Bitstamp, a European web service that allows users to buy and sell bitcoin in exchange for "real" currencies like dollars or yen, was just taken for $5 million. Nobody knows by exactly whom, or exactly how it was done, and that's a big problem for the "future of money."

The theft, carried out by an unknown party at an unknown location, snatched a pretty hefty sum, reports, CoinDesk:

Bitstamp has released a new statement regarding the security of its website, admitting that it has lost "less than 19,000 BTC", about $5.1m at press time. The revelation follows the disclosure that Bitstamp's wallet system was compromised, prompting it to halt deposits and later shut down its platform entirely.

The "wallet" in this case is a virtual storage system for the bitcoin funds of others, held temporarily before being bought or sold for other currencies. Someone managed to break into this virtual vault and take the bitcoins for themselves—but unlike an actual vault at an actual bank, there's precious little evidence to go on. Reddit's zealous bitcoin community is predictably pissed ("I imagine their's [sic] more than a few of us who saw this coming a mile away, and stayed the fuck off Bitstamp"), and the company has so far only issued vague apologies:

This breach represents a small fraction of Bitstamp's total bitcoin reserves, the overwhelming majority of which are held in secure offline cold storage systems. We would like to reassure all Bitstamp customers that their balances held prior to our temporary suspension of services will not be affected and will be honored in full. We appreciate customers' patience during this disruption of services. We are working to transfer a secure backup of the Bitstamp site onto a new safe environment and will be bringing this online in the coming days.

Security consultant Egor Homakov explains in a blog post:

Bitcoin exchangers must understand one simple thing: you're going to be hacked. That's the truth you have to accept and build your entire architecture around this axiom (think of Erlang's fault tolerance "let it fail") . And your business shouldn't collapse after it. [...] While blockchain is not exactly anonymous, it's nearly impossible to track the stolen money. You cannot get them back. Ever.

The same quasi-anonymity that makes bitcoin so alluring to paranoids and underworld types is what makes it so alluring to steal: you leave just as few fingerprints stealing it as you do spending it. Bitstamp swears it has enough money in reserves to cover any funds stolen, but the site has been down for two days now, and it could be out for days more. The company's promise that any losses will be reimbursed, and that the exchange is certainly not in any permanent trouble is alarming on its own, post-Mt. Gox.

Photo: Shutterstock