Flexcoin, the self-described “first bank of Bitcoin” was hacked on the 2nd of March, suffering a catastrophic loss of 896 Bitcoins (valued at around $600,000 USD). Flexcoin has since closed its doors.
“In our ~3 years of existence we have successfully repelled thousands of attacks. But in the end, this was simply not enough” –Announcement from the Flexcoin website.
The theft was enabled from the front-end. The attacker(s) logged into Flexcoin under newly created username and deposited Bitcoins to a specific address. The coins were then left until they had reached six confirmations. A flaw in the code which allows transfers between users was then exploited by sending thousands of simultaneous requests. the attacker was able to “move” coins from one user account to another until the sending account was overdrawn, before balances were updated...
Read more at:
http://www.coinchilli.com/flexcoin-hacked/J.C Axe
