Cyberthieves who stole more than $250,000 in digital money bitcoins are still sitting on the cash.
The haul, in what is known as bitcoins, was stolen in a raid on the BitFloor online currency exchange this month.
BitFloor boss Roman Shtylman said transaction-tracking technology in the bitcoin system showed the money had not been spent.
The robbery forced BitFloor to close but Roman Shtylman said he was working on ways to relaunch the exchange.
Cyberthieves who stole more than $250,000 in digital money bitcoins are still sitting on the cash
Although bitcoins can be used to buy and sell, the digital currency is not minted by a nation. Instead bitcoins are “mined” by people getting their computer to perform a complicated and time-consuming mathematical problem.
Bitcoins are spent by assigning the private key associated with them to someone else. The robbery on BitFloor got hold of the private keys of many of the exchange’s customers, thereby handing control of those bitcoins to the robbers.
Because all transactions with bitcoins are public, said Roman Shtylman, everyone who used the coins knew that the thieves had yet to start spending their ill-gotten gains.
Digital detective work carried out soon after the theft showed that it was carried out via an IP address based in Moscow, he said. No transactions had been recorded using the stolen coins since they had been taken.
“They have not been moved,” Roman Shtylman.
“We may not know who the person is but we can see what they are doing with the fund.”
He speculated that the thieves were sitting on their pile of digital cash because the money was still “hot”. The thieves may be looking at ways to launder the money, he said, by putting it into bitcoin wallets they controlled and then converting it into other, real-world, currencies.
Roman Shtylman said a crime report about the theft had been filed with the FBI, which was believed to be investigating.
Prior to the raid BitFloor was the largest bitcoin exchange in America and the fourth-largest in the world. Roman Shtylman said he was now looking at how best to relaunch BitFloor.
“Given the amount of money involved it will take time to solve these problems and find ways to pay people back,” he said, adding that most of the currency traders who used BitFloor were sticking with him.
“A lot of people want to see the exchange return and continue trading,” he said.
BitFloor, one of the biggest Bitcoin currency exchanges, has been taken offline after 24,000 units ($250,000) of the virtual currency were stolen from its computer servers.
Bitcoins can be used for online money transfers and trades, and the currency uses cryptography to protect it.
But BitFloor’s founder, Roman Shtylman, said he had kept unencrypted “keys”, which the thief accessed and used to take the money.
BitFloor’s future is now in doubt.
Roman Shtylman said his New York-based service was the biggest of its kind in the US and the fourth largest in the world.
BitFloor, one of the biggest Bitcoin currency exchanges, has been taken offline after 24,000 units ($250,000) of the virtual currency were stolen from its computer servers
Unlike other currencies, Bitcoins are not issued by a central bank or other centralized authority. Instead they are created in a process called “mining”, in which coins are issued to a user when they solve a complicated mathematical problem using their computer.
The complexity of the problems is determined by the number of “miners”, to ensure there is not a flood of new currency.
Most people using Bitcoins do not create cash in this manner, but rather use currency exchanges – such as BitFloor – to purchase them.
Part of the attraction is they can be used to make transactions that are difficult to trace, offering privacy to their users, and the currency has been adopted by Wikileaks and other sites to receive donations.
Effectively Bitcoins are a very long meaningless string of digits that only have value if their owner uses a shorter related number, known as a private key, to spend them.
The key identifies the address the currency is stored at, allowing the currency to be accessed and transferred to a new owner, who then stores it at a new address safeguarded by a different key.
It is therefore critical that a user protects their keys to secure their Bitcoins – and the Bitfloor exchange used encryption to protect its store.
But Roman Shtylman acknowledged on a forum that he had recently carried out an upgrade of his systems and stored an unencrypted copy of the keys during the process, which the thief took advantage of.
“I realize this is a very serious mistake,” he wrote.
He added the thief had taken the vast majority of the currency that he had been holding at the time, meaning he could not cover all his users’ account balances. However, Roman Shtylman added that account details had not been compromised.
“As a last resort, I will be forced to fully shut Bitfloor down and initiate account repayment using current available funds,” he wrote.
“I still have all of the logs for accounts, trades, transfers. I know how much each user currently has in their account for both US dollars and Bitcoins. No records were lost in this attack.”
This is not the first attack on a Bitcoin exchange.
UK-based Bitcoinica was hacked twice this year and subsequently sued by several of its users after they had alleged it was not able to honor their withdrawal requests. The firm has since ceased operations for what it terms “a transition period”.
Last year another exchange, Japan’s MtGox, suspended operations for several days after one of its accounts was compromised causing the currency to plummet in value. The service acted to compensate users who had been caught up in the sell-off.