Bitomat Exchange Wallet.dat File Deleted
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Before seed phrases, users had to keep a wallet.dat file safe and backed up. The space was rife with users who failed to do that and permanently lost funds. One of the largest and most notable case was Bitomat - Poland's third largest exchange, where the wallet.dat file held the assets for all users of the platform. Some 17,000 bitcoin were permanently lost, which would be worth over $1 billion USD today, but at the time were worth just $221k USD.
[1][2][3][4][5][6][7][8][9][10][11][12]
About Bitomat
Bitomat's was a Polish cryptocurrency exchange service, which was hosted on a remote Amazon service[13].
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
No backups were kept of the wallet.dat file[13][14].
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
“During a server restart, the remote Amazon service that housed Bitomat.pl’s wallet was wiped."[14][13]
| Date | Event | Description |
|---|---|---|
| April 6th, 2011 12:03:53 PM MDT | Bitomat Website Online | The Bitomat website is captured as online and operational. Unfortunately the logo and stylesheet are both missing from the capture[5]. |
| July 27th, 2011 | Wallet File Lost | The wallet.dat file is lost in a server upgrade[13][14][15]. There is inconsistency in the dates reported for the event. An incorrect date of August 1st, 2011 is provided in a list compiled by Kyle Gibson[15]. Similarly, a table on the BitcoinTalk forums states August 2011[14], however the same BitcoinTalk list has the correct date of July 27th elsewhere[14]. |
| August 2011 | Debt Sold To Mt. Gox | The users/debt is reportedly sold to Mt. Gox[15]. |
Technical Analysis
The bitomat.pl platform were using an AWS Elastic Cloud[15]. During a server upgrade, the
Kyle Gibson states that there was a "Glitch - Funds Lost"[15], however there is no indication of any glitch having occurred except at the server where the wallet was hosted[15].
On 26 July 2011 at about 11:00 PM, I noticed that bitcoin server was out of resources and I had to increase RAM. As a result of this operation, the virtual machine was deleted and all data lost, including bitcoin wallet and its backups.
I have established that data was lost because settings of the virtual machine were changed, although I didn’t change them myself. Amazon Web Services Company, which hosts our servers, says that the cleared machine has been set up to be irretrievably destroyed (including the data on the disks) at the shutdown.
I’m still trying to establish who has changed the settings and whether I will be able to recover the lost data. Unfortunately cooperation with Amazon Web Services is very difficult. As soon as I realized that my virtual machine was lost I have ordered AWS premium support, talked to the manager and asked for securing of the disk data. So far, without success.
Total Amount Lost
All sources state the amount lost as 17,000 BTC[13][14][15], however most sources state this as an estimate[13][14]. Due to the wallet file being lost, there is no transaction to review[14].
According to BitcoinTalk, the value of this bitcoin is estimated at $236,000[14] which is equivalent to 2290 bitcoin in June 2013[14]. Kyle Gibson estimates the amount lost as $220,000[15].
The total amount lost has been estimated at $220,000 USD.
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
On 26 July 2011 at about 11:00 PM, I noticed that bitcoin server was out of resources and I had to increase RAM. As a result of this operation, the virtual machine was deleted and all data lost, including bitcoin wallet and its backups.
I have established that data was lost because settings of the virtual machine were changed, although I didn’t change them myself. Amazon Web Services Company, which hosts our servers, says that the cleared machine has been set up to be irretrievably destroyed (including the data on the disks) at the shutdown.
I’m still trying to establish who has changed the settings and whether I will be able to recover the lost data. Unfortunately cooperation with Amazon Web Services is very difficult. As soon as I realized that my virtual machine was lost I have ordered AWS premium support, talked to the manager and asked for securing of the disk data. So far, without success.
Ultimate Outcome
Mt. Gox reportedly later bailed out Bitomat.pl[13][14][15]. It is claimed that neither the exchange’s customers nor the original owners suffered any loss from the incident[13][14].
Inclusion In Lists
The incident was ultimately included in a list put together on the BitcoinTalk forums[14], an infographic list put together by Bitcoin Magazine[13], and a table put together by Kyle Gibson[15].
Total Amount Recovered
Mt. Gox reportedly later bailed out Bitomat.pl[13][14][15]. It is claimed that neither the exchange’s customers nor the original owners suffered any loss from the incident[13][14].
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
The use of multi-signature technology provides redundancy, and all operators should have training in how to safely store and manage private keys.
Individual Prevention Policies
In addition to protecting against unauthorized access, it’s important to build in redundancy. Using multi-sig with at least one additional spare signature means that any single loss of signature is unable to bring down the wallet.
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
In addition to protecting against unauthorized access, it’s important to build in redundancy. Using multi-sig with at least one additional spare signature means that any single loss of signature is unable to bring down the wallet.
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses - BitcoinTalk (Accessed Feb 15, 2020)
- ↑ Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Accessed Mar 5, 2020)
- ↑ 3.0 3.1 3.2 Third Largest Bitcoin Exchange Bitomat Lost Their Wallet, Over 17,000 Bitcoins Missing - SiliconAngle (Accessed Aug 26, 2024)
- ↑ 3rd largest bitcoin exchange has lost its wallet.dat [Translation in comments] - Reddit (Accessed Aug 26, 2024)
- ↑ 5.0 5.1 Bitomat Homepage Archive April 6th, 2011 12:03:53 PM MDT (Accessed Aug 26, 2024)
- ↑ MtGox Acquires Bitomat.pl as Bid to Restore Confidence in Bitcoin Market - SiliconAngle (Accessed Aug 26, 2024)
- ↑ https://web.archive.org/web/20110804225352/http://btcbase.com/2011/08/01/bitomat-pl-statement/ (Accessed Aug 26, 2024)
- ↑ https://web.archive.org/web/20111014032908/https://www.mtgox.com/press_release_20110811.html (Accessed Aug 26, 2024)
- ↑ https://archive.ph/gi80e (Accessed Aug 26, 2024)
- ↑ https://web.archive.org/web/20110406180353/http://bitomat.pl/ (Accessed Aug 26, 2024)
- ↑ https://x.com/search?q=bitomat+until%3A2011-12-31+since%3A2011-01-01&src=typed_query
- ↑ https://web.archive.org/web/20110812130108/http://bitomat.pl/
- ↑ 13.00 13.01 13.02 13.03 13.04 13.05 13.06 13.07 13.08 13.09 13.10 Infographic: An Overview of Compromised Bitcoin Exchange Events (Accessed Jan 30, 2020)
- ↑ 14.00 14.01 14.02 14.03 14.04 14.05 14.06 14.07 14.08 14.09 14.10 14.11 14.12 14.13 14.14 List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses [Old] - BitcoinTalk (Accessed Jan 28, 2020)
- ↑ 15.00 15.01 15.02 15.03 15.04 15.05 15.06 15.07 15.08 15.09 15.10 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents - Kyle Gibson (Accessed Jan 25, 2020)