Tuesday, March 4, 2014

[net-security] More Bitcoin thefts, Bitcoin bank Flexcoin shuts down

Mere days after Mt. Gox filed for bankruptcy, "Bitcoin bank" Flexcoin and Bitcoin exchange Poloniex have announced that they have been successfully targeted by thieves.


But while Poloniex will continue to do business, Flexcoin administrators have decided to shut it down.



"On March 2nd 2014 Flexcoin was attacked and robbed of all coins in the hot wallet. The attacker made off with 896 BTC, dividing them into these two addresses: 1NDkevapt4SWYFEmquCDBSf7DLMTNVggdu and 1QFcC5JitGwpFKqRDd9QNH3eGN56dCNgy6," they announcedtoday on the exchange's main page. "As Flexcoin does not have the resources, assets, or otherwise to come back from this loss, we are closing our doors immediately."

The good news for users who took advantage of Flexicoin's option to put their coins into cold storage is that their stash remained untouched, and can be withdrawn as soon as their identity is verified.

"All other users will be directed to Flexcoin's 'Terms of service"' located at 'Flexcoin.com/118.html' a document which was agreed on, upon signing up with Flexcoin," they continued, and added that they will "attempt to work with law enforcement to trace the source of the hack."

Also today, Poloniex' owner has disclosed on BitcoinTalk that a hacker has taken advantage of a code vulnerability to steal what amounts to 12.3 percent of all Bitcoins on Poloniex.

After explaining how the hacker executed the heist, he said that he takes full responsibility for what happened and will be repaying the debt. His plan for doing so is as follows:

The exchange funds are 12.3% short. Because there is not enough BTC to cover everyone's balances, all balances will temporarily be deducted by 12.3%. Please understand that this is an absolute necessity--if I did not make this adjustment, people would most likely withdraw all their BTC as soon as possible in order to make sure they weren't left in that remaining 12.3%. Aside from the obvious drawback of most of the BTC being taken out of the exchange, this would not be fair--some people would get all of their money right away, and a few would get none right away.

The amount deducted from everyone's balances will be recorded, and funds raised from exchange fees, as well as donations from my own pocket (which is not very deep, I'm afraid), will be distributed regularly to all users who have had BTC deducted. Exchange fees will be raised to expedite the recovery of the debt.
He also urged users not to place withdrawals at the moment, as they will not be processed at this time, and has shared the steps he will make to make the same attack impossible to replicate.
http://www.net-security.org/secworld.php?id=16474

No comments:

Post a Comment