$1M lost in attack against Bitcoin Internet Payment Services
Posted on 26 November 2013.
Copenhagen-based Bitcoin Internet Payment Services (BIPS) has been hit with a DDoS attack and has had 1,295 BTC stolen (a little over $1M) mostly from the company’s own holdings, but some from their customers’ wallets.

“On November 15th BIPS was the target of a massive DDoS attack, which is now believed to have been the initial preparation for a subsequent attack on November 17th that overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers,” BIPS’ CEO Kris Henriksen explained in a post on the Bitcoin Talk Forum. “Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets.”

The company has immediately disable all wallet functions - BIPS is primarily a merchant processor, and its consumer wallet initiative was a free service - and has proceeded to contact compromised wallet owners.

A full investigation and audit is ongoing and, according to Coindesk, the company is setting up a way for affected users to sign documents that give law enforcement agents permission to investigate further the theft, since the company’s privacy policy forbids them to share the users’ information with the authorities.

For the time being, BIPS will “focus on real-time merchant processing business, which does not include storing of Bitcoins,” and has not been affected by the breach. Time will tell if they lost the users’ confidence.

“All existing users will be asked to transfer bitcoins to other wallet solutions, and users affected by the security breach will be contacted,” they company stated on the site.

“Please be advised that attacks are not isolated to us and if you are storing larger amounts of coins with any third party you may want to find alternative storage solutions as soon as possible, preferably cold storage if you do not need immediate access to those coins,” Henriksen urged on Friday, alluding to the recent hacks of Bitcoin exchanges Bitcash.cz and Bidextreme.pl.

A Bitcoin wallet service was also hacked this month, and Chinese Bitcoin exchange Global Bond Limited has shut down, taking approximately $4.1 million worth of its clients' Bitcoins with it.


DMARC: The time is right for email authentication

Posted on 23 January 2015.  |  The DMARC specification has emerged in the last couple years to pull together all the threads of email authentication technology under one roof—to standardize the method in which email is authenticated, and the manner in which reporting and policy enforcement is implemented.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Jan 26th