Bitcoin Exchange Doing Security Right: Bitcurex Successfully Blocked A Hacking Attack

March 14, 2014 20:06 UTC

Some 9 hours ago, astute Bitcoiners watching Bitcoin exchange charts were greeted by a surprising blip on Poland’s largest Bitcoin Exchange: Bitcurex.  Bitcurex has been in operation since July 2012, and is operated out of Lodz, Poland under the registered Digital Future Ltd.  It seems that a hacker managed to create 94 million PLN (The Polish Zloty) and used the fiat to buy Bitcoin orders on the order book.  According to witness reports from traders on Bitcurex at the time, the hacker used his hacked PLN to buy the order book and caused a noticeable  ~10% change in the exchange rate.  The hacker then left a buy order for ~19,000 Bitcoins on the order book which was in the process of being filled when trading was halted.

Some Bitcoiners are all “doom and gloom” at the news of another Bitcoin exchange shutting its doors for a little while.  There are many people that are still smarting from the news of Mt. Gox halting Bitcoin withdrawals first then all operations later.   There are several differences between Mt. Gox and Bitcurex that are quickly becoming clear.  While the occurrence of a hack of any kind against a Bitcoin Exchange is unsettling, the way in which Bitcurex has dealt with the matter is commendable.

Within 5 minutes of the market buy and buy order being placed Bitcurex shut down trading on their site.  A few hours ago, the Bitcurex team made an official statement via their Facebook page.

Dear Users,

We successfully blocked a hacking attack on Bitcurex, preventing mass theft of BTC funds of our users. Thanks to automatic safety procedures, hackers managed to defraud only a portion of the funds stored in operational Hot Wallet Bitcurex. The majority of funds from Hot Wallet, as well the entirety of funds from Cold Wallet and FIAT monetary funds remained intact.

Our team located and removed the source of the problem. We are working on resuming normal service, at the same time an external audit is being conducted: we will soon provide the exact date of resuming all Bitcurex functionalities. More information will be provided in further statements.

We are sorry for the inconvenience, and most of all we thank the whole BTC community for the support we received: we were put to a test that will make us stronger.

Best regards,
Bitcurex Team

This is not the death of Bitcoin

Personally, I am curious to see how the mainstream media will present this story.  I will not be surprised if some western sources of news report the facts in a skewed manner in order to paint Bitcoin in a dangerous light.  The real important reaction to watch for will be from Polish language news sources.  No matter what the world and global Bitcoin community at large think about the hack and subsequent recovery, it is the Polish people that will ultimately decide whether or not Bitcurex lives on.

The good news is this: Bitcurex “successfully blocked” the hacking attempt.  Though the wording of their statement implies that some funds from Bitcurex’s hot wallet may have been automatically transferred out it also implies that all Bitcurex users will have 100% of their funds once Bitcurex resumes service.  Bitcoin exchange security is a very big deal, the automatic security precautions that Bitcurex adopted ended up thwarting a major heist.

In comparison, a few other Bitcoin exchanges that have been hacked in the past few weeks are Poloniex and Flexcoin.  The former opted to continue operating and will pay back users from future fees while the latter was put out of business.  Stay tuned to CCN for more updates on the Bitcurex hack and other Bitcoin news.

Last modified: March 14, 2014 20:12 UTC

@bitxbitxbitcoin

Caleb is a graduate of the University of Virginia where he studied Economics, East Asian Studies, and Mathematics. He is currently pursuing his MSc in Digital Currency at the University of Nicosia.