As can be expected on the rugged frontiers of finance and technology, cyber-criminals have been targeting cryptocurrency businesses and individuals for years now. Recently however, the onslaught seems to be overcoming more of the defenses. The latest victim is the cryptocurrencies online wallet, CoinWallet.co (not to be confused with Coinwallet.eu , bitcoinwallet.com or any of the many many other wallet firms out there).
CoinWallet.co has announced it is shutting down at the end of April and requested clients to withdraw all coins before the 1st of May 2016. The decision to close was based primarily on the fact that “on the 6th of April we suffered a data breach.”
The CoinWallet.co team explained what happened: “Despite our best efforts there was a small error in a part of our code that should have checked and sanitized user input on a recently added function. Checks were in place but the check was then subsequently not used to block the database call. Our backup security system kicked in as it was designed to and no coins were lost. We have since patched the vulnerability but are still trying to determine the extent of the breach. We used encrypted and salted passwords but given enough time these should be assumed compromised.
Guide to Outsourcing Your IT DepartmentGo to article >>
This incident prompted us to reassess the viability of running coinwallet.co and it was decided it is just not viable taking into consideration the risk, costs and time involved. Given the large number of transactions that will occur over the next few days and weeks, we expect there may be some delays in processing some transactions.”
Inside Job at ShapeShift
Today we also got an update on the situation over at ShapeShift. Erik Voorhees, the CEO of the firm, wrote that since the beginning of his investigation into the hack that hurt ShapeShift’s hot wallet holdings last week he suspected that a former team mate was involved – and now he is confident that this is the case.
He added more details about the goings-on behind the scenes: “The story continues to unfold, and evidence continues to be revealed. We have been working with a forensic specialist from LedgerLabs, who has been terrific. A civil suit is ongoing, as are multiple criminal investigations of the perpetrators.
Our team continues to revise and rebuild infrastructure, hardening not only prior vulnerabilities, but future potential attack vectors. It has been inspiring to see anti-fragility in action as ShapeShift gets stronger. A more detailed post-mortem will be released at the appropriate time, after forensic work is complete.”