Dear Bitcoinica Users,PLEASE DO NOT RE-USE ANY OLD BITOIN DEPOSIT ADDRESSES
Many of you have heard that several bitcoin services were victims of a recent Linode security breach today. Unfortunately, Bitcoinica is also among the services affected.
On 2013-03-01 at 6:30 UTC, our "hot wallet" hosted at Linode and containing over 10,000 BTC was emptied. The unauthorized access is consistent with that experienced by other bitcoin services, described by Linode as unauthorized access from Linode's "customer support interface".PLEASE DO NOT RE-USE ANY OLD BITOIN DEPOSIT ADDRESSES
Customers should not use any bitcoin addresses previously used to fund their Bitcoinica accounts.
We must assume that the thief has retained private keys associated with old bitcoin deposit addresses. This would allow them to access any new bitcoins sent to old deposit addresses. As of now, our website will only display new deposit addresses which are not affected by this. However any old bitcoin addresses which you may have recorded for convenience should never be used ever again. This is the most important thing:PLEASE DO NOT RE-USE ANY OLD BITOIN DEPOSIT ADDRESSES
Other important things:
- Customer funds will not be affected.
Bitcoinica is committed to absorbing any loss. The thief stole from us, not you.
- Customer data is safe.
The compromised server was entirely dedicated to holding our bitcoin "hot wallet" only. Thankfully, this function is the –only- one ever hosted at Linode. No customer data has ever been hosted at Linode. Also, there is no privileged access from the affected server. This means that no passwords, account activity, or any other customer data has been exposed by this incident.
Less important things:
This is a very unfortunate event. To support instant withdrawals for customers, our “hot wallet” balance was necessarily higher than other services. As such the impact to us is larger. However, Bitcoinica is financially sound and our customers will not be affected.
Linode has been a well-respected hosting provider. We have reached out to them to be as cooperative as possible in helping them identify the security breach that led to this incident, but have not yet received a response.
We hope we can soon report their full cooperation in recovering this loss.
Thank you to our customers for your support.