Now that the price of Bitcoin has skyrocketed, more and more payment processors are hacked by cybercriminals. The latest victim is Denmark-based Bitcoin payment solutions provider BIPS, from which the attackers managed to steal 1,296 BTC.
According to the company’s representatives, on November 15, cybercriminals launched a massive distributed denial-of-service (DDOS) attack against the website. This attack appears to have been a preparation for the actual breach that took place two days later.
On November 17, a DDOS attack launched against BIPS overloaded managed switches and disconnected the iSCSI connection to the storage area network on the company’s servers. This made systems vulnerable, allowing the cybercriminals to compromise several wallets.
The attackers are presumably based in Russia and neighboring countries.
“As a consequence BIPS will temporarily close down the wallet initiative to focus on real-time merchant processing business which does not include storing of bitcoins. Subsequently BIPS will consider to reintroduce the wallet initiative with a re-architected security model,” BIPS stated when announcing the breach.
“The consumer wallet initiative has not been BIPS’ core business and, as such, regrettably affecting several users has not affected BIPS merchant acquiring.”
According to CoinDesk, a total of 1,295 BTC ($1,085,208 / € 803,271) have been stolen by the hackers, most of which from the company’s own funds.
BIPS representatives said they would contact affected individuals. They’re working on doing forensics data recovery, so that they are able to assist authorities in investigating the attack and tracking down the culprits.
However, users are not happy. Some of them complain that the company doesn’t communicate well with impacted customers. Furthermore, some threaten that they’re prepared to “lawyer up” in order to recover their lost BTC.
One unhappy customer is even urging people to sign up for a “bips.me potential lawsuit.”