What's going on with Bitfloor ?

[Boussac]

Aside from the excellent and timely report by Bitcoin Magazine below, does anyone have anymore info about this hack ?

Bitfloor, the fourth largest exchange dealing in US dollars, has just announced[1] that it has been hacked, and the service has taken a loss of 24,000 BTC, worth about $250,000 at the time of the theft. As Roman Shtylman, the founder of Bitfloor, describes it, “last night, a few of our servers were compromised. As a result, the attacker gained accesses to an unencrypted backup of the wallet keys (the actual keys live in an encrypted area). Using these keys they were able to transfer the coins. This attack took the vast majority of the coins BitFloor was holding on hand.” As a result, BitFloor has paused all exchange operations and, depending on the effect that this will have on BitFloor’s finances, BitFloor may take one of two options. They may either take the loss and continue running in an attempt to eventually earn the money back or, in the worst case, shut down entirely and begin an account partial refund process out of the available funds.

The unencrypted backup that allowed the thief to carry out the attack was made when Shtylman made a manual upgrade earlier and put the data into an unencrypted partition on his disk; Shtylman has so far declined to comment further on the details of the attack, saying that “my current focus is on the future and not the past.” As Bitcoin security experts point out, Bitfloor made not one but two errors that were both necessary to lead to such a severe loss; the first, leaving data stored unencrypted, was an honest and perhaps unavoidable mistake, but it would not have had nearly as much of an effect if there had not also been the second error of leaving so much money in an online-accessible “hot wallet”. Since the Bitcoinica Linode theft, in which an unknown attacker made off with $222,000 worth of bitcoins from Bitcoinica’s hot wallet in March, it has been generally understood that any Bitcoin-holding service should keep the vast majority of its funds in “cold storage”, a term referring to a setup where the private keys never touch any computer that is accessible from the internet.

[Kupsi]

https://bitcointalk.org/index.php?topic=105818.0

[the_thing]

Why do you guys always need to make multiple threads about the same topic. There are already about 4 threads about Bitfloor crash.

[ErebusBat]

Why do you guys always need to make multiple threads about the same topic. There are already about 4 threads about Bitfloor crash.

+1

[eldentyrell]

Why do you guys always need to make multiple threads about the same topic. There are already about 4 threads about Bitfloor crash.

+1

It's because the forum software sucks so much: there is only one UI for the forum, and that UI makes it easier to create a new thread than to figure out if there already is one.  Since the forum has no NNTP or API support and the RSS support has gaping holes it's going to be like this for a long, long time.  Get used to it.

[Phinnaeus Gage]

Why do you guys always need to make multiple threads about the same topic. There are already about 4 threads about Bitfloor crash.

+1

It's because the forum software sucks so much.  It's easier to make a new thread than to figure out if there already is one.  Since the forum is web-interface-only (i.e. no NNTP support or API) there's only one UI available, and it sucks, and it's never going to get fixed.

What he said, albeit I ain't got the damndest clue what the fuck he's talking about, but pretty sure I get the gist.

That said, my Bitfloor thread should be able to explain why that Russian cabbie is bringing his dad to the states to hunt down Pirate. Maybe not connected, but I assume you all know that Roman speaks Russian and that his ex(?)-partner with Bitfloor IS Russian.

~Bruno~

[crazy_rabbit]

Why do you guys always need to make multiple threads about the same topic. There are already about 4 threads about Bitfloor crash.

+1

It's because the forum software sucks so much: there is only one UI for the forum, and that UI makes it easier to create a new thread than to figure out if there already is one.  Since the forum has no NNTP or API support and the RSS support has gaping holes it's going to be like this for a long, long time.  Get used to it.

Yeah, it really is tough finding things, and I mean that seriously.

[paraipan]

Why do you guys always need to make multiple threads about the same topic. There are already about 4 threads about Bitfloor crash.

+1

It's because the forum software sucks so much: there is only one UI for the forum, and that UI makes it easier to create a new thread than to figure out if there already is one.  Since the forum has no NNTP or API support and the RSS support has gaping holes it's going to be like this for a long, long time.  Get used to it.

Yeah, it really is tough finding things, and I mean that seriously.

Try this