“On November 15th BIPS was the target of a massive DDoS attack, which is now believed to have been the initial preparation for a subsequent attack on November 17th that overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers,” BIPS’ CEO Kris Henriksen explained in a post on the Bitcoin Talk Forum. “Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets.”
The company has immediately disable all wallet functions - BIPS is primarily a merchant processor, and its consumer wallet initiative was a free service - and has proceeded to contact compromised wallet owners.
For the time being, BIPS will “focus on real-time merchant processing business, which does not include storing of Bitcoins,” and has not been affected by the breach. Time will tell if they lost the users’ confidence.
“All existing users will be asked to transfer bitcoins to other wallet solutions, and users affected by the security breach will be contacted,” they company stated on the site.
“Please be advised that attacks are not isolated to us and if you are storing larger amounts of coins with any third party you may want to find alternative storage solutions as soon as possible, preferably cold storage if you do not need immediate access to those coins,” Henriksen urged on Friday, alluding to the recent hacks of Bitcoin exchanges Bitcash.cz and Bidextreme.pl.
A Bitcoin wallet service was also hacked this month, and Chinese Bitcoin exchange Global Bond Limited has shut down, taking approximately $4.1 million worth of its clients' Bitcoins with it.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.