Big based in Czech Republic bitcoin exchange Bitcash.cz was attacked by hackers and about 4,000 clients lost their bitcoins.
The Bitcash.cz website presently down and it shows just an alert about the hack. The site was attacked on 11th November.
As reported by Czech news site E15.cz, about 4,000 wallets of users were emptied. The total amount of stolen money at the moment equals to $100,000 (over 2M Czech koruna).
There is an approximate translation of a message posted on the company’s Facebook page: Unfortunately, as we have already reported on our site Bitcash.cz, our server was hacked and disabled – as well as the wallets.
We are working on resolving this problem, however we would like to warn our users about roguish emails and scams claiming to be from Bitcash.
We never ask our users to give access to their accounts or wallets, and we NEVER ask for money.
We'll inform you of any developments as soon as possible. Thank you.
Bitcash was founded in July 2011 and had varied options additionally to wallets. There was an on-line exchange platform and also an OTC exchange, analogous to LocalBitcoins.com. The latter give users an option directly to trade with each other using the website as an escrow service.
A Facebook message shows that an email was sent from a bitcash.cz email address. The text suggests that the website could've been hacked by phishers - cheaters who send fake emails to fool users. It seems that phishers have sent some emails from Bitcash.cz email where they pretended to be members of the company. According to fake emails it was necessary to use a US recovery firm to get back the stolen bitcoins.
Phishers also asked users to transfer 2 bitcoins to a certain wallet. But the mentioned bitcoin address was never connected to the wallet, so had not received any BTC.
One Bitcash.cz user, Aleš Janda, claimed he knows an administrator of the site. He is very skeptical and mentions that fake emails are "strange" and cannot imagine that a person who had stolen 485 bitcoins will ever risk to be disclosed by asking to send 2 BTC.
Janda has researched his blochain and discovered this Bitcoin account with 485 BTC on it. Immediately he made some transactions to Bitcash.cz and found out this is a shared wallet. The transfers helped him to make sure the above-mentioned is true and he managed to study out where his coins were sent. Janda traced all transactions and suddenly explored a perfect match in a "big" transaction - it was bigger that other transfers and complied with the time of the attack.
Then Janda analyzed other bitcoin transfers and this led him to a large transaction with the same address. The search brought to the light a bitcoin charity website, bitcoin-charity.info, which allegedly was a donation address for Wikileaks organization.
This charity website was registered on 8th September and it appears to be a fake copy of existing bitcoin charity website Bitcoins for Charity.
Aleš Janda thinks that Bitcash.cz wallets were hacked through the web interface, because it seems that the hacker was not able to acquire private keys.
Yesterday CoinDesk was not able to contact the owner of the website ‘Carlos’. Even though, according to the statement on the Bitcash.cz, it seems that he had pressed charges against this "anonymous hacker".