icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
8 Nov, 2013 07:24

Bit-heist: Over $1mn in bitcoins stolen from Australian online bank

Bit-heist: Over $1mn in bitcoins stolen from Australian online bank

An Australian bitcoin bank holding over US$1 million of the crypto-currency has been hacked, leaving an unknown number of users with nothing – one of the largest thefts in the currency’s four-year history.

The incident took place on October 26, when the bank was hacked, with 4,100 bitcoins valued at $1.3 million stolen, the service’s operator only known as ‘Tradefortress’ said. He refused to give his name to the press, also stressing he was not much older than 18.

It took the bank’s owner two weeks to notify the affected customers.

Bitcoin is a decentralized, crypto-currency, free from any government or central bank control. Currency is sold and bought at online exchanges, and those transactions can be virtually anonymous.

One bitcoin is currently worth more than $300 on Mt. Gox, the world’s largest bitcoin exchange - up from around $50 in March. There are 11,925,700 million bitcoins in circulation.

The Sydney man offered the service called Inputs.io, which he claimed was "one of the most secure web wallets on the market." Customers were charged a small fee to keep their bitcoins there.

The site used two-factor authentication and location-based email confirmation, and said the page was started to avert "the hack of bitcoins even if the web server was compromised."

Some of the hacked money is to be refunded, the operator told Fairfax Media. Tradefortress said he would use 1,000 of his own bitcoins, as well as the money the hackers didn’t steal.

"Users are being repaid up to 100 percent depending on the amount (sliding scale), generally 40-75 percent," Tradefortress said.

The operator indicated the attack was possible due to “a flaw” in the system which allowed the hackers to bypass the protection.

Currently, there’s a sad face emoticon posted online and a notice that reads "I know this doesn't mean much, but I'm sorry, and saying that I'm very sad that this happened is an understatement."

screenshot from https://inputs.io/

The response to the incident has been varied, with some users accusing Tradefortress of making up the whole hacking story to steal their money. He denies the accusation.

Customer Marco Martoccia tweeted (@sheet_metal) that he had lost 4 bitcoins as part of the heist, worth about $1,200. He said he was planning to use bitcoins as a part of the deposit for a house.

Specialists point to a lack of regulation as the main problem with the currency.

"The users of Inputs.io were trusting a random person with their money rather than in the real world when you're dealing with cash, where you trust banks to look after your money," Ty Miller, director of Australian IT security firm Threat Intelligence, told Fairfax Media.

He recommended storing coins with a strong password on a device not connected to the internet, using hard-drive encryption and antivirus protection.

A spokesman for the Australian Federal Police said to his knowledge, a theft of bitcoins has never been investigated at either a federal or state level.

The operator stated that he is not planning to address police with the matter.

Podcasts
0:00
25:32
0:00
13:44