Updated below with more information from an emailed statement from Bitstamp.
Not even a year has passed since top bitcoin exchange Mt. Gox collapsed into a pit of burning money, blaming a hacking incident for a nearly half-billion dollar meltdown and bankruptcy. Now another major exchange may be putting its users through a small-scale replay of that crisis.
Early Monday, a UK- and Slovenia-based bitcoin exchange Bitstamp announced that it would be going offline while it investigated a security compromise of some portion of its stored currency that occurred over the weekend. In a statement to WIRED, the company said that "less than 19,000" bitcoins were stolen in the attack---about $5.1 million dollars---and warned users to immediately stop making deposits to any addresses it issued before 4 a.m. ET Monday. Meanwhile, Bitstamp users' money remains frozen in the company's accounts.
"Bitstamp takes our security and soundness very seriously," reads a statement on the company's website. "In an excess of caution, we are suspending service as we continue to investigate. We will return to service and amend our security measures as appropriate."
The company also tried to reassure users in its statement that they're not facing a Gox-level debacle. Only the exchange's "operational wallet" was compromised, it says, a fraction of coins that are frequently bought and sold. Careful exchanges (and users) keep the majority of their bitcoins in "cold storage," on computers without any connection to the Internet to prevent their theft. "As a security precaution against compromises Bitstamp only maintains a small fraction of customer bitcoins in online systems," the company's statement reads. "Bitstamp maintains more than enough offline reserves to cover the compromised bitcoins."
Bitstamp's chief executive Nejc Kodrič wrote on Twitter: "My sincerest apologies to those who are affected by our service being temporary suspended." He continued, "Thank you all for your patience. We are working diligently to restore service and hope to have an ETA later today."
In a followup email to WIRED Monday afternoon, Kodrič added that the company is cooperating with law enforcement to get to the bottom of the hack, and is "working to transfer a secure backup of the Bitstamp site onto a new safe environment and will be bringing this online in the coming days."
Bitstamp is far from Bitcoin's biggest exchange; prior to its suspension it accounted for only about 6 percent of transactions according to bitcoin statistics site Bitcoin Charts. But it had become one of the longest-lived and reputable ways to buy and sell currency in bitcoin's volatile economy. After Mt. Gox's bankruptcy, Bitstamp became a popular alternative to top exchanges BTC China, based in China's uncertain regulatory environment, and BTC-e, a mysterious operation run by unknown owners thought to be based in Bulgaria.
“We’re the backbone of the entire Bitcoin industry,” Kodrič told Forbes last year in an interview. “The wallet services, ATM machines, mining companies all rely on us. The price of Bitcoin is the de facto price on Bitstamp. We’re the go-to exchange.”
Its temporary shutdown due to the theft of a still-unknown number of coins could rattle bitcoin at a bad time. On Monday morning bitcoin's price hovered below $270, its lowest since 2013 and down from $375 just a month ago. If Bitstamp doesn't quickly emerge from its downtime and replace any lost coins, cryptocurrency's new year could be off to a unpleasant start.
