Hackers stole 1295 Bitcoins – more than a million dollars – from Denmark-based Bitcoin exchange BIPS.
Founder and CEO Kris Henrikson said the attack on November 15 involved a "massive" distributed denial-of-service attack thought to precede the attack two days later.
"... that overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers,” Henrikson wrote.
“Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets.”
Wallet functions were disabled as of last week, Henrikson wrote, adding that any and all affected individuals will be contacted – no matter how many Bitcoins were stored in their wallets – and merchants will be contacted too if automatic conversion of Bitcoin was not enabled.
“We will need [user] consent to hand over information to the authorities for further investigation, which hopefully can assist in catching the thief,” Henrikson wrote on Friday. “Another priority is doing forensics data recovery to be able to investigate and assist authorities in finding the attacker. Technical information will not be disclosed for security reasons.”
Earlier this month Bitcoin eWallet Inputs.io was the victim of a hack that relieved the service of 4,100 Bitcoins, which translated at the time to about $1.1 million. In that instance, an attacker compromised the hosting account by targeting email accounts and took advantage of a flaw in two-factor authentication.