On Tuesday March, 4 2014, Flexcoin, a Canadian company and self-termed “Bitcoin bank” reported that, just two days earlier, the company software had been hacked and “robbed of all coins in the hot wallet.” A “hot wallet,” is a term used to describe the operational withdrawal wallet of a web based service. All Bitcoin currency was stolen from Flexcoin’s software.
While the web site still described Flexcoin’s business as “….a centralized location to store all your Bitcoin….we’re also the first Bitcoin bank”. Another company statement on the index page read. “As Flexcoin does not have the resources, assets, or otherwise to come back from this loss, we are closing our doors immediately.” The company is alleged to have lost 896 BTC to hackers, which would have been valued at approximately $500,000 USD. All of this information was wrapped up neatly by another statement on the bottom of the company’s terms of service stating, “Flexcoin Inc is a Bitcoin bank, not a physical or a virtual bank. As such, Flexcoin Inc does not operate under any banking laws or regulations. Flexcoin Inc is not a financial firm, or a money transmitting business.”
Also on March 4, poloniex.com exchange reported that about 12.3 percent of the BTC (approximately $50,000 USD) was stolen by hackers. A software glitch was blamed for the loss, however, this company remains in operation.
Hacking of Bitcoin secondary software layers and technical thefts of Bitcoin currency have been going for as long as the platform has been live. It is not the actual Bitcoin software or platform that is unsecure, it is generally the layers of software which are built on top of the platform which are hacked. Crooks hack into the system using various methods and steal the Bitcoin often cleaning out the company’s accounts and the customer’s coins.
On Friday, February 28 2014 Tokyo based Mt. Gox, at one time the largest Bitcoin exchange operation in the world, filed for bankruptcy protection. According to the Japanese bankruptcy tracking firm, Teikoku Databank, Mt. Gox is missing 1.75 million Bitcoin that had been held in both company and customer accounts. The company’s losses are estimated as high as $460 million dollars. Mt. Gox CEO, Mark Karpeles, claimed that an unspecified weakness in the company’s software was to blame for the enormous financial loss. Wired.com is also reporting that an additional $27.4 million is missing from Mt. Gox bank accounts. While this Bitcoin currency exchange bankruptcy filing was a shock to most people around the world, many industry insiders have foretold of just such an event.
This was not the first time that a theft of Bitcoin occurred at Mt. Gox. In June 2011, hackers managed to steal more than $8 million in Bitcoin value from the company. Later, in 2013 Mt. Gox had its US bank and processing accounts seized by Homeland Security for failing to register as a money transmitter. After the seizure, the company had been limping along trying to recover from this loss of more than $5 million dollars.
Unfortunately, Mt. Gox is not alone and Bitcoin thefts through hacking are not considered anomalies.
In October, 2013 a company called Inputs.io lost the entire contents of the company’s hot wallet. In two separate attacks, 4100 Bitcoin disappeared into an unknown hacker account. The estimated value of the hacks stands at more than $1 million dollars. This theft was a type of confidence trick applied for the purpose of gaining system access. It is known as a social engineering attack. The hacker pretended to be someone else using email and gained access to the web site’s systems on the cloud-hosting provider Linode. The password was reset by the thief and the Bitcoins disappeared.
In 2011, MyBitcoin.com, an easy to use online wallet geared towards new users, claimed the software was attacked and all Bitcoin customer funds vanished. At the time of the reported “hack” the company had more than 150,000 Bitcoin in house which would have been worth about $2 million.
Hackers are not the only thing to watch out for in the world of Bitcoin software. In July 2011, Bitomat, the third largest Bitcoin exchange operation, which was operated out of Poland, lost all access to the company’s wallet.dat file. This entrepreneur and Bitcoin operator had used the wrong technical setting on the company’s servers and the exchange’s entire fund base was lost. At the time, this was approximately a $220,000 loss for the company and its clients.
Also in 2011 Bitcoin7.com became the victim of a number of attacks, unknown hackers gained full access to the web site’s main Bitcoin wallet along with 2 of the 3 backup wallets and the customer user database. An estimated 11,000 Bitcoin were lost at that time.
Occasionally, the operator of an account make a simple but fatal costly mistake.
Way back in 2010, an account owner made a rookie mistake and lost his entire Bitcoin bankroll. A victim of his own ignorance, the “stone man” as he is known, did not keep the proper wallet backups and 8999 Bitcoin were effectively destroyed when the private key controlling them was lost.
There are dozens of other cases where Bitcoin currency has been lost or destroyed by users, stolen by hackers or scammed from customers by malicious parties.
While it’s obvious that hackers will continue to steal digital currency such as Bitcoin, it is apparent that the next growth phase of decentralized currencies will need to be focused on increased security if the Bitcoin universe is to one day become mainstream.
By Carl Mullan