Bitfloor, the fourth largest exchange dealing in US dollars, has just announced[1]that it has been hacked, and the service has taken a loss of 24,000 BTC, worth about $250,000 at the time of the theft. As Roman Shtylman, the founder of Bitfloor, describes it, “last night, a few of our servers were compromised. As a result, the attacker gained accesses to an unencrypted backup of the wallet keys (the actual keys live in an encrypted area). Using these keys they were able to transfer the coins. This attack took the vast majority of the coins BitFloor was holding on hand.” As a result, BitFloor has paused all exchange operations and, depending on the effect that this will have on BitFloor’s finances, BitFloor may take one of two options. They may either take the loss and continue running in an attempt to eventually earn the money back or, in the worst case, shut down entirely and begin an account partial refund process out of the available funds.
The unencrypted backup that allowed the thief to carry out the attack was made when Shtylman made a manual upgrade earlier and put the data into an unencrypted partition on his disk; Shtylman has so far declined to comment further on the details of the attack, saying that “my current focus is on the future and not the past.” As Bitcoin security experts point out, Bitfloor made not one but two errors that were both necessary to lead to such a severe loss; the first, leaving data stored unencrypted, was an honest and perhaps unavoidable mistake, but it would not have had nearly as much of an effect if there had not also been the second error of leaving so much money in an online-accessible “hot wallet”. Since the Bitcoinica Linode theft, in which an unknown attacker made off with $222,000 worth of bitcoins from Bitcoinica’s hot wallet in March, it has been generally understood that any Bitcoin-holding service should keep the vast majority of its funds in “cold storage”, a term referring to a setup where the private keys never touch any computer that is accessible from the internet.
ThomasV, the lead developer behind the Electrum client, lists some security recommendations for Bitcion exchanges here; his seven key points are:
- Don’t store more bitcoins outside of cold storage than you can afford to lose and remain solvent. This ensures that your business will be able to financially survive a hack.
- Deposits should be sent to cold storage addresses directly.
- Transfer from cold storage to hot storage should be manual only.
- An attacker should not be able to disguise a theft as a series of withdrawals from customers.
- If a withdrawal request exceeds the amount available on the hot wallet, the customer should have to wait. Receiving coins 24 hours later is better than not receiving one’s coins at all.
- Clone your database to a place where an attacker cannot irreversibly modify or delete it from the server.
- Send digitally signed account statements to customers regularly, using a key that is not on the public server.
Taking greater care to protect one’s server from being hacked in the first place is of course the best defense. However, any single layer of defense will invariably make mistakes, and sound Bitcoin service security requires a strong and detailed strategy for mitigating losses based on a defense in depth. Not following proper security procedures may mean seeing your prospering Bitcoin business meet a sudden and untimely end. Given the amount of information and experience available on such matters, not taking the most trivial standard precautions may even open one up to liability due to gross negligence. No matter how big, small, young or established your Bitcoin business may be, it is better to be prepared earlier rather than later.