One of the largest online Bitcoin exchanges has temporarily suspended services after losing some 19,000 bitcoins ($5.1 million) in what the company said was a breach of its systems, reviving concerns about the security of the digital currency.
The Slovenia-based Bitstamp announced the breach on its website Monday and shut down services temporarily Tuesday in order to investigate the hack. The theft totaled about 19,000 Bitcoin, but hackers were only able to access a small portion of the exchange’s total assets. While some Bitcoins are stored online, many more are kept on local hard drives in what Bitcoin users call “cold storage.”
The alleged cyberattack comes less than a year after the collapse of Tokyo-based exchange Mt. Gox, which initially said hackers had stolen 800,000 bitcoins—200,000 of which were later recovered—worth almost $500 million at the time.
Bitstamp wrote on its website that it would ensure users’ account balances were “honored in full” despite the breach.
The alleged breach is stirring skeptics to argue that Bitcoin remains too insecure for mainstream use. “There were lots of claims made last year and in 2013 that Bitcoin was faster and safer and cheaper, but what we are learning increasingly is that maybe it isn’t safer,” said Mark T. Williams, a Boston University professor and frequent Bitcoin critic who has testified before a congressional hearing about the digital currency.
Launched in 2009, Bitcoin is an electronic currency created on computers and traded among people who store it in digital wallets. Despite volatility in the Bitcoin price, which has fallen 75% from a peak around $1,150 in early December 2013 to about $283 in recent trading, mainstream adoption of Bitcoin has continued. In 2014, various businesses, including Microsoft Corp. and Dell Inc., announced they would accept it in payment for certain goods and services, often hedging the risk of holding the digital currency by quickly converting it into dollars.
Bitstamp, which held a post-Mt. Gox audit last year aimed at proving its solvency, said in its statement that the attack affected only “a small fraction of Bitstamp’s total Bitcoin reserves.” The rest of the reserves, which aren’t needed for trading operations, were managed according to the industry’s “cold storage” standard, meaning that passwords to unlock payments from a Bitcoin address were kept offline, out of the reach of hackers.
After a sharp three-day decline in Bitcoin’s price that some analysts connected to Bitstamp’s problems, the market stabilized Tuesday. Questions swirled among Bitcoin users on Twitter and other public forums about the exchange. However, leading businessmen who back Bitcoin ventures spoke out mostly in defense of the company’s management, while seeking to assure people that their own operations were secure.
Bitstamp is “a well-run company with deep-pocketed backers that plays a critical role in the Bitcoin ecosystem,” said Barry Silbert, founder of the Bitcoin Investment Trust and a prominent investor in Bitcoin startups via his newly formed Digital Currency Group. “I have no doubt they will emerge from this a stronger company.”
In late 2013, Bitstamp received an investment of around $10 million from Pantera Capital Management LP, a hedge fund that manages money for Fortress Investment Group LLC.
Executives from Bitstamp and Pantera were not immediately available to respond to questions. At his Twitter account, Bitstamp CEO Nejc Kodrič offered “sincerest apologies to those who are affected by our service being temporary suspended.”
BitPay, one of the biggest processors of Bitcoin payments for merchants, published a blog post stating it had temporarily removed Bitstamp’s prices from its benchmark for setting exchange rates to assure that “customers continued to receive the most favorable price available globally.”
Will O’Brien, founder of BitGo, a company that aims to better protect online Bitcoin wallets, said the Bitstamp development was a “wake-up call for everyone in the industry.”
Meanwhile, Jeremy Allaire, CEO of Circle Internet Financial, a provider of Bitcoin deposit and wallet services for consumers, said “100% of our customer deposits are insured from theft.”
Mr. Allaire said “a continued focus on cyber and physical security and risk management controls and protocols is critical for the industry.” He added that “harsh cybercriminal attacks on financial institutions are not unique to the digital currency industry.”
There has been a surge of venture funding for Bitcoin projects, spurred in part by innovations that use the digital currency’s core software for applications that aim to bypass middlemen in various commercial activities. According to news service Coindesk, new venture capital invested in Bitcoin startups reached $315 million last year, more than tripling from $93 million in 2013.
“What is the thinking behind a bunch of people who suddenly run to a Slovenian exchange that never publishes financial statements?” he said.
The hack comes less than a year after the collapse of Mt. Gox, the once-massive Bitcoin exchange that lost more than $450 million worth of Bitcoin and then filed for bankruptcy. Bitcoin lost half of its value after Mt. Gox imploded. So far, though, the Bitstamp breach doesn’t seem to have negatively influenced the price of the currency.