Denmark-based Bitcoin payment processor BIPS, fell under attack recently to a DDoS attack on their system. The end result of the attack was the theft of 1,295 BTC equaling approximately $1 million.
The 15th of November saw the first attack wave, followed by a second wave 2 days later on the 17th. The result of the attack “overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers,” and left several wallets emptied and compromised. By the 19th of November, BIPS was able to restore all of their merchant services, but have disabled all wallets until the investigation is complete. The help desk was also disabled, and was restored on the 22nd.
“Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets,” stated a release from BIPS about the attacks.
Kris Henriksen, CEO of BIPS, did emphasize that the majority of funds stolen were from the company’s own holdings. The funds were taken from BIPS’ “Hot-Wallet” that works off an algorithm to decide how many funds are needed to place immediate transfers. Henriksen also mentioned that all merchants using the processor’s auto-conversion option were not affected by the attack.
Separating Yourself From the Pack in a Mature FX IndustryGo to article >>
Further internal investigation shows the attacks originated “from Russia and neighboring countries”, and has lead BIPS to believe both attacks are connected.
Security concerns are always of utmost importance when using online wallets. Attacks such as these are the fear of many Bitcoin holders who use online wallet services. BIPS does offer a paper-wallet option to keep the funds offline and safe. BIPS is recommending that all wallet holders transfer their funds to other wallet solutions until further notice.
Image courtesy of Flicker