Gone are the days of stuffing currency in your mattress, especially if you have a few Bitcoins to call your own. Inputs.io, an Aussie-run Bitcoin site, has revealed today that hackers have broken into the site (twice!), lifting $1 million worth of the virtual currency he was holding for his users.
The young entrepreneur behind Inputs.io, known only as Trade Fortress, posted a message to the front of the site today notifying users that 4100 Bitcoins had gone missing after a breach.
Trade Fortress posted this to the front page of Inputs.io today:
Two hacks totalling about 4100 BTC have left Inputs.io unable to pay all user balances. The attacker compromised the hosting account through compromising email accounts (some very old, and without phone numbers attached, so it was easy to reset). The attacker was able to bypass 2FA due to a flaw on the server host side.
Database access was also obtained, however passwords are securely stored and are hashed on the client. Bitcoin backend code were transferred to 10;[email protected]:[email protected] (most likely another compromised server).
What about my coins there? If you stored more than 1 BTC, send an email to [email protected] with a Bitcoin address (preferably, an offline, open source light/SPV wallet like Multibit or Electrum). Use the same email you're using on Inputs. Please don't store Bitcoins on an internet connected device, regardless of it is your own or a service's.
I know this doesn't mean much, but I'm sorry, and saying that I'm very sad that this happened is an understatement.
Trade Fortress has posted to forums saying that Inputs.io is well and truly dead, and people are getting refunds where possible. He added that you should never store your coins on a server connected to the internet. Sage advice. [ABC via Inputs.io]