Bitcoin Bank Flexcoin Shuts Down After Hackers Emptied Hot Wallet

The Poloniex Bitcoin exchange has also suffered a data breach

  Flexcoin hacked
Six hours ago, Flexcoin, the Bitcoin bank, announced shutting its doors. The decision comes after hackers breached the service and stole all the Bitcoins from the hot wallet. 

Six hours ago, Flexcoin, the Bitcoin bank, announced shutting its doors. The decision comes after hackers breached the service and stole all the Bitcoins from the hot wallet. 

According to a notice posted on the Flexcoin website, the attackers stole close to 900 Bitcoins, transferring them into two addresses. The stolen Bitcoins are currently worth over $600,000 (€442,000).

The company says it’s shutting down because it doesn’t have the resources to recover from such a loss.

“Users who put their coins into cold storage will be contacted by Flexcoin and asked to verify their identity. Once identified, cold storage coins will be transferred out free of charge. Cold storage coins were held offline and not within reach of the attacker,” reads the notice posted on Flexcoin.com.

The organization is working with law enforcement to track down the attackers.

Flexcoin is not the only Bitcoin company targeted by hackers. Earlier today, the owner of Bitcoin exchange Poloniex revealed that 12.3% of their coins have been stolen.

Apparently, a hacker has leveraged a vulnerability in the code to make unauthorized withdrawals.

“The hacker discovered that if you place several withdrawals all in practically the same instant, they will get processed at more or less the same time. This will result in a negative balance, but valid insertions into the database, which then get picked up by the withdrawal daemon,” Busoni, the owner of Poloniex, explained.

Since the service’s auditing and security features haven’t been designed to look for negative balances, the hackers managed to withdraw a lot of Bitcoins before being detected.

“They add deposits and withdrawals and check that accounts are in balance. If you have 2 BTC, withdraw 10 BTC, and are left with -8 BTC, the software would see that you deposited 2, withdrew 10, and have exactly what you should: -8,” Busoni added.

The incident was discovered after existing security mechanisms detected unusual activities. Now, the system has been improved to ensure that accounts with negative balances are frozen.

While this prevents the exploit from being leveraged, this only represents a temporary solution.

The problem with such Bitcoin heists is that the transfer cannot be reversed. While anyone can see where the coins end up, because of the decentralized nature of the virtual currency, nothing can be done to recover them.

News of these latest hack attacks comes shortly after Mt. Gox, the world’s largest Bitcoin exchange, filed for bankruptcy. The company says hackers have stolen close to 750,000 of its customers’ coins.

4 Comments