14 DAY TRIAL // CoinWallet, an online wallet service for Bitcoin and other crypto-currencies, announced over the weekend plans to shut down the service by May 1, 2016, following a data breach incident that occurred on April 6, 2016.
The CoinWallet team said it identified the point of attack, blaming a recent service upgrade that added a new function to their service. This new feature allowed for user input, which apparently wasn't properly filtered.
The attacker added malicious code to this input field, which was executed on the server triggering a malicious database call that compromised the service.
CoinWallet: No customer funds stolen
CoinWallet has admitted its error but said that no funds were stolen in the attack thanks to its secondary safety features that were specifically designed to prevent unauthorized transactions.
Following the discovery of this server breach, CoinWallet staff immediately reset all user passwords, deleted all API keys, and also stopped their Twitter Tip Bot.
CoinWallet admins said that while user passwords were "encrypted and salted," it is only a matter of time until an attacker finds a way to break them. As such, users are urged to change their passwords if they used the CoinWallet user and password combo for other online services.
"This incident prompted us to reassess the viability of running coinwallet.co and it was decided it is just not viable taking into consideration the risk, costs and time involved," the CoinWallet team revealed.
As such, the site's ownership has decided to shut down the service by May 1, 2016. CoinWallet users should log into their accounts and retrieve any funds they might have stored on the service.
Not the first Bitcoin trader to shut down in the past month
Ownership is also open to the idea of having another company take over the service if they wish to. Prior to the data breach, CoinWallet was capable of making Bitcoin trades and transactions in 82 different crypto-currencies, from the well-known Bitcoin and Dogecoin, to the more obsure Cannabiscoin, Solarcoin and Metalcoin.
CoinWallet is not the first Bitcoin trader to announce such plans. Also over the weekend, the ShapeShift service revealed it suffered a similar cyber-incident on April 7, and it shut down its service for the foreseeable future, deciding to rebuild its entire infrastructure from the ground up.
Prior to that, the CoinKite service decided to shut down its Web-based wallet service after numerous DDoS attacks during the past three years. Even earlier than that, another Bitcoin trader, BitQuick, also announced it was entering a two-to-four-week maintenance mode following a cyber-attack.