The world is drawn ever closer to the flame of Bitcoin and the inescapable lure of easy fortune. With that brings the criminal element that instinctually follows the scent of possible easy money.
On November 19th the Denmark based Bitcoin company BIPS (Bitcoin Internet Payment System) announced that it had come under fire from a distributed denial of service attack several days earlier. A few days after the assault began the attackers managed to gain access to BIPS servers and compromised several customers Bitcoin wallets.
From BIPS Security page:
Passwords are stored with a double salted SHA-512 hashing algorithm. Our entire website is protected with AES RIJNDAEL 256 encryption and we have encryption of data traffic with 2048-bit, highest assurance Extended Validation SSL certificate, with 99.9% Browser Recognition.
Despite the security measures that BIPS apparently had in place the attackers were able to gain access. In addition to wallets BIPS provides services as a Bitcoin payment gateway for website operators.
Here is the announcement from BIPS that was posted last week,
To protect the successful merchant processing business BIPS has decided to temporarily close down its consumer wallet initiative.
BIPS has been a target of a coordinated attack and subsequent security breached. Several consumer wallets have been compromised and BIPS will be contacting the affected users.
As a consequence BIPS will temporarily close down the wallet initiative to focus on real-time merchant processing business which does not include storing of Bitcoins. Subsequently BIPS will consider to reintroduce the wallet initiative with a re-architected security model.
The consumer wallet initiative has not been BIPS core business and as such regrettably affecting several users has not affected BIPS merchant acquiring.
All existing users will be asked to transfer bitcoins to other wallet solutions, and users affected by the security breach will be contacted.
Additional support information:
BIPS help desk system is currently not accessible and will not be re-enabled until an alternative hosting solution has been arranged for this. In the mean time, support is reachable via email to support(at)bips(dot)me. Previously submitted tickets need to be resubmitted via email. Please be patient and allow 24-72 hours to receive a reply.
I am pleased to see the proactive approach that BIPS took to address the incident with its customers and the public at large. This type of incident helps illustrate the shift in distributed denial of service attacks away annoyance to cover fire. Attackers use this tactic to launch a barrage in order to distract the target from the infiltration attempts that ultimately follow.
I understand there is a great deal of excitement over Bitcoin. I admittedly have a hard time accepting this as anything more than gambling at this point in the game.
Would I like to see Bitcoin succeed? Of course. Do I think it will? I'm just not sure.
(Image used under CC from Rennet Stowe)