A small New York-based company that specializes in exchanging Bitcoins is back online after hackers stole about US$250,000 worth of the virtual currency earlier this month.
Roman Shtylman, founder of BitFloor, said by phone from London on Monday he reported the theft to the FBI and that he intends to pay back victims whose Bitcoins were stolen.
How long that will take I dont know," Shtylman said. "Certainly for me this is a long-term plan, and Im mostly doing this because I feel it's important to try and be clear of my intention to try and recover the coins."
Bitcoin is a virtual currency, created by a mysterious person who went by the name "Satoshi Nakamoto" and has extensive knowledge of cryptography. Bitcoins are transferred using software programs that connect to a peer-to-peer system that cryptographically verifies the transaction.
Bitcoin "miners" are people who have built heavy-duty computing systems which maintain the integrity of the transaction system. For their work, they are periodically awarded Bitcoins, which have a fluctuating market value and can be traded for cash on exchanges such as BitFloor.
Nakamoto launched Bitcoin in early 2009. He was active in the Bitcoin community at the onset, and then disappeared: no one has conducted an interview with him, and efforts to uncover his true identity have been fruitless. A nine-page white paper written by Nakamoto describes the system.
Unsurprisingly, Bitcoin exchanges are prime targets for hackers, and several exchanges have been hacked. Because of how Bitcoin's peer-to-peer system is designed, transactions are irreversible unless the receiver of the Bitcoins chooses to send some back to the sender.
All transactions using Bitcoin are publicly recorded. Users have a 32-character alpha-numeric address, which is used to transfer funds. That address -- and the receiving address -- are available to see on websites such as Blockchain.info.
According to those records, the hacker has not transferred or spent the funds, Shtylman said. While Bitcoin offers a high degree of anonymity for Bitcoin-only transactions, at some point, users probably want to exchange their Bitcoins for cash (one Bitcoin was trading for $12.06 on Tuesday according to the largest exchange, Mt. Gox).
Bitcoin exchanges need a certain amount of information from users in order to pay them, including a person's name and bank account details. That offers a potential opportunity to trace a thief. Bitcoin has drawn attention, but no country has tried to regulate it, and exchanges do not want to be linked to money laundering or other shady deals.
Shtylman said the hack was devastating, and the cost well exceeded revenues he had made since he launched trading on BitFloor in October 2011. The loss, amounting to about 24,000 Bitcoins, was his fault: he had left the private keys --- needed to unlock and transfer Bitcoins -- on an unencrypted disk. Bitcoin uses public key cryptography for security.
Following the hack, Shtylman attended a Bitcoin conference in London where no one expressed anger at him.
"Most users and existing members of the community have been very supportive and wanted to see BitFloor come back online," Shtylman said.
Since relaunching, Shtylman said he is now keeping private keys in so-called "cold storage," or on offline computers not connected to the BitFloor's exchange. All funds that are live on the exchange will be backed by BitFloor, he said.
"We are never going into a situation where we are doing fractional reserve," Shtylman said, where funds belonging to customers are also used for other purposes.
Send news tips and comments to firstname.lastname@example.org
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.