Receive all Cointelegraph news immediately in Telegram.
An estimated 250 bitcoins have been “lost” by Blockchain.info following a security lapse during an update yesterday, it has emerged.
Blockchain.info, security, lapse, BTC, lost, Nicolas Cary, specific incidents, affected users, funds, error
[UPDATE: A Bitcointalk user under account johoe, having admitted responsibility for extracting 255 BTC from Blockchain, has announced all will be returned to users once they are able to “convince” him of their rightful ownership.
The user has set up a list of affected addresses for users to consult. Blockchain has separately pledged to reimburse any users who find they have had funds removed from their wallet.
“The money has been returned to blockchain.info. Please write to blockchain support to claim refund,” johoe wrote in the Bitcointalk thread earlier today.
There have so far been no confirmations that the full amount originally lost has been re-credited to Blockchain, and Reddit reports the case of a wallet holder allegedly having lost 100 BTC during the period.]
An estimated 250 bitcoins have been “lost” by Blockchain.info following a security lapse during an update yesterday. While this the number of coins has not been actively released, undisclosed sources have provided us with this data point. Blockchain.info is still actively investigating the issue.
A blog post on Blockchain’s website confirmed error messages viewable on several hundred user accounts which read “A security issue affects address X. Please Contact [email protected]
According to Blockchain, the issue affected less than 0.0002% of the database and all of the users who are potentially involved have been alerted via email.
Although the post makes no mention of losses having been incurred during the flawed release created by engineers during a software update, Inside Bitcoins has reported—based on speculations made on bitcoin boards—that up to US$90,000 worth of Bitcoin could have gone missing. CEO Nicolas Cary told Insidebitcoins:
“We are currently researching specific incidents, working with affected users, and reimbursing those users which lost funds.”
Blockchain subsequently took responsibility for the error in a Twitter response:
@pete_dushenski We admit we are at fault. We will be working w/affected users to reimburse those whose funds were misplaced.— Blockchain (@blockchain) 9th december 2014
@pete_dushenski We admit we are at fault. We will be working w/affected users to reimburse those whose funds were misplaced.
This type of event is rare for Blockchain, and users within the community are already expressing concern as to the ease with which a seemingly routine operation was targeted and funds potentially stolen.
“I wouldn't be surprised if approximately ∞% more blackhats are reviewing changes to blockchain.info's codebase than bc.i employees,” Bitcoin core developer Peter Todd meanwhile tweeted in light of the news.
The security weakness was seemingly exploited within a two-and-a-half-hour window on the morning of December 8, with Blockchain raising the alarm later that day.
IMPORTANT: security disclosure to our users re: potentially vulnerable addresses: t.co/fBsEV3rdGL— Blockchain (@blockchain) 8th december 2014
IMPORTANT: security disclosure to our users re: potentially vulnerable addresses: t.co/fBsEV3rdGL
“If you created a wallet, generated a new address via Blockchain.info’s web-wallet, or sent bitcoin from your wallet during this time period and have not provided us with your email address, please contact our support desk at [email protected]
Blockchain added that “addresses, wallets and transactions created via the Blockchain.info iOS and Android apps, and the Chrome extension are not affected.”
Meanwhile, Reddit users point out that Andreas Antonopoulos, formerly Blockchain’s chief security officer, may have been “lucky” choosing to leave the company in September.
Update from Nic Cary: This issue was not a security breach, but a consequence of a development release. Blockchain.info identified the issue almost immediately and we're working with a limited number of users to reimburse them and do the right thing.
Did you enjoy this article? You may also be interested in reading these ones:
Follow us on Facebook
For updates and exclusive offers, enter your e-mail below.
One fine body…
Thank you for contacting us! We will reply to you as soon as possible.
Thank you for your interest in our franchise program.
We are considering your request and will contact you in due course. If you have any further queries, please contact:
Reset letter sent.
Please checkout your mailbox for password reset details