$1M lost in attack against Bitcoin Internet Payment Services
Posted on 26 November 2013.
Copenhagen-based Bitcoin Internet Payment Services (BIPS) has been hit with a DDoS attack and has had 1,295 BTC stolen (a little over $1M) mostly from the company’s own holdings, but some from their customers’ wallets.

“On November 15th BIPS was the target of a massive DDoS attack, which is now believed to have been the initial preparation for a subsequent attack on November 17th that overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers,” BIPS’ CEO Kris Henriksen explained in a post on the Bitcoin Talk Forum. “Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets.”

The company has immediately disable all wallet functions - BIPS is primarily a merchant processor, and its consumer wallet initiative was a free service - and has proceeded to contact compromised wallet owners.

A full investigation and audit is ongoing and, according to Coindesk, the company is setting up a way for affected users to sign documents that give law enforcement agents permission to investigate further the theft, since the company’s privacy policy forbids them to share the users’ information with the authorities.

For the time being, BIPS will “focus on real-time merchant processing business, which does not include storing of Bitcoins,” and has not been affected by the breach. Time will tell if they lost the users’ confidence.

“All existing users will be asked to transfer bitcoins to other wallet solutions, and users affected by the security breach will be contacted,” they company stated on the site.

“Please be advised that attacks are not isolated to us and if you are storing larger amounts of coins with any third party you may want to find alternative storage solutions as soon as possible, preferably cold storage if you do not need immediate access to those coins,” Henriksen urged on Friday, alluding to the recent hacks of Bitcoin exchanges Bitcash.cz and Bidextreme.pl.

A Bitcoin wallet service was also hacked this month, and Chinese Bitcoin exchange Global Bond Limited has shut down, taking approximately $4.1 million worth of its clients' Bitcoins with it.


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 29th