Bitstamp exchange hacked, $5M worth of bitcoin stolen

The European bitcoin exchange suspends its service after it was hacked, ZDNet can confirm. Less than 19,000 bitcoins were stolen from an operational wallet.
Written by Zack Whittaker, Contributor
Bitstamp prices plummeted after news of the breach broke (Screenshot: ZDNet)

European bitcoin exchange Bitstamp suspended trading Monday after one of its active, operational bitcoin storage wallets was "compromised" over the weekend.

In a statement on its site, Bitstamp warned users not to deposit any Bitcoin to previously issued addresses.

The popular bitcoin trading site, said to be the world's third busiest bitcoin exchange amounting for 6 percent of all bitcoin transactions, said that a "small fraction" of customer bitcoins are maintained in online systems, adding that any compromised bitcoins can be recovered from its "cold" offline storage reserve.

Co-founder and chief executive Nejc Kodric said in a tweet that the bulk of Bitstamp's bitcoin reserves are in cold storage, and are "completely safe."

The site continued in its statement that it will "return to service."

Late on Monday, Bitstamp confirmed in an emailed statement to ZDNet that "less than 19,000 bitcoins" were stolen from the company's operational wallet.

Kodric said the bitcoins held with Bitstamp prior to the temporary suspension of the company's service are "completely safe and will be honored in full."

The market value of 19,000 bitcoins represents roughly $5 million. (We reported this figure earlier, details of which can be found below.) There has been no other comment as of yet from Bitstamp or Kodric.

Many took to news-sharing and social media sites to express concern about the handling of the situation, a little over a year after the largest bitcoin exchange Mt. Gox folded, following its claims that hackers had stolen millions of dollars worth of bitcoins.

Mt. Gox collapsed in early-2014 after unnamed hackers allegedly breached its systems. About 850,000 bitcoin, worth close to $450 million in funds, were said to have been taken. But the Japan-based exchange was quickly accused of mishandling the crisis. The company filed for bankruptcy protection, leading to investigators in both Japan and the US to probe the company's folding.

The price of a single bitcoin on the Mt. Gox exchange at its peak was about $1,240. But, after its alleged breach, the bitcoin market crashed to half its value, and continued for months to slowly decline.

Despite its volatility, many companies are lining up to support bitcoin -- once seen as an unstable virtual currency used by criminals, now becoming increasingly mainstream.

Microsoft became the latest technology company to support the virtual currency for its Xbox and Windows store platforms, about half a year after computer maker Dell began accepting it. Firefox browser-maker Mozilla supports bitcoin for donations, and Time Inc. accepts the currency for its magazine purchases.

What happened to Bitstamp remains a mystery. No hacker group is known to have claimed responsibility for compromising the exchange's servers. (We did not hear back from Kodric or Bitstamp at the time of writing. If we hear back, we will add updates.)

Jackson Palmer, an Adobe engineer who in his spare time created offshoot virtual currency Dogecoin, said in an email that only fraction of Bitstamp's funds are likely to have been stolen, but that could still be a significant amount.

"If someone hacks a server that's got a hot wallet running on it, they can easily transfer out whatever balance of bitcoin is being stored there, instantly," Palmer explained. "Most Bitcoin companies aim to store as large a percentage as possible of their Bitcoin in cold storage so that it can't be stolen if someone malicious gains access to their server."

Bitstamp's most recent proof-of-reserve in May showed it held 183,497 bitcoins in its cold wallet reserve -- or about $96.9 million at the time. While this figure is likely to have changed, it shows roughly the value of currency held at the exchange.

Users on Reddit and bitcoin forums are speculating one large transaction early on Sunday morning of 18,866 bitcoins -- about $5.1 million -- may be that of Bitstamp's hot wallet.

Kodric has publicly said Bitstamp aims to keeps between 85 percent and 90 percent of its customer's funds in cold storage, meaning as much as 10 percent to 15 percent would be at risk.

Bitstamp's suspension of trading has negatively affected bitcoin's price. As of Monday afternoon in New York, the price of bitcoin on Bitstamp was down 15 percent to $267 (at the time of publication).

Update at 5:41pm ET: with comments from Kodric reportedly confirming the breach.

Editorial standards