Bitcurex Forced to Shut Down After $1.5 million Theft

Polish bitcoin exchange Bitcurex just posted an update announcing it will close following a hack attack several days ago — resulting in $1.5 going missing. It’s one of the bigger bitcoin exchanges serving the European market, specifically for trading zloty and also euros.

Also read: Bitfinex Seeks Communication With Bitcoin Thief

Poland’s Most Popular Exchange

Bitcurex launched in 2012 and is a long-running bitcoin exchange based in Lodz, Poland. It has processed over $50 million USD worth of bitcoin in the past six months. However the exchange’s problems started on October 13, 2016. At the time users were unaware of the problems’s magnitude, as the exchange went offline and admins posted a message (in Polish).

Roughly translated, the message read that the exchange encountered problems with an update, and Bitcurex decided to temporarily suspend the exchange as they worked toward restoring services.

They did not mention a hack or loss of funds at the time. A week after October 13, however, the exchange posted a new message stating the team is working on a network upgrade and security update. It said users will have the “possibility” to withdraw funds when the site is back up. Again, there was no mention of any hack or loss of funds.

$1.5 million Gone in Bitcurex Hack

Yesterday, Bitcurex posted yet another update to its website, this time revealing the exchange had suffered a hack attack. The new message, again roughly translated, says a third-party was able to perform an automated data collection on the site, resulting in the loss of partial assets.

According to Polish Bitcoin news website Bitcoin.pl, one of the bitcoin addresses for Bitcurex is: 1K2PKGPGrYTQjPohXjDgbjeRtynGAZU9cF.

When reviewing the address, you can see large chunks of bitcoin being sent (withdrawn) from that address on October 13. This directly coincides with the initial message Bitcurex posted when it took the exchange down. In total, the sum of those transactions is over 2300 BTC. This converts to a loss of over $1.5 million in funds.

Your Data at Risk

The hack comes when Bitcurex had just recently added more layers to its platform. In July, the exchange added a certified compliance department — which was supposed to be overseen by the Poland Compliance Association. One of the compliance team’s goals was to assess customer risk and provide personal data protection.

It’s unclear from the message exactly what data was compromised in the hack, but it’s probable the hackers stole all user data (names, addresses, email, etc.). The stolen data may eventually find its way to the black market. This means if the stolen data includes passwords, they could be used in future hacks if customers are reusing passwords on other sites. As always, it’s a good reminder to change your passwords, don’t reuse passwords, and use two-factor authentication (2FA) wherever possible.

What’s Happening Next?

According to Bitcurex, the team is working with investors to bring back the exchange to restore services and possibly return funds. In order to claim any lost funds, you must complete the compliance form on Bitcurex.com and sent it to the email on the website.

The exchange also said it has also filed a report with the District Prosecutor’s Office in Lodz for criminal investigation and prosecution. At press time, Bitcurex estimates it will be able to restart service at the end of November.

Let us know in the comments below if this hack has impacted you, and how you feel about it.

Images via Bitcoin.com and Bitcurex.com

Do you want to talk about bitcoin in a comfortable (and censorship-free) environment? Check out the Bitcoin.com Forums — all the big players in Bitcoin have posted there, and we welcome all opinions.