BITNZ

DESCRIPTION OF EVENTS

“Danial Newton, the administrator of bitnz in a reddit post explained that he believes that the perpetrator gained access to the exchanges outward mail queue at MailJet.com and then set about resetting people’s accounts and intercepting the reset codes.” “On Monday, 11 August 2014 at 3am NZ time, \~39 bitcoins were stolen from bitNZ. Our email relay service provider was hacked which enabled the attacker to view all outgoing emails. The attacker used this information to reset user passwords and intercept the password reset email. If the user did not have 2FA the attacker was able to log on as the user and initiate a withdrawal. At the moment I am still analysing the the event and making sure the vulnerability is plugged (revoke email relay access, reset passwords/api-keys, purge sessions, check if user emails were modified etc).” “In mid-February, New Zealand bitcoin exchange BitNZ revealed it was ‘impossible’ to continue operations claiming New Zealand banks’ refusal to offer banking services to the platform. BitNZ, which has been functional since 2011, claimed to have processed over 11,000 bank transactions” “The New Zealand Bitcoin exchange Bitnz has recently announced to its customers it will be closing its doors soon. The company explains the unfortunate closure is due to a New Zealand banking system that won’t allow Bitcoin operations to hold bank accounts.” “Questions over bitNZ’s compliance with AML/KYC requirements were quickly answered, with the exchange having complied in full.”

Explore This Case Further On Our Wiki

An interesting case, where the breach affected accounts directly, by the exploit of a third party mail provider. 2FA was supported but not enabled on many accounts. The exploit suggests that all the coins taken were stored in a hot wallet, so smaller reserves or any sort of time delay would have reduced the losses. Any platform protecting the funds in cold storage would have also been protected the moment the withdrawals were noticed as suspicious. After repaying customers, BitNZ continued to operate until eventually shutting down in 2017 over banking difficulties.

New Zealand Exchange Bitnz.com hacked, 39 bitcoin stolen. - MineForeman.com (Mar 3)
Bitnz shutting down due to bank hostility : NZBitcoin (Mar 3)
New Zealand Exchange Bitnz Shuts Down Due to 'Banking Hostility' | Featured Bitcoin News (Mar 3)
New Zealand Sees New Bitcoin Exchange after BitNZ Shutdown (Mar 3)
Bitnz Offline? down for maintenance (Mar 3)
bitNZ Announcement : NZBitcoin (Mar 3)
Flagship New Zealand Exchange bitNZ Refused Banking, Shuts Down (Mar 3)

More case studies

Cryptsy
Exchange Hack

BTER NXT
Token Theft