Advancing

Bitcoin Payment Processor BIPS Attacked, Over $1m Stolen

Europe’s primary bitcoin payment processor for merchants and free online wallet service, BIPS, was the target of a major DDoS attack and subsequent theft in the past few days that saw 1,295 BTC (just over $1m on CoinDesk’s BPI) stolen.
The Copenhagen, Denmark-based Company was targeted on 15th November by a massive DDoS attack. Then on 17th November, it was followed up by a subsequent attack that disabled the site and “overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers”. “Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets,” the company said in a written statement. BIPS believes the two attacks were connected, and at least the initial DDoS attack was “found to originate from Russia and neighboring countries”. The company moved fast to restore full merchant payment and transfer services by 19th November, but disabled all wallet functions in order to complete a full forensic analysis. Its help desk also went down for a few days, but was restored on 22nd November.
Kris Henriksen, BIPS’ CEO, said most of the missing funds were “from the company’s own holdings”. BIPS uses an algorithm, based on supply and demand, to work out the amount of bitcoins it needs to keep it in a ‘hot wallet’. The heist, however, was apparently not due to any vulnerability in the code itself. He also said merchants who had chosen to instantly convert their bitcoin to fiat currency bank accounts were not affected.

Advertisements
Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s