Since 2011 bitcoin has been plagued by hacks, Ponzi schemes and increasingly professional thefts. 2015 was not an exception – it was marked by a series of notorious hackers’ attacks resulted in people loosing serious sums of bitcoins, both bitcoin companies and individuals keeping their assets in online bitcoin wallets. Coinfox has made a list of the most notorious attacks of the year.
BitStamp
The year of 2015 began with a rather high-profile theft – on 4 January the major bitcoin exchange platform BitStamp lost 18,866 BTC equal to nearly $5m at that day’s exchange rate, or 12% of its total bitcoin capital. According to the company’s official statements, the stolen money constituted just a small part of the Bitstamp’s bitcoin reserves and in did not affect customers’ money, “the overwhelming majority of which are held in secure offline cold storage systems.” However, none of the official statements of BitStamp’s CEO Nejc Kodrič used the word “hacked”, presumably in order to reassure users that their personal information was safe. On 10 January operations on BitStamp were resumed, and the market share of the company after the attack stayed uncompromised.
In March 2015 BitStamp warned its clients about yet another attack: cybercriminals sent phishing emails to BitStamp customers, demanding their logins and passwords.
BTER
The Chinese exchange BTAR also fell victim to cybercriminals in mid-February. The company suffered a loss of 7,170 BTC (roughly $1.75m) from its cold wallets as the result of a hacker attack. Clients’ money was also compromised. However, BTER allowed reimbursing withdrawals in renminbi and virtual currencies other than bitcoin. This was already the second attack on the exchange in a half-a-year period: the first had happened in August 2014. At that time cybercriminals managed to steal 50 million NXT worth $1.65m.
Cavirtex
On 17 February 2015 Cavirtex, a Canadian bitcoin exchange, announced that it was to cease all operations due to a compromise of sensitive security information including password hashes and two-factor authentication details. The official announcement states that the client funds were unaffected by the incident, but the company nevertheless proceeded to closure since its reputation was damaged. Given the history of hackers’ attacks on Cavirtex, the company preferred not to go through with the loss of clients’ funds and decided to cease exchange trading from 20 March 2015.
Coinapult
On 16 March 2015 one of the longest operating bitcoin processors Coinapult suffered an unauthorised hot wallet withdrawal of 150 BTCs (worth nearly $43,000 at press time). Coinapult’s CEO stressed that all stolen funds were owned by the bitcoin wallet, and user assets were not affected. As part of investigation and recovery, the company ran forensics on the hard drives and laptop that had been possibly involved in the attack. The wallet service managed to recover the losses in a week’s time.
Bitfinex
In the end of May 2015 BitFinex, a trading platform, published an announcement warning its users that a small amount of bitcoins in hot wallet was vulnerable to an attack. However, according to approximate estimations, no less than 1,500 bitcoins were stolen. The company reassured its customers any loss would be absorbed entirely by BitFinex.
Scrypt.CC
On 22 June 2015 the cloud mining service Scrypt.CC was compromised by unknown intruders and a significant amount of bitcoins was stolen. An undisclosed sum of bitcoins was siphoned away, however, the company claimed that the majority of stolen bitcoins belonged to Scrypt.CC and the company’s clients were affected minimally.
Purse.io
On 11 October 2015 several users of Purse.io, a P2P service provider that allows shopping on Amazon with bitcoin, suffered unauthorised withdrawal of funds from their accounts. The company admitted the fact of security breach, however, denying that any client funds were affected. Later the company published an update where it finally admitted that 11 user accounts were compromised and malefactors managed to steal 10,235 BTC. Purse.io claimed to have reimbursed all clients’ funds.
Apart from the cases described above, when unknown cybercriminals attacked wallets of bitcoin-related companies and their clients, there were also several curious cases when hacker groups tried to blackmail government structures and demanded bitcoins as a ransom.
In August 2015 a group of hackers calling themselves Dillinger Team used the following blackmail scheme: it sent fake messages about planted bombs in the Gallery mall and Piterland aquapark in Saint-Petersburg and demanded from the owners $60,000 in bitcoins, in order to prevent “the attack”. The group is allegedly based in Kharkov, Ukraine. As a result of their blackmail, the visitors of concerned locations were evacuated.
In November 2015 some New Zealand citizens received e-mails from the so called Syrian Electronic Army that threatened life and safety of recipients’ relatives and demanded to pay $1,500 in bitcoin as a ransom. The New Zealand Police reacted immediately and published a notification calling those recipients who felt unsafe to address the nearest police station.
In December 2015 the Armada Collective group, which has a notorious reputation as DDoS attack organiser, demanded 50 BTC from each of the three key banks in Greece. Since their demands were not satisfied, the hackers attacked the banks, which led to suspension of the banks’ websites for about 30 minutes.
Anna Lavinskaya