Team
The attack is the second this month on a Canadian Bitcoin exchange. Edmonton-based Flexcoin was hacked earlier this month, losing all of its deposits and were forced to shut down. At the time, the lost coins were worth $588,000. Edmonton police are still looking into the theft but no developments have been reported thus far.