Security breach and price crash mark bad start to 2015 for bitcoin

Bitcoin is not having the best start to 2015. Bitstamp, the second-largest USD bitcoin exchange, suspended its operations early Monday morning after discovering one of its wallets has been “compromised”. (Update: Bitstamp has confirmed that 19,000 BTC, or $5 million, is missing — see full note at bottom.)

A Reddit user spotted the problem after trying to send bitcoins to his account, which then never arrived. An e-mail from Bitstamp support said that “You should STOP SENDING bitcoin deposits to your Bitstamp account IMMEDIATELY as private keys of your deposit address may be lost. Your bitcoins already deposited with us are stored in a cold wallet and can not be affected.”

Bitstamp has since updated its site with an acknowledgement of the problems and has suspended its operations entirely:

[blockquote person=”” attribution=””]We have reason to believe that one of Bitstamp’s operational wallets was compromised on January 4th, 2015.
As a security precaution against compromises Bitstamp only maintains a small fraction of customer bitcoins in online systems. Bitstamp maintains more than enough offline reserves to cover the compromised bitcoins.
Customer deposits made prior to January 5th, 2015 9:00 UTC are fully covered by Bitstamp’s reserves. Deposits made to newly issued addresses provided after January 5th, 2015 9:00 UTC can be honored.
Bitstamp takes our security and soundness very seriously. In an excess of caution, we are suspending service as we continue to investigate. We will return to service and amend our security measures as appropriate.[/blockquote]

For now, it appears unlikely the Bitstamp situation is a MtGox level meltdown. As CEO Nejc Kodric explained on Twitter, the exchange holds the majority of its bitcoin in cold wallet storage (where the keys to the walletr are stored offline, often on a USB drive or even on pieces paper), which is generally considered more secure. Kodric also that Bitstamp had passed an independent audit in May 2014.

Bitstamp’s suspension of service is another early blow to bitcoin in 2015. The price started the year at $318, but has already fallen $50 dollars to around $268 as of 11a.m. PT. Not a great start for the currency that was already labeled the “worst investment of 2014“.

Update as of 3:10p.m. PT: It looks like 19,000 BTC (or approximately $5 million) was stolen from Bitstamp. Kodric released a new statement, promising to honor balances held prior to the suspension of services.
[blockquote person=”” attribution=””]Bitstamp customers can rest assured that their bitcoins held with us prior to temporary suspension of services on January 5th (at 9am UTC) are completely safe and will be honored in full.

On January 4th, some of Bitstamp’s operational wallets were compromised, resulting in a loss of less than 19,000 BTC. Upon learning of the breach, we immediately notified all customers that they should no longer make deposits to previously issued bitcoin deposit addresses. As an additional security measure, we suspended our systems while we fully investigate the incident and actively engage with law enforcement officials.

This breach represents a small fraction of Bitstamp’s total bitcoin reserves, the overwhelming majority of which are held in secure offline cold storage systems. We would like to reassure all Bitstamp customers that their balances held prior to our temporary suspension of services will not be affected and will be honored in full.

We appreciate customers’ patience during this disruption of services. We are working to transfer a secure backup of the Bitstamp site onto a new safe environment and will be bringing this online in the coming days. Customers can stay informed via updates on our website, on Twitter (@Bitstamp) and through Bitstamp customer support at [email protected][/blockquote]