Bitstamp operational wallets compromised

update:

The current speculation is that the attackers actually stole 18,000 bitcoins and simply used the high fee in order to make sure that their transactions got confirmed quickly.

As you already know, the top US exchange Bitstamp have suspended their services as of January 5th 2015. The cause appears to be compromised operation wallets which, according to bitstamp, have been compromised on January 4th.

bitstampsucks

As of now, we are not sure how the wallets were compromised or what the vulnerability was. However, we speculate that a high fee attack might be the method used.  A r/Bitcoin user by the name of ShindlersCat pointed out that he received 2 transaction each of 0.01 BTC to his bitstamp account roughly 6 hours before the announcement.

I wonder if this is related. Yesterday around this time I got an email notification from Bitstamp telling me that I had just successfully deposited 0.01 BTC. Just shrugged it off. A few hours later another 0.01 BTC where deposited into my account. Both came pretty much out of nowhere. And then about 6 hours later the first thread about the withdrawal issues popped up in this sub.

Lets take a closer look at each transaction, here is a screenshot of the first transaciton:

01btcfee

 

As you can see there is a very generous 0.1 BTC fee in the transaction, this fee goes to a random miner which happens to verify that transaction. Another look at the second transaction reveals the same 0.1 BTC miner’s fee. Upon further investigation, thanks to the r/Bitcoin user basil00 a similar transaction was found which contained an even more generous 10 BTC fee! Now, assuming that the funds were sent from Bitstamp’s operational wallets, setting high fees would mean btc loss to random miners, quite a sticky situation isn’t it?

bitstamphack

 

We do not  have much information at this time and we do not have a direct statement from Bitstamp regarding the issue. However, both transactions seem to benefit this address: 1L2JsXHPMYuAa9ugvHGLwkdstCPUDemNCf

The most current speculation suggests that this address contains the stolen coins which amass to 18,864 coins, worth roughly 5 million. It is still unclear as to what extent the exchange was compromised.

If you liked this article follow us on twitter @btc_feed