Purse.io, a startup helping shoppers exchange unused gift cards for bitcoins, says that its service is back to normal after its users were targeted in an e-mail attack.
A number of users claimed that their wallets were compromised and bitcoins were stolen within seconds of the attack. They received e-mails that appeared to originate from Purse.io, requesting that they reset their passwords. Some users claimed that they followed the instructions and then almost immediately received e-mail confirmations of withdrawal requests that they did not initiate.
According to their claims, the total amount of bitcoin stolen was minimal.
Purse.io reported that it became aware of unauthorized password reset e-mails and that it turned off its service for several hours while “securing all funds”. It further said that all user balances are accounted for.
Legal Risk Factor Beneath Ripple’s Lawsuit from SECGo to article >>
As to the apparent withdrawal confirmations, the startup later said “those accounts have been secured,” adding that most accounts were unaffected and claiming that no hot/cold wallets were compromised.
It suspects that one of its third-party e-mail providers was compromised. Nobody using 2-factor authentication (2FA) was affected, and it is considering making the feature mandatory, as is found elsewhere.
Purse.io’s service lets shoppers pay for unwanted gift cards in bitcoin for large discounts. It claims that customers have saved over $500,000 this year.
In general, hacking-related theft has declined in 2015. Advances in wallet technology, using best practices and education have given honest users the upper hand.