BCLogoNew Zealand bitcoin exchange site bitnz.com has been taken by the administrator leaving the message "bitnz.com under maintenance. Apologies for the inconvenience (contact(at)bitnz.com).".

It seems that last monday at 3am New Zealand time 39 bitcoins were transferred from the exchange by an unknown party.

Bitnz is one of the oldest (and perhaps smallest) bitcoin exchanges that started operators on 21 September 2011.

Danial Newton, the administrator of bitnz in a reddit post explained that he believes that the perpetrator gained access to the exchanges outward mail queue at MailJet.com and then set about resetting peoples accounts and intercepting the reset codes. The perpetrator then used those reset codes to logon to user accounts and transfer out the bitcoins contained in the account.

It should be noted that users that had enable 2 factor authentication are safe from this theft. It is unknown at the moment if any accounts with New Zealand Dollar balances are affected.

Danial is in the process of analyzing exactly how the theft took place but has already said that he will replace all of the bitcoin with funds from his own wallet.

The full post on reddit follows;-

On Monday, 11 August 2014 at 3am NZ time, \~39 bitcoins were stolen from bitNZ.

Our email relay service provider was hacked which enabled the attacker to view all outgoing emails. The attacker used this information to reset user passwords and intercept the password reset email. If the user did not have 2FA the attacker was able to log on as the user and initiate a withdrawal.

At the moment I am still analysing the the event and making sure the vulnerability is plugged (revoke email relay access, reset passwords/api-keys, purge sessions, check if user emails were modified etc).

I need to take the time to do this thoroughly so please have some patience. You can contact me at [email protected] or ask questions on this thread.

I am going to cover the loss. If you would like to donate to help here is the address 1NAVXrA8NnXURzdFNLf79p8YoLPBBfwnFi



Comments

comments powered by Disqus