14 DAY TRIAL // Bitstamp bitcoin exchange service resumed its activity on Friday, touting increased security thanks to a new hardware infrastructure and the adoption of multi-signature technology.
On January 4, the admins of the service noticed that some operation wallets holding little under 19,000 bitcoins (valued at more than $5.2 / €4.45 million at the time) had been compromised.
The next day, Bitstamp suspended activity in order to investigate the incident. New wallet addresses were created and customers were notified to stop making transactions using the old ones that had been compromised.
Nejc Kodrič, CEO of the company, informed that the lost bitcoins were just “a small fraction of Bitstamp’s total bitcoin reserves” and most of the money was secured in offline storage systems. He also said that the balances prior to the service suspension remained unchanged.
In the four-day period of online inactivity, Bitstamp made efforts to be able to resume business with increased security.
Co-signing technology improves wallet protection
The company adopted the multi-sig technology from BitGo, which requires three keys for securing a wallet, two of them being necessary for unlocking, making access to the money virtually hack-proof.
Protecting a bitcoin wallet relies on asymmetric cryptography, which entails the use of two keys (one publicly available and a private one that should remain secret) for getting access to the funds. The public key is basically the bitcoin wallet address, from which the private key is generated.
In the case of the wallets managed by online services, the third trusted party is given access to the customer’s private key in order to intermediate the digital currency transactions; this is what makes them obvious targets of cyber-attacks.
BitGo’s technology strengthens protection of the wallet as two keys are necessary for accessing the bitcoin funds: one is generated by BitGo and stored on their server, and one is generated by the user and stored in the browser in encrypted form. As such, the wallet cannot be accessed unless the two co-signers input their keys.
A third key is also generated, and it can be used as a replacement of either of the two, if one of them is compromised.
Business now runs on AWS infrastructure
Another measure taken by Bitstamp was to move the service to a new hardware infrastructure, powered by Amazon’s cloud computing.
The Amazon Web Services offer surveillance and multi-factor access control systems and authorization functions on the principle of least privilege.
Customers can customize the built-in firewalls themselves to control access to the data and are offered access to logs regarding all user activity in the AWS account.
“We took the decision to rebuild our systems from the ground up from a secure backup for a few reasons. By redeploying our system from a secure backup onto entirely new hardware, we were able to preserve the evidence for a full forensic investigation of the crime,” Kodrič said in an official announcement.
As a thank you to all Bitstamp customers, the CEO informed that, until January 17 (at 11:59pm UTC), all trading would be commission-free.