Coinapult, a long-running bitcoin wallet service, announced on Monday that its hot wallet had been compromised to the tune of 150 coins – around $42,900, CoinDesk reports.
The company made the announcement on Twitter late on Monday, advising customers not to send any bitcoin to Coinapult addresses until further notice:
We are investigating a compromise of our hot wallet. Customers should NOT SEND bitcoin to existing Coinapult addresses starting IMMEDIATELY.
— Coinapult (@Coinapult) March 17, 2015
The front page of the Coinapult site, at the time of writing, still reiterates this advice. They also posted a short summary of a longer Google Doc, saying, “Coinapult has the situation contained and all funds (minus the 150 BTC withdrawn last night) are safe. Investigations are ongoing to determine the method of attack. Until we are able to determine and patch the attack vector, we will not re-enable our services. If this takes more than a few days, we will refund customers manually.”
Cryptocoins News notes that the stolen funds are yet to move from the address they were transferred to, which is unusual for a bitcoin hack. “It could be indicative of a well-intentioned hacker who intends to return the coins,” the article speculates, before offering up more pessimistic readings: “It could be indicative of a hacker who intends to blackmail the site for the return of the coins, in exchange for something else. Or it could just be the hacker hasn’t decided where to send them or what to do with them yet.”
This latest bitcoin hacking scare won’t effect American users, as the Panama based Coinapult is not available to US customers. However, it’s the latest in a line of bitcoin hacks that raise questions about the security of the cryptocurrency. In January, roughly $5 million of bitcoin was stolen from Bitstamp, and before that Mt Gox had $370 million taken before it collapsed.