BitStamp, one of the largest Bitcoin exchanges, suspended its services last week and asked customers not to make deposits following a security breach. On January 4, some of BitStamp’s “virtual wallets,” which permit customers to make instant exchanges of the currency, were compromised, resulting in a loss of about 19,000 Bitcoins worth approximately $5 million. BitStamp’s CEO, Nejc Kodrič, stated that the virtual wallets connected to the Internet contained a limited number of BitStamp’s Bitcoins and that most of its Bitcoin reserves are maintained offline in cold storage. As a result, most Bitcoins, Kodrič said in a tweet, “remain safe.” The hacker has not been identified, nor has any party claimed responsibility.
Following the relaunch of its website, in a January 9 statement, BitStamp said that during the time the exchange went offline, it rebuilt its systems on new hardware and preserved its old system as evidence for the purpose of a forensic investigation. The company said it has relaunched with new security measures and protocols in place.
The BitStamp breach follows several breaches of other Bitcoin exchanges – events causing uncertainty in the virtual currency industry. Last February, the Mt. Gox shutdown caused the price of Bitcoin to drop significantly. Mt. Gox lost more than 750,000 of its customers’ Bitcoins and, in total, lost coins worth about $500 million. Mt. Gox eventually filed for bankruptcy. The breach led Mt. Gox’s U.S. and Canadian customers to bring a number of class action lawsuits. Also last year, a second Bitcoin-trading website, Vircurex, temporarily stopped withdrawals and deposits following a large withdrawal indicative of a vulnerability in the exchange. These breaches illustrate that financial institutions remain squarely within the crosshairs of cyber criminals seeking to profit from data breaches.
Bitcoin already is under scrutiny by the Federal Reserve and the Senate Homeland Security and Governmental Affairs Committee due the potential risk of security breaches, and the U.S. Department of Justice is monitoring Bitcoin’s use as it relates to money laundering schemes. Nevertheless, many banking institutions are considering whether to accept virtual currencies like Bitcoin. State and federal regulators are also pointing to the breaches as a basis to regulate the virtual currency industry. For instance, New York State’s Department of Financial Services has proposed rules that would require a license for virtual currency – a subject of some debate in recent months resulting in a revision of the proposed rules. California’s Business Oversight Department recently determined that a state law on money transmitters may also apply to virtual currencies like Bitcoin, and California officials are considering whether to regulate virtual currencies under the state law.