Linode, a company that provides virtualization hosting to companies worldwide, was breached recently by an unknown hacker who managed to gain access to a number of 8 accounts which referenced Bitcoin, stealing all the digital currency he could find.
Linode immediately released a statement and notified all the individuals whose accounts were affected.
“This morning, an intruder accessed a web-based Linode customer service portal. Suspicious events prompted an immediate investigation and the compromised credentials used by this intruder were then restricted,” reads the company’s statement.
“All activity by the intruder was limited to a total of eight customers, all of which had references to ‘bitcoin’. The intruder proceeded to compromise those Linode Manager accounts, with the apparent goal of finding and transferring any bitcoins. Those customers affected have been notified.”
The Register uncovered the identity of two of the victims, which disclosed further information regarding the incident.
The first is the Bitcoin trading platform Bitcoinica which lost more than 10,000 BTC, the equivalent of around $47,000 (33,000 EUR).
Part of the company’s statement reads:
Customers should not use any bitcoin addresses previously used to fund their Bitcoinica accounts.
We must assume that the thief has retained private keys associated with old bitcoin deposit addresses. This would allow them to access any new bitcoins sent to old deposit addresses.
As of now, our website will only display new deposit addresses which are not affected by this. However any old bitcoin addresses which you may have recorded for convenience should never be used ever again.
They reassure customers that their data is safe and their funds will not be affected in any way as a result of the incident.
The second victim is Marek Palatinus who witnessed firsthand how the 3,000 BTC ($14,000 or 10,000 EUR) from his “wallet” were fraudulently transferred.