Coinapult is doing a thorough investigation into a recent theft of 150 BTC, worth roughly $40,000 at the time of theft, from its hot wallet.
According to its website, Coinapult offers a bitcoin wallet with enterprise-grade security. Its “lock” offering shelters bitcoin holders from price volatility by locking holdings “to stable assets like Gold or USD.”
The startup has also sought to reassure users that the remaining funds held under its care, including another wallet with 500 BTC, are safe. It is also taking additional security precautions. Coinapult also warned via Twitter:
We are investigating a compromise of our hot wallet. Customers should NOT SEND bitcoin to existing Coinapult addresses starting IMMEDIATELY.
— Coinapult (@Coinapult) March 17, 2015
Going Past the Great Wall: Things to Consider When Entering the Asian MarketGo to article >>
The 150 BTC were sent by the alleged hacker to this address, its only transaction. As of the time of this writing, they remain unspent.
The startup has put out a detailed incident report, detailing the events leading up to the theft, how it was discovered and the actions taken since. Included is a detailed action log, which says one of the customer support representatives noticed a customer’s transactions getting stalled and the hot wallet balance being suspiciously low. It goes on to say that a few hours after the hack, CEO Ira Miller performed “enough investigation to identify that there has been 150 BTC withdrawn to an unknown address.”
One member of the team is going as far as to disassemble his laptop for the purpose of running forensics.
The report says that evidence suggests that malicious software was planted on the company’s systems and the hacker tampered with log files.
The incident is notable in that another Startup, Factom, has just recently announced plans to use Coinapult’s platform to crowdfund new projects and hedge its exposure to bitcoin price swings.