If you have been paying close attention to the Bitcoin scene in 2015, you will have noticed that this has not been a great year for Bitcoin platforms so far. Several exchanges – including Bitstamp and Bter – have suffered from hacks, other platforms have disappeared altogether, and the regulatory uncertainty is rearing its ugly head. Yesterday evening, we learned that Coinapult was investigating a security breach of their platform.
Coinapult – A Popular Bitcoin Platform In the UK
Many Bitcoin enthusiasts around the world will have heard of the name Coinapult, as this company has been around for quite some time. The company offers a plethora of different services, ranging from providing a secure Bitcoin wallet to merchant service and even providing Bitcoin liquidity to those who need it.
Needless to say, by offering such a vast array of different services and becoming quite successful to boot, Coinapult got on the radar of the wrong people. As Bitcoin [platforms] make more and more headlines, hackers and hoodlums are chomping at the bit to attack such a high-value target in an attempt to steal money.
In the case of Coinapult, it looks like their hot wallet has been compromised, which is very similar to what happened to Europe’s leading Bitcoin exchange Bitstamp in January of this year. Everything seemed fine until some discrepancies with the hot wallet were uncovered, which lead to a theft of quite a big amount of Bitcoin.
During the investigation as to what has happened exactly, Coinapult has stopped all services immediately and disabled all withdrawals. Coinapult users are also advised not to send new funds into their Coinapult wallet, in order to avoid any additional funds being stolen in case the hacker(s) still had access to the platform.
In order to breach the Coinapult hot wallet, several steps have to be taken by the hacker(s), including using the company VPN and obtaining one of the SSH keys. There are only four people in the Coinapult team who have such a SSH key, and none of them show any suspicious activity at this point in time.
More details on the breach and the ongoing investigation can be found here.
150 BTC Still Not Accounted For
When the news was announced, there was a mention of up to 150 Bitcoin being stolen from the Coinapult platform. Not all of these coins were taken from the hot wallet which has been breached, causing great concern among Bitcoin enthusiasts who use the platform on a regular basis.
After a thorough investigation by the Coinapult team, they managed to get the situation under control, but the 150 BTC is still missing due to an unauthorized withdrawal. While there are some leads as to how this attack may have occurred, the investigation is still ongoing, and one of the employees’ hard drives will be sent in for forensic analysis.
For now, Coinapult services will remain suspended until the exact cause of the attack is identified, and the security vulnerability has been patched. At this time, we have not received any official ETA as to when services will be resumed. However, in the event of this process taking more than a few days, all affected customers will be refunded manually.