Coinapult loses $43K in hot wallet compromise
According to a Google Doc released by Bitcoin payment processor Coinapult, an unauthorized withdrawal of 150 Bitcoins (worth nearly $43,000) was sent from the company hot wallet Monday evening, reported SiliconAngle.
Coinapult’s website has been updated with a warning that customers should not send any Bitcoins to existing Coinapult addresses, including lock addresses.
The company says on its website, “To summarize, Coinapult has the situation contained and all funds (minus the 150 BTC withdrawn [Monday] night) are safe. Investigations are ongoing to determine the method of attack. Until we are able to determine and patch the attack vector, we will not re-enable our services. If this takes more than a few days, we will refund customers manually.”
SiliconAngle reported that the company’s own investigation into the incident found several suspicious coincidences from March 13, when the data center where the finance server is hosted had an all-day outage. Plans have been made to move servers out of that data center in short order, which Coinapult personnel believe triggered the attack’s timing.
SiliconAngle said an investigation of the servers showed that an attacker accessed many of the machines, deleting and modifying logs.
As part of the recovery, Coinapult staff have powered down all the hardware in the data center and intend to run forensics on the hard drives to see if data can be recovered from the modified logs. A laptop that was possibly involved is also being disassembled for forensic analysis.
Coinapult is also proceeding with moving hardware out of the data center and will try to gather surveillance and logs from the days in questions.