The Bitcoin exchange service Bitstamp has been hacked. It’s uncertain what the attackers have managed to steal, but it’s certain that they’ve obtained Bitstamp customer email addresses.
A few days ago, a Bitstamp user reported receiving a malicious email that attempted to trick him into installing malware disguised as a PDF document.
Eleuthria, the operator of BTC Guild, has confirmed that the Bitcoin exchange’s mailing list has been stolen. Apparently, the email addresses were stolen around two weeks ago and they’ve been used to send out fake BTC Guild support emails informing recipients about a 3.201 Bitcoin transfer.
“I informed Bitstamp that they had at least a breach on their email list, if not the rest of their system. At first they denied it, but in a follow up they eventually admitted to it. They then sent out a little security update email mentioning 2FA/password security,” Eleuthria said.
On Wednesday, Bitstamp posted a tweet to warn customers about new phishing emails carrying the subject line “Bitstamp trading will be suspended for 24 hours.”
ATTENTION all Bitstamp USERS – new phishing attempt. Ignore all email with the subject “Bitstamp trading will be suspended for 24 hours”.
— Bitstamp (@Bitstamp) March 5, 2014
Later, they announced introducing two-factor authentication for Bitcoin and Ripple withdrawals.
On February 11, Bitstamp suspended Bitcoin withdrawal processing due to a denial-of-service (DOS) attack. Automated processing for withdrawals was resumed on February 15.
After the downfall of Mt. Gox, Bitstamp representatives issued a statement. At the time, the company assured customers that they’ve reviewed accounts and no Bitcoins were missing. However, something must have happened if their customers email addresses have been compromised.