Copenhagen-based Bitcoin Internet Payment Services (BIPS) has been hit with a DDoS attack and has had 1,295 BTC stolen (a little over $1M) mostly from the company’s own holdings, but some from their customers’ wallets.
“On November 15th BIPS was the target of a massive DDoS attack, which is now believed to have been the initial preparation for a subsequent attack on November 17th that overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers,” BIPS’ CEO Kris Henriksen explained in a post on the Bitcoin Talk Forum. “Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets.”
The company has immediately disable all wallet functions – BIPS is primarily a merchant processor, and its consumer wallet initiative was a free service – and has proceeded to contact compromised wallet owners.
For the time being, BIPS will “focus on real-time merchant processing business, which does not include storing of Bitcoins,” and has not been affected by the breach. Time will tell if they lost the users’ confidence.
“All existing users will be asked to transfer bitcoins to other wallet solutions, and users affected by the security breach will be contacted,” they company stated on the site.
“Please be advised that attacks are not isolated to us and if you are storing larger amounts of coins with any third party you may want to find alternative storage solutions as soon as possible, preferably cold storage if you do not need immediate access to those coins,” Henriksen urged on Friday, alluding to the recent hacks of Bitcoin exchanges Bitcash.cz and Bidextreme.pl.