Not all daring heists involve guns, motorbike chases and masked villains like Bane. On 4 September, hackers broke into the secure servers of the Bitcoin exchange, bitfloor — and lifted $US250,000 worth of coins. The heist put the future of bitfloor in doubt, but after a few weeks of to and fro, bitfloor today reopened for business, but will it be hacked again?
Hackers were able to execute the raid on bitfloor by gaining access to an unencrypted backup of wallet keys that hold bitcoins. With these keys, hackers were able to transfer 24,000 coins into their own accounts.
At the time of the theft, bitfloor founder Roman Shtylman was unable to determine whether or not the bitfloor would resume trading operations, but now he says he’s able to ensure the safety of people’s money.
In a statement on the company’s Google+ page, Roman writes this:
I am pleased to announce that Bitfloor has reopened for trading. This is currently the best way forward for Bitfloor in terms of both rebuilding trust in the community and showing our commitment towards finding a way to recover the stolen funds.
In reopening, a number of improvements to both the wallet storage and website have been made. Bitfloor aims to be safe and reliable platform and as a result have changed our fund storage policy to 100% offline storage for your funds. Daily transactions through our hot wallet will be backed by Bitfloor funds, never putting client funds at risk.
In addition, the REST API has received some added protections. A new passphrase field has been added. The passphrase field is selected by you and not known to Bitfloor. It is verified during API usage to ensure that the key is not being used without your authorization as the passphrase is non recoverable.
Bitfloor is now running on dedicated servers in a PCI compliant data center based in the US. Bitfloor services are further isolated based on exposure. Testnet and development are not located in the same data center or hosting provider to ensure further isolation. Backups are encrypted and write only on all of the servers. Hot wallet files are encrypted even further and unavailable even with physical access to the disk.
As clients are aware. The theft result in all BTC balances being put on hold for both trading and withdrawal. This is still the case. I will not be doing a balance reset or otherwise manually adjusting your bitcoin balance to reflect the theft. Any new bitcoin deposits you make will be available for use as usual and be reflected on your account overview page. Your balance as of the theft will remain on hold and be released in parts as we begin to recover funds to pay back balances. As funds are available for repayment, they will be dispersed on a pro-rated basis (i.e. if 5% of the funds are available for repayment then 5% of your original pre-theft balance will be unheld and immediately available for trading or withdrawal).
USD balances were unaffected. ACH withdrawals, cash deposits, and wire transfers continue to be processed.
Bitcoin funds for repayment will be purchased using revenue from fees. This will ensure that as Bitfloor grows I am able to continue operation to recover the stolen funds over time. I am also pursuing investment from various parties to speed up the fund recovery process however felt that keeping the exchange closed for too long was only doing more damage.
I am committed to keeping Bitfloor alive, strong, and growing for the bitcoin ecosystem. I would like to say thank you to all of the support I have received pressing for the return of Bitfloor and the service it provided. Bitfloor will continue to excel in both service and quality as it goes forward.
That’s the free market spirit, Roman!
What’s going to be interesting is whether bitfloor will report a drop in active users following the theft.
Do you trade in bitcoins? [Google+]