BitStamp Wallet Now Officially "Hacked"

Posted on by

A total of 18,867.62695929 BTC were moved from BitStamp's hot wallet to a wallet that is outside of their control. A statement attributed to Nejc Kodrič appears on Coindesk which differs from the one available on Bitstamp's own site. The Statement attributed to Nejc Kodrič on CoinDesk:

Bitstamp customers can rest assured that their bitcoins held with us as prior to temporary suspension of services on January 5th (at 9am UTC) are completely safe and will be honored in full.

On January 4th, some of Bitstamp’s operational wallets were compromised, resulting in a loss of less than 19,000 BTC.  Upon learning of the breach, we immediately notified all customers that they should no longer make deposits to previously issued bitcoin deposit addresses.  As an additional security measure, we suspended our systems while we fully investigate the incident and actively engage with law enforcement officials.

This breach represents a small fraction of Bitstamp’s total bitcoin reserves, the overwhelming majority of which are are held in secure offline cold storage systems. We would like to reassure all Bitstamp customers that their balances held prior to our temporary suspension of services will not be affected and will be honored in full.

We appreciate customers’ patience during this disruption of services. We are working to transfer a secure backup of the Bitstamp site onto a new safe environment and will be bringing this online in the coming days. Customers can stay informed via updates on our website, on Twitter (@Bitstamp) and through Bitstamp customer support at support@bitstamp.net.

And the Statement presently on Bitstamp:

Bitstamp Service Temporarily Suspended

We have reason to believe that one of Bitstamp’s operational wallets was compromised on January 4th, 2015.

As a security precaution against compromises Bitstamp only maintains a small fraction of customer bitcoins in online systems. Bitstamp maintains more than enough offline reserves to cover the compromised bitcoins.

IN THE MEANTIME, PLEASE DO NOT MAKE DEPOSITS TO PREVIOUSLY ISSUED BITCOIN DEPOSIT ADDRESSES. THEY CANNOT BE HONORED!

Customer deposits made prior to January 5th, 2015 9:00 UTC are fully covered by Bitstamp’s reserves. Deposits made to newly issued addresses provided after January 5th, 2015 9:00 UTC can be honored.

Bitstamp takes our security and soundness very seriously. In an excess of caution, we are suspending service as we continue to investigate. We will return to service and amend our security measures as appropriate.

Bitstamp Team

BitStamp surpassed Mt Gox is trading volume in 2013, largely on the strength of its not being Mt Gox. Bitcoin entrepreneur Kakobrekla offered the following explicit criticisms of practices of Bitstamp back in June 2013.

Theres several major flaws in the design (even more in the execution of the design) of the engine. The really obvious and most retarded is grouping the prices to the second decimal place [this was alleviated to those aware with special api call after my conversation with Nejc, but certainly not fixed] and charging 0.01 usd for each order [thats potentially hiding behind the grouped price], resulting in cases where you pay more for the fee than the traded amount was worth, resulting in negative balance (which mathematically means trading fee varies from 0.4%, across 100%, over to infinity and beyond). Not even mentioning they use ceil().

There is a deeper rounding issue present also, read about it here: http://log.bitcoin-assets.com/?date=16-05-2013&display=show&bots=true#33425 (from 03:08:39 to 03:16:45).

Then you have issues such as bid>ask which only someone with iq below 80 (and im being generous) can come up with. There is two more bugs that come to mind at the moment, one was discussed on the forums and was 'fixed' after a while IIRC, go search, and the other is a bit hard to reproduce (happened to me only once or twice but I got a confirm from other traders).

So its not "Bitstamp is POTENTIALLY stealing BTC from customers!!!! BE WARNED!" but they have been stealing from your stupid faces for a long time (this is years now, i remember it like yesterday when they started and were K-LINED on freenode for being spammy fucks) – lucky for them, bitcoiners are mostly retarded.

But hey, not to worry, theres about 10-30 idiots trying to open 'another bitstamp' [yes I am quoting] so is all good, right!?

In spite of these flaws as Mt Gox's fortunes continued to decline throughout 2013 Bitstamp continued to gain momentum. The whole time BitStamp continued to innovate in the space of inventing new anti-money laundering and know your customer burdens for people wishing to trade there without indicating any actual legal reason to impose those burdens.

Rumor and innuendo suggests that the address 1JoktQJhCzuCQkt3GnQ8Xddcq4mUgNyXEa is the one used for Bitstamp as cold storage which would mean that in this favorable scenario Bitstamp would have lost only ~12.27 percent of their holdings. Depending where Bitstamp hold their coins the actual loss could be more or less, but the loss of more than 18,000 BTC almost invariably means that Bitstamp is almost certainly forced into a position of running some margin of fractional reserve on the Bitcoin side of things when and if they resume operations.

This incident seems eerily reminiscent of the June 2011 wounding of Mt Gox, except now replacing even the smaller sum of 18,000 BTC missing presents a still more onerous obstacle than Mt Gox faced in absolute terms as that many Bitcoin are largely unavailable to most people at any price denominated in national currency.

The likely winner of this incident is continued market volatility as observers wait to see how many months or years it takes Bitstamp to bleed out.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>