BIPS

DESCRIPTION OF EVENTS

“A few weeks after Inputs.io,” “Europe’s primary bitcoin payment processor for merchants and free online wallet service, BIPS, was the target of a major DDoS attack and subsequent theft in the past few days that saw 1,295 BTC (just over $1m on CoinDesk’s BPI) stolen.” “BIPS lost 1,295 bitcoin from its own accounts, as well as money from “several” consumer wallets. The company disclosed the theft rather quicker than Inputs.io did, but still waited 11 days from the first hack attempt to finally telling customers that they had lost money. In that time, the value of the stolen bitcoins rose from $650,000 to over $1m – though by the end of December, the third bitcoin bubble had popped, and the value had fallen back down to $690,000.” “The Copenhagen, Denmark-based company was targeted on 15th November by a massive DDoS attack. Then on 17th November, it was followed up by a subsequent attack that disabled the site and “overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers”. “Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets,” the company said in a written statement.” “BIPS uses an algorithm, based on supply and demand, to work out the amount of bitcoins it needs to keep it in a ‘hot wallet’. The heist, however, was apparently not due to any vulnerability in the code itself.” “Most balances left are minuscule, but if you had more than a few satoshi’s in your wallet you are affected, and will be contacted.” “The stolen bitcoins are on the move after sitting idle at 1LuG91tcSQxKj32BsCoRkX7yQLfj9LtkCs for 1.5 years”

Explore This Case Further On Our Wiki

In the earlier days of bitcoin adoption, these kinds of custodial wallet services were actually in use, and users were storing their funds in what was essentially a hot wallet managed by a third party. Although some reporting here suggests that only a portion of the funds were stolen, there does not appear to be any indication that any of the affected users got anything back.

100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents (Jan 25)
List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses (Feb 15)
Bitcoin Payment Processor BIPS Attacked, Over $1 Million Stolen (Feb 29)
Second major Bitcoin heist this month allegedly takes over $1 million - The Verge (Feb 29)
BIPS Wallet security breach (Feb 29)
Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5)

More case studies

Czech Bitcash.cz
Hacked

Blockchain.info
Email Backup Theft