Bitcoin exchange Bitstamp has temporarily suspended service as a result of a confirmed Bitcoin wallet breach. Earlier today, Bitstamp started by taking unusually long to process bitcoin withdrawals. Later, Bitstamp also changed its Bitcoin deposit system and gave every user a new Bitcoin deposit address. Deposits made to old Bitstamp deposit addresses will “not be honored.”
Bitstamp Website Locks Out Users
Bitstamp users, who were using innovative methods such as Ripple to get their money out of Bitstamp, are now unable to perform any actions on the Bitstamp site. Instead, they are greeted with an update:
BITSTAMP SERVICE TEMPORARILY SUSPENDED
We have reason to believe that one of Bitstamp’s operational wallets was compromised on January 4th, 2015.
As a security precaution against compromises Bitstamp only maintains a small fraction of customer bitcoins in online system. Bitstamp maintains more than enough offline reserves to cover the compromised bitcoins.
IN THE MEANTIME, PLEASE DO NOT MAKE DEPOSITS TO PREVIOUSLY ISSUED BITCOIN DEPOSIT ADDRESSES. THEY CANNOT BE HONORED!
Customer deposits made prior to January 5th, 2015 9:00 UTC are fully covered by Bitstamp’s reserves. Deposits made to newly issued addresses provided after January 5th, 2015 9:00 UTC can be honored.
Bitstamp takes our security and soundness very seriously. In an excess of caution, we are suspending service as we continue to investigate. We will return to service and amend our security measures as appropriate.
Bitstamp Proof of Reserves
Bitstamp’s emphasis that current bitcoin reserves, which were swept to secure cold wallets, are more than enough to cover losses has some backing. Months ago, in May of 2014, Bitstamp performed a Proof of Solvency. In comparison, infamous Bitcoin exchange Mt. Gox, which imploded in early 2013 and was hemorrhaging long before then, last proved ownership of 424242.42424242 bitcoins in November of 2011. Tokyo police have recently revealed that they believe that the majority of the missing 650,000 bitcoins from the Gox debacle were taken through fraud.
In a signed send-to-self transaction, Bitstamp proved its ownership of 183,497.40310794 BTC to Bitcoin developer Mike Hearn. Mike Hearn recently won Olivier Janssens’ Bitcoin Foundation Replacement Bounty with the Lighthouse project. Other Bitcoin exchanges such as Kraken, Bitfinex, and OKCoin have also passed a more advanced Proof-of-Reserves/Solvency “audit” that allowed users to verify that their funds were present in the proven bitcoin reserves. These “audits” were performed by Stefan Thomas with an open-source tool and obviously did not cover USD reserves or look at any real books; on the topic of the bitcoin reserves, Thomas has also previously stated:
As always, an audit does not constitute an endorsement and it does not address any risks outside of present insolvency. It’s also not infallible, exchanges can borrow money or ask others to sign their audit message. Finally, until we can implement fully zero-knowledge, cryptographically provable audits, you have to trust the auditor, i.e. me, to have done my job correctly.
Also same as last time, I did not receive any compensation for the audit and I did it in my free time.
Images from Bitstamp and Shutterstock.